Thread: Allow placeholders in ALTER ROLE w/o superuser

On Sun, Jun 05, 2022 at 11:20:38PM -0500, Steve Chavez wrote:
> However, defining placeholders at the role level require superuser:
> 
>   alter role myrole set my.username to 'tomas';
>   ERROR:  permission denied to set parameter "my.username"
> 
> Which is inconsistent and surprising behavior. I think it doesn't make
> sense since you can already set them at the session or transaction
> level(SET LOCAL my.username = 'tomas'). Enabling this would allow sidecar
> services to store metadata scoped to its pertaining role.
> 
> I've attached a patch that removes this restriction. From my testing, this
> doesn't affect permission checking when an extension defines its custom GUC
> variables.
> 
>    DefineCustomStringVariable("my.custom", NULL, NULL,  &my_custom,  NULL,
>       PGC_SUSET, ..);
> 
> Using PGC_SUSET or PGC_SIGHUP will fail accordingly. Also no tests fail
> when doing "make installcheck".

IIUC you are basically proposing to revert a6dcd19 [0], but it is not clear
to me why that is safe.  Am I missing something?

[0] https://www.postgresql.org/message-id/flat/4090.1258042387%40sss.pgh.pa.us

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

On Fri, Jul 01, 2022 at 04:40:27PM -0700, Nathan Bossart wrote:
> On Sun, Jun 05, 2022 at 11:20:38PM -0500, Steve Chavez wrote:
>> However, defining placeholders at the role level require superuser:
>> 
>>   alter role myrole set my.username to 'tomas';
>>   ERROR:  permission denied to set parameter "my.username"
>> 
>> Which is inconsistent and surprising behavior. I think it doesn't make
>> sense since you can already set them at the session or transaction
>> level(SET LOCAL my.username = 'tomas'). Enabling this would allow sidecar
>> services to store metadata scoped to its pertaining role.
>> 
>> I've attached a patch that removes this restriction. From my testing, this
>> doesn't affect permission checking when an extension defines its custom GUC
>> variables.
>> 
>>    DefineCustomStringVariable("my.custom", NULL, NULL,  &my_custom,  NULL,
>>       PGC_SUSET, ..);
>> 
>> Using PGC_SUSET or PGC_SIGHUP will fail accordingly. Also no tests fail
>> when doing "make installcheck".
> 
> IIUC you are basically proposing to revert a6dcd19 [0], but it is not clear
> to me why that is safe.  Am I missing something?

I spent some more time looking into this, and I think I've constructed a
simple example that demonstrates the problem with removing this
restriction.

    postgres=# CREATE ROLE test CREATEROLE;
    CREATE ROLE
    postgres=# CREATE ROLE other LOGIN;
    CREATE ROLE
    postgres=# GRANT CREATE ON DATABASE postgres TO other;
    GRANT
    postgres=# SET ROLE test;
    SET
    postgres=> ALTER ROLE other SET plperl.on_plperl_init = 'test';
    ALTER ROLE
    postgres=> \c postgres other
    You are now connected to database "postgres" as user "other".
    postgres=> CREATE EXTENSION plperl;
    CREATE EXTENSION
    postgres=> SHOW plperl.on_plperl_init;
     plperl.on_plperl_init 
    -----------------------
     test
    (1 row)

In this example, the non-superuser role sets a placeholder GUC for another
role.  This GUC becomes a PGC_SUSET GUC when plperl is loaded, so a
non-superuser role will have successfully set a PGC_SUSET GUC.  If we had a
record of who ran ALTER ROLE, we might be able to apply appropriate
permissions checking when the module is loaded, but this information
doesn't exist in pg_db_role_setting.  IIUC we have the following options:

    1. Store information about who ran ALTER ROLE.  I think there are a
       couple of problems with this.  For example, what happens if the
       grantor was dropped or its privileges were altered?  Should we
       instead store the context of the user (i.e., PGC_USERSET or
       PGC_SUSET)?  Do we need to add entries to pg_depend?
    2. Ignore or ERROR for any ALTER ROLE settings for custom GUCs.  Since
       we don't know who ran ALTER ROLE, we can't trust the value.
    3. Require superuser to use ALTER ROLE for a placeholder.  This is what
       we do today.  Since we know a superuser set the value, we can always
       apply it when the custom GUC is finally defined.

If this is an accurate representation of the options, it seems clear why
the superuser restriction is in place.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

On Tue, Jul 19, 2022 at 12:55:14AM -0500, Steve Chavez wrote:
> Taking your options into consideration, for me the correct behaviour should
> be:
> 
> - The ALTER ROLE placeholder should always be stored with a PGC_USERSET
> GucContext. It's a placeholder anyway, so it should be the less restrictive
> one. If the user wants to define it as PGC_SUSET or other this should be
> done through a custom extension.
> - When an extension claims the placeholder, we should check the
> DefineCustomXXXVariable GucContext with PGC_USERSET. If there's a match,
> then the value gets applied, otherwise WARN or ERR.
>   The role GUCs get applied at login time right? So at this point we can
> WARN or ERR about the defined role GUCs.
> 
> What do you think?

Hm.  I would expect ALTER ROLE to store the PGC_SUSET context when executed
by a superuser or a role with privileges via pg_parameter_acl.  Storing all
placeholder GUC settings as PGC_USERSET would make things more restrictive
than they are today.  For example, it would no longer be possible to apply
any ALTER ROLE settings from superusers for placeholders that later become
custom GUCS.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

At Tue, 19 Jul 2022 09:53:39 -0700, Nathan Bossart <nathandbossart@gmail.com> wrote in 
> On Tue, Jul 19, 2022 at 12:55:14AM -0500, Steve Chavez wrote:
> > Taking your options into consideration, for me the correct behaviour should
> > be:
> > 
> > - The ALTER ROLE placeholder should always be stored with a PGC_USERSET
> > GucContext. It's a placeholder anyway, so it should be the less restrictive
> > one. If the user wants to define it as PGC_SUSET or other this should be
> > done through a custom extension.
> > - When an extension claims the placeholder, we should check the
> > DefineCustomXXXVariable GucContext with PGC_USERSET. If there's a match,
> > then the value gets applied, otherwise WARN or ERR.
> >   The role GUCs get applied at login time right? So at this point we can
> > WARN or ERR about the defined role GUCs.
> > 
> > What do you think?
> 
> Hm.  I would expect ALTER ROLE to store the PGC_SUSET context when executed
> by a superuser or a role with privileges via pg_parameter_acl.  Storing all
> placeholder GUC settings as PGC_USERSET would make things more restrictive
> than they are today.  For example, it would no longer be possible to apply
> any ALTER ROLE settings from superusers for placeholders that later become
> custom GUCS.

