Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wQpV7-001uGR-1K
	for pgsql-hackers@arkaria.postgresql.org;
	Sat, 23 May 2026 16:47:01 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wQpV3-00FxOV-0E
	for pgsql-hackers@arkaria.postgresql.org;
	Sat, 23 May 2026 16:46:58 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <matheusssilv97@gmail.com>)
	id 1wQpV2-00FxOM-2M
	for pgsql-hackers@lists.postgresql.org;
	Sat, 23 May 2026 16:46:57 +0000
Received: from mail-dy1-x1329.google.com ([2607:f8b0:4864:20::1329])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <matheusssilv97@gmail.com>)
	id 1wQpV1-000000014UV-0jpb
	for pgsql-hackers@lists.postgresql.org;
	Sat, 23 May 2026 16:46:57 +0000
Received: by mail-dy1-x1329.google.com with SMTP id
 5a478bee46e88-2f0d3e07e30so27955925eec.0
        for <pgsql-hackers@lists.postgresql.org>;
 Sat, 23 May 2026 09:46:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779554811; x=1780159611;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=PRRmckqUpoHP7dkQBt9JwrABkwRJa8aGmQaAEFMu1Ck=;
        b=Nu4MlQd9X/3U4OLz6Ca+1uxxb/g3SUoBPkOEORx9lAQNv59XXeEIZ6vj5MtSMA2IYU
         Hf3p1PcBcJo4Qzyx+2OzXIqN6RccE2inkJCw/9Eq6f/Wjrk4OKY3nf2C/YEQpnzv6Sa/
         xKWZ/vKl3ognm49v7wVlbzlASMBeJ2PxiiK/7gpDKodgahUvp1m4C0kcUhxYemww1txg
         8HZoPuGn7HyY9ZF8A20zEr8NQzRR6nbekxTxvGJS9Cc9bpRBU3OUaG1H8IGtNTXhfiIZ
         4C+gdL4cUiy131oUWcfMRWm9KVwdUR3YwESkMXz9bxGkINebjrbqxofJRWuKoTmoME8Y
         yIyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779554811; x=1780159611;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PRRmckqUpoHP7dkQBt9JwrABkwRJa8aGmQaAEFMu1Ck=;
        b=IxGd3SB1fDMsTgoxf35ey2FzoLjs03Cur8/+zadrihFU7yXgDRRBBTXfJp5b1DkoZP
         9BJO4DolA7qQJ0S0XV4q6S6wrEODdAjn6BQ1t3O3wwMRsoe/bNhTNXWrB2+/Yk277Sf/
         SpSQsjiX0DFhQ0xyHFiRAkM4c8JqQJ29Hgtbuf9YWHiRGz/IwprhMclwU9HktMuyxxan
         lWeb5+uuNrszGHD4zh/+wzwHagIWpwavf0f5cl1JUZGVfH8n3uR+9mY4bqskbz1jaSnb
         t8zUplbVoxSJrmoIKp/JZU5Equgd2Ue630xb8SWXbAD1tXcv0gCZYNMDhhUIWaibqQYz
         726Q==
X-Gm-Message-State: AOJu0YxRr+G/9EbpBHOGFE3ymExFPhk+ZWCSSAMEUN5xI3BgIicpX97M
	xGnrns9cWLSmpdkZgPIkH7DD2rlmeq7pppG5OFDaBBGkQN66kTs3VTJx
X-Gm-Gg: Acq92OEUJHO4AeOvFhaUO1Wjmy86qu7yQYAJOcN7iphUJL7h+hAnmVgp2fbqSiRuZ9q
	ym2R7JzipdwBD9m/u85oVR4AsvjR4BeJxyOE79Kb9z72f/8tx0Z2QQsyycJ7Wln7zHFdKycdnhB
	L+jObomV7P7Qusav5MPz7lf3PUVn7ah8EhEikt2YtpbMpWPfdQxrR0HgLHZN/8HFykX/RuXdYh2
	67PhO/f/T3dEr9PwyMaWBlplLZ8V+7YwjasViOieIKXlb5du+2LMmojt8feqZAnPCGjEAcCC9D8
	lWRR3cytsrmHaY/H8hY49JruBlwSVfN/as/fziBqPtRDR+7oiIahLxu8/NEP5tSFWrDbtmNS0bv
	PRf20saA4r0yBbsbDDYbC27h+49DBQhRC6Yi3LK9jjfcnEGqLHu5Q4EViyPK7J9cvvPw1zn7rOk
	++UDaoVmACMtkAXvPOLE0A/Y9hlG8xjNYBxTUBrppX3pDtnfchDWwELEeIMAsTlJcEbdRA4TuSt
	RU+yYuVUpj26FZEl0gBO2zXCSM=
X-Received: by 2002:a05:693c:2285:b0:2f1:6252:f8ef with SMTP id
 5a478bee46e88-30448fbf20cmr4366534eec.1.1779554811027;
        Sat, 23 May 2026 09:46:51 -0700 (PDT)
Received: from ?IPV6:2804:14d:328a:a59c:5812:9080:d3b8:92f1?
 ([2804:14d:328a:a59c:5812:9080:d3b8:92f1])
        by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-3045245d6aesm3520787eec.26.2026.05.23.09.46.49
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sat, 23 May 2026 09:46:50 -0700 (PDT)
Message-ID: <14ea4cc9-da72-4e11-bbf2-48478b27b2bd@gmail.com>
Date: Sat, 23 May 2026 13:46:48 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: postgres_fdw: use_scram_passthrough on user mapping is ignored
 when also set on server
To: Fujii Masao <masao.fujii@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
References: 
 <CAHGQGwEJ8rZjmbOvCicyr4vbuLio082bNTde0WNoSWaWr9wVcg@mail.gmail.com>
 <DIIOEOI2RTVC.1J8PO0GO2VZIG@gmail.com>
 <CAHGQGwGXpYs+Hw+xqLacVtgS_ztwQ2hm1LeK8q=cMvGLYzB0HA@mail.gmail.com>
 <DIJD8SBZQK54.1L75HI5SLG2LT@gmail.com>
 <CAHGQGwEvZHhHWFp-9ikciyrKmsX7n-qvOixruMbP9pFH2VMnHQ@mail.gmail.com>
 <DILVRJ0YYTRC.1NDGAS1S7B456@gmail.com>
 <CAHGQGwFqBFkPzxfBad-1YzRPbapCq9TdXQC7zmSeqNisXyq6Gw@mail.gmail.com>
Content-Language: en-US
From: Matheus Alcantara <matheusssilv97@gmail.com>
In-Reply-To: 
 <CAHGQGwFqBFkPzxfBad-1YzRPbapCq9TdXQC7zmSeqNisXyq6Gw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/14ea4cc9-da72-4e11-bbf2-48478b27b2bd%40gmail.com>
Precedence: bulk

