Re: [PATCH] Expose port->authn_id to extensions and triggers

Hi,

On 8/10/22 5:09 PM, Jacob Champion wrote:
> On Tue, Aug 9, 2022 at 3:39 AM Drouvot, Bertrand <bdrouvot(at)amazon(dot)com> wrote:
>> Agree that it makes sense to work on those patches in this particular
>> order then.
> Sounds good. The ClientConnectionInfo patch (previously 0002) is
> attached, with the SQL function removed.

Thanks for the patch!

Looking at:

+typedef struct
+{
+    /*
+     * Authenticated identity.  The meaning of this identifier is
dependent on
+     * hba->auth_method; it is the identity (if any) that the user
presented
+     * during the authentication cycle, before they were assigned a
database
+     * role.  (It is effectively the "SYSTEM-USERNAME" of a pg_ident
usermap
+     * -- though the exact string in use may be different, depending on
pg_hba
+     * options.)
+     *
+     * authn_id is NULL if the user has not actually been
authenticated, for
+     * example if the "trust" auth method is in use.
+     */
+    const char *authn_id;
+} ClientConnectionInfo;

What do you think about adding a second field in ClientConnectionInfo
for the auth method (as suggested by Michael upthread)?

That will be needed by the SYSTEM_USER patch (that its current version
implements as "auth_method:identity").

Thanks,

--
Bertrand Drouvot
Amazon Web Services: https://aws.amazon.com