Re: [HACKERS] postgres_fdw super user checks

Robert, all,

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Fri, Dec 1, 2017 at 12:31 AM, Michael Paquier
> <michael(dot)paquier(at)gmail(dot)com> wrote:
> > I am moving this patch to next CF 2018-01.
>
> There now seems to be a consensus for superuser -> superuser_arg
> rather than what Jeff did originally; that approach has 4 votes and
> nothing else has more than 1. So, here's a patch that does it that
> way.

I've taken a quick look and this looks good to me.

> I tried to see if some documentation update was needed, but I think
> the documentation already reflects the proposed new behavior. It
> says:
>
> <para>
> Only superusers may connect to foreign servers without password
> authentication, so always specify the <literal>password</literal> option
> for user mappings belonging to non-superusers.
> </para>
>
> Currently, however, that's not accurate. Right now you need to
> specify the password option for user mappings that will be *used by*
> non-superusers, not user mappings *belonging to* non-superusers. So
> this patch is, I think, just making the actual behavior match the
> documented behavior. Not sure if anyone has any other suggestions
> here. I think this is definitely a master-only change; should we try
> to insert some kind of warning into the back-branch docs? I
> definitely think this should be called out in the v11 release notes.

I'm not a fan of having *only* warning in the back-branches. What I
would think we'd do here is correct the back-branch documentation to be
correct, and then add a warning that it changes in v11.

You didn't suggest an actual change wrt the back-branch warning, but it
seems to me like it'd end up being morally equivilant to "ok, forget
what we just said, what really happens is X, but we fix it in v11."

Thanks!

Stephen