Re: Allow file inclusion in pg_hba and pg_ident files

From: Julien Rouhaud <rjuju123(at)gmail(dot)com>
To: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Allow file inclusion in pg_hba and pg_ident files
Date: 2022-02-28 11:39:37
Message-ID: 20220228113937.woqvozfmt3k4lrd3@jrouhaud
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

On Wed, Feb 23, 2022 at 09:44:58AM -0800, Nathan Bossart wrote:
>
> > Finally I also added 0003, which is a POC for a new pg_hba_matches() function,
> > that can help DBA to understand why their configuration isn't working as they
> > expect. This only to start the discussion on that topic, the code is for now
> > really hackish, as I don't know how much this is wanted and/or if some other
> > behavior would be better, and there's also no documentation or test. The
> > function for now only takes an optional inet (null means unix socket), the
> > target role and an optional ssl flag and returns the file, line and raw line
> > matching if any, or null. For instance:
>
> I think another use-case for this is testing updates to your configuration
> files. For example, I could ensure that hba_forbid_non_ssl.conf wasn't
> accidentally reverted as part of an unrelated change.

Indeed, that function could really be helpful in many scenario. Note that this
isn't my idea but Magnus idea, which he mentioned quite a long time ago.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Julien Rouhaud 2022-02-28 11:42:17 Re: Allow file inclusion in pg_hba and pg_ident files
Previous Message Michael Paquier 2022-02-28 11:21:32 Re: psql: Make SSL info display more compact