Add support for file inclusions in HBA and ident configuration files

Enterprise / PostgreSQL - Michael Paquier [] - 24 November 2022 04:51 UTC

pg_hba.conf and pg_ident.conf gain support for three record keywords:
- "include", to include a file.
- "include_if_exists", to include a file, ignoring it if missing.- "include_dir", to include a directory of files. These are classified by name (C locale, mostly) and need to be prefixed by ".conf", hence following the same rules as GUCs.

This commit relies on the refactoring pieces done in efc9816, ad6c528, 783e8c6 and 1b73d0b, adding a small wrapper to build a list of TokenizedAuthLines (tokenize_include_file), and the code is shaped to offer some symmetry with what is done for GUCs with the same options.

pg_hba_file_rules and pg_ident_file_mappings gain a new field called file_name, to track from which file a record is located, taking advantage of the addition of rule_number in c591300 to offer an organized view of the HBA or ident records loaded.

Bump catalog version.

Author: Julien Rouhaud

a54b658ce7 Add support for file inclusions in HBA and ident configuration files
doc/src/sgml/client-auth.sgml | 86 ++++++++++++---
doc/src/sgml/system-views.sgml | 22 +++-
src/backend/libpq/hba.c | 192 +++++++++++++++++++++++++++++----
src/backend/libpq/pg_hba.conf.sample | 27 +++++
src/backend/libpq/pg_ident.conf.sample | 26 +++++
src/backend/utils/adt/hbafuncs.c | 39 ++++---
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_proc.dat | 12 +--
src/test/regress/expected/rules.out | 6 +-
9 files changed, 352 insertions(+), 60 deletions(-)


  • Share