| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
| Cc: | VASUKI M <vasukianand0119(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, david(dot)g(dot)johnston(at)gmail(dot)com, Robert Haas <robertmhaas(at)gmail(dot)com>, myon(at)debian(dot)org |
| Subject: | Re: Custom oauth validator options |
| Date: | 2026-01-24 00:04:39 |
| Message-ID: | CAOYmi+nhh-fChn-8K7HV4kwVwsTm_gVy5jBgUBMqfM6Hm5E4zg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jan 20, 2026 at 12:31 PM Zsolt Parragi
<zsolt(dot)parragi(at)percona(dot)com> wrote:
> > But if someone decides in PG20 that
> > pam_use_hostname is a good GUC name for something, we're in trouble,
> > because the existing HBA options do not plug into the GUC system.
>
> We could make them reserved names?
I'm wondering if we should maybe do the opposite, and namespace the
GUCs instead? The vast majority of settings in an HBA are not going to
be GUCs, they're going to be method-specific parameters. So maybe it's
okay to have to do more typing to do the uncommon thing, and reference
them like `guc.log_connections` or something.
> Or maybe even accessible as GUC
> variables, even if we leave the current parsing/validation logic as
> is. Making them proper GUC variables seemed like a clear follow up
> patch to me, even if not for pg19.
Hmm... we may want to discuss my (e) option derailment more seriously,
if we're planning to go in that direction (and if other people like
that direction).
> > I'm worried that it's about to make a different decision from the
> > decision that is being made for the pg_hosts.conf file for SNI.
>
> I probably should read that thread in more detail, but I assume that
> your worry is about pg_hosts being a hardcoded configuration instead
> of using a similarly customizable GUC context? Shouldn't that be
> fixable in the future similarly?
"Fixable" in what sense? pg_hosts.conf is currently similar to
pg_ident.conf in that it has no place for key=value pairs, and if you
add them after as an optional "column" for compatibility, you still
have to write something for all of those columns that you were trying
to replace with the GUC settings.
> > 3) can your option (b) or (c) make enough use of existing GUC
> > infrastructure, so that a future PGC_HBA could easily subsume an
> > OAuth-specific solution, if people want to continue down that path in
> > a less OAuth-centric thread?
>
> I'm not sure about reusing existing GUC infrastructure, but I could
> make it look similar from the users perspective for example by adding
> a function DefineCustomValidatorStringVariable that has a similar
> interface to DefineCustomStringVariable, and in the future, this
> function could simply forward to DefineCustomStringVariable.
Might work, yeah.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2026-01-24 00:28:46 | Re: eliminate xl_heap_visible to reduce WAL (and eventually set VM on-access) |
| Previous Message | Jacob Champion | 2026-01-23 23:41:52 | Re: libpq: Bump protocol version to version 3.2 at least until the first/second beta |