Hi,
On 10/17/22 4:07 AM, Michael Paquier wrote:
On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote:
Right. Giving a second thought to the non matching case, I think I'd prefer
to concatenate the system_user to the system_user instead. This is what v2
does.
Fine by me, so
Hi,
On 10/15/22 5:11 AM, Michael Paquier wrote:
On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote:
while working on [1], I thought it could also be useful to add regular
expression testing for user name mapping in the peer authentication TAP
test.
Good idea now that we have
Hi hackers,
while working on [1], I thought it could also be useful to add regular
expression testing for user name mapping in the peer authentication TAP
test.
This kind of test already exists in kerberos/t/001_auth.pl but the
proposed one in the peer authentication testing would probably
Hi,
On 10/14/22 7:30 AM, Michael Paquier wrote:
On Wed, Oct 12, 2022 at 08:17:14AM +0200, Drouvot, Bertrand wrote:
Indeed, ;-)
So, I have spent the last two days looking at all that, studying the
structure of the patch and the existing HEAD code,
Thanks!
The code could be split to tackle
Hi,
On 10/14/22 8:18 AM, Michael Paquier wrote:
On Fri, Oct 14, 2022 at 02:30:25PM +0900, Michael Paquier wrote:
First, as of HEAD, AuthToken is only used for elements in a list of
role and database names in hba.conf before filling in each HbaLine,
hence we limit its usage to the initial
Hi,
On 10/11/22 8:29 AM, Michael Paquier wrote:
On Mon, Oct 10, 2022 at 09:00:06AM +0200, Drouvot, Bertrand wrote:
foreach(cell, tokens)
{
[...]
+ tokreg = lfirst(cell);
+ if (!token_is_regexp(tokreg
Hi,
On 10/7/22 6:13 AM, Michael Paquier wrote:
On Thu, Oct 06, 2022 at 11:51:52PM -0400, Tom Lane wrote:
I've been thinking since the beginning of this thread that there
was no coherent, defensible rationale being offered for jumbling
some utility statements and not others.
Yeah. The
Hi,
On 10/6/22 2:53 AM, Michael Paquier wrote:
On Wed, Oct 05, 2022 at 03:32:20PM +0200, Drouvot, Bertrand wrote:
On 10/5/22 9:24 AM, Michael Paquier wrote:
- test_role() -> test_conn() to be able to pass down a database name.
- reset_pg_hba() to control the host, db and user parts. The h
Hi,
On 10/5/22 9:24 AM, Michael Paquier wrote:
On Tue, Sep 20, 2022 at 01:33:09PM +0200, Drouvot, Bertrand wrote:
Anyway, I have looked at the patch.
+ List *roles_re;
+ List *databases_re;
+ regex_thostname_re;
I am surprised by the approach of using separate lists
On 10/6/22 2:28 PM, Julien Rouhaud wrote:
On Thu, Oct 06, 2022 at 02:19:32PM +0200, Drouvot, Bertrand wrote:
On 10/6/22 1:18 PM, Julien Rouhaud wrote:
so
nothing should rely on how exactly someone spelled it. This is also the case
for our core jumbling code, where we guarantee
Hi,
On 10/6/22 1:18 PM, Julien Rouhaud wrote:
Hi,
On Thu, Oct 06, 2022 at 12:57:17PM +0200, Drouvot, Bertrand wrote:
Hi hackers,
"SET local" is currently recorded in VariableSetStmt (with the boolean
is_local) but "SET session" is not.
Please find attached a patch pro
Hi hackers,
"SET local" is currently recorded in VariableSetStmt (with the boolean
is_local) but "SET session" is not.
Please find attached a patch proposal to also record "SET session" so
that VariableSetStmt records all the cases.
Remark: Recording "SET session" will also help for the
Hi,
On 10/6/22 8:39 AM, Michael Paquier wrote:
On Mon, Sep 19, 2022 at 08:29:22AM +0200, Drouvot, Bertrand wrote:
Please find attached v6 taking care of the remarks mentioned above.
+case T_VariableSetStmt:
+{
+VariableSetStmt *stmt = (VariableSetStmt
Hi,
On 9/26/22 12:40 PM, Drouvot, Bertrand wrote:
let's add it in V7 attached
(that's safer should the code change later on).
Attached a tiny rebase needed due to 249b0409b1.
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https
Hi,
On 10/5/22 9:24 AM, Michael Paquier wrote:
Something that stood out on a first review is the refactoring of
001_password.pl that can be done independently of the main patch:
Good idea, thanks for the proposal.
- test_role() -> test_conn() to be able to pass down a database name.
-
Hi,
On 10/3/22 9:46 AM, Michael Paquier wrote:
On Fri, Sep 30, 2022 at 07:51:29PM +0200, Drouvot, Bertrand wrote:
Agree that it could be simplified, thanks for the hints!
Attached a simplified version.
