Re: pg_hba_lookup function to get all matching pg_hba.conf entries

2015-12-03 5:00 GMT+01:00 Haribabu Kommi <kommi.haribabu@gmail.com>:

On Wed, Nov 25, 2015 at 7:18 PM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
>
>
> 2015-11-25 8:05 GMT+01:00 Haribabu Kommi <kommi.haribabu@gmail.com>:
>>
>>
>> Thanks. Here I attached the poc patch that returns authentication method
>> of the
>> first matched hba entry in pg_hba.conf with the given input values.
>> Currently these
>> functions returns text type. Based on the details required to be
>> printed, it can
>> be changed.
>>
>> postgres=# select pg_hba_lookup('all', 'all');
>>  pg_hba_lookup
>> ---------------
>>  trust
>> (1 row)
>>
>> comments for the approach?
>
>
> From my perspective, it shows too less informations.
>
> What I am expecting:
>
> 1. line num of choosed rule
> 2. some tracing - via NOTICE, what and why some rules was skipped.

Here I attached the patch with the suggested changes.
Along with line number, I kept the options column also with authentication
options as a jsonb datatype.

Example output:

postgres=# select pg_hba_lookup('test','all','::1');
NOTICE:  Skipped 84 Hba line, because of non matching IP.
NOTICE:  Skipped 86 Hba line, because of non matching database.
NOTICE:  Skipped 87 Hba line, because of non matching role.
 pg_hba_lookup
---------------
 (89,trust,{})
(1 row)

comments?

I liked it

The text of notice can be reduced "Skipped xx line, ..." - it have to be pg_hba

Pavel
 

Regards,
Hari Babu
Fujitsu Australia