Re: SYSTEM_USER reserved word implementation

Drouvot, Bertrand <bdrouvot@amazon.com>

From: "Drouvot, Bertrand" <bdrouvot@amazon.com>
To: Jacob Champion <jchampion@timescale.com>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>, Joe Conway <mail@joeconway.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-08-17T07:51:17Z
Lists: pgsql-hackers

Attachments

Hi,

On 8/16/22 6:52 PM, Jacob Champion wrote:
> On Fri, Aug 12, 2022 at 6:32 AM Drouvot, Bertrand <bdrouvot@amazon.com> wrote:
>> It has been agreed that the work on this patch is on hold until the
>> ClientConnectionInfo related work is finished (see the discussion in [1]).
>>
>> Having said that I'm attaching a new patch
>> "v2-0004-system_user-implementation.patch" for the SYSTEM_USER.
> (Not a full review.) Now that the implementation has increased in
> complexity, the original tests for the parallel workers have become
> underpowered. As a concrete example, I forgot to serialize auth_method
> during my most recent rewrite, and the tests still passed.
>
> I think it'd be better to check the contents of SYSTEM_USER, where we
> can, rather than only testing for existence. Something like the
> attached, maybe?

Yeah, fully agree, thanks for pointing out!

I've included your suggestion in v2-0005 attached (it's expected to see 
the CF bot failing for the same reason as mentioned up-thread).

> And it would also be good to add a similar test to
> the authentication suite, so that you don't have to have Kerberos
> enabled to fully test SYSTEM_USER.

Agree, I'll look at what can be done here.

Regards,

-- 
Bertrand Drouvot
Amazon Web Services: https://aws.amazon.com

Commits

  1. Introduce SYSTEM_USER

  2. Add some information about authenticated identity via log_connections