From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, Shinya Kato <Shinya11(dot)Kato(at)oss(dot)nttdata(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Add --{no-,}bypassrls flags to createuser |
Date: | 2022-04-21 20:21:57 |
Message-ID: | CAKFQuwa7kaFmEMszAAkpy-RiYZjW4M3MGo4-EidExZbOAgwQkg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Apr 21, 2022 at 12:51 PM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Thu, Apr 21, 2022 at 12:30 AM Michael Paquier <michael(at)paquier(dot)xyz>
> wrote:
> > On Tue, Apr 19, 2022 at 12:13:51PM -0400, Robert Haas wrote:
> > > On Mon, Apr 18, 2022 at 9:50 PM Kyotaro Horiguchi
> > > <horikyota(dot)ntt(at)gmail(dot)com> wrote:
> > >> Hmm.. So, "-r/--role" and "-m/--member(ship)" is the (least worse) way
> > >> to go? Or we can give up adding -m for the reason of being hard to
> > >> name it..
> > >
> > > Hmm, yeah, I hadn't quite realized what the problem was when I wrote
> > > that. I honestly don't know what to do about that. Renaming the
> > > existing option is not great, but having the syntax diverge between
> > > SQL and CLI is not great either. Giving up is also not great. Not sure
> > > what is best.
> >
> > Changing one existing option to mean something entirely different
> > should be avoided, as this could lead to silent breakages. As the
> > origin of the problem is that the option --role means "IN ROLE" in the
> > SQL grammar, we could keep around --role for compatibility while
> > marking it deprecated, and add two new options whose names would be
> > more consistent with each other. One choice could be --role-name and
> > --in-role-name, where --in-role-name maps to the older --role, just to
> > give an idea.
>
> I don't think that having both --role and --role-name, doing different
> things, is going to be clear at all.
>
>
-g/--role or maybe/additionally (--in-role)?
-m/--role-to or maybe/additionally (--to-role)?
I'm ok with -m/--member as well (like with --role only one role can be
specified per switch instance so member, not membership, the later meaning,
at least for me, the collective).
That -m doesn't match --role-to is no worse than -g not matching --role, a
short option seems worthwhile, and the -m (membership) mnemonic should be
simple to pick-up.
I don't see the addition of "-name" to the option name being beneficial.
Yes, the standard doesn't use the "TO" prefix for "ROLE" - but taking that
liberty for consistency here is very appealing and there isn't another SQL
clause that it would be confused with.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2022-04-21 20:24:04 | Re: preserving db/ts/relfilenode OIDs across pg_upgrade (was Re: storing an explicit nonce) |
Previous Message | Peter Eisentraut | 2022-04-21 20:18:52 | Re: error handling in pqRowProcessor broken |