Re: SYSTEM_USER reserved word implementation

Drouvot, Bertrand <bdrouvot@amazon.com>

From: "Drouvot, Bertrand" <bdrouvot@amazon.com>
To: Jacob Champion <jchampion@timescale.com>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>, Joe Conway <mail@joeconway.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-08-17T14:48:42Z
Lists: pgsql-hackers

Attachments

Hi,

On 8/17/22 9:51 AM, Drouvot, Bertrand wrote:
> On 8/16/22 6:52 PM, Jacob Champion wrote:
>
>> And it would also be good to add a similar test to
>> the authentication suite, so that you don't have to have Kerberos
>> enabled to fully test SYSTEM_USER.
>
> Agree, I'll look at what can be done here.
>
I added authentication/t/003_peer.pl in 
v2-0006-system_user-implementation.patch attached.

It does the peer authentication and SYSTEM_USER testing with and without 
a user name map.

$ make -C src/test/authentication check PROVE_TESTS=t/003_peer.pl 
PROVE_FLAGS=-v

ok 1 - users with peer authentication have the correct SYSTEM_USER
ok 2 - parallel workers return the correct SYSTEM_USER when peer 
authentication is used
ok 3 - user name map is well defined and working
ok 4 - users with peer authentication and user name map have the correct 
SYSTEM_USER
ok 5 - parallel workers return the correct SYSTEM_USER when peer 
authentication and user name map is used
1..5
ok
All tests successful.

That way one could test the SYSTEM_USER behavior without the need to 
have kerberos enabled.

Regards,

-- 
Bertrand Drouvot
Amazon Web Services: https://aws.amazon.com

Commits

  1. Introduce SYSTEM_USER

  2. Add some information about authenticated identity via log_connections