Re: Allow file inclusion in pg_hba and pg_ident files

On Thu, Nov 24, 2022 at 02:07:21PM +0900, Michael Paquier wrote:
> On Wed, Nov 23, 2022 at 03:56:50PM +0800, Julien Rouhaud wrote:
> > The depth 0 is getting used quite a lot now, maybe we should have a define for
> > it to make it easier to grep, like TOP_LEVEL_AUTH_FILE or something like that?
> > And also add a define for the magical 10 for the max inclusion depth, for both
> > auth files and GUC files while at it?
>
> Sounds like a good idea to me, and it seems to me that this had better
> be unified between the GUCs (see ParseConfigFp() that hardcodes a
> depth of 0) and hba.c. It looks like they could be added to
> conffiles.h, as of CONF_FILE_START_{LEVEL,DEPTH} and
> CONF_FILE_MAX_{LEVEL,DEPTH}. Would you like to send a patch?

Agreed, and yes I will take care of that shortly.

> > The comment seems a bit ambiguous as with "loading the top..." you probably
> > meant something like "loading the file in memory" rather than "(re)loading the
> > configuration". Maybe s/loading/opening/?
>
> Right. I have used "opening" at the end.
>
> I have worked on all that, did more polishing to the docs, the
> comments and some tiny bits of the logic, and applied both 0001 and
> 0002.

Thanks a lot!

> Now, to the tests..
>
> > Mmm, I haven't looked deeply so I'm not sure if the perl podules are aware of
> > it or not, but maybe we could somehow detect the used delimiter at the
> > beginning after normalizing the directory, and use a $DELIM rather than a plain
> > "/"?
>
> I am not sure. Could you have a look and see if you can get the CI
> back to green? The first thing I would test is to switch the error
> patterns to be regexps based on the basenames rather than the full
> paths (tweaking the queries on the system views to do htat), so as we
> avoid all this business with slash and backslash transformations.

I'm also working on it! Hopefully I should be able to come up with a fix soon.