While looking at that, I have noticed that it is possible to reduce
the number
Hi,
On 9/30/22 2:00 AM, Michael Paquier wrote:
On Wed, Sep 28, 2022 at 04:24:44PM +0900, Michael Paquier wrote:
Hmm, indeed. It would be more reliable to rely on the contents
returned by getpeereid()/getpwuid() after one successful peer
connection, then use it in the map. I was wondering
Hi,
On 9/30/22 1:32 PM, Bharath Rupireddy wrote:
On Fri, Sep 30, 2022 at 1:07 PM Drouvot, Bertrand
wrote:
Hi,
While resuming the work on [1] I noticed that:
- there is an unused parameter in log_heap_visible()
- the comment associated to the function is not in "sync" with t
Hi,
On 7/6/22 3:30 PM, Drouvot, Bertrand wrote:
Hi,
On 10/28/21 11:07 PM, Andres Freund wrote:
Hi,
On 2021-10-28 16:24:22 -0400, Robert Haas wrote:
On Wed, Oct 27, 2021 at 2:56 AM Drouvot, Bertrand
wrote:
So you have in mind to check for XLogLogicalInfoActive() first, and
if true
Hi,
While resuming the work on [1] I noticed that:
- there is an unused parameter in log_heap_visible()
- the comment associated to the function is not in "sync" with the
current implementation (referring a "block" that is not involved anymore)
Attached a tiny patch as an attempt to address
Hi,
On 9/29/22 8:12 AM, Michael Paquier wrote:
On Wed, Sep 28, 2022 at 12:58:48PM +0200, Drouvot, Bertrand wrote:
I had a look at v5 and it does look good to me.
Okay, cool. I have spent some time today doing a last pass over it
and an extra round of tests. Things looked fine, so applied
Hi,
On 9/28/22 5:28 AM, Michael Paquier wrote:
On Tue, Sep 27, 2022 at 03:38:49PM -0700, Jacob Champion wrote:
On 9/26/22 06:29, Drouvot, Bertrand wrote:
Since there are only internal clients to the API, I'd argue this makes
more sense as an Assert(authn_id != NULL), but I don't think it's
Hi,
On 9/28/22 7:52 AM, Michael Paquier wrote:
On Fri, Aug 26, 2022 at 10:43:43AM +0200, Drouvot, Bertrand wrote:
During the work in [1] we created a new TAP test to test the SYSTEM_USER
behavior with peer authentication.
It turns out that there is currently no TAP test for the peer
Hi,
On 9/8/22 3:17 AM, Michael Paquier wrote:
On Wed, Sep 07, 2022 at 08:48:43AM -0700, Jacob Champion wrote:
We could pass the bare auth_method index, or update the documentation
for auth_method to state that it's guaranteed to be zero if authn_id is
NULL (and then enforce that).
Hi,
On 9/26/22 10:23 AM, Drouvot, Bertrand wrote:
Hi,
On 9/23/22 10:45 PM, Andres Freund wrote:
Hi,
On 2022-09-01 08:40:54 +0200, Drouvot, Bertrand wrote:
Thanks for the suggestion, I'm coming up with this proposal in v4
attached:
I pushed the bugfix / related test portion to 15
Hi,
On 9/7/22 5:48 PM, Jacob Champion wrote:
On 9/7/22 07:46, Drouvot, Bertrand wrote:
Except the Nit above, that looks all good to me.
A few additional comments:
+assigned a database role. It is represented as
+auth_method:identity or
+NULL if the user has not been
Hi,
On 9/21/22 6:07 PM, Fujii Masao wrote:
On 2022/09/19 15:29, Drouvot, Bertrand wrote:
Please find attached v6 taking care of the remarks mentioned above.
Thanks for updating the patch!
+SET pg_stat_statements.track_utility = TRUE;
+
+-- PL/pgSQL procedure and pg_stat_statements.track
Hi,
On 9/23/22 10:45 PM, Andres Freund wrote:
Hi,
On 2022-09-01 08:40:54 +0200, Drouvot, Bertrand wrote:
Thanks for the suggestion, I'm coming up with this proposal in v4 attached:
I pushed the bugfix / related test portion to 15, master. Thanks!
Thanks!
