| From: | Kenaniah Cerny <kenaniah(at)gmail(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Julien Rouhaud <rjuju123(at)gmail(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Asif Rehman <asifr(dot)rehman(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Proposal: allow database-specific role memberships |
| Date: | 2022-01-22 03:01:21 |
| Message-ID: | CA+r_aq_Nn=K7+6PKjWXtZLZAn0UJi=1zRxyDG1uWuxs-y62ZFQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Thanks for the feedback.
I have attached an alternate version of the v5 patch that incorporates the
suggested changes to the documentation and DRYs up some of the acl.c code
for comparison. As for the databaseOid / InvalidOid parameter, I'm open to
any suggestions for how to make that even cleaner, but am currently at a
loss as to how that would look.
CI is showing a failure to run pg_dump on just the Linux - Debian Bullseye
job (https://cirrus-ci.com/task/5265343722553344). Does anyone have any
ideas as to where I should look in order to debug that?
Kenaniah
On Fri, Jan 21, 2022 at 3:04 PM David G. Johnston <
david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Fri, Jan 21, 2022 at 3:12 PM Kenaniah Cerny <kenaniah(at)gmail(dot)com> wrote:
>
>> The latest rebased version of the patch is attached.
>>
>
> As I was just reminded, we tend to avoid specifying specific PostgreSQL
> versions in our documentation. We just say what the current version does.
> Here, the note sentences at lines 62 and 63 don't follow documentation
> norms on that score and should just be removed. The last two sentences
> belong in the main description body, not a note. Thus the whole note goes
> away.
>
> I don't think I really appreciated the value this feature would have when
> combined with the predefined roles like pg_read_all_data and
> pg_write_all_data.
>
> I suppose I don't really appreciate the warning about SUPERUSER, etc...or
> at least why this warning is somehow specific to the per-database version
> of role membership. If this warning is desirable it should be worded to
> apply to role membership in general - and possibly proposed as a separate
> patch for consideration.
>
> I didn't dive deeply but I think we now have at three places in the acl.c
> code where after setting memlist from the system cache we perform nearly
> identical for loops to generate the final roles_list. Possibly this needs
> a refactor first so that you can introduce the per-database stuff more
> succinctly. Basically, the vast majority of this commit is just adding
> InvalidOid and databaseOid all other the place - with a few minor code
> changes to accommodate the new arguments. The acl.c code should try and be
> made done the same after post-refactor.
>
> David J.
>
>
| Attachment | Content-Type | Size |
|---|---|---|
| database-role-memberships-v5-alternate.patch | application/octet-stream | 69.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | vrund shah | 2022-01-22 03:23:00 | Re: How to get started with contribution |
| Previous Message | Robert Haas | 2022-01-22 02:55:30 | Re: fairywren is generating bogus BASE_BACKUP commands |