Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement

From: Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
To: solai v <solai(dot)cdac(at)gmail(dot)com>
Cc: Ilmar Y <tanswis42(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement
Date: 2026-07-01 10:31:10
Message-ID: CANxoLDd+Pfi=Do-+1ECG-eZg4=DXfxuUK+yX1KhjAMnQzyidwQ@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Jul 1, 2026 at 2:44 PM solai v <solai(dot)cdac(at)gmail(dot)com> wrote:

> Hi all,
>
>
> On Tue, Jun 30, 2026 at 4:48 PM Akshay Joshi
> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
> >
> > All,
> >
> > I've updated the patch to align with the interface change introduced by
> commit d6ed87d1989 (Andrew Dunstan, 2026-06-26 "Use named boolean
> parameters for pg_get_*_ddl option arguments").
> >
> > That commit replaced the VARIADIC text[] alternating key/value option
> interface with typed named boolean parameters across pg_get_role_ddl(),
> pg_get_tablespace_ddl(), and pg_get_database_ddl(), removing the
> DdlOption/parse_ddl_options() machinery in favour of direct
> PG_GETARG_BOOL() calls.
> >
> > Updated patch v14 is ready for review/commit.
> >
>
>
> I reviewed and tested the v14 patch on the latest master. The patch
> applied cleanly, built successfully, and passed make check without any
> regression failures. I verified the new function signature and
> confirmed that pg_get_policy_ddl() now uses the new interface with the
> boolean DEFAULT false argument. Also I tested the function with a
> variety of row-level security policies, including: Basic policy
> reconstruction, PERMISSIVE and RESTRICTIVE policies, Different command
> types (SELECT, INSERT, UPDATE, DELETE), Policies with multiple roles
> and the PUBLIC role, Quoted table, policy, and role names, USING and
> WITH CHECK clauses, Complex expressions including EXISTS, nested
> subqueries, CASE expressions, COALESCE, ANY/ALL operators, and boolean
> expressions, NULL inputs, invalid relation names, and non-existent
> policies. The generated DDL was correct as per the intent, and the
> expected errors were verified for the invalid inputs. I also verified
> that the generated DDL is executable by dropping an existing policy,
> recreating it using the output of pg_get_policy_ddl(), and confirming
> that the recreated policy was reconstructed successfully again by the
> function.
> One observation I noted is that for policies using default attributes
> (TO PUBLIC and AS PERMISSIVE), the generated DDL omits those clauses
> and produces a semantically equivalent statement which seems
> intentional but thought of sending it here for further clarification.
> Overall, I did not encounter any functional issues during testing. The
> patch looks good to me and worked as expected in all the scenarios I
> tested.
>

Yes, it's intentional for all pg_get_***_ddl functions. Clause with
defaults won't be reconstructed.

>
>
> Regards,
> Solai
>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2026-07-01 10:31:39 Re: Fix jsonpath .decimal() to honor silent mode
Previous Message Nazir Bilal Yavuz 2026-07-01 10:25:00 Re: meson vs. llvm bitcode files