Require key provider settings to be an object

Reject bare scalars or arrays.

In this commit we do not change the behaviour if a value inside the
configuration object is an array.

contrib/pg_tde/expected/key_provider.out

@@ -192,6 +192,15 @@ SELECT pg_tde_add_database_key_provider('file', 'name', json_build_object('key',
 ERROR:  too large provider options, maximum size is 1023 bytes
 SELECT pg_tde_add_global_key_provider('file', 'name', json_build_object('key', repeat('K', 1024)));
 ERROR:  too large provider options, maximum size is 1023 bytes
+-- Creating key providers fails if configuration is not a JSON object
+SELECT pg_tde_add_database_key_provider('file', 'provider', '"bare string"');
+ERROR:  key provider options must be an object
+SELECT pg_tde_add_database_key_provider('file', 'provider', '["array"]');
+ERROR:  key provider options must be an object
+SELECT pg_tde_add_database_key_provider('file', 'provider', 'true');
+ERROR:  key provider options must be an object
+SELECT pg_tde_add_database_key_provider('file', 'provider', 'null');
+ERROR:  key provider options must be an object
 -- Modifying key providers fails if any required parameter is NULL
 SELECT pg_tde_change_database_key_provider(NULL, 'file-keyring', '{}');
 ERROR:  provider type cannot be null
@@ -210,6 +219,15 @@ SELECT pg_tde_change_database_key_provider('file', 'file-provider', json_build_o
 ERROR:  too large provider options, maximum size is 1023 bytes
 SELECT pg_tde_change_global_key_provider('file', 'file-keyring', json_build_object('key', repeat('V', 1024)));
 ERROR:  too large provider options, maximum size is 1023 bytes
+-- Modifying key providers fails if configuration is not a JSON object
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', '"bare string"');
+ERROR:  key provider options must be an object
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', '["array"]');
+ERROR:  key provider options must be an object
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', 'true');
+ERROR:  key provider options must be an object
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', 'null');
+ERROR:  key provider options must be an object
 -- Deleting key providers fails if key name is NULL
 SELECT pg_tde_delete_database_key_provider(NULL);
 ERROR:  provider_name cannot be null

contrib/pg_tde/sql/key_provider.sql

@@ -75,6 +75,12 @@ SELECT pg_tde_add_global_key_provider('file', repeat('K', 128), '{}');
 SELECT pg_tde_add_database_key_provider('file', 'name', json_build_object('key', repeat('K', 1024)));
 SELECT pg_tde_add_global_key_provider('file', 'name', json_build_object('key', repeat('K', 1024)));
 
+-- Creating key providers fails if configuration is not a JSON object
+SELECT pg_tde_add_database_key_provider('file', 'provider', '"bare string"');
+SELECT pg_tde_add_database_key_provider('file', 'provider', '["array"]');
+SELECT pg_tde_add_database_key_provider('file', 'provider', 'true');
+SELECT pg_tde_add_database_key_provider('file', 'provider', 'null');
+
 -- Modifying key providers fails if any required parameter is NULL
 SELECT pg_tde_change_database_key_provider(NULL, 'file-keyring', '{}');
 SELECT pg_tde_change_database_key_provider('file', NULL, '{}');
@@ -87,6 +93,12 @@ SELECT pg_tde_change_global_key_provider('file', 'file-keyring', NULL);
 SELECT pg_tde_change_database_key_provider('file', 'file-provider', json_build_object('key', repeat('V', 1024)));
 SELECT pg_tde_change_global_key_provider('file', 'file-keyring', json_build_object('key', repeat('V', 1024)));
 
+-- Modifying key providers fails if configuration is not a JSON object
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', '"bare string"');
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', '["array"]');
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', 'true');
+SELECT pg_tde_change_database_key_provider('file', 'file-provider', 'null');
+
 -- Deleting key providers fails if key name is NULL
 SELECT pg_tde_delete_database_key_provider(NULL);
 SELECT pg_tde_delete_global_key_provider(NULL);

contrib/pg_tde/src/catalog/tde_keyring_parse_opts.c

@@ -129,6 +129,7 @@ typedef struct JsonKeyringState
 } JsonKeyringState;
 
 static JsonParseErrorType json_kring_scalar(void *state, char *token, JsonTokenType tokentype);
+static JsonParseErrorType json_kring_array_start(void *state);
 static JsonParseErrorType json_kring_object_field_start(void *state, char *fname, bool isnull);
 static JsonParseErrorType json_kring_object_start(void *state);
 static JsonParseErrorType json_kring_object_end(void *state);
@@ -168,7 +169,7 @@ ParseKeyringJSONOptions(ProviderType provider_type, GenericKeyring *out_opts, ch
 	sem.semstate = &parse;
 	sem.object_start = json_kring_object_start;
 	sem.object_end = json_kring_object_end;
-	sem.array_start = NULL;
+	sem.array_start = json_kring_array_start;
 	sem.array_end = NULL;
 	sem.object_field_start = json_kring_object_field_start;
 	sem.object_field_end = NULL;
@@ -194,6 +195,25 @@ ParseKeyringJSONOptions(ProviderType provider_type, GenericKeyring *out_opts, ch
  * JSON parser semantic actions
 */
 
+static JsonParseErrorType
+json_kring_array_start(void *state)
+{
+	JsonKeyringState *parse = state;
+
+	switch (parse->state)
+	{
+		case JK_EXPECT_TOP_LEVEL_OBJECT:
+			ereport(ERROR,
+					errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					errmsg("key provider options must be an object"));
+			break;
+		case JK_EXPECT_TOP_FIELD:
+		case JK_EXPECT_EXTERN_VAL:
+	}
+
+	return JSON_SUCCESS;
+}
+
 /*
  * Invoked at the start of each object in the JSON document.
  *
@@ -384,7 +404,8 @@ json_kring_scalar(void *state, char *token, JsonTokenType tokentype)
 	{
 		case JK_EXPECT_TOP_LEVEL_OBJECT:
 			ereport(ERROR,
-					errmsg("invalid semantic state"));
+					errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					errmsg("key provider options must be an object"));
 			break;
 		case JK_EXPECT_TOP_FIELD:
 			field = &parse->top_level_field;