Re: Allow file inclusion in pg_hba and pg_ident files - Mailing list pgsql-hackers

From Julien Rouhaud
Subject Re: Allow file inclusion in pg_hba and pg_ident files
Date
Msg-id 20220228113937.woqvozfmt3k4lrd3@jrouhaud
Whole thread Raw
In response to Re: Allow file inclusion in pg_hba and pg_ident files  (Nathan Bossart <nathandbossart@gmail.com>)
List pgsql-hackers
Hi,

On Wed, Feb 23, 2022 at 09:44:58AM -0800, Nathan Bossart wrote:
>
> > Finally I also added 0003, which is a POC for a new pg_hba_matches() function,
> > that can help DBA to understand why their configuration isn't working as they
> > expect.  This only to start the discussion on that topic, the code is for now
> > really hackish, as I don't know how much this is wanted and/or if some other
> > behavior would be better, and there's also no documentation or test.  The
> > function for now only takes an optional inet (null means unix socket), the
> > target role and an optional ssl flag and returns the file, line and raw line
> > matching if any, or null.  For instance:
>
> I think another use-case for this is testing updates to your configuration
> files.  For example, I could ensure that hba_forbid_non_ssl.conf wasn't
> accidentally reverted as part of an unrelated change.

Indeed, that function could really be helpful in many scenario.  Note that this
isn't my idea but Magnus idea, which he mentioned quite a long time ago.



pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: psql: Make SSL info display more compact
Next
From: Julien Rouhaud
Date:
Subject: Re: Allow file inclusion in pg_hba and pg_ident files