On 22/05/26 22:58, Fujii Masao wrote:
> On Mon, May 18, 2026 at 11:42 PM Matheus Alcantara
> <matheusssilv97@gmail.com> wrote:
>> I think that the test is worth to have to avoid such issues in the
>> future again, but I agree that adding as a TAP test is overkill. I've
>> moved to sql/dblink.sql on the new attached version.
>>
>> Do you think that we need to add such test for postgres_fdw too?
> 
> No, I don't think so.
> 
> In dblink, use_scram_passthrough is handled by a dblink-specific validation
> path, and patch 0003 fixes that specific code path. So it might be worth
> adding such test for dblink.
> 
> In postgres_fdw, however, this option is handled by the generic option/context
> validation machinery, not by any special-case code. We already have tests for
> context-sensitive option validation there. So adding such test for postgres_fdw
> would be mostly redundant, I think. Thought?
> 

Agree, it make sense.

>> Yeah, we don't have any documentation about this on 18, but we do have
>> for sslkey and sslcert where in postgres-fdw.sgml we have the following:
>>      sslkey and sslcert - these may appear in either or both a connection
>>      and a user mapping. If both are present, the user mapping setting
>>      overrides the connection setting.
>>
>> So I think that is desirable to have the same behavior for
>> use_scram_passthrough.
> 
> Agreed. I'm therefore thinking of backpatching patches 0001 and 0002 to v18.
> 
> Even in v18, this change is very narrow. It only affects cases where
> use_scram_passthrough is specified at both the server and user-mapping levels
> with conflicting values. In such cases, the natural interpretation is that
> the user-mapping setting is intended to override the server-level setting;
> otherwise, there would be little reason to specify conflicting values.
> 
> Given the limited impact, leaving v18 as the only branch with different
> semantics for a feature introduced in v18 seems more undesirable and
> potentially confusing. So I think backpatching to v18 makes sense.
> 
+1

Thank you for finding the issue and reviewing the patch.

--
Matheus Alcantara
EDB: https://www.enterprisedb.com