Hi,
I'm opening this thread after a brief discussion regarding a potential
new syntax to enable annotations in pg_hba entries. [1]
This feature mainly aims to annotate pg_hba entries in a way that the
annotations can be parsed and displayed in the pg_hba_file_rule view for
reporting purposes. For instance, these annotations could contain
information like tags, client (application) names or any relevant info
regarding the granted access.
Initially I explored the possibility of using the inline comments after
a '#', but there were a few valid concerns to this approach [2]
hostssl db jim 127.0.0.1/32 cert map=foo # comment
I had previously thought of introducing a new character do identify such
annotations, e.g [] ... but the necessary changes in the hba.c to add
this feature could add too much complexity to the code. [3]
Perhaps a "less controversial" option would be to add a new variable,
just like with user name maps.
hostssl db jim 127.0.0.1/32 cert map=foo annotation=comment
hostssl db jim 127.0.0.1/32 cert map=bar annotation="comment"
Any thoughts?
Thanks!
Jim
1-
https://www.postgresql.org/message-id/flat/4d623899-36ac-71b5-311d-2a4672d75736@uni-muenster.de
2-
https://www.postgresql.org/message-id/E543222B-DE8D-4116-BA67-3C2D3FA83110%40yesql.se
3-
https://www.postgresql.org/message-id/flat/ZPHAiNp%2ByKMsa/vc%40paquier.xyz#05a8405be272342037538ee432d92884