Re: [EXTERNAL] Re: [PATCH] Support using "all" for the db user in pg_ident.conf

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Jelte Fennema <Jelte.Fennema@microsoft.com>
Cc: "isaac.morland@gmail.com" <isaac.morland@gmail.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2023-01-11T11:05:52Z
Lists: pgsql-hackers
On Wed, Jan 11, 2023 at 09:04:56AM +0000, Jelte Fennema wrote:
> It's very different. I think easiest is to explain by example:
> 
> If there exist three users on the postgres server: admin, jelte and michael
> 
> Then this rule (your suggested rule):
> mapname /^(.*)$ \1
> 
> Is equivalent to:
> mapname admin admin
> mapname jelte jelte
> mapname michael michael
> 
> While with the "all" keyword you can create a rule like this:
> mapname admin all
> 
> which is equivalent to:
> mapname admin admin
> mapname admin jelte
> mapname admin michael

Thanks for the explanation, I was missing your point.  Hmm.  On top
of my mind, couldn't we also use a regexp for the pg-role rather than
just a hardcoded keyword here then, so as it would be possible to
allow a mapping to pass for a group of role names?  "all" is just a
pattern to allow everything, at the end.
--
Michael

Commits

  1. Add description for new patterns supported in HBA and ident sample files

  2. Support the same patterns for pg-user in pg_ident.conf as in pg_hba.conf

  3. Track behavior of \1 in pg_ident.conf when quoted

  4. Store IdentLine->pg_user as an AuthToken

  5. Add tests for regex replacement with \1 in pg_ident.conf to 0003_peer.pl

  6. Rename some variables related to ident files in hba.{c,h}