Re: [EXTERNAL] Re: [PATCH] Support using "all" for the db user in pg_ident.conf
Jelte Fennema-Nio <jelte.fennema@microsoft.com>
From: Jelte Fennema <Jelte.Fennema@microsoft.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: "isaac.morland@gmail.com" <isaac.morland@gmail.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2023-01-11T09:04:56Z
Lists: pgsql-hackers
> The confusion that 0001 is addressing is fair (cough, fc579e1, cough), > still I am wondering whether we could do a bit better to be more Yeah, even after 0001 it's definitely suboptimal. I tried to keep the changes minimal to not distract from the main purpose of this patch. But I'll update the patch to have some more. I'll respond to your other question first > In what is your proposal different from the following > entry in pg_ident.conf? As of: > mapname /^(.*)$ \1 It's very different. I think easiest is to explain by example: If there exist three users on the postgres server: admin, jelte and michael Then this rule (your suggested rule): mapname /^(.*)$ \1 Is equivalent to: mapname admin admin mapname jelte jelte mapname michael michael While with the "all" keyword you can create a rule like this: mapname admin all which is equivalent to: mapname admin admin mapname admin jelte mapname admin michael
Commits
-
Add description for new patterns supported in HBA and ident sample files
- 1b43743f1174 16.0 landed
-
Support the same patterns for pg-user in pg_ident.conf as in pg_hba.conf
- efb6f4a4f9b6 16.0 landed
-
Track behavior of \1 in pg_ident.conf when quoted
- 0b717432ff13 16.0 landed
-
Store IdentLine->pg_user as an AuthToken
- 02d3448f4f79 16.0 landed
-
Add tests for regex replacement with \1 in pg_ident.conf to 0003_peer.pl
- e753ae6397fe 16.0 landed
-
Rename some variables related to ident files in hba.{c,h}
- 8607630d74cd 16.0 landed