Re: pg_hba_lookup function to get all matching pg_hba.conf entries

2015-12-03 5:53 GMT+01:00 Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>:

>
>
> 2015-12-03 5:00 GMT+01:00 Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>:
>
>> On Wed, Nov 25, 2015 at 7:18 PM, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
>> wrote:
>> >
>> >
>> > 2015-11-25 8:05 GMT+01:00 Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>:
>> >>
>> >>
>> >> Thanks. Here I attached the poc patch that returns authentication
>> method
>> >> of the
>> >> first matched hba entry in pg_hba.conf with the given input values.
>> >> Currently these
>> >> functions returns text type. Based on the details required to be
>> >> printed, it can
>> >> be changed.
>> >>
>> >> postgres=# select pg_hba_lookup('all', 'all');
>> >> pg_hba_lookup
>> >> ---------------
>> >> trust
>> >> (1 row)
>> >>
>> >> comments for the approach?
>> >
>> >
>> > From my perspective, it shows too less informations.
>> >
>> > What I am expecting:
>> >
>> > 1. line num of choosed rule
>> > 2. some tracing - via NOTICE, what and why some rules was skipped.
>>
>> Here I attached the patch with the suggested changes.
>> Along with line number, I kept the options column also with authentication
>> options as a jsonb datatype.
>>
>> Example output:
>>
>> postgres=# select pg_hba_lookup('test','all','::1');
>> NOTICE: Skipped 84 Hba line, because of non matching IP.
>> NOTICE: Skipped 86 Hba line, because of non matching database.
>> NOTICE: Skipped 87 Hba line, because of non matching role.
>> pg_hba_lookup
>> ---------------
>> (89,trust,{})
>> (1 row)
>>
>> comments?
>>
>
> I liked it
>
> The text of notice can be reduced "Skipped xx line, ..." - it have to be
> pg_hba
>

this tracing can be implemented to main pg_hba processing. When you are
connect from some specific client - and you can see, why you cannot to
connect to Postgres

Pavel

>
> Pavel
>
>
>>
>> Regards,
>> Hari Babu
>> Fujitsu Australia
>>
>
>