| From: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com> |
|---|---|
| To: | solai v <solai(dot)cdac(at)gmail(dot)com> |
| Cc: | Ilmar Y <tanswis42(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement |
| Date: | 2026-07-01 10:31:10 |
| Message-ID: | CANxoLDd+Pfi=Do-+1ECG-eZg4=DXfxuUK+yX1KhjAMnQzyidwQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jul 1, 2026 at 2:44 PM solai v <solai(dot)cdac(at)gmail(dot)com> wrote:
> Hi all,
>
>
> On Tue, Jun 30, 2026 at 4:48 PM Akshay Joshi
> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
> >
> > All,
> >
> > I've updated the patch to align with the interface change introduced by
> commit d6ed87d1989 (Andrew Dunstan, 2026-06-26 "Use named boolean
> parameters for pg_get_*_ddl option arguments").
> >
> > That commit replaced the VARIADIC text[] alternating key/value option
> interface with typed named boolean parameters across pg_get_role_ddl(),
> pg_get_tablespace_ddl(), and pg_get_database_ddl(), removing the
> DdlOption/parse_ddl_options() machinery in favour of direct
> PG_GETARG_BOOL() calls.
> >
> > Updated patch v14 is ready for review/commit.
> >
>
>
> I reviewed and tested the v14 patch on the latest master. The patch
> applied cleanly, built successfully, and passed make check without any
> regression failures. I verified the new function signature and
> confirmed that pg_get_policy_ddl() now uses the new interface with the
> boolean DEFAULT false argument. Also I tested the function with a
> variety of row-level security policies, including: Basic policy
> reconstruction, PERMISSIVE and RESTRICTIVE policies, Different command
> types (SELECT, INSERT, UPDATE, DELETE), Policies with multiple roles
> and the PUBLIC role, Quoted table, policy, and role names, USING and
> WITH CHECK clauses, Complex expressions including EXISTS, nested
> subqueries, CASE expressions, COALESCE, ANY/ALL operators, and boolean
> expressions, NULL inputs, invalid relation names, and non-existent
> policies. The generated DDL was correct as per the intent, and the
> expected errors were verified for the invalid inputs. I also verified
> that the generated DDL is executable by dropping an existing policy,
> recreating it using the output of pg_get_policy_ddl(), and confirming
> that the recreated policy was reconstructed successfully again by the
> function.
> One observation I noted is that for policies using default attributes
> (TO PUBLIC and AS PERMISSIVE), the generated DDL omits those clauses
> and produces a semantically equivalent statement which seems
> intentional but thought of sending it here for further clarification.
> Overall, I did not encounter any functional issues during testing. The
> patch looks good to me and worked as expected in all the scenarios I
> tested.
>
Yes, it's intentional for all pg_get_***_ddl functions. Clause with
defaults won't be reconstructed.
>
>
> Regards,
> Solai
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2026-07-01 10:31:39 | Re: Fix jsonpath .decimal() to honor silent mode |
| Previous Message | Nazir Bilal Yavuz | 2026-07-01 10:25:00 | Re: meson vs. llvm bitcode files |