Currently placehoders are always created PGC_USERSET, thus
non-superuser can set it.  But if loaded module defines the custom
variable as PGC_SUSET, the value set by the user is refused then the
value from ALTER-ROLE-SET or otherwise the default value from
DefineCustom*Variable is used. If the module defines it as
PGC_USERSET, the last value is accepted.

If a placehoders were created PGC_SUSET, non-superusers cannot set it
on-session. But that behavior is not needed since loadable modules
reject PGC_USERSET values as above.


Returning to the topic, that operation can be allowed in PG15, having
being granted by superuser using the GRANT SET ON PARMETER command.

=# GRANT SET ON PARAMETER my.username TO r1;

r1=> ALTER ROLE r1 SET my.username = 'hoge_user_x';
<success>
r1=> \c
r1=> => show my.username;
 my.username 
-------------
 hoge_user_x
(1 row)

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center

Kyotaro Horiguchi <horikyota.ntt@gmail.com> writes:
> At Tue, 19 Jul 2022 09:53:39 -0700, Nathan Bossart <nathandbossart@gmail.com> wrote in
>> Hm.  I would expect ALTER ROLE to store the PGC_SUSET context when executed
>> by a superuser or a role with privileges via pg_parameter_acl.  Storing all
>> placeholder GUC settings as PGC_USERSET would make things more restrictive
>> than they are today.  For example, it would no longer be possible to apply
>> any ALTER ROLE settings from superusers for placeholders that later become
>> custom GUCS.

> Returning to the topic, that operation can be allowed in PG15, having
> being granted by superuser using the GRANT SET ON PARMETER command.

I think that 13d838815 has completely changed the terms that this
discussion needs to be conducted under.  It seems clear to me now
that if you want to relax this only-superusers restriction, what
you have to do is store the OID of the role that issued ALTER ROLE/DB SET,
and then apply the same checks that would be used in the ordinary case
where a placeholder is being filled in after being set intra-session.
That is, we'd no longer assume that a value coming from pg_db_role_setting
was set with superuser privileges, but we'd know exactly who did set it.

This might also tie into Nathan's question in another thread about
exactly what permissions should be required to issue ALTER ROLE/DB SET.
In particular I'm wondering if different permissions should be needed to
override an existing entry than if there is no existing entry.  If not,
we could find ourselves downgrading a superuser-set entry to a
non-superuser-set entry, which might have bad consequences later
(eg, by rendering the entry nonfunctional because when we actually
load the extension we find out the GUC is SUSET).

Possibly related to this: I felt while working on 13d838815 that
PGC_SUSET and PGC_SU_BACKEND should be usable as GucContext
values for GUC variables, indicating that the GUC requires special
privileges to be set, but we should no longer use them as passed-in
GucContext values.  That is, we should remove privilege tests from
the call sites, like this:

            (void) set_config_option(stmt->name,
                                     ExtractSetVariableArgs(stmt),
-                                    (superuser() ? PGC_SUSET : PGC_USERSET),
+                                    PGC_USERSET,
                                     PGC_S_SESSION,
                                     action, true, 0, false);

and instead put that behavior inside set_config_option_ext, which
would want to look at superuser_arg(srole) instead, and indeed might
not need to do anything because pg_parameter_aclcheck would subsume
the test.  I didn't pursue this further because it wasn't essential
to fixing the bug.  But it seems relevant here, because that line of
thought leads to the conclusion that storing PGC_SUSET vs PGC_USERSET
is entirely the wrong approach.

There is a bunch of infrastructure work that has to be done if anyone
wants to make this happen:

* redesign physical representation of pg_db_role_setting

* be sure to clean up if a role mentioned in pg_db_role_setting is dropped

* pg_dump would need to be taught to dump the state of affairs correctly.

            regards, tom lane

On Wed, Jul 20, 2022 at 11:50:10AM -0400, Tom Lane wrote:
> I think that 13d838815 has completely changed the terms that this
> discussion needs to be conducted under.  It seems clear to me now
> that if you want to relax this only-superusers restriction, what
> you have to do is store the OID of the role that issued ALTER ROLE/DB SET,
> and then apply the same checks that would be used in the ordinary case
> where a placeholder is being filled in after being set intra-session.
> That is, we'd no longer assume that a value coming from pg_db_role_setting
> was set with superuser privileges, but we'd know exactly who did set it.

I was imagining that the permissions checks would apply at ALTER ROLE/DB
SET time, not at login time.  Otherwise, changing a role's privileges might
impact other roles' parameters, and it's not clear (at least to me) what
should happen when the role is dropped.  Another reason I imagined it this
way is because that's basically how it works today.  We assume that the
pg_db_role_setting entry was added by a superuser, but we don't check that
the user that ran ALTER ROLE/DB SET is still superuser every time you log
in.

> This might also tie into Nathan's question in another thread about
> exactly what permissions should be required to issue ALTER ROLE/DB SET.
> In particular I'm wondering if different permissions should be needed to
> override an existing entry than if there is no existing entry.  If not,
> we could find ourselves downgrading a superuser-set entry to a
> non-superuser-set entry, which might have bad consequences later
> (eg, by rendering the entry nonfunctional because when we actually
> load the extension we find out the GUC is SUSET).

Yeah, this is why I suggested storing something that equates to PGC_SUSET
any time a role is superuser or has grantable GUC permissions.

