Thread

  1. Re: postgres_fdw: use_scram_passthrough on user mapping is ignored when also set on server

    Fujii Masao <masao.fujii@gmail.com> — 2026-05-23T01:58:40Z

    On Mon, May 18, 2026 at 11:42 PM Matheus Alcantara
    <matheusssilv97@gmail.com> wrote:
    > I think that the test is worth to have to avoid such issues in the
    > future again, but I agree that adding as a TAP test is overkill. I've
    > moved to sql/dblink.sql on the new attached version.
    >
    > Do you think that we need to add such test for postgres_fdw too?
    
    No, I don't think so.
    
    In dblink, use_scram_passthrough is handled by a dblink-specific validation
    path, and patch 0003 fixes that specific code path. So it might be worth
    adding such test for dblink.
    
    In postgres_fdw, however, this option is handled by the generic option/context
    validation machinery, not by any special-case code. We already have tests for
    context-sensitive option validation there. So adding such test for postgres_fdw
    would be mostly redundant, I think. Thought?
    
    
    > Yeah, we don't have any documentation about this on 18, but we do have
    > for sslkey and sslcert where in postgres-fdw.sgml we have the following:
    >     sslkey and sslcert - these may appear in either or both a connection
    >     and a user mapping. If both are present, the user mapping setting
    >     overrides the connection setting.
    >
    > So I think that is desirable to have the same behavior for
    > use_scram_passthrough.
    
    Agreed. I'm therefore thinking of backpatching patches 0001 and 0002 to v18.
    
    Even in v18, this change is very narrow. It only affects cases where
    use_scram_passthrough is specified at both the server and user-mapping levels
    with conflicting values. In such cases, the natural interpretation is that
    the user-mapping setting is intended to override the server-level setting;
    otherwise, there would be little reason to specify conflicting values.
    
    Given the limited impact, leaving v18 as the only branch with different
    semantics for a feature introduced in v18 seems more undesirable and
    potentially confusing. So I think backpatching to v18 makes sense.
    
    Regards,
    
    -- 
    Fujii Masao