Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wetA1-0056iR-2Q for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Jul 2026 11:31:21 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wet9z-00DKsm-0W for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Jul 2026 11:31:19 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wet9y-00DKsc-2f for pgsql-hackers@lists.postgresql.org; Wed, 01 Jul 2026 11:31:18 +0000 Received: from mail-qv1-xf30.google.com ([2607:f8b0:4864:20::f30]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wet9w-00000001BYB-2jPo for pgsql-hackers@lists.postgresql.org; Wed, 01 Jul 2026 11:31:18 +0000 Received: by mail-qv1-xf30.google.com with SMTP id 6a1803df08f44-8f256eaedf8so5552376d6.2 for ; Wed, 01 Jul 2026 04:31:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1782905474; cv=none; d=google.com; s=arc-20260327; b=OZJlZ0DHsX7e1fwwwDFVtnhy1AsrT0hlpGVEm190P0Puo0ScW/NPsDlywiexj3C+rm YiWAl0ToOfd8oMy1osyfuzKV9sVRMArXtEE3P+lmHJHeZ6/5y0Y+qAivY0PhjU5Rldc2 v0JxpatcTV6iZ7U94tK4ceLz8Y6ROWOAU/o7Vl7EoetND+mItm3gaKdIhhZBpwujVQup xJLM8+UmkclmTWg8tfyz/2475KJNZe6opRml11jzGi+XrQheN9J/aHfBHMfj0EflY8nW QvW13hZvshaCkeWlZKJoG0VP0XJd2RukGzieCVpluFzirSGpC4r/HScRMZk1E6Ba7mur pPoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=n61O8VDS09imtEpNB16y/aAAXtJu5puAzxTzIQwhTe4=; fh=UhpbiAbFiXHxzeai9+hCx3tH/Y5tB+YoI15NqxqsFyc=; b=ntwVbhRzZBbtmUAJHk6f57QPQckUTCPrQPZDI6KvAS2My0W6rYYGpX/dZjtWNi6AT0 T2dVijLW6x4kWRcsxSEop9B6gLHJVXmWx6vb6L0oW5q1pmapXB2XeEQnyjhrn7taAwuF xoTjXxnt2JjHkD68xrhGr9jaUZ+S5DqgDyEnye2n/z43Hly4bhGPoDunm4dxkA1bCL33 VhMHAzQEj1GRls2Af+cpQRn9YA2waCXHQEuZSYmtMJL/6Udb1Fk5vWFYLEwJRKKbWmzj bn0jU6WPT9e0bMEFGjEFbpP5fykQA8RwcTn0MBpNQy/dIcy4z+4VjtJpI1gDZTFXiyoQ Iy/g==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782905474; x=1783510274; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=n61O8VDS09imtEpNB16y/aAAXtJu5puAzxTzIQwhTe4=; b=fFxZzMpkOH5GCgxNuBwS2Y0ZltTNTBCDl4E0bPPItUU5JDjEQNRx5//T5Rhv2tMR/M oTcbX+A3j9Y6GDlmNc5lL1EpcxExvBTVWwrWwrhCQQkcD6SBKuwiXQw1c/ukIefHH6Ol 1orwPKZ2dHV6jZUv+IeUp6iUqNNpb4jBLdgaf0o7rq+Us5FX9f14XLkc1ghGSEObyfAi oniR2Pqx2SPMFWFM9+db/wRzOod6k2Uu59XotPTPq09l6qa6Fv0XGaT86ShIbHBlAPJz etFWFPyjUdpczcMPW1aURvfXH2llAT0O2fkr4hU4EG7Moq4EB2CdT/Sem3h1IhzZyst1 IVFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782905474; x=1783510274; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=n61O8VDS09imtEpNB16y/aAAXtJu5puAzxTzIQwhTe4=; b=YZIBLpbCCHvbcCiQKzzGCYpmOWsDSrTXdJeGF6S1C1plEBv3Ro+h8Z4tsDww81OBEm Mjdq+/9tSXxncLYrkXqbMlmO+Pqtqkxowo+7UKdUKvuDFeyWbwm8WyhpOJLUakd4I567 B2TW3U1ifdI6nzymdiTwGaLNqBxHu/p7Pv5HLkPF5jd/ba1K6EFiMkYtVP0H1pg2uqfW yyh2WwC9bectsBfVVCuLIkK8qTSfGoPeuXuw4nyZebJ7IbO3oLM51xwTpP2c4dGQtbQb KjrTjONu9hsuOtKw+DN4UnvoxRFYikb5Wn06Bks7vGtVTUZyTlpRBXcPH+R3wLaWIWkN vV0g== X-Forwarded-Encrypted: i=1; AHgh+RrjYoTzxK10cgD32uMv7na9aSIc+0n+5ZD0FUTCe+VxAa5JA2uLER1GiOjIDmrNgYMUrdyp2+cbyTDK6AT5@lists.postgresql.org X-Gm-Message-State: AOJu0YwpZ9bOH+C34AE8HUesc8y7fX4WtHg30N6Io6BXTabDCYIz5b3H FF1o9Rp9sSsGeH/iUVTYpn9eK5Ee+M+gBGeCd3C+Iec3QFd3lLvayHFE/0MK/Ge8MMOjk2n61a+ ugjPEvtO4KuAGPe/DhtQkKQkirOozcJo= X-Gm-Gg: AfdE7cljb0xl+rZGYewFvMRgOzS/3IqvaUwxpCIU+eD6tTdS97TBEs/OkdmN8Id7DDk dJCkp1emNLv9rRrAWIVL04hD4a/IEGyoNd3EgfXeoVGCo6PbKyK4oDIURf1j0FUNCWigQDVXYsN OKwTCImBuJRDGU7XwVZNYshvViQv8H9izSD/Z9snuqRYSHkI/kxH8qNsK+ZBVTAx9GV9vCNYDEJ JB+RJHt/3S55y4rltgaJ5B4B570bwTm/fJjNdgDy71dvsDavm1mHxtF5lwDPrSMIKshz62l X-Received: by 2002:a05:6214:5703:b0:8ee:fd0c:5d96 with SMTP id 6a1803df08f44-8f3c5de0f34mr15543416d6.7.1782905474198; Wed, 01 Jul 2026 04:31:14 -0700 (PDT) MIME-Version: 1.0 References: <177997571870.313758.10720313850275742354.pgcf@coridan.postgresql.org> In-Reply-To: From: solai v Date: Wed, 1 Jul 2026 17:01:36 +0530 X-Gm-Features: AVVi8CcAJ6CvxSMo8v1NFSZIcP58b_ZGThmkh92JaEwoYyuIBDnkFzG2mA55GCg Message-ID: Subject: Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement To: Akshay Joshi Cc: Ilmar Y , pgsql-hackers@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi all, On Wed, Jul 1, 2026 at 4:01=E2=80=AFPM Akshay Joshi wrote: > > > > On Wed, Jul 1, 2026 at 2:44=E2=80=AFPM solai v wro= te: >> >> Hi all, >> >> >> On Tue, Jun 30, 2026 at 4:48=E2=80=AFPM Akshay Joshi >> wrote: >> > >> > All, >> > >> > I've updated the patch to align with the interface change introduced b= y commit d6ed87d1989 (Andrew Dunstan, 2026-06-26 "Use named boolean paramet= ers for pg_get_*_ddl option arguments"). >> > >> > That commit replaced the VARIADIC text[] alternating key/value option = interface with typed named boolean parameters across pg_get_role_ddl(), pg_= get_tablespace_ddl(), and pg_get_database_ddl(), removing the DdlOption/par= se_ddl_options() machinery in favour of direct PG_GETARG_BOOL() calls. >> > >> > Updated patch v14 is ready for review/commit. >> > >> >> >> I reviewed and tested the v14 patch on the latest master. The patch >> applied cleanly, built successfully, and passed make check without any >> regression failures. I verified the new function signature and >> confirmed that pg_get_policy_ddl() now uses the new interface with the >> boolean DEFAULT false argument. Also I tested the function with a >> variety of row-level security policies, including: Basic policy >> reconstruction, PERMISSIVE and RESTRICTIVE policies, Different command >> types (SELECT, INSERT, UPDATE, DELETE), Policies with multiple roles >> and the PUBLIC role, Quoted table, policy, and role names, USING and >> WITH CHECK clauses, Complex expressions including EXISTS, nested >> subqueries, CASE expressions, COALESCE, ANY/ALL operators, and boolean >> expressions, NULL inputs, invalid relation names, and non-existent >> policies. The generated DDL was correct as per the intent, and the >> expected errors were verified for the invalid inputs. I also verified >> that the generated DDL is executable by dropping an existing policy, >> recreating it using the output of pg_get_policy_ddl(), and confirming >> that the recreated policy was reconstructed successfully again by the >> function. >> One observation I noted is that for policies using default attributes >> (TO PUBLIC and AS PERMISSIVE), the generated DDL omits those clauses >> and produces a semantically equivalent statement which seems >> intentional but thought of sending it here for further clarification. >> Overall, I did not encounter any functional issues during testing. The >> patch looks good to me and worked as expected in all the scenarios I >> tested. > > > Yes, it's intentional for all pg_get_***_ddl functions. Clause with d= efaults won't be reconstructed. >> >> Ok. Thank you for the clarification. Regards, Solai