> Possibly related to this: I felt while working on 13d838815 that
> PGC_SUSET and PGC_SU_BACKEND should be usable as GucContext
> values for GUC variables, indicating that the GUC requires special
> privileges to be set, but we should no longer use them as passed-in
> GucContext values.  That is, we should remove privilege tests from
> the call sites, like this:
> 
>             (void) set_config_option(stmt->name,
>                                      ExtractSetVariableArgs(stmt),
> -                                    (superuser() ? PGC_SUSET : PGC_USERSET),
> +                                    PGC_USERSET,
>                                      PGC_S_SESSION,
>                                      action, true, 0, false);
> 
> and instead put that behavior inside set_config_option_ext, which
> would want to look at superuser_arg(srole) instead, and indeed might
> not need to do anything because pg_parameter_aclcheck would subsume
> the test.  I didn't pursue this further because it wasn't essential
> to fixing the bug.  But it seems relevant here, because that line of
> thought leads to the conclusion that storing PGC_SUSET vs PGC_USERSET
> is entirely the wrong approach.

Couldn't ProcessGUCArray() use set_config_option_ext() with the context
indicated by pg_db_role_setting?  Also, instead of using PGC_USERSET in all
the set_config_option() call sites, shouldn't we remove the "context"
argument altogether?  I am likely misunderstanding your proposal, but while
I think simplifying set_config_option() is worthwhile, I don't see why it
would preclude storing the context in pg_db_role_setting.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

On Thu, Jul 21, 2022 at 10:56:41AM -0700, Nathan Bossart wrote:
> Couldn't ProcessGUCArray() use set_config_option_ext() with the context
> indicated by pg_db_role_setting?  Also, instead of using PGC_USERSET in all
> the set_config_option() call sites, shouldn't we remove the "context"
> argument altogether?  I am likely misunderstanding your proposal, but while
> I think simplifying set_config_option() is worthwhile, I don't see why it
> would preclude storing the context in pg_db_role_setting.

This thread has remained idle for a bit more than two months, so I
have marked its CF entry as returned with feedback.
--
Michael

Hi!

I'd like to resume this discussion.

On Wed, Jul 20, 2022 at 6:50 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Kyotaro Horiguchi <horikyota.ntt@gmail.com> writes:
> > At Tue, 19 Jul 2022 09:53:39 -0700, Nathan Bossart <nathandbossart@gmail.com> wrote in
> >> Hm.  I would expect ALTER ROLE to store the PGC_SUSET context when executed
> >> by a superuser or a role with privileges via pg_parameter_acl.  Storing all
> >> placeholder GUC settings as PGC_USERSET would make things more restrictive
> >> than they are today.  For example, it would no longer be possible to apply
> >> any ALTER ROLE settings from superusers for placeholders that later become
> >> custom GUCS.
>
> > Returning to the topic, that operation can be allowed in PG15, having
> > being granted by superuser using the GRANT SET ON PARMETER command.
>
> I think that 13d838815 has completely changed the terms that this
> discussion needs to be conducted under.  It seems clear to me now
> that if you want to relax this only-superusers restriction, what
> you have to do is store the OID of the role that issued ALTER ROLE/DB SET,
> and then apply the same checks that would be used in the ordinary case
> where a placeholder is being filled in after being set intra-session.
> That is, we'd no longer assume that a value coming from pg_db_role_setting
> was set with superuser privileges, but we'd know exactly who did set it.

This makes sense.  But do we really need to store the OID of the role?
 validate_option_array_item() already checks if the placeholder option
passes validation for PGC_SUSET.  So, we can just save a flag
indicating that this check was not successful.  If so, then the value
stored can be only used for PGC_USERSET.  Do you think this would be
correct?

------
Regards,
Alexander Korotkov

Alexander Korotkov <aekorotkov@gmail.com> writes:
> This makes sense.  But do we really need to store the OID of the role?
>  validate_option_array_item() already checks if the placeholder option
> passes validation for PGC_SUSET.  So, we can just save a flag
> indicating that this check was not successful.  If so, then the value
> stored can be only used for PGC_USERSET.  Do you think this would be
> correct?

Meh ... doesn't seem like much of an improvement.  You still need
to store something that's not there now.  This also seems to require
some shaky assumptions about decisions having been made when storing
still being valid later on.  Given the possibility of granting or
revoking permissions for SET, I think we don't really want it to act
that way.

            regards, tom lane

... BTW, re-reading the commit message for a0ffa885e:

    One caveat is that PGC_USERSET GUCs are unaffected by the SET privilege
    --- one could wish that those were handled by a revocable grant to
    PUBLIC, but they are not, because we couldn't make it robust enough
    for GUCs defined by extensions.

it suddenly struck me to wonder if the later 13d838815 changed the
situation enough to allow revisiting that problem, and/or if storing
the source role's OID in pg_db_role_setting would help.

I don't immediately recall all the problems that led us to leave USERSET
GUCs out of the feature, so maybe this is nuts; but maybe it isn't.
It'd be worth considering if we're trying to improve matters here.

            regards, tom lane

On Sat, Nov 19, 2022 at 12:33 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Alexander Korotkov <aekorotkov@gmail.com> writes:
> > This makes sense.  But do we really need to store the OID of the role?
> >  validate_option_array_item() already checks if the placeholder option
> > passes validation for PGC_SUSET.  So, we can just save a flag
> > indicating that this check was not successful.  If so, then the value
> > stored can be only used for PGC_USERSET.  Do you think this would be
> > correct?
>
> Meh ... doesn't seem like much of an improvement.  You still need
> to store something that's not there now.

Yes, but it wouldn't be needed to track dependencies of pg_role
mentions in pg_db_role_setting.  That seems to be a significant
simplification.

> This also seems to require
> some shaky assumptions about decisions having been made when storing
> still being valid later on.  Given the possibility of granting or
> revoking permissions for SET, I think we don't really want it to act
> that way.

Yes, it might be shaky.  Consider user sets parameter
pg_db_role_setting, and that appears to be capable only for
PGC_USERSET.  Next this user gets the SET permissions.  Then this
parameter needs to be set again in order for the new permission to
take effect.

But consider the other side.  How should we handle stored OID of a
role?  Should the privilege checking be moved from "set time" to "run
time"?  Therefore, revoking SET permission from role may affect
existing parameters in pg_db_role_setting.  It feels like revoke of
SET permission also aborts changes previously made with that
permission.  This is not how we normally do, and that seems confusing.

I think if we implement the flag and make it user-visible, e.g.
implement something like "ALTER ROLE ... SET ... USERSET;", then it
might be the lesser confusing option.

