Re: Patch proposal: make use of regular expressions for the username in pg_hba.conf

Hi,

On 10/14/22 7:30 AM, Michael Paquier wrote:
> On Wed, Oct 12, 2022 at 08:17:14AM +0200, Drouvot, Bertrand wrote:
>> Indeed, ;-)
>
>
> The code could be split to tackle things step-by-step:
> - One refactoring patch to introduce token_regcomp() and
> token_regexec(), with the introduction of a new structure that
> includes the compiled regexes. (Feel free to counterargue about the
> use of AuthToken for this purpose, of course!)
> - Plug in the refactored logic for the lists of role names and
> database names in pg_hba.conf.

Please find attached
v1-0001-regex-handling-for-db-and-roles-in-hba.patch to implement
regexes for databases and roles in hba.

It does also contain new regexes related TAP tests and doc updates.

It relies on the refactoring made in fc579e11c6 (but changes the
regcomp_auth_token() parameters so that it is now responsible for
emitting the compilation error message (if any), to avoid code
duplication in parse_hba_line() and parse_ident_line() for roles,
databases and user name mapping).

Regards,

--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com