Re: Patch proposal: make use of regular expressions for the username in pg_hba.conf

Hi,

On 10/14/22 7:30 AM, Michael Paquier wrote:
> On Wed, Oct 12, 2022 at 08:17:14AM +0200, Drouvot, Bertrand wrote:
>> Indeed, ;-)
>
> So, I have spent the last two days looking at all that, studying the
> structure of the patch and the existing HEAD code,

Thanks!

> The code could be split to tackle things step-by-step:
> - One refactoring patch to introduce token_regcomp() and
> token_regexec(), with the introduction of a new structure that
> includes the compiled regexes. (Feel free to counterargue about the
> use of AuthToken for this purpose, of course!)
> - Plug in the refactored logic for the lists of role names and
> database names in pg_hba.conf.
> - Handle the case of single host entries in pg_hba.conf.
> --

I agree to work step-by-step.

While looking at it again now, I discovered that the new TAP test for
the regexp on the hostname in ssl/002_scram.pl is failing on some of my
tests environment (and not all..).

So, I agree with the dedicated steps you are proposing and that the
"host case" needs a dedicated attention.

I'm not ignoring all the remarks you've just done up-thread, I'll
address them and/or provide my feedback on them when I'll come back with
the step-by-step sub patches.

Regards,

--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com