Thoughts?

------
Regards,
Alexander Korotkov

On Sat, Nov 19, 2022 at 12:41 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> ... BTW, re-reading the commit message for a0ffa885e:
>
>     One caveat is that PGC_USERSET GUCs are unaffected by the SET privilege
>     --- one could wish that those were handled by a revocable grant to
>     PUBLIC, but they are not, because we couldn't make it robust enough
>     for GUCs defined by extensions.
>
> it suddenly struck me to wonder if the later 13d838815 changed the
> situation enough to allow revisiting that problem, and/or if storing
> the source role's OID in pg_db_role_setting would help.
>
> I don't immediately recall all the problems that led us to leave USERSET
> GUCs out of the feature, so maybe this is nuts; but maybe it isn't.
> It'd be worth considering if we're trying to improve matters here.

I think if we implement the user-visible USERSET flag for ALTER ROLE,
then we might just check permissions for such parameters from the
target role.

------
Regards,
Alexander Korotkov

On Sat, Nov 19, 2022 at 4:02 AM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> On Sat, Nov 19, 2022 at 12:41 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > ... BTW, re-reading the commit message for a0ffa885e:
> >
> >     One caveat is that PGC_USERSET GUCs are unaffected by the SET privilege
> >     --- one could wish that those were handled by a revocable grant to
> >     PUBLIC, but they are not, because we couldn't make it robust enough
> >     for GUCs defined by extensions.
> >
> > it suddenly struck me to wonder if the later 13d838815 changed the
> > situation enough to allow revisiting that problem, and/or if storing
> > the source role's OID in pg_db_role_setting would help.
> >
> > I don't immediately recall all the problems that led us to leave USERSET
> > GUCs out of the feature, so maybe this is nuts; but maybe it isn't.
> > It'd be worth considering if we're trying to improve matters here.
>
> I think if we implement the user-visible USERSET flag for ALTER ROLE,
> then we might just check permissions for such parameters from the
> target role.

I've drafted a patch implementing ALTER ROLE ... SET ... TO ... USER SET syntax.

These options are working only for USERSET GUC variables, but require
less privileges to set.  I think there is no problem to implement

Also it seems that this approach doesn't conflict with future
privileges for USERSET GUCs [1].  I expect that USERSET GUCs should be
available unless explicitly REVOKEd.  That mean we should be able to
check those privileges during ALTER ROLE.

Opinions on the patch draft?

Links
1. https://mail.google.com/mail/u/0/?ik=a20b091faa&view=om&permmsgid=msg-f%3A1749871710745577015

------
Regards,
Alexander Korotkov

.On Sun, Nov 20, 2022 at 8:48 PM Alexander Korotkov
<aekorotkov@gmail.com> wrote:
> I've drafted a patch implementing ALTER ROLE ... SET ... TO ... USER SET syntax.
>
> These options are working only for USERSET GUC variables, but require
> less privileges to set.  I think there is no problem to implement
>
> Also it seems that this approach doesn't conflict with future
> privileges for USERSET GUCs [1].  I expect that USERSET GUCs should be
> available unless explicitly REVOKEd.  That mean we should be able to
> check those privileges during ALTER ROLE.
>
> Opinions on the patch draft?
>
> Links
> 1. https://mail.google.com/mail/u/0/?ik=a20b091faa&view=om&permmsgid=msg-f%3A1749871710745577015

Uh, sorry for the wrong link.  I meant
https://www.postgresql.org/message-id/2271988.1668807706@sss.pgh.pa.us

------
Regards,
Alexander Korotkov

On Wed, Nov 23, 2022 at 1:53 AM Steve Chavez <steve@supabase.io> wrote:
> So from my side this all looks good!

Thank you for your feedback.

The next revision of the patch is attached.  It contains code
improvements, comments and documentation.  I'm going to also write
sode tests.  pg_db_role_setting doesn't seem to be well-covered with
tests.  I will probably need to write a new module into
src/tests/modules to check now placeholders interacts with dynamically
defined GUCs.

------
Regards,
Alexander Korotkov

On Thu, Dec 1, 2022 at 6:14 AM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> On Wed, Nov 23, 2022 at 1:53 AM Steve Chavez <steve@supabase.io> wrote:
> > So from my side this all looks good!
>
> Thank you for your feedback.
>
> The next revision of the patch is attached.  It contains code
> improvements, comments and documentation.  I'm going to also write
> sode tests.  pg_db_role_setting doesn't seem to be well-covered with
> tests.  I will probably need to write a new module into
> src/tests/modules to check now placeholders interacts with dynamically
> defined GUCs.

Another revision of patch is attached.  It's fixed now that USER SET
values can't be used for PGC_SUSET parameters.  Tests are added.  That
require new module test_pg_db_role_setting to check dynamically
defined GUCs.

------
Regards,
Alexander Korotkov

> On Thu, Dec 1, 2022 at 6:14 AM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > On Wed, Nov 23, 2022 at 1:53 AM Steve Chavez <steve@supabase.io> wrote:
> > > So from my side this all looks good!
> >
> > Thank you for your feedback.
> >
> > The next revision of the patch is attached.  It contains code
> > improvements, comments and documentation.  I'm going to also write
> > sode tests.  pg_db_role_setting doesn't seem to be well-covered with
> > tests.  I will probably need to write a new module into
> > src/tests/modules to check now placeholders interacts with dynamically
> > defined GUCs.
>
> Another revision of patch is attached.  It's fixed now that USER SET
> values can't be used for PGC_SUSET parameters.  Tests are added.  That
> require new module test_pg_db_role_setting to check dynamically
> defined GUCs.

I've looked through the last version of a patch. The tests in v3
failed due to naming mismatches. I fixed this in v4 (PFA).
The other thing that may seem unexpected: is whether the value should
apply to the ordinary user only, encoded in the parameter name. The
pro of this is that it doesn't break catalog compatibility by a
separate field for GUC permissions a concept that doesn't exist today
(and maybe not needed at all). Also, it makes the patch more
minimalistic in the code. This is also fully compatible with the
previous parameters naming due to parentheses being an unsupported
symbol for the parameter name.

