Re: use has_privs_of_role() for pg_hba.conf

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Joe Conway <mail@joeconway.com>, Michael Paquier <michael@paquier.xyz>, Joshua Brindle <joshua.brindle@crunchydata.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-10-08T17:06:40Z
Lists: pgsql-hackers
On Sat, Oct 08, 2022 at 11:46:50AM -0400, Robert Haas wrote:
> Now there may be some other scenario in which the patch is going in
> exactly the right direction, and if I knew what it was, maybe I'd
> agree that the patch was a great idea. But I haven't seen anything
> like that on the thread. Basically, the argument is just that the
> change would make things more consistent. However, it might be an
> abuse of the term. If you go out and buy blue curtains because you
> have a blue couch, that's consistent interior decor. If you go out and
> buy a blue car because you have a blue couch, that's not really
> consistent anything, it's just two fairly-unrelated things that are
> both blue.

I believe I started this thread after reviewing the remaining uses of
is_member_of_role() after 6198420 was committed and wondering whether this
case was an oversight.  If upon closer inspection we think that mere
membership is appropriate for pg_hba.conf, I'm fully prepared to go and
mark this commitfest entry as Rejected.  It obviously does not seem as
clear-cut as 6198420.  And I'll admit I don't have a concrete use-case in
hand to justify the behavior change.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



Commits

  1. Add TAP tests for role membership in pg_hba.conf