Re: System username in pg_stat_activity - Mailing list pgsql-hackers

From Bertrand Drouvot
Subject Re: System username in pg_stat_activity
Date
Msg-id ZaAdeVa2+eN4wTzS@ip-10-97-1-34.eu-west-3.compute.internal
Whole thread Raw
In response to Re: System username in pg_stat_activity  (Magnus Hagander <magnus@hagander.net>)
Responses Re: System username in pg_stat_activity
List pgsql-hackers
Hi,

On Thu, Jan 11, 2024 at 02:24:58PM +0100, Magnus Hagander wrote:
> On Wed, Jan 10, 2024 at 3:12 PM Bertrand Drouvot
> <bertranddrouvot.pg@gmail.com> wrote:
> >
> > If we go the 2 fields way, then what about auth_identity and auth_method then?
> 
> 
> Here is an updated patch based on this idea.

Thanks!

+     <row>
+      <entry role="catalog_table_entry"><para role="column_definition">
+       <structfield>auth_method</structfield> <type>text</type>
+      </para>
+      <para>
+       The authentication method used for authenticating the connection, or
+       NULL for background processes.
+      </para></entry>

I'm wondering if it would make sense to populate it for parallel workers too.
I think it's doable thanks to d951052, but I'm not sure it's worth it (one could
join based on the leader_pid though). OTOH that would be consistent with
how the SYSTEM_USER behaves with parallel workers (it's populated).

+      <entry role="catalog_table_entry"><para role="column_definition">
+       <structfield>auth_identity</structfield> <type>text</type>
+      </para>
+      <para>
+       The identity (if any) that the user presented during the authentication
+       cycle before they were assigned a database role.  Contains the same
+       value as <xref linkend="system-user" />

Same remark regarding the parallel workers case +:

- Would it be better to use the `name` datatype for auth_identity?
- what about "Contains the same value as the identity part in <xref linkend="system-user" />"?

+                       /*
+                        * Trust doesn't set_authn_id(), but we still need to store the
+                        * auth_method
+                        */
+                       MyClientConnectionInfo.auth_method = uaTrust;

+1, I think it is useful here to provide "trust" and not a NULL value in the
context of this patch.

+# pg_stat_activity shold contain trust and empty string for trust auth

typo: s/shold/should/

+# Users with md5 auth should show both auth method and name in pg_stat_activity

what about "show both auth method and identity"?

Regards,

-- 
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Emit fewer vacuum records by reaping removable tuples during pruning
Next
From: Nathan Bossart
Date:
Subject: Re: recovery modules