From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
---|---|
To: | Julien Rouhaud <rjuju123(at)gmail(dot)com> |
Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Allow file inclusion in pg_hba and pg_ident files |
Date: | 2022-02-23 17:44:58 |
Message-ID: | 20220223174458.GA336225@nathanxps13 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Feb 23, 2022 at 12:59:59PM +0800, Julien Rouhaud wrote:
> To address that, I'd like to propose the possibility to include files in hba
> and ident configuration files. This was already discussed in the past, and in
> my understanding this is mostly wanted, while some people expressed concerned
> on a use case that wouldn't rely on thousands of entries.
+1, I think this would be very useful.
> 0001 adds a new pg_ident_file_mappings view, which is basically the same as
> pg_hba_file_rules view but for mappings. It's probably already useful, for
> instance if you need to tweak some regexp.
This seems reasonable.
> Finally I also added 0003, which is a POC for a new pg_hba_matches() function,
> that can help DBA to understand why their configuration isn't working as they
> expect. This only to start the discussion on that topic, the code is for now
> really hackish, as I don't know how much this is wanted and/or if some other
> behavior would be better, and there's also no documentation or test. The
> function for now only takes an optional inet (null means unix socket), the
> target role and an optional ssl flag and returns the file, line and raw line
> matching if any, or null. For instance:
I think another use-case for this is testing updates to your configuration
files. For example, I could ensure that hba_forbid_non_ssl.conf wasn't
accidentally reverted as part of an unrelated change.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
From | Date | Subject | |
---|---|---|---|
Next Message | Imseih (AWS), Sami | 2022-02-23 18:02:08 | Re: Add index scan progress to pg_stat_progress_vacuum |
Previous Message | Euler Taveira | 2022-02-23 17:33:34 | Re: logical decoding and replication of sequences |