The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: tested, passed
Documentation:not tested
Wouldn't using opt_or_replace rule be a better option?
The new s
On Mon, Nov 22, 2021 at 6:49 AM Daniel Gustafsson wrote:
> > On 10 Nov 2021, at 18:14, David Christensen <
> david.christen...@crunchydata.com> wrote:
>
> > Modulo other issues/discussions, here is a version of this patch..
>
> This patch fails to compile since you renamed the if_not_exists membe
> On 10 Nov 2021, at 18:14, David Christensen
> wrote:
> Modulo other issues/discussions, here is a version of this patch..
This patch fails to compile since you renamed the if_not_exists member in
CreateRoleStmt but still set it in the parser.
--
Daniel Gustafsson https://vmware
Modulo other issues/discussions, here is a version of this patch that
implements CREATE OR REPLACE ROLE just by handing off to AlterRole if it's
determined that the role already exists; presumably any/all additional
considerations would need to be added in both places were there a separate
code pat
> On Nov 9, 2021, at 8:50 AM, Stephen Frost wrote:
>
>> If we fix the existing bug that the pg_auth_members.grantor field can end up
>> as a dangling reference, instead making sure that it is always accurate,
>> then perhaps this would be ok if all roles granted into "charlie" had
>> granto
Greetings,
* Mark Dilger (mark.dil...@enterprisedb.com) wrote:
> > On Nov 9, 2021, at 8:22 AM, Stephen Frost wrote:
> > In terms of least-surprise, I do tend to think that the answer is "only
> > care about what is explicitly put into the command"- that is, if it
> > isn't in the CREATE ROLE stat
> On Nov 9, 2021, at 8:22 AM, Stephen Frost wrote:
>
> In terms of least-surprise, I do tend to think that the answer is "only
> care about what is explicitly put into the command"- that is, if it
> isn't in the CREATE ROLE statement then it gets left as-is. Not sure
> how others feel about t
On Tue, Nov 9, 2021 at 10:22 AM Stephen Frost wrote:
> Greetings,
>
> * David Christensen (david.christen...@crunchydata.com) wrote:
> > Well, the CREATE OR REPLACE via just setting the role's attributes
> > explicitly based on what you passed it could work (not strictly DROP +
> > CREATE, in tha
Greetings,
* David Christensen (david.christen...@crunchydata.com) wrote:
> On Tue, Nov 9, 2021 at 9:55 AM Mark Dilger
> wrote:
> > > On Nov 9, 2021, at 7:36 AM, David Christensen <
> > david.christen...@crunchydata.com> wrote:
> > > If CINE semantics are at issue, what about the CREATE OR REPLA
On Tue, Nov 9, 2021 at 9:55 AM Mark Dilger
wrote:
> > On Nov 9, 2021, at 7:36 AM, David Christensen <
> david.christen...@crunchydata.com> wrote:
> >
> > If CINE semantics are at issue, what about the CREATE OR REPLACE
> semantics with some sort of merge into the existing role? I don't care
> st
Greetings,
* Mark Dilger (mark.dil...@enterprisedb.com) wrote:
> > On Nov 9, 2021, at 7:36 AM, David Christensen
> > wrote:
> > If CINE semantics are at issue, what about the CREATE OR REPLACE semantics
> > with some sort of merge into the existing role? I don't care strongly
> > about which
Greetings,
* David Christensen (david.christen...@crunchydata.com) wrote:
> On Mon, Nov 8, 2021 at 1:22 PM Mark Dilger
> wrote:
>
> > > On Nov 8, 2021, at 10:38 AM, Stephen Frost wrote:
> >
> > > I don't quite follow this. The entire point of Alice writing a script
> > > that uses IF NOT EXIST
> On Nov 9, 2021, at 7:36 AM, David Christensen
> wrote:
>
> If CINE semantics are at issue, what about the CREATE OR REPLACE semantics
> with some sort of merge into the existing role? I don't care strongly about
> which approach is taken, just think the overall "make this role exist in t
On Mon, Nov 8, 2021 at 1:22 PM Mark Dilger
wrote:
> > On Nov 8, 2021, at 10:38 AM, Stephen Frost wrote:
>
> > I don't quite follow this. The entire point of Alice writing a script
> > that uses IF NOT EXISTS is to have that command not fail if, indeed,
> > that role already exists, but for the
> On Nov 8, 2021, at 10:38 AM, Stephen Frost wrote:
>
> I don't quite follow this. The entire point of Alice writing a script
> that uses IF NOT EXISTS is to have that command not fail if, indeed,
> that role already exists, but for the rest of the script to be run.
> That there's some potent
Stephen Frost writes:
> I don't quite follow this. The entire point of Alice writing a script
> that uses IF NOT EXISTS is to have that command not fail if, indeed,
> that role already exists, but for the rest of the script to be run.
> That there's some potential attacker with CREATEROLE running
Greetings,
* Daniel Gustafsson (dan...@yesql.se) wrote:
> > On 3 Nov 2021, at 23:18, Tom Lane wrote:
> > I'm generally pretty down on IF NOT EXISTS semantics in all cases,
> > but it seems particularly dangerous for something as fundamental
> > to privilege checks as a role. It's not hard at all
> On 3 Nov 2021, at 23:18, Tom Lane wrote:
> I'm generally pretty down on IF NOT EXISTS semantics in all cases,
> but it seems particularly dangerous for something as fundamental
> to privilege checks as a role. It's not hard at all to conjure up
> scenarios in which this permits privilege escal
David Christensen writes:
> Updated version attached.
I'm generally pretty down on IF NOT EXISTS semantics in all cases,
but it seems particularly dangerous for something as fundamental
to privilege checks as a role. It's not hard at all to conjure up
scenarios in which this permits privilege es
>
>
> This fails the roleattributes test in "make check", with what seems to be a
> trivial change in the output. Can you please submit a rebased version
> fixing
> the test?
>
Updated version attached.
David
CREATE-ROLE-IF-NOT-EXISTS-v2.patch
Description: Binary data
> On 19 Oct 2021, at 22:12, David Christensen
> wrote:
>
> Greetings -hackers,
>
> Enclosed is a patch that implements CREATE ROLE IF NOT EXISTS (along with the
> same support for USER/GROUP). This is a fairly straightforward approach in
> that we do no validation of anything other than exis
On Tue, Oct 19, 2021 at 4:29 PM Isaac Morland
wrote:
> On Tue, 19 Oct 2021 at 16:12, David Christensen <
> david.christen...@crunchydata.com> wrote:
>
>> Greetings -hackers,
>>
>> Enclosed is a patch that implements CREATE ROLE IF NOT EXISTS (along with
>> the same support for USER/GROUP). This
On Tue, 19 Oct 2021 at 16:12, David Christensen <
david.christen...@crunchydata.com> wrote:
> Greetings -hackers,
>
> Enclosed is a patch that implements CREATE ROLE IF NOT EXISTS (along with
> the same support for USER/GROUP). This is a fairly straightforward
> approach in that we do no validati
23 matches
Mail list logo
