Re: [PATCH] pg_hba.conf error messages for logical replication connections

On Tue, Feb 16, 2021 at 10:40 PM Paul Martinez <paulmtz(at)google(dot)com> wrote:
>
> On Tue, Feb 16, 2021 at 2:22 AM Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> wrote:
> >
> > I don't think we need to update the error messages, it makes the code
> > a bit difficult to parse without much benefit. How about just adding
> > errdetail? See attached and let me know what you think?
> >
>
> Yeah, I think that looks good. Thanks!
>

Okay, I think normally it might not be a good idea to expose
additional information about authentication failure especially about
pg_hba so as to reduce the risk of exposing information to potential
attackers but in this case, it appears to me that it would be helpful
for users. Just in case someone else has any opinion, for logical
replication connection failures, the messages before and after fix
would be:

Before fix
ERROR: could not connect to the publisher: connection to server at
"localhost" (::1), port 5432 failed: FATAL: pg_hba.conf rejects
replication connection for host "::1", user "KapilaAm", no encryption

After fix error:
ERROR: could not connect to the publisher: connection to server at
"localhost" (::1), port 5432 failed: FATAL: pg_hba.conf rejects
connection for host "::1", user "KapilaAm", database "postgres", no
encryption
DETAIL: Logical replication connections do not match pg_hba.conf
rules using the "replication" keyword.

Does anyone see a problem with the DETAIL message or the change of
error message (database name appears in the new message) in this case?

Attached patch with the updated commit message.

--
With Regards,
Amit Kapila.