I've also tried to revise the comments and docs a little bit to
reflect the changes.
The CI-enabled build of patch v4 for reference is at
https://github.com/pashkinelfe/postgres/tree/placeholders-in-alter-role-v4

Overall the patch looks useful and good enough to be committed.

Kind regards,
Pavel Borisov,
Supabase

After posting the patch I've found my own typo in docs. So corrected
it in v5 (PFA).

Regards,
Pavel.

On Mon, Dec 5, 2022 at 2:27 PM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> After posting the patch I've found my own typo in docs. So corrected
> it in v5 (PFA).

The new revision of the patch is attached.

I've removed the mention of "(s)" suffix from the "Server
Configuration" docs section. I think it might be confusing since this
suffix isn't a part of the variable name. It is only used for storage.
Instead, I've added the description of this suffix to the catalog
structure description and psql documentation.

Also, I've added psql tab completion for the USER SET flag, and made
some enhancements to comments, tests, and commit message.

------
Regards,
Alexander Korotkov

Hi, Alexander!

On Mon, 5 Dec 2022 at 17:51, Alexander Korotkov <aekorotkov@gmail.com> wrote:
>
> On Mon, Dec 5, 2022 at 2:27 PM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> > After posting the patch I've found my own typo in docs. So corrected
> > it in v5 (PFA).
>
> The new revision of the patch is attached.
>
> I've removed the mention of "(s)" suffix from the "Server
> Configuration" docs section. I think it might be confusing since this
> suffix isn't a part of the variable name. It is only used for storage.
> Instead, I've added the description of this suffix to the catalog
> structure description and psql documentation.
>
> Also, I've added psql tab completion for the USER SET flag, and made
> some enhancements to comments, tests, and commit message.

The changes in expected test results are somehow lost in v6, I've
corrected them in v7.
Otherwise, I've looked through the updated patch and it is good.

Regards,
Pavel.

I couldn't find any discussion of the idea of adding "(s)" to the
variable name in order to mark the variable userset in the catalog, and
I have to admit I find it a bit strange.  Are we really agreed that
that's the way to proceed?

-- 
Álvaro Herrera         PostgreSQL Developer  —  https://www.EnterpriseDB.com/
"Having your biases confirmed independently is how scientific progress is
made, and hence made our great society what it is today" (Mary Gardiner)

Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> I couldn't find any discussion of the idea of adding "(s)" to the
> variable name in order to mark the variable userset in the catalog, and
> I have to admit I find it a bit strange.  Are we really agreed that
> that's the way to proceed?

I hadn't been paying close attention to this thread, sorry.

I agree that that seems like a very regrettable choice,
especially if you anticipate having to bump catversion anyway.
Better to add a bool column to the catalog.

            regards, tom lane

On Mon, Dec 5, 2022 at 8:18 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > I couldn't find any discussion of the idea of adding "(s)" to the
> > variable name in order to mark the variable userset in the catalog, and
> > I have to admit I find it a bit strange.  Are we really agreed that
> > that's the way to proceed?
>
> I hadn't been paying close attention to this thread, sorry.
>
> I agree that that seems like a very regrettable choice,
> especially if you anticipate having to bump catversion anyway.

I totally understand that this change requires a catversion bump.
I've reflected this in the commit message.

> Better to add a bool column to the catalog.

What about adding a boolean array to the pg_db_role_setting? So,
pg_db_role_setting would have the following columns.
 * setdatabase oid
 * setrole oid
 * setconfig text[]
 * setuser bool[]

------
Regards,
Alexander Korotkov

On Mon, Dec 5, 2022 at 10:32 PM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> On Mon, Dec 5, 2022 at 8:18 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > > I couldn't find any discussion of the idea of adding "(s)" to the
> > > variable name in order to mark the variable userset in the catalog, and
> > > I have to admit I find it a bit strange.  Are we really agreed that
> > > that's the way to proceed?
> >
> > I hadn't been paying close attention to this thread, sorry.
> >
> > I agree that that seems like a very regrettable choice,
> > especially if you anticipate having to bump catversion anyway.
>
> I totally understand that this change requires a catversion bump.
> I've reflected this in the commit message.
>
> > Better to add a bool column to the catalog.
>
> What about adding a boolean array to the pg_db_role_setting? So,
> pg_db_role_setting would have the following columns.
>  * setdatabase oid
>  * setrole oid
>  * setconfig text[]
>  * setuser bool[]

The revised patch implements this way for storage USER SET flag.  I
think it really became more structured and less cumbersome.

------
Regards,
Alexander Korotkov

Hi, Alexander!

On Tue, 6 Dec 2022 at 19:01, Alexander Korotkov <aekorotkov@gmail.com> wrote:
>
> On Mon, Dec 5, 2022 at 10:32 PM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > On Mon, Dec 5, 2022 at 8:18 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > > Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > > > I couldn't find any discussion of the idea of adding "(s)" to the
> > > > variable name in order to mark the variable userset in the catalog, and
> > > > I have to admit I find it a bit strange.  Are we really agreed that
> > > > that's the way to proceed?
> > >
> > > I hadn't been paying close attention to this thread, sorry.
> > >
> > > I agree that that seems like a very regrettable choice,
> > > especially if you anticipate having to bump catversion anyway.
> >
> > I totally understand that this change requires a catversion bump.
> > I've reflected this in the commit message.
> >
> > > Better to add a bool column to the catalog.
> >
> > What about adding a boolean array to the pg_db_role_setting? So,
> > pg_db_role_setting would have the following columns.
> >  * setdatabase oid
> >  * setrole oid
> >  * setconfig text[]
> >  * setuser bool[]
>
> The revised patch implements this way for storage USER SET flag.
> think it really became more structured and less cumbersome.

I agree that the patch became more structured and the complications
for string parameter suffixing have gone away. I've looked it through
and don't see problems with it. The only two-lines fix regarding
variable initializing may be relevant (see v9). Tests pass and CI is
also happy with it. I'd like to set it ready for committer if no
objections.

Regards,
Pavel Borisov,
Supabase.

