| From: | Bertrand Drouvot <bertranddrouvot(dot)pg(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Aleksander Alekseev <aleksander(at)timescale(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: System username in pg_stat_activity |
| Date: | 2024-01-11 16:55:21 |
| Message-ID: | ZaAdeVa2+eN4wTzS@ip-10-97-1-34.eu-west-3.compute.internal |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Thu, Jan 11, 2024 at 02:24:58PM +0100, Magnus Hagander wrote:
> On Wed, Jan 10, 2024 at 3:12 PM Bertrand Drouvot
> <bertranddrouvot(dot)pg(at)gmail(dot)com> wrote:
> >
> > If we go the 2 fields way, then what about auth_identity and auth_method then?
>
>
> Here is an updated patch based on this idea.
Thanks!
+ <row>
+ <entry role="catalog_table_entry"><para role="column_definition">
+ <structfield>auth_method</structfield> <type>text</type>
+ </para>
+ <para>
+ The authentication method used for authenticating the connection, or
+ NULL for background processes.
+ </para></entry>
I'm wondering if it would make sense to populate it for parallel workers too.
I think it's doable thanks to d951052, but I'm not sure it's worth it (one could
join based on the leader_pid though). OTOH that would be consistent with
how the SYSTEM_USER behaves with parallel workers (it's populated).
+ <entry role="catalog_table_entry"><para role="column_definition">
+ <structfield>auth_identity</structfield> <type>text</type>
+ </para>
+ <para>
+ The identity (if any) that the user presented during the authentication
+ cycle before they were assigned a database role. Contains the same
+ value as <xref linkend="system-user" />
Same remark regarding the parallel workers case +:
- Would it be better to use the `name` datatype for auth_identity?
- what about "Contains the same value as the identity part in <xref linkend="system-user" />"?
+ /*
+ * Trust doesn't set_authn_id(), but we still need to store the
+ * auth_method
+ */
+ MyClientConnectionInfo.auth_method = uaTrust;
+1, I think it is useful here to provide "trust" and not a NULL value in the
context of this patch.
+# pg_stat_activity shold contain trust and empty string for trust auth
typo: s/shold/should/
+# Users with md5 auth should show both auth method and name in pg_stat_activity
what about "show both auth method and identity"?
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2024-01-11 16:56:33 | Re: recovery modules |
| Previous Message | Robert Haas | 2024-01-11 16:54:32 | Re: Emit fewer vacuum records by reaping removable tuples during pruning |