Hi, how about having links (instead of just
password_required=false) in alter_subscription.sgml
and logical-replication.sgml so the user can navigate easily back to
the CREATE SUBSCRIPTION parameters "password_required" part.
For example, alter_subscription.sgml does this already for "two_phase"
On Fri, 2023-10-13 at 11:18 +0200, Benoit Lobréau wrote:
> I tried adding a section in "Logical Replication > Subscription" with
> the text you suggested and links in the CREATE / ALTER SUBSRIPTION
> commands.
>
> Is it better ?
Minor comments:
* Use possessive "its" instead of the
On 9/23/23 03:57, Jeff Davis wrote:
IIUC there is really one use case here, which is for superuser to
define a subscription including the connection, and then change the
owner to a non-superuser to actually run it (without being able to
touch the connection string itself). I'd just document that
On 9/26/23 19:00, Jeff Davis wrote:
+ If the ownership of a subscription with
password_required=true
+ is transferred to a non-superuser, they will gain full control
over the subscription
+ but will not be able to modify it's connection string.
I think you mean false, right?
On Tue, Sep 26, 2023 at 1:00 PM Jeff Davis wrote:
> As I said earlier, I think the best thing to do is to just have a
> section that describes when to use password_required, what specific
> things you should do to satisfy that case, and what caveats you should
> avoid. Something like:
>
> "If
On Tue, 2023-09-26 at 18:21 +0200, Benoit Lobréau wrote:
> On 9/26/23 16:27, Benoit Lobréau wrote:
> > I will try to come up with a documentation patch.
>
> This is my attempt at a documentation patch.
>
+ If the ownership of a subscription with
password_required=true
+ is transferred
On 9/26/23 16:27, Benoit Lobréau wrote:
I will try to come up with a documentation patch.
This is my attempt at a documentation patch.
--
Benoit Lobréau
Consultant
http://dalibo.comFrom a73baa91032fff37ef039168c276508553830f86 Mon Sep 17 00:00:00 2001
From: benoit
Date: Tue, 26 Sep 2023
On 9/22/23 21:58, Robert Haas wrote
I think that there normally shouldn't be any problem here, because if
form->subpasswordrequired is true, we expect that the connection
string should contain a password which the remote side actually uses,
or we expect the subscription to be owned by the
On Fri, 2023-09-22 at 08:36 -0400, Robert Haas wrote:
> On Fri, Sep 22, 2023 at 4:25 AM Benoit Lobréau
> wrote:
> > Can we consider adding something like this to clarify?
> >
> > """
> > This parameter is enforced when the CREATE SUBSCRIPTION or ALTER
> > SUBSCRIPTION .. CONNECTION commands are
On Fri, Sep 22, 2023 at 10:59 AM Benoit Lobréau
wrote:
> You're right, it comes from the connection to drop the slot.
>
> But the code in for DropSubscription in
> src/backend/commands/subscriptioncmds.c tries to connect before testing
> if the slot is NONE / NULL. So it doesn't work to DISABLE
On 9/22/23 14:36, Robert Haas wrote:
I haven't checked this, but I think what's happening here is that DROP
SUBSCRIPTION tries to drop the remote slot, which requires making a
connection, which can trigger the error. You might get different
results if you did ALTER SUBSCRIPTION ... SET
On Fri, Sep 22, 2023 at 4:25 AM Benoit Lobréau
wrote:
> Can we consider adding something like this to clarify?
>
> """
> This parameter is enforced when the CREATE SUBSCRIPTION or ALTER
> SUBSCRIPTION .. CONNECTION commands are executed. Therefore, it's
> possible to alter the ownership of a
On 9/21/23 20:29, Robert Haas wrote:
Which one? I see 2 ALTER SUBSCRIPTION ... OWNER commands in
password_required.log and 1 more in password_required2.log, but
they're all performed by the superuser, who is entitled to do anything
they want.
Thank you for taking the time to respond!
I
On Thu, Sep 21, 2023 at 8:03 AM Benoit Lobréau
wrote:
> I am confused about the new subscription parameter: password_required.
>
> I have two instances. The publisher's pg_hba is configured too allow
> connections without authentication. On the subscriber, I have an
> unprivileged user with
Hi,
I am confused about the new subscription parameter: password_required.
I have two instances. The publisher's pg_hba is configured too allow
connections without authentication. On the subscriber, I have an
unprivileged user with pg_create_subscription and CREATE on the database.
I tried
15 matches
Mail list logo