I left the replication
Hi,
On 9/20/22 6:30 AM, Michael Paquier wrote:
On Tue, Sep 20, 2022 at 12:09:33AM -0400, Tom Lane wrote:
You have to assume that somebody (a) has a role or DB name starting
with slash, (b) has an explicit reference to that name in their
pg_hba.conf, (c) doesn't read the release notes, and (d)
Hi,
On 9/17/22 6:10 PM, Andres Freund wrote:
Hi,
On 2022-09-07 11:11:11 +0200, Drouvot, Bertrand wrote:
On 9/6/22 7:53 AM, Kyotaro Horiguchi wrote:
At Mon, 5 Sep 2022 14:46:55 +0200, "Drouvot, Bertrand"
wrote in
Looks like that both approaches have their pros and cons. I'm tempt
Hi,
On 9/17/22 8:53 AM, Michael Paquier wrote:
On Fri, Sep 16, 2022 at 06:24:07PM +0200, Drouvot, Bertrand wrote:
The CF bot is failing for Windows (all other tests are green) and only for
the new tap test related to the regular expression on the host name (the
ones on database and role
Hi,
On 9/16/22 5:47 PM, Drouvot, Bertrand wrote:
Hi,
On 9/16/22 2:53 PM, Fujii Masao wrote:
Attached v5 to normalize 2PC commands too, so that we get things like:
+ case T_VariableSetStmt:
+ {
+ VariableSetStmt *stmt = (VariableSetStmt *) node
Hi,
On 9/12/22 9:55 AM, Drouvot, Bertrand wrote:
Hi,
On 9/10/22 1:21 AM, Jacob Champion wrote:
On 8/19/22 01:12, Drouvot, Bertrand wrote:
+ wstr = palloc((strlen(tok->string + 1) + 1) * sizeof(pg_wchar));
+ wlen = pg_mb2wchar_with_len(tok->stri
Hi,
On 9/16/22 2:53 PM, Fujii Masao wrote:
Attached v5 to normalize 2PC commands too, so that we get things like:
+ case T_VariableSetStmt:
+ {
+ VariableSetStmt *stmt = (VariableSetStmt *) node;
+
+ /* stmt->name is NULL for RESET ALL */
+
Hi,
On 9/13/22 6:33 AM, Julien Rouhaud wrote:
Hi,
On Tue, Sep 13, 2022 at 11:43:52AM +0900, bt22kawamotok wrote:
I found that utility statement is counted separately in upper and lower
case.
For example BEGIN and begin are counted separately.
Is it difficult to fix this problem?
This is a
Hi hackers,
During the work in [1] we created a new TAP test to test the SYSTEM_USER
behavior with peer authentication.
It turns out that there is currently no TAP test for the peer
authentication, so we think (thanks Michael for the suggestion [2]) that
it's better to split the work in [1]
Hi,
On 8/18/22 9:51 PM, Andres Freund wrote:
Hi,
On 2022-08-18 15:26:31 -0400, Greg Stark wrote:
And indexes of course. It's a bit frustrating since without the
catalog you won't know what table the index actually is for... But
they're pretty important stats.
FWIW, I think we should split
Hi,
On 8/16/22 10:10 AM, Bharath Rupireddy wrote:
On Tue, Aug 16, 2022 at 1:31 PM Drouvot, Bertrand wrote:
On 8/14/22 7:52 AM, Gurjeet Singh wrote:
On Mon, Aug 8, 2022 at 3:51 AM Drouvot, Bertrand wrote:
I think we can reduce the number of places the hook is called, if we
call the hook from
Hi,
On 8/12/22 12:28 AM, Jacob Champion wrote:
On Wed, Aug 10, 2022 at 10:48 PM Drouvot, Bertrand wrote:
What do you think about adding a second field in ClientConnectionInfo
for the auth method (as suggested by Michael upthread)?
Sure -- without a followup patch, it's not really tested
Hi,
On 8/10/22 11:25 PM, Greg Stark wrote:
On Wed, 10 Aug 2022 at 04:05, Drouvot, Bertrand wrote:
Hi,
On 8/9/22 6:00 PM, Greg Stark wrote:
On Tue, 9 Aug 2022 at 06:19, Drouvot, Bertrand wrote:
What do you think about adding a function in core PG to provide such
functionality? (means being
Hi,
On 7/6/22 12:11 AM, Joe Conway wrote:
On 7/5/22 03:37, Bharath Rupireddy wrote:
On Mon, Jul 4, 2022 at 6:23 PM Drouvot, Bertrand
wrote:
On 7/2/22 1:00 AM, Nathan Bossart wrote:
> Could we model this after fmgr_hook? The first argument in that hook
> indicates where it is being
Hi hackers,
While commit 960869da08 added some information about connections that
have been successfully authenticated, there is no metrics for
connections that have not (or did not reached the authentication stage).
Adding metrics about failed connections attempts could also help, for
Hi hackers,
The SYSTEM_USER is a sql reserved word as mentioned in [1] and is
currently not implemented.
Please find attached a patch proposal to make use of the SYSTEM_USER so
that it returns the authenticated identity (if any) (aka authn_id in the
Port struct).
Indeed in some
On 12/9/19, 10:10 AM, "Tomas Vondra" wrote:
>On Wed, Dec 04, 2019 at 05:36:16PM -0800, Jeremy Schneider wrote:
>>On 9/8/19 14:01, Tom Lane wrote:
>>> Fix RelationIdGetRelation calls that weren't bothering with error
checks.
>>>
>>> ...
>>>
>>> Details
>>> ---
401 - 444 of 444 matches
Mail list logo