On Wed, Dec 7, 2022 at 1:28 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> On Tue, 6 Dec 2022 at 19:01, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> >
> > On Mon, Dec 5, 2022 at 10:32 PM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > > On Mon, Dec 5, 2022 at 8:18 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > > > Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > > > > I couldn't find any discussion of the idea of adding "(s)" to the
> > > > > variable name in order to mark the variable userset in the catalog, and
> > > > > I have to admit I find it a bit strange.  Are we really agreed that
> > > > > that's the way to proceed?
> > > >
> > > > I hadn't been paying close attention to this thread, sorry.
> > > >
> > > > I agree that that seems like a very regrettable choice,
> > > > especially if you anticipate having to bump catversion anyway.
> > >
> > > I totally understand that this change requires a catversion bump.
> > > I've reflected this in the commit message.
> > >
> > > > Better to add a bool column to the catalog.
> > >
> > > What about adding a boolean array to the pg_db_role_setting? So,
> > > pg_db_role_setting would have the following columns.
> > >  * setdatabase oid
> > >  * setrole oid
> > >  * setconfig text[]
> > >  * setuser bool[]
> >
> > The revised patch implements this way for storage USER SET flag.
> > think it really became more structured and less cumbersome.
>
> I agree that the patch became more structured and the complications
> for string parameter suffixing have gone away. I've looked it through
> and don't see problems with it. The only two-lines fix regarding
> variable initializing may be relevant (see v9). Tests pass and CI is
> also happy with it. I'd like to set it ready for committer if no
> objections.

Thank you, Pavel.
I've made few minor improvements in the docs and comments.
I'm going to push this if no objections.

------
Regards,
Alexander Korotkov

On Wed, Dec 7, 2022 at 4:36 PM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> On Wed, Dec 7, 2022 at 1:28 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> > On Tue, 6 Dec 2022 at 19:01, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > >
> > > On Mon, Dec 5, 2022 at 10:32 PM Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > > > On Mon, Dec 5, 2022 at 8:18 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > > > > Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> > > > > > I couldn't find any discussion of the idea of adding "(s)" to the
> > > > > > variable name in order to mark the variable userset in the catalog, and
> > > > > > I have to admit I find it a bit strange.  Are we really agreed that
> > > > > > that's the way to proceed?
> > > > >
> > > > > I hadn't been paying close attention to this thread, sorry.
> > > > >
> > > > > I agree that that seems like a very regrettable choice,
> > > > > especially if you anticipate having to bump catversion anyway.
> > > >
> > > > I totally understand that this change requires a catversion bump.
> > > > I've reflected this in the commit message.
> > > >
> > > > > Better to add a bool column to the catalog.
> > > >
> > > > What about adding a boolean array to the pg_db_role_setting? So,
> > > > pg_db_role_setting would have the following columns.
> > > >  * setdatabase oid
> > > >  * setrole oid
> > > >  * setconfig text[]
> > > >  * setuser bool[]
> > >
> > > The revised patch implements this way for storage USER SET flag.
> > > think it really became more structured and less cumbersome.
> >
> > I agree that the patch became more structured and the complications
> > for string parameter suffixing have gone away. I've looked it through
> > and don't see problems with it. The only two-lines fix regarding
> > variable initializing may be relevant (see v9). Tests pass and CI is
> > also happy with it. I'd like to set it ready for committer if no
> > objections.
>
> Thank you, Pavel.
> I've made few minor improvements in the docs and comments.
> I'm going to push this if no objections.

Pushed, thanks to everyone!

------
Regards,
Alexander Korotkov

Hi, Alexander!
> Pushed, thanks to everyone!

Thank you!
I've found a minor thing that makes the new test fail on sifaka and
longfin build farm animals. If role names in regression don't start
with "regress_" this invokes a warning. I've consulted in other
modules regression tests e.g. in test_rls_hooks and changed the role
naming accordingly. In essence, a fix is just a batch replace in test
SQL and expected results.

Regards,
Pavel.

Hi, Alexander!
> Hi, Alexander!
> > Pushed, thanks to everyone!
>
> Thank you!
> I've found a minor thing that makes the new test fail on sifaka and
> longfin build farm animals. If role names in regression don't start
> with "regress_" this invokes a warning. I've consulted in other
> modules regression tests e.g. in test_rls_hooks and changed the role
> naming accordingly. In essence, a fix is just a batch replace in test
> SQL and expected results.

I see you already pushed the fix for this in beecbe8e5001. So no
worries, it it not needed anymore.

Regards,
Pavel.

On Fri, Dec 9, 2022 at 2:57 PM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> > > Pushed, thanks to everyone!
> >
> > Thank you!
> > I've found a minor thing that makes the new test fail on sifaka and
> > longfin build farm animals. If role names in regression don't start
> > with "regress_" this invokes a warning. I've consulted in other
> > modules regression tests e.g. in test_rls_hooks and changed the role
> > naming accordingly. In essence, a fix is just a batch replace in test
> > SQL and expected results.
>
> I see you already pushed the fix for this in beecbe8e5001. So no
> worries, it it not needed anymore.

OK.  Thank you for keeping eyes on buildfarm.

------
Regards,
Alexander Korotkov

On Fri, Dec 09, 2022 at 01:23:56PM +0300, Alexander Korotkov wrote:
> Pushed, thanks to everyone!

FYI: this causes meson test running ("installcheck") fail when run
twice.  I guess that's expected to work, per:

b62303794efd97f2afb55f1e1b82fffae2cf8a2d
f31111bbe81db0e84fb486c6423a234c47091b30
6928484bda454f9ab2456d385b2d317f18b6bf1a
072710dff3eef4540f1c64d07890eb128535e212
b22b770683806db0a1c0a52a4601a3b6755891e0

-- 
Justin

Justin Pryzby <pryzby@telsasoft.com> writes:
> FYI: this causes meson test running ("installcheck") fail when run
> twice.  I guess that's expected to work, per:

We do indeed expect that to work ... but I don't see any problem
with repeat "make installcheck" on HEAD.  Can you provide more
detail about what you're seeing?

            regards, tom lane

On Tue, Dec 27, 2022 at 01:58:14AM -0500, Tom Lane wrote:
> Justin Pryzby <pryzby@telsasoft.com> writes:
> > FYI: this causes meson test running ("installcheck") fail when run
> > twice.  I guess that's expected to work, per:
> 
> We do indeed expect that to work ... but I don't see any problem
> with repeat "make installcheck" on HEAD.  Can you provide more
> detail about what you're seeing?

This fails when run more than once:
time meson test --setup running --print test_pg_db_role_setting-running/regress

@@ -1,12 +1,13 @@
 CREATE EXTENSION test_pg_db_role_setting;
 CREATE USER regress_super_user SUPERUSER;
+ERROR:  role "regress_super_user" already exists
 CREATE USER regress_regular_user;
+ERROR:  role "regress_regular_user" already exists
...

It didn't fail for you because it says:

./src/test/modules/test_pg_db_role_setting/Makefile
+# disable installcheck for now
+NO_INSTALLCHECK = 1

It also says:
+# and also for now force NO_LOCALE and UTF8
+ENCODING = UTF8
+NO_LOCALE = 1

which was evidently copied from the "oat" tests, which have said that
since March (5b29a9f77, 7c51b7f7c).

It fails the same way with "make" if you change it to not disable
installcheck:

EXTRA_REGRESS_OPTS="--bindir=`pwd`/tmp_install/usr/local/pgsql/bin" PGHOST=/tmp make installcheck -C
src/test/modules/test_pg_db_role_setting

-- 
Justin

Justin Pryzby <pryzby@telsasoft.com> writes:
> This fails when run more than once:
> time meson test --setup running --print test_pg_db_role_setting-running/regress

Ah.

> It didn't fail for you because it says:
> ./src/test/modules/test_pg_db_role_setting/Makefile
> +# disable installcheck for now
> +NO_INSTALLCHECK = 1

So ... exactly why is the meson infrastructure failing to honor that?
This test looks sufficiently careless about its side-effects that
I completely agree with the decision to not run it in pre-existing
installations.  Failing to drop a created superuser is just one of
its risk factors --- it also leaves around pg_db_role_setting entries.

            regards, tom lane

On Tue, Dec 27, 2022 at 11:29:40PM -0500, Tom Lane wrote:
> Justin Pryzby <pryzby@telsasoft.com> writes:
> > This fails when run more than once:
> > time meson test --setup running --print test_pg_db_role_setting-running/regress
> 
> Ah.
> 
> > It didn't fail for you because it says:
> > ./src/test/modules/test_pg_db_role_setting/Makefile
> > +# disable installcheck for now
> > +NO_INSTALLCHECK = 1
> 
> So ... exactly why is the meson infrastructure failing to honor that?
> This test looks sufficiently careless about its side-effects that
> I completely agree with the decision to not run it in pre-existing
> installations.  Failing to drop a created superuser is just one of
> its risk factors --- it also leaves around pg_db_role_setting entries.

Meson doesn't try to parse the Makefiles (like the MSVC scripts) but
(since 3f0e786ccb) has its own implementation, which involves setting
'runningcheck': false.

096dd80f3c seems to have copied the NO_INSTALLCHECK from oat's makefile,
but didn't copy "runningcheck" from oat's meson.build (but did copy its
regress_args).

-- 
Justin

Hi, Justin!

On Wed, 28 Dec 2022 at 21:28, Justin Pryzby <pryzby@telsasoft.com> wrote:
>
> On Tue, Dec 27, 2022 at 11:29:40PM -0500, Tom Lane wrote:
> > Justin Pryzby <pryzby@telsasoft.com> writes:
> > > This fails when run more than once:
> > > time meson test --setup running --print test_pg_db_role_setting-running/regress
> >
> > Ah.
> >
> > > It didn't fail for you because it says:
> > > ./src/test/modules/test_pg_db_role_setting/Makefile
> > > +# disable installcheck for now
> > > +NO_INSTALLCHECK = 1
> >
> > So ... exactly why is the meson infrastructure failing to honor that?
> > This test looks sufficiently careless about its side-effects that
> > I completely agree with the decision to not run it in pre-existing
> > installations.  Failing to drop a created superuser is just one of
> > its risk factors --- it also leaves around pg_db_role_setting entries.
>
> Meson doesn't try to parse the Makefiles (like the MSVC scripts) but
> (since 3f0e786ccb) has its own implementation, which involves setting
> 'runningcheck': false.
>
> 096dd80f3c seems to have copied the NO_INSTALLCHECK from oat's makefile,
> but didn't copy "runningcheck" from oat's meson.build (but did copy its
> regress_args).

I completely agree with your analysis. Fixes by 3f0e786ccbf5 to oat
and the other modules tests came just a couple of days before
committing the main pg_db_role_setting commit 096dd80f3c so they were
forgotten to be included into it.

I support committing the same fix to pg_db_role_setting test and added
this minor fix as a patch to this thread.

Kind regards, and happy New year!
Pavel Borisov,
Supabase.

Justin, Tom, Pavel, thank you for catching this.

On Mon, Jan 2, 2023 at 11:54 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> I completely agree with your analysis. Fixes by 3f0e786ccbf5 to oat
> and the other modules tests came just a couple of days before
> committing the main pg_db_role_setting commit 096dd80f3c so they were
> forgotten to be included into it.
>
> I support committing the same fix to pg_db_role_setting test and added
> this minor fix as a patch to this thread.

I'm going to push this if no objections.

> Kind regards, and happy New year!

Thanks, and happy New Year to you!

------
Regards,
Alexander Korotkov

On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> I'm going to push this if no objections.

I also suggest that meson.build should not copy regress_args.

-- 
Justin

On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > I'm going to push this if no objections.
>
> I also suggest that meson.build should not copy regress_args.

Good point, thanks.

------
Regards,
Alexander Korotkov

On Tue, 3 Jan 2023 at 09:29, Alexander Korotkov <aekorotkov@gmail.com> wrote:
>
> On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > I'm going to push this if no objections.
> >
> > I also suggest that meson.build should not copy regress_args.
>
> Good point, thanks.
Nice, thanks!
Isn't there the same reason to remove regress_args from meson.build in
oat's test and possibly from other modules with runningcheck=false?

Regards,
Pavel Borisov

On Tue, Jan 3, 2023 at 11:51 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> On Tue, 3 Jan 2023 at 09:29, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> >
> > On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > > I'm going to push this if no objections.
> > >
> > > I also suggest that meson.build should not copy regress_args.
> >
> > Good point, thanks.
> Nice, thanks!
> Isn't there the same reason to remove regress_args from meson.build in
> oat's test and possibly from other modules with runningcheck=false?

