(I suppose this is a pg15 issue)
createuser --help shows the following help text.
> --bypassrls role can bypass row-level security (RLS) policy
> --no-bypassrls role cannot bypass row-level security (RLS) policy
> --replication role can initiate replication
> --no-replication role cannot initiate replication
For other options the text tells which one is the default, which I
think the two options also should have the same.
> -r, --createrole role can create new roles
> -R, --no-createrole role cannot create roles (default)
In correspondence, it seems to me that the command should explicitly
place the default value (of the command's own) in generated SQL
command even if the corresponding command line options are omitted, as
createrole and so do. (attached first)
The interacitive mode doesn't cover all options, but I'm not sure what
we should do to the mode since I don't have a clear idea of how the
mode is used. In the attached only --bypassrls is arbirarily added.
The remaining options omitted in the interactive mode are: password,
valid-until, role, member and replication. (attached second)
The ternary options are checked against decimal 0, but it should use
TRI_DEFAULT instead. (attached third)
I tempted to check no ternary options remains set to TRY_DEFAULT
before generating SQL command, but I didn't that in the attached.
What do you think about this?
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
>From 835f5e14dc40b8ef3c93bdc976477c38a63d018b Mon Sep 17 00:00:00 2001
From: Kyotaro Horiguchi <horikyota....@gmail.com>
Date: Wed, 10 Aug 2022 15:03:44 +0900
Subject: [PATCH 1/3] Fix handling of default option values in createuser
Add description of which one is the default between two complementary
options of --bypassrls and --replication in the help text. In
correspondence let the command always include the tokens corresponding
to every options of that kind in the SQL command sent to server.
---
src/bin/scripts/createuser.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c
index 991930a1ae..afde9bed5f 100644
--- a/src/bin/scripts/createuser.c
+++ b/src/bin/scripts/createuser.c
@@ -270,6 +270,12 @@ main(int argc, char *argv[])
createrole = TRI_NO;
}
+ if (bypassrls == 0)
+ bypassrls = TRI_NO;
+
+ if (replication == 0)
+ replication = TRI_NO;
+
if (inherit == 0)
inherit = TRI_YES;
@@ -432,9 +438,10 @@ help(const char *progname)
printf(_(" --interactive prompt for missing role name and attributes rather\n"
" than using defaults\n"));
printf(_(" --bypassrls role can bypass row-level security (RLS) policy\n"));
- printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n"));
+ printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n"
+ " (default)\n"));
printf(_(" --replication role can initiate replication\n"));
- printf(_(" --no-replication role cannot initiate replication\n"));
+ printf(_(" --no-replication role cannot initiate replication (default)\n"));
printf(_(" -?, --help show this help, then exit\n"));
printf(_("\nConnection options:\n"));
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
--
2.31.1
>From c2285ccc738260d57895d4b9cfc77ea9feaebb26 Mon Sep 17 00:00:00 2001
From: Kyotaro Horiguchi <horikyota....@gmail.com>
Date: Wed, 10 Aug 2022 15:04:43 +0900
Subject: [PATCH 2/3] Add bypassrls to interactive mode in createuser
---
src/bin/scripts/createuser.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c
index afde9bed5f..9789bab034 100644
--- a/src/bin/scripts/createuser.c
+++ b/src/bin/scripts/createuser.c
@@ -271,7 +271,12 @@ main(int argc, char *argv[])
}
if (bypassrls == 0)
- bypassrls = TRI_NO;
+ {
+ if (interactive && yesno_prompt("Shall the new role be allowed to bypass row-level security policy?"))
+ bypassrls = TRI_YES;
+ else
+ bypassrls = TRI_NO;
+ }
if (replication == 0)
replication = TRI_NO;
--
2.31.1
>From 71a52953717371f8fa77e50f966410ac16581852 Mon Sep 17 00:00:00 2001
From: Kyotaro Horiguchi <horikyota....@gmail.com>
Date: Wed, 10 Aug 2022 14:21:47 +0900
Subject: [PATCH 3/3] Use ternary value against ternary variables
createuser.c uses '0' against a trivalue. It should use TRI_DEFAULT
instead.
---
src/bin/scripts/createuser.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c
index 9789bab034..4a2a751f7e 100644
--- a/src/bin/scripts/createuser.c
+++ b/src/bin/scripts/createuser.c
@@ -239,7 +239,7 @@ main(int argc, char *argv[])
free(pw2);
}
- if (superuser == 0)
+ if (superuser == TRI_DEFAULT)
{
if (interactive && yesno_prompt("Shall the new role be a superuser?"))
superuser = TRI_YES;
@@ -254,7 +254,7 @@ main(int argc, char *argv[])
createrole = TRI_YES;
}
- if (createdb == 0)
+ if (createdb == TRI_DEFAULT)
{
if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
createdb = TRI_YES;
@@ -262,7 +262,7 @@ main(int argc, char *argv[])
createdb = TRI_NO;
}
- if (createrole == 0)
+ if (createrole == TRI_DEFAULT)
{
if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
createrole = TRI_YES;
@@ -270,7 +270,7 @@ main(int argc, char *argv[])
createrole = TRI_NO;
}
- if (bypassrls == 0)
+ if (bypassrls == TRI_DEFAULT)
{
if (interactive && yesno_prompt("Shall the new role be allowed to bypass row-level security policy?"))
bypassrls = TRI_YES;
@@ -278,13 +278,13 @@ main(int argc, char *argv[])
bypassrls = TRI_NO;
}
- if (replication == 0)
+ if (replication == TRI_DEFAULT)
replication = TRI_NO;
- if (inherit == 0)
+ if (inherit == TRI_DEFAULT)
inherit = TRI_YES;
- if (login == 0)
+ if (login == TRI_DEFAULT)
login = TRI_YES;
cparams.dbname = NULL; /* this program lacks any dbname option... */
--
2.31.1
