On Mon, Feb 13, 2023 at 03:13:04PM +0100, Jelte Fennema wrote: > On Mon, 13 Feb 2023 at 15:06, Pavel Luzanov <p.luza...@postgrespro.ru> wrote: >> Does it make sense to reflect changes to the PG-USERNAME field in the >> pg_ident.conf.sample file? >> >> The same relates to the regexp supportin the DATABASE and USER fieldsof >> the pg_hba.conf.sample file(8fea8683).
Which comes down to blame me for both of them. > That definitely makes sense to me. When writing the patch I didn't > realise that there was also documentation in those files. > > I think it also makes sense to include usage of (some of) the features > in the example files here: > https://www.postgresql.org/docs/devel/auth-username-maps.html Hmm, I am not sure that adding more examples in the sample files is worth the duplication with the docs. So, please find attached a patch to close the gap the sample files, for both things, with descriptions of all the field values they can use. What do you think? -- Michael
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample index 095e3b4cc0..fc448b5b7e 100644 --- a/src/backend/libpq/pg_hba.conf.sample +++ b/src/backend/libpq/pg_hba.conf.sample @@ -31,14 +31,15 @@ # - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted # # DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). +# database name, a regular expression (if it starts with a slash (/)) +# or a comma-separated list thereof. The "all" keyword does not match +# "replication". Access to replication must be enabled in a separate +# record (see example below). # -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. +# USER can be "all", a user name, a group name prefixed with "+", a +# regular expression (if it starts with a slash (/)) or a comma-separated +# list thereof. In both the DATABASE and USER fields you can also write +# a file name prefixed with "@" to include names from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is diff --git a/src/backend/libpq/pg_ident.conf.sample b/src/backend/libpq/pg_ident.conf.sample index 5d32684b28..f5225f26cd 100644 --- a/src/backend/libpq/pg_ident.conf.sample +++ b/src/backend/libpq/pg_ident.conf.sample @@ -29,6 +29,10 @@ # will be substituted for \1 (backslash-one) if present in # PG-USERNAME. # +# PG-USERNAME can be "all", a user name, a group name prefixed with "+", or +# a regular expression (if it starts with a slash (/)). If it is a regular +# expression, the substring matching with \1 has no effect. +# # Multiple maps may be specified in this file and used by pg_hba.conf. # # No map names are defined in the default configuration. If all
signature.asc
Description: PGP signature