This makes sense to me too.  I don't see anything specific in oat's
regression test that requires setting regress_args.

------
Regards,
Alexander Korotkov

Hi, Alexander!

On Tue, 3 Jan 2023 at 13:48, Alexander Korotkov <aekorotkov@gmail.com> wrote:
>
> On Tue, Jan 3, 2023 at 11:51 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> > On Tue, 3 Jan 2023 at 09:29, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > >
> > > On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > > > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > > > I'm going to push this if no objections.
> > > >
> > > > I also suggest that meson.build should not copy regress_args.
> > >
> > > Good point, thanks.
> > Nice, thanks!
> > Isn't there the same reason to remove regress_args from meson.build in
> > oat's test and possibly from other modules with runningcheck=false?
>
> This makes sense to me too.  I don't see anything specific in oat's
> regression test that requires setting regress_args.
Yes, it seems so.
Regress args in oat's Makefile are added as a response to a buildfarm
issues by 7c51b7f7cc08. They seem unneeded to be copied into
meson.build with runningcheck=false. I may mistake but it seems to me
that removing regress_args from meson.build with runningcheck=false is
just to make it neat, not for functionality. So I consider fixing it
in pg_db_role_setting, oat, or both of them optional.

Regards,
Pavel Borisov.

On Tue, Jan 03, 2023 at 02:20:38PM +0300, Pavel Borisov wrote:
> Hi, Alexander!
> 
> On Tue, 3 Jan 2023 at 13:48, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> >
> > On Tue, Jan 3, 2023 at 11:51 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> > > On Tue, 3 Jan 2023 at 09:29, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > > >
> > > > On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > > > > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > > > > I'm going to push this if no objections.
> > > > >
> > > > > I also suggest that meson.build should not copy regress_args.
> > > >
> > > > Good point, thanks.
> > > Nice, thanks!
> > > Isn't there the same reason to remove regress_args from meson.build in
> > > oat's test and possibly from other modules with runningcheck=false?
> >
> > This makes sense to me too.  I don't see anything specific in oat's
> > regression test that requires setting regress_args.
> Yes, it seems so.
> Regress args in oat's Makefile are added as a response to a buildfarm
> issues by 7c51b7f7cc08. They seem unneeded to be copied into
> meson.build with runningcheck=false. I may mistake but it seems to me
> that removing regress_args from meson.build with runningcheck=false is
> just to make it neat, not for functionality. So I consider fixing it
> in pg_db_role_setting, oat, or both of them optional.

Right - my suggestion is to "uncopy" them from pg_db_role_setting, where
they serve no purpose, since they shouldn't have been copied originally.

On Tue, Jan 03, 2023 at 09:29:00AM +0300, Alexander Korotkov wrote:
> On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > I'm going to push this if no objections.
> >
> > I also suggest that meson.build should not copy regress_args.
> 
> Good point, thanks.

I should've mentioned that the same things should be removed from
Makefile, too...

-- 
Justin

On Tue, 3 Jan 2023 at 17:28, Justin Pryzby <pryzby@telsasoft.com> wrote:
>
> On Tue, Jan 03, 2023 at 02:20:38PM +0300, Pavel Borisov wrote:
> > Hi, Alexander!
> >
> > On Tue, 3 Jan 2023 at 13:48, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > >
> > > On Tue, Jan 3, 2023 at 11:51 AM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> > > > On Tue, 3 Jan 2023 at 09:29, Alexander Korotkov <aekorotkov@gmail.com> wrote:
> > > > >
> > > > > On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > > > > > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > > > > > I'm going to push this if no objections.
> > > > > >
> > > > > > I also suggest that meson.build should not copy regress_args.
> > > > >
> > > > > Good point, thanks.
> > > > Nice, thanks!
> > > > Isn't there the same reason to remove regress_args from meson.build in
> > > > oat's test and possibly from other modules with runningcheck=false?
> > >
> > > This makes sense to me too.  I don't see anything specific in oat's
> > > regression test that requires setting regress_args.
> > Yes, it seems so.
> > Regress args in oat's Makefile are added as a response to a buildfarm
> > issues by 7c51b7f7cc08. They seem unneeded to be copied into
> > meson.build with runningcheck=false. I may mistake but it seems to me
> > that removing regress_args from meson.build with runningcheck=false is
> > just to make it neat, not for functionality. So I consider fixing it
> > in pg_db_role_setting, oat, or both of them optional.
>
> Right - my suggestion is to "uncopy" them from pg_db_role_setting, where
> they serve no purpose, since they shouldn't have been copied originally.
>
> On Tue, Jan 03, 2023 at 09:29:00AM +0300, Alexander Korotkov wrote:
> > On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > > On Mon, Jan 02, 2023 at 06:14:48PM +0300, Alexander Korotkov wrote:
> > > > I'm going to push this if no objections.
> > >
> > > I also suggest that meson.build should not copy regress_args.
> >
> > Good point, thanks.
>
> I should've mentioned that the same things should be removed from
> Makefile, too...
>
> --
Thanks, Justin!
Attached is a new patch accordingly.

Regards,
Pavel Borisov!

On Tue, Jan 3, 2023 at 5:28 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> On Tue, Jan 03, 2023 at 09:29:00AM +0300, Alexander Korotkov wrote:
> > On Mon, Jan 2, 2023 at 6:42 PM Justin Pryzby <pryzby@telsasoft.com> wrote:
> > > I also suggest that meson.build should not copy regress_args.
> >
> > Good point, thanks.
>
> I should've mentioned that the same things should be removed from
> Makefile, too...

This makes sense too.  See the attached patchset.

------
Regards,
Alexander Korotkov

On Tue, Jan 3, 2023 at 5:41 PM Pavel Borisov <pashkin.elfe@gmail.com> wrote:
> On Tue, 3 Jan 2023 at 17:28, Justin Pryzby <pryzby@telsasoft.com> wrote:
> > I should've mentioned that the same things should be removed from
> > Makefile, too...
> >
> Thanks, Justin!
> Attached is a new patch accordingly.

Thank you.  I've pushed my version, which is split into two commits.

------
Regards,
Alexander Korotkov