Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode
| От | Jacob Champion |
|---|---|
| Тема | Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode |
| Дата | |
| Msg-id | CAOYmi+nQawWHzC4mRhJnzZzzqjnUDg-yxN3f3ZqPX=+jpKU+zg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode ("Jonathan Gonzalez V." <jonathan.abdiel@gmail.com>) |
| Ответы |
Re: Make PGOAUTHCAFILE in libpq-oauth work out of debug mode
|
| Список | pgsql-hackers |
On Sat, Dec 20, 2025 at 9:53 AM Jonathan Gonzalez V. <jonathan.abdiel@gmail.com> wrote: > > > > https://wiki.postgresql.org/wiki/Proposal:_Promote_PGOAUTHCAFILE_to_feature > > > > > > How can we work on that? because of the above it may be required to > > > add > > > even more possibilities. > > > > Not sure what you mean. I think we're working on it now, in this > > thread? > > Yes, but having a list of ideas listed, that we all can read may make > sense, that's because following the threads with all the ideas at once > it's a big difficult some times! See https://wiki.postgresql.org/wiki/Category:OAuth_Working_Group for a current list of tagged [oauth] proposals. Or is that not what you're asking about? > In my opinion, "debug" it's not just developers, [...] > since all the systems now days can run on hundreds > of servers or containers, no one looks into the logs manually, you have > automated system for it, that will read, parse, collect and distribute > your logs into different storage, databases(even PostgreSQL database > can be used for it) or display system. It is for theses cases that > having something that can be parsed is always useful. Sure, but that's not the use case for PGOAUTHDEBUG. It's fine to develop a feature that handles production logging for client authentication details -- it's just emphatically not what that envvar was designed to do. This is a developer feature which turns out to be hiding another feature that people want to use in production today. I know the most visible aspect of PGOAUTHDEBUG=UNSAFE is the logging spray, so that might have contributed to the confusion. > Well, I think I was misunderstood here, when I was talking about "debug > levels" I was talking about logs debug levels Right, and I'm not. I guess that's the main disconnect here: I'm only talking about enabling and disabling the features exposed by PGOAUTHDEBUG. I don't think a debug level helps with that, which is why I proposed a bitmap. But that's a feature for a different thread name. I think we should continue this one by adding an oauth_ca_file connection parameter and documentation, including the default behavior (which defers to Curl). --Jacob
В списке pgsql-hackers по дате отправления: