Re: Allow file inclusion in pg_hba and pg_ident files
От | Nathan Bossart |
---|---|
Тема | Re: Allow file inclusion in pg_hba and pg_ident files |
Дата | |
Msg-id | 20220223174458.GA336225@nathanxps13 обсуждение исходный текст |
Ответ на | Allow file inclusion in pg_hba and pg_ident files (Julien Rouhaud <rjuju123@gmail.com>) |
Ответы |
Re: Allow file inclusion in pg_hba and pg_ident files
Re: Allow file inclusion in pg_hba and pg_ident files |
Список | pgsql-hackers |
On Wed, Feb 23, 2022 at 12:59:59PM +0800, Julien Rouhaud wrote: > To address that, I'd like to propose the possibility to include files in hba > and ident configuration files. This was already discussed in the past, and in > my understanding this is mostly wanted, while some people expressed concerned > on a use case that wouldn't rely on thousands of entries. +1, I think this would be very useful. > 0001 adds a new pg_ident_file_mappings view, which is basically the same as > pg_hba_file_rules view but for mappings. It's probably already useful, for > instance if you need to tweak some regexp. This seems reasonable. > Finally I also added 0003, which is a POC for a new pg_hba_matches() function, > that can help DBA to understand why their configuration isn't working as they > expect. This only to start the discussion on that topic, the code is for now > really hackish, as I don't know how much this is wanted and/or if some other > behavior would be better, and there's also no documentation or test. The > function for now only takes an optional inet (null means unix socket), the > target role and an optional ssl flag and returns the file, line and raw line > matching if any, or null. For instance: I think another use-case for this is testing updates to your configuration files. For example, I could ensure that hba_forbid_non_ssl.conf wasn't accidentally reverted as part of an unrelated change. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
В списке pgsql-hackers по дате отправления: