Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 05/16/2015 06:00 AM, Haribabu Kommi wrote: >Regarding "next version"- are you referring to 9.6 and therefore we >should go ahead and bounce this to the next CF, or were you planning to >post a "next version" of the patch today? Yes, for 9.6 version. No new patch emerged that could be review

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, May 15, 2015 at 11:24 PM, Stephen Frost wrote: > * Haribabu Kommi (kommi.harib...@gmail.com) wrote: >> On Tue, May 5, 2015 at 6:48 AM, Peter Eisentraut wrote: >> > It still looks quite dubious to me. >> > >> > The more I test this, the more fond I grow of the idea of having this >> > info

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Haribabu Kommi (kommi.harib...@gmail.com) wrote: > On Tue, May 5, 2015 at 6:48 AM, Peter Eisentraut wrote: > > On 5/1/15 12:33 PM, Andres Freund wrote: > >> On 2015-04-08 19:19:29 +0100, Greg Stark wrote: > >>> I'm not sure what the best way to handle the hand-off from patch > >>> contribution t

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Tue, May 5, 2015 at 6:48 AM, Peter Eisentraut wrote: > On 5/1/15 12:33 PM, Andres Freund wrote: >> On 2015-04-08 19:19:29 +0100, Greg Stark wrote: >>> I'm not sure what the best way to handle the hand-off from patch >>> contribution to reviewer/committer. If I start tweaking things then >>> you

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 5/1/15 12:33 PM, Andres Freund wrote: > On 2015-04-08 19:19:29 +0100, Greg Stark wrote: >> I'm not sure what the best way to handle the hand-off from patch >> contribution to reviewer/committer. If I start tweaking things then >> you send in a new version it's actually more work to resolve the >

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 2015-04-08 19:19:29 +0100, Greg Stark wrote: > I'm not sure what the best way to handle the hand-off from patch > contribution to reviewer/committer. If I start tweaking things then > you send in a new version it's actually more work to resolve the > conflicts. I think at this point it's easiest

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

I'm not sure what the best way to handle the hand-off from patch contribution to reviewer/committer. If I start tweaking things then you send in a new version it's actually more work to resolve the conflicts. I think at this point it's easiest if I just take it from here. I'm puzzled about the cha

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-04-04 15:29 GMT+02:00 Haribabu Kommi : > On Sat, Apr 4, 2015 at 4:19 PM, Pavel Stehule > wrote: > > Hi > > > > 2015-03-31 14:38 GMT+02:00 Haribabu Kommi : > >> > >> keyword_databases - The database name can be "all", "replication", > >> sameuser", "samerole" and "samegroup". > >> keyword_rol

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Sat, Apr 4, 2015 at 4:19 PM, Pavel Stehule wrote: > Hi > > 2015-03-31 14:38 GMT+02:00 Haribabu Kommi : >> >> keyword_databases - The database name can be "all", "replication", >> sameuser", "samerole" and "samegroup". >> keyword_roles - The role can be "all" and a group name prefixed with "+".

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi 2015-03-31 14:38 GMT+02:00 Haribabu Kommi : > On Mon, Mar 30, 2015 at 4:34 AM, Pavel Stehule > wrote: > > Hi > > > > I checked this patch. I like the functionality and behave. > > Thanks for the review. > > Here I attached updated patch with the following changes. > > 1. Addition of two new k

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 30, 2015 at 4:34 AM, Pavel Stehule wrote: > Hi > > I checked this patch. I like the functionality and behave. Thanks for the review. Here I attached updated patch with the following changes. 1. Addition of two new keyword columns keyword_databases - The database name can be "all",

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi I checked this patch. I like the functionality and behave. There is minor issue with outdated regress test test rules... FAILED I have no objections. Regards Pavel 2015-03-27 9:23 GMT+01:00 Haribabu Kommi : > On Fri, Mar 13, 2015 at 1:33 PM, Peter Eisentraut wrote:

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Mar 13, 2015 at 1:33 PM, Peter Eisentraut wrote: > On 3/4/15 1:34 AM, Haribabu Kommi wrote: >> On Wed, Mar 4, 2015 at 12:35 PM, Haribabu Kommi >> wrote: >>> + foreach(line, parsed_hba_lines) >>> >>> In the above for loop it is better to add "check_for_interrupts" to >>> avoid it looping >

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 16, 2015 at 11:11 AM, Greg Stark wrote: > > On Mon, Mar 16, 2015 at 5:46 PM, David G. Johnston < > david.g.johns...@gmail.com> wrote: > >> ​Why not just leave the double-quoting requirements intact. An unquoted >> or (etc) would represent the special keyword while the >> quoted ver

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 16, 2015 at 5:46 PM, David G. Johnston < david.g.johns...@gmail.com> wrote: > ​Why not just leave the double-quoting requirements intact. An unquoted > or (etc) would represent the special keyword while the > quoted version would mean that the name is used literally. > For users th

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 16, 2015 at 1:46 PM, David G. Johnston wrote: > Why not just leave the double-quoting requirements intact. An unquoted > or (etc) would represent the special keyword while the > quoted version would mean that the name is used literally. That would be OK with me, I think. > I'm not

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 16, 2015 at 9:29 AM, Alvaro Herrera wrote: > Robert Haas wrote: > > On Wed, Mar 11, 2015 at 1:32 PM, Greg Stark wrote: > > > I think what we have here is already a good semantic representation. It > > > doesn't handle all the corner cases but those corner cases are a) very > > > unli

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 16, 2015 at 4:29 PM, Alvaro Herrera wrote: > +1 what Robert said. I think the additional "keyword" columns are a > good solution to the issue. > Huh. Well I disagree but obviously I'm in the minority. I'll put fix it up accordingly today and post the resulting view output (which I e

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Robert Haas wrote: > On Wed, Mar 11, 2015 at 1:32 PM, Greg Stark wrote: > > I think what we have here is already a good semantic representation. It > > doesn't handle all the corner cases but those corner cases are a) very > > unlikely and b) easy to check for. A tool can check for any users start

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 11, 2015 at 1:32 PM, Greg Stark wrote: > I think what we have here is already a good semantic representation. It > doesn't handle all the corner cases but those corner cases are a) very > unlikely and b) easy to check for. A tool can check for any users starting > with + or named "all"

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 3/4/15 1:34 AM, Haribabu Kommi wrote: > On Wed, Mar 4, 2015 at 12:35 PM, Haribabu Kommi > wrote: >> + foreach(line, parsed_hba_lines) >> >> In the above for loop it is better to add "check_for_interrupts" to >> avoid it looping >> if the parsed_hba_lines are more. > > Updated patch is attached

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Mar 6, 2015 at 3:11 AM, Peter Eisentraut wrote: > The point is, it should be one or the other (or both), not something in > the middle. > > It's either a textual representation of the file or a semantic one. If > it's the latter, then all user names, group names, and special key words >

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 3/5/15 9:42 AM, Greg Stark wrote: > Well if you want to read the file as is you can do so using the file > reading functions which afaik were specifically intended for the > purpose of writing config editing tools. Sure, but those things are almost never installed by default, and I don't want t

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 9:41 PM, Peter Eisentraut wrote: > everyone seems to have quite different uses for it. Greg wants to join > against other catalog tables, Jim wants to reassemble a valid and > accurate pg_hba.conf, Josh wants to write an editing tool. Personally, > I'd like to see somethin

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-03-04 22:41 GMT+01:00 Peter Eisentraut : > On 3/3/15 7:17 PM, Jim Nasby wrote: > > I think we're screwed in that regard anyway, because of the special > > constructs. You'd need different logic to handle things like +role and > > sameuser. We might even end up painted in a corner where we can

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 3/3/15 7:17 PM, Jim Nasby wrote: > I think we're screwed in that regard anyway, because of the special > constructs. You'd need different logic to handle things like +role and > sameuser. We might even end up painted in a corner where we can't change > it in the future because it'll break everyo

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 1:35 AM, Haribabu Kommi wrote: > I feel there is no problem of current pg_hba reloads, because the > check_for_interrupts > doesn't reload the conf files. It will be done in the "postgresMain" > function once the > query finishes. Am I missing something? Ah, no I guess that

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 12:35 PM, Haribabu Kommi wrote: > + foreach(line, parsed_hba_lines) > > In the above for loop it is better to add "check_for_interrupts" to > avoid it looping > if the parsed_hba_lines are more. Updated patch is attached with the addition of check_for_interrupts in the for

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 03/03/2015 05:07 PM, Greg Stark wrote: > On Wed, Mar 4, 2015 at 12:17 AM, Jim Nasby wrote: >> I can make these changes if you want. > > Personally I'm just not convinced this is worth it. It makes the > catalogs harder for people to read and use and only benefits people > who have users named

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 12:18 PM, Greg Stark wrote: > On Wed, Mar 4, 2015 at 12:34 AM, Haribabu Kommi > wrote: >> Out of curiosity, regarding the result materialize code addition, Any >> way the caller of "hba_settings" function >> "ExecMakeTableFunctionResult" also stores the results in tuple_sto

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 12:34 AM, Haribabu Kommi wrote: > Out of curiosity, regarding the result materialize code addition, Any > way the caller of "hba_settings" function > "ExecMakeTableFunctionResult" also stores the results in tuple_store. > Is there any advantage > doing it in hba_settings fun

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 12:17 AM, Jim Nasby wrote: > I can make these changes if you want. Personally I'm just not convinced this is worth it. It makes the catalogs harder for people to read and use and only benefits people who have users named "all" or databases named "all", "sameuser", or "samer

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Mar 4, 2015 at 5:57 AM, Greg Stark wrote: > On further review I've made a few more changes attached. > > I think we should change the column names to "users" and "databases" > to be clear they're lists and also to avoid the "user" SQL reserved > word. > > I removed the dependency on strlis

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 3/3/15 12:57 PM, Greg Stark wrote: On Tue, Mar 3, 2015 at 6:05 PM, Jim Nasby wrote: What about a separate column that's just the text from pg_hba? Or is that what you're opposed to? I'm not sure what you mean by that. There's a rawline field we could put somewhere but it contains the ent

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Tue, Mar 3, 2015 at 6:05 PM, Jim Nasby wrote: > What about a separate column that's just the text from pg_hba? Or is that > what you're opposed to? I'm not sure what you mean by that. There's a rawline field we could put somewhere but it contains the entire line. > FWIW, I'd say that having

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 3/3/15 9:08 AM, Greg Stark wrote: On Mon, Jun 30, 2014 at 8:06 AM, Abhijit Menon-Sen wrote: After sleeping on it, I realised that the code would return '{all}' for 'all' in pg_hba.conf, but '{"all"}' for '"all"'. So it's not exactly ambiguous, but I don't think it's especially useful for cal

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Jun 30, 2014 at 8:06 AM, Abhijit Menon-Sen wrote: > After sleeping on it, I realised that the code would return '{all}' for > 'all' in pg_hba.conf, but '{"all"}' for '"all"'. So it's not exactly > ambiguous, but I don't think it's especially useful for callers. Hm. Nope, it doesn't. It ju

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 2, 2015 at 7:51 PM, Greg Stark wrote: > Nobody's allocating anything that big. It's a list of 25,000 pointers > to 472-byte structs. That should add up to about 11MB. Instead the > memory context is a total of 954606152 bytes which is still under a > gigabyte and the database does star

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 2, 2015 at 7:42 PM, Stephen Frost wrote: > Uh, maybe because it's trying to allocate over 1GB and palloc() doesn't > support that? Nobody's allocating anything that big. It's a list of 25,000 pointers to 472-byte structs. That should add up to about 11MB. Instead the memory context i

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Greg Stark (st...@mit.edu) wrote: > On Mon, Mar 2, 2015 at 4:36 PM, Greg Stark wrote: > > > > So I didn't get the memo about SFRM_Materialize. Here's a rewrite of this > > using that interface which seems to test ok up to 100k. At that point I > > start running into memory errors on reading th

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Greg Stark wrote: > Hm. I'm wondering why I'm getting out of memory errors now with just > 25k lines in pg_hba.conf. It looks like the HbaLine struct is "only" > 472 bytes so the list should only be occupying about 11MB. In fact > it's occupying about a gigabyte: Maybe it's leaking heavily while

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 2, 2015 at 4:36 PM, Greg Stark wrote: > > So I didn't get the memo about SFRM_Materialize. Here's a rewrite of this > using that interface which seems to test ok up to 100k. At that point I start > running into memory errors on reading the HBA file so I guess that's an > indication

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 2, 2015 at 1:42 PM, Greg Stark wrote: > ​So earlier someone commented that using lists list_nth() seemed odd and a > tuplestore might be better. In fact using lists this way is O(n^2). I've > done some quick tests and it doesn't start being a problem until about > 10,000 lines which o

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

​So earlier someone commented that using lists list_nth() seemed odd and a tuplestore might be better. In fact using lists this way is O(n^2). I've done some quick tests and it doesn't start being a problem until about 10,000 lines which obviously isn't a terribly common way to use pg_hba_settings.

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Greg, * Greg Stark (st...@mit.edu) wrote: > On Mon, Mar 2, 2015 at 6:36 AM, Haribabu Kommi > wrote: > > > Loading pg_hba.conf during SIGHUP in the backends will solve the > > problem of displaying the > > data which is not yet loaded. This change may produce a warning if it > > fails to load pg_

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Mar 2, 2015 at 6:36 AM, Haribabu Kommi wrote: > Loading pg_hba.conf during SIGHUP in the backends will solve the > problem of displaying the > data which is not yet loaded. This change may produce a warning if it > fails to load pg_hba.conf in the backends. > This seems like the right st

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Sat, Feb 28, 2015 at 11:41 AM, Stephen Frost wrote: > Pavel, > > * Pavel Stehule (pavel.steh...@gmail.com) wrote: >> 2015-02-27 22:26 GMT+01:00 Tom Lane : >> > Stephen Frost writes: >> > > Right, we also need a view (or function, or both) which provides what >> > > the *active* configuration o

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-28 3:12 GMT+01:00 Stephen Frost : > * Josh Berkus (j...@agliodbs.com) wrote: > > On 02/27/2015 04:41 PM, Stephen Frost wrote: > > >> we can do copy of pg_hba.conf somewhere when postmaster starts or > when it > > >> is reloaded. > > > > > > Please see my reply to Tom. There's no trivial w

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-28 2:40 GMT+01:00 Tom Lane : > Stephen Frost writes: > > I understand that there may be objections to that on the basis that it's > > work that's (other than for this case) basically useless, > > Got it in one. > > I'm also not terribly happy about leaving security-relevant data sitting >

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-28 1:41 GMT+01:00 Stephen Frost : > Pavel, > > * Pavel Stehule (pavel.steh...@gmail.com) wrote: > > 2015-02-27 22:26 GMT+01:00 Tom Lane : > > > Stephen Frost writes: > > > > Right, we also need a view (or function, or both) which provides what > > > > the *active* configuration of the run

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Josh Berkus (j...@agliodbs.com) wrote: > On 02/27/2015 04:41 PM, Stephen Frost wrote: > >> we can do copy of pg_hba.conf somewhere when postmaster starts or when it > >> is reloaded. > > > > Please see my reply to Tom. There's no trivial way to reach into the > > postmaster from a backend- but

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > I understand that there may be objections to that on the basis that it's > > work that's (other than for this case) basically useless, > > Got it in one. Meh. It's hardly all that difficult and it's not useless if the user wants

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Stephen Frost writes: > I understand that there may be objections to that on the basis that it's > work that's (other than for this case) basically useless, Got it in one. I'm also not terribly happy about leaving security-relevant data sitting around in backend memory 100% of the time. We have

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 02/27/2015 04:41 PM, Stephen Frost wrote: >> we can do copy of pg_hba.conf somewhere when postmaster starts or when it >> is reloaded. > > Please see my reply to Tom. There's no trivial way to reach into the > postmaster from a backend- but we do get a copy of whatever the > postmaster had whe

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Pavel, * Pavel Stehule (pavel.steh...@gmail.com) wrote: > 2015-02-27 22:26 GMT+01:00 Tom Lane : > > Stephen Frost writes: > > > Right, we also need a view (or function, or both) which provides what > > > the *active* configuration of the running postmaster is. This is > > > exactly what I was pr

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > Right, we also need a view (or function, or both) which provides what > > the *active* configuration of the running postmaster is. This is > > exactly what I was proposing (or what I was intending to, at least) with > > pg_hba_act

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-27 22:26 GMT+01:00 Tom Lane : > Stephen Frost writes: > > Right, we also need a view (or function, or both) which provides what > > the *active* configuration of the running postmaster is. This is > > exactly what I was proposing (or what I was intending to, at least) with > > pg_hba_act

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Stephen Frost writes: > Right, we also need a view (or function, or both) which provides what > the *active* configuration of the running postmaster is. This is > exactly what I was proposing (or what I was intending to, at least) with > pg_hba_active, so, again, I think we're in agreement here.

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-27 20:55 GMT+01:00 Stephen Frost : > * Pavel Stehule (pavel.steh...@gmail.com) wrote: > > this topic should be divided, please. One part - functions for loading > > pg_hba and translating to some table. Can be two, can be one with one > > parameter. It will be used probably by advanced use

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Pavel Stehule (pavel.steh...@gmail.com) wrote: > this topic should be divided, please. One part - functions for loading > pg_hba and translating to some table. Can be two, can be one with one > parameter. It will be used probably by advanced user, and I am able to > accept it like you or Tomas pr

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-27 19:32 GMT+01:00 Stephen Frost : > * Pavel Stehule (pavel.steh...@gmail.com) wrote: > > 2015-02-27 17:59 GMT+01:00 Stephen Frost : > > > I don't think we actually care what the "current contents" are from the > > > backend's point of view- after all, when does an individual backend > eve

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 02/27/2015 10:35 AM, Stephen Frost wrote: >> From time to time I have to debug why are connection attempts failing, >> > and with moderately-sized pg_hba.conf files (e.g. on database servers >> > shared by multiple applications) that may be tricky. Identifying the >> > rule that matched (and rej

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: > On 27.2.2015 17:59, Stephen Frost wrote: > > All, > > > > * Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: > >> > >> The other feature that'd be cool to have is a debugging function > >> on top of the view, i.e. a function pg_hba_check(hos

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

* Pavel Stehule (pavel.steh...@gmail.com) wrote: > 2015-02-27 17:59 GMT+01:00 Stephen Frost : > > I don't think we actually care what the "current contents" are from the > > backend's point of view- after all, when does an individual backend ever > > use the contents of pg_hba.conf after it's up an

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Feb 27, 2015 at 12:48 PM, Tomas Vondra wrote: > On 27.2.2015 17:59, Stephen Frost wrote: > > All, > > > > * Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: > >> > >> The other feature that'd be cool to have is a debugging function > >> on top of the view, i.e. a function pg_hba_check(h

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 27.2.2015 17:59, Stephen Frost wrote: > All, > > * Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: >> >> The other feature that'd be cool to have is a debugging function >> on top of the view, i.e. a function pg_hba_check(host, ip, db, >> user, pwd) showing which hba rule matched. But that's

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

2015-02-27 17:59 GMT+01:00 Stephen Frost : > All, > > * Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: > > On 28.1.2015 23:01, Jim Nasby wrote: > > > On 1/28/15 12:46 AM, Haribabu Kommi wrote: > > >>> >Also, what happens if someone reloads the config in the middle of > > >>> running > > >>> >t

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

All, * Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: > On 28.1.2015 23:01, Jim Nasby wrote: > > On 1/28/15 12:46 AM, Haribabu Kommi wrote: > >>> >Also, what happens if someone reloads the config in the middle of > >>> running > >>> >the SRF? > >> hba entries are reloaded only in postmaster pr

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi, On 28.1.2015 23:01, Jim Nasby wrote: > On 1/28/15 12:46 AM, Haribabu Kommi wrote: >>> >Also, what happens if someone reloads the config in the middle of >>> running >>> >the SRF? >> hba entries are reloaded only in postmaster process, not in every >> backend. >> So there shouldn't be any probl

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi It looks well, I have only one objection. I am not sure so function "hba_settings" should be in file guc.c - it has zero relation to GUC. Maybe hba.c file is better probably. Other opinions? 2015-02-27 7:30 GMT+01:00 Haribabu Kommi : > On Sat, Feb 7, 2015 at 8:26 PM, Pavel Stehule > wrot

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Sat, Feb 7, 2015 at 8:26 PM, Pavel Stehule wrote: > Hi > > I am sending a review of this patch. Thanks for the review. sorry for the delay. > 4. Regress tests > > test rules... FAILED -- missing info about new view Thanks. Corrected. > My objections: > > 1. data type f

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi I am sending a review of this patch. 1. We would this patch? yes. It is a good idea - checking internal view is more comfortable and faster than checking some (possibly longer) pg_hba.conf. There was no objections. 2. Scope - does this patch, what we need? yes. There was a discussion about

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 01/30/2015 10:01 PM, Amit Kapila wrote: > On Fri, Jan 30, 2015 at 10:58 PM, Robert Haas > wrote: >> Yes. The contents of postgresql.conf are only mildly order-dependent. >> If you put the same setting in more than once, it matters which one is >> last. Apart from

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Jan 30, 2015 at 10:58 PM, Robert Haas wrote: > > On Thu, Jan 29, 2015 at 10:13 PM, Amit Kapila wrote: > > I think the big problem you are mentioning can be resolved in > > a similar way as we have done for ALTER SYSTEM which is > > to have a separate file (.auto.conf) for settings done vi

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 1/29/15 9:13 PM, Amit Kapila wrote: > Aside from Tom's concern about sets not being a good way to handle this (which I agree with), the idea of "editing" pg_hba.conf via SQL raises all the problems that were brought up when ALTER SYSTEM was being developed. One of the big problems is a questi

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Thu, Jan 29, 2015 at 10:13 PM, Amit Kapila wrote: > I think the big problem you are mentioning can be resolved in > a similar way as we have done for ALTER SYSTEM which is > to have a separate file (.auto.conf) for settings done via > ALTER SYSTEM command, do you see any major problem > with th

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Jan 30, 2015 at 3:16 AM, Jim Nasby wrote: > > On 1/29/15 6:19 AM, Fabrízio de Royes Mello wrote: >> >> Perhaps a fdw can't be the best choice, maybe a complete new SQL syntax to manipulate HBA entries like we did with ALTER SYSTEM. It's just some thoughts about it. > > > Aside from Tom's c

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 1/29/15 6:19 AM, Fabrízio de Royes Mello wrote: On Wed, Jan 28, 2015 at 5:27 PM, Tom Lane mailto:t...@sss.pgh.pa.us>> wrote: > > =?UTF-8?Q?Fabr=C3=ADzio_de_Royes_Mello?= mailto:fabriziome...@gmail.com>> writes: > > But I'm thinking about this patch and would not be interesting to have a >

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Jan 28, 2015 at 5:27 PM, Tom Lane wrote: > > =?UTF-8?Q?Fabr=C3=ADzio_de_Royes_Mello?= writes: > > But I'm thinking about this patch and would not be interesting to have a > > FDW to manipulate the hba file? Imagine if we are able to manipulate the > > HBA file using INSERT/UPDATE/DELETE.

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 1/28/15 12:46 AM, Haribabu Kommi wrote: >Also, what happens if someone reloads the config in the middle of running >the SRF? hba entries are reloaded only in postmaster process, not in every backend. So there shouldn't be any problem with config file reload. Am i missing something? Ahh, goo

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

=?UTF-8?Q?Fabr=C3=ADzio_de_Royes_Mello?= writes: > But I'm thinking about this patch and would not be interesting to have a > FDW to manipulate the hba file? Imagine if we are able to manipulate the > HBA file using INSERT/UPDATE/DELETE. Since the HBA file is fundamentally order-dependent, while

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Jan 28, 2015 at 4:46 AM, Haribabu Kommi wrote: > > On Wed, Jan 28, 2015 at 9:47 AM, Jim Nasby wrote: > > On 1/27/15 1:04 AM, Haribabu Kommi wrote: > >> > >> Here I attached the latest version of the patch. > >> I will add this patch to the next commitfest. > > > > > > Apologies if this wa

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Wed, Jan 28, 2015 at 9:47 AM, Jim Nasby wrote: > On 1/27/15 1:04 AM, Haribabu Kommi wrote: >> >> Here I attached the latest version of the patch. >> I will add this patch to the next commitfest. > > > Apologies if this was covered, but why isn't the IP address an inet instead > of text? Correc

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On 1/27/15 1:04 AM, Haribabu Kommi wrote: On Mon, Jun 30, 2014 at 5:06 PM, Abhijit Menon-Sen wrote: I think having two columns would work. The columns could be called "database" and "database_list" and "user" and "user_list" respectively. The database column may contain one of "all", "sameuser

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Mon, Jun 30, 2014 at 5:06 PM, Abhijit Menon-Sen wrote: > I think having two columns would work. The columns could be called > "database" and "database_list" and "user" and "user_list" respectively. > > The database column may contain one of "all", "sameuser", "samegroup", > "replication", but i

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

At 2014-06-29 22:25:54 +0530, a...@2ndquadrant.com wrote: > > I think the really right thing to do would be to have two separate > columns, one with "all", "sameuser", "samerole", "replication", or > empty; and the other an array of database names. After sleeping on it, I realised that the code wo

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi Vaishnavi. In addition to Jaime's comments about the functionality, here are are some comments about the code. Well, they were supposed to be comments about the code, but it turns out I have comments about the feature as well. We need to figure out what to do about the database and user column

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Mar 14, 2014 at 12:30 AM, Prabakaran, Vaishnavi wrote: > Hi, > > In connection to my previous proposal about "providing catalog view to > pg_hba.conf file contents" , I have developed the attached patch . > [...] > > [What this Patch does] > > Functionality of the attached patch is that it

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Friday, Mar 14, 2014 at 9:33 PM, Maganus Hagander mailto:mag...@hagander.net> > wrote: >>Hi, >>In connection to my previous proposal about "providing catalog view to >>pg_hba.conf file contents" , I have developed the attached patch . >> [Current situation] >>Currently, to view the pg_hba.

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

From: Magnus Hagander [mailto:mag...@hagander.net] Sent: Friday, 14 March 2014 9:33 PM To: Prabakaran, Vaishnavi Cc: PostgreSQL-development Subject: Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission On Fri, Mar 14, 2014 at 6:30 AM, Prabakaran, Vaishnavi mailto:vaishna

Re: [HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

On Fri, Mar 14, 2014 at 6:30 AM, Prabakaran, Vaishnavi < vaishna...@fast.au.fujitsu.com> wrote: > Hi, > > > > In connection to my previous proposal about "providing catalog view to > pg_hba.conf file contents" , I have developed the attached patch . > > > > [Current situation] > > Currently, to vi

[HACKERS] Providing catalog view to pg_hba.conf file - Patch submission

Hi, In connection to my previous proposal about "providing catalog view to pg_hba.conf file contents" , I have developed the attached patch . [Current situation] Currently, to view the pg_hba.conf file contents, DB admin has to access the file from database server to read the settings. I