Re: Allow file inclusion in pg_hba and pg_ident files
Michael Paquier <michael@paquier.xyz>
On Mon, Nov 14, 2022 at 03:47:27PM +0800, Julien Rouhaud wrote: > On Mon, Nov 14, 2022 at 02:40:37PM +0900, Michael Paquier wrote: >> If the caller passes NULL for *linectx as the initial line context, >> just create it as we do now. If *linectx is not NULL, just reuse it. >> That may be cleaner than returning the created MemoryContext as >> returned result from tokenize_auth_file(). > > I originally used two functions as it's a common pattern (e.g. ReadBuffer / > ReadBufferExtended or all the *_internal versions of functions) and to avoid > unnecessary branch, but I agree that here having an extra branch is unlikely to > make any measurable difference. It would only matter on -DEXEC_BACKEND / > win32, and in that case the extra overhead (over an already expensive new > backend mechanism) is way more than that, so +1 to keep things simple here. Oh, Okay. So that was your intention here. >> This aggregates all the error messages for all the files included in a >> given repository. As the patch stands, it seems to me that we would >> get errors related to an include_dir clause for two cases: >> - The specified path does not exist, in which case we have only one >> err_msg to consume and report back. >> - Multiple failures in opening and/or reading included files. >> In the second case, aggregating the reports would provide a full set >> of information, but that's not something a user would be able to act >> on directly as this is system-related. Or there is a case to know a >> full list of files in the case of multiple files that cannot be read >> because of permission issues? We may be fine with just the first >> system error here. Note that in the case where files can be read and >> opened, these would have their own TokenizedAuthLines for each line >> parsed, meaning one line in the SQL views once translated to an >> HbaLine or an IdentLine. > > If you have an include_dir directive and multiple files have wrong permission > (or maybe broken symlink or something like that), you will get multiple errors > when trying to process that single directive. I think it's friendlier to > report as much detail as we can, so users can make sure they fix everything > rather than iterating over the first error. That's especially helpful if the > fix is done in some external tooling (puppet or whatever) rather than directly > on the server. Hmm, Okay. Well, this would include only errors on I/O or permission problems for existing files.. I have not seen deployments that have dozens of sub-files for GUCs with an included dir, but perhaps I lack of experience on user histories. > I think that the problem is that we have the same interface for processing the > files on a startup/reload and for filling the views, so if we want the views to > be helpful and report all errors we have to also allow a bogus "include" to > continue in the reload case too. The same problem doesn't exists for GUCs, so > a slightly different behavior there might be acceptable. Well, there is as well the point that we don't have yet a view for GUCs that does the equivalent of HBA and ident, but that does not mean, it seems to me, that there should be an inconsistency in the way we process those commands because one has implemented a feature but not the other. On the contrary, I'd rather try to make them consistent. As things are in the patch, the only difference between "include_if_exists" and "include" is that the latter would report some information if the file goes missing, the former generates a LOG entry about the file being skipped without something in the system view. Now, wouldn't it be useful for the end-user to report that a file is skipped as an effect of "include_if_exists" in the system views? If not, then what's the point of having this clause to begin with? My opinion is that both clauses are useful, still on the ground of consistency both clauses should work the same as for GUCs. Both should report something in err_msg even if that's just about a file being skipped, though I agree that this could be considered confusing as well for an if_exists clause (does not look like a big deal to me based on the debuggability gain). -- Michael
Commits
-
Add TAP tests for include directives in HBA end ident files
- cbe6e482d7bf 16.0 landed
-
Introduce variables for initial and max nesting depth on configuration files
- d13b684117bd 16.0 landed
-
Add support for file inclusions in HBA and ident configuration files
- a54b658ce77b 16.0 landed
-
Add missing initialization in tokenize_expand_file() for output list
- d5566fbfeb6a 16.0 landed
-
Rework memory contexts in charge of HBA/ident tokenization
- efc981627a72 16.0 landed
-
Add error context callback when tokenizing authentication files
- ad6c52846f13 16.0 landed
-
Invent open_auth_file() in hba.c to refactor authentication file opening
- 783e8c69cbcd 16.0 landed
-
Use AbsoluteConfigLocation() when building an included path in hba.c
- 6bbd8b73857a 16.0 landed
-
Move code related to configuration files in directories to new file
- a1a7bb8f16cd 16.0 landed
-
doc: Fix some descriptions related to pg_ident_file_mappings
- 468a9f37fb69 15.1 landed
- e76502871ee3 16.0 landed
-
Add rule_number to pg_hba_file_rules and map_number to pg_ident_file_mappings
- c591300a8f54 16.0 landed
-
Refactor code handling the names of files loaded in hba.c
- 1b73d0b1c393 16.0 landed
-
Make consistent a couple of log messages when parsing HBA files
- 718fe0a14add 16.0 landed
-
Use hba_file/ident_file GUCs rather than pg_hba.conf/pg_ident.conf in logs
- 47ab1ac822cd 16.0 landed
-
Fix path reference when parsing pg_ident.conf for pg_ident_file_mappings
- 7977ac1640a7 15.0 landed
- 27e0ee57f68d 16.0 landed
-
Add system view pg_ident_file_mappings
- a2c84990bea7 15.0 landed
-
Modify query on pg_hba_file_rules to check for errors in regression tests
- 091a971bb59c 15.0 landed
-
Refactor code related to pg_hba_file_rules() into new file
- d4781d8873f8 15.0 landed