Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wer1q-0054jh-0j for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Jul 2026 09:14:46 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wer1o-00CofI-2z for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Jul 2026 09:14:44 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wer1o-00CofA-1z for pgsql-hackers@lists.postgresql.org; Wed, 01 Jul 2026 09:14:44 +0000 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wer1m-00000001AVo-0VX2 for pgsql-hackers@lists.postgresql.org; Wed, 01 Jul 2026 09:14:43 +0000 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-8ea70ca4fc8so2711136d6.1 for ; Wed, 01 Jul 2026 02:14:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1782897280; cv=none; d=google.com; s=arc-20260327; b=QdVi6LkqMcGc2SbnukZOntrtYnHvNZrVk3vCvf3t8rbRHp0M2lmeQ34hPB/Aj1r+48 AxuXIREXh8LH6NZlcrLyyKOxPVvmVDxVuFRFBGL+YnOmvZkc+Dd6zNlU1g0BeeckkVYL il2sdBsFeyP8cV8aKcD/GASbOKAxxkVi4GdCCeWM06BDuYyt81mlgEbitukehVxmcAEd G3EZqPHQEq/6BxSbwbeWjQ82gBcsedlKlHbajZBtv3JpjNZoCpWFfUQRKbicTCT/wMNr 7NVEilOJi50R3U3ybt3e6yV73KhqREcDMLV4fam68nBDreRf7dSnZDvQMnKOrfcIcz7J 40rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+Xjmfwx+YEX+bBNQh/IaPQGyHfvWwbJNodDgu/05pK8=; fh=ExvjdwiVYGWsdXZK8CbC9E+P2+zsE9mpNVQp5tQ8oKo=; b=N90qFd+dkHMxMitxFB84kxV6N1z7/DzxGcnkuJNlGzg1IDhCAUeRrlwHync1HpiMny nEYzK4PgaaVOTFH8u9zx+5H7yzoygTuuScjMZVGB5NiN4FHRRDAX/brOY9GAdibWWs/G EZJuXmspFwjWC1XFqAe6/1xLCDoVEisJa+Tl5s8G1dUmTCglBZ2VaM8dcXKS8uodxaL2 sbRTaDbb/AKpfX231S1sHaLWNsxZbtvQ0ih0QKOolUEBzkeiPDgrOR4z14cliA3lNv6i Y+XwTyO2DNVyQwHN0Khx+9JeOheDnWLbQpOA0UJCYPLxBcTnww8YwWhxIhZa6foOUpd2 P8vQ==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782897280; x=1783502080; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+Xjmfwx+YEX+bBNQh/IaPQGyHfvWwbJNodDgu/05pK8=; b=PghBY8Fz0trQsW01Mfj7KgZHrNbzsolqdDNX0QOfrwWizcfv88BCcIC4n70JOqnorF FqYXZqbgFTkVWdM3V1VzT+Q9zTrnsbxCSrNevHN34zTlTdhBEy6jYR5Zdc5CFWsNdXID 86y1vWVYEzEPPs0g0Nr/LANnpfx9KEx8K6MjOZDp6J5I0PZ58plKOSdUHI9QZRZm7FEp +h7N1nvo9/qi+uRyey4eltzT9/rK8OdCMjkxOGOufSHcW1u0WjXTPPcy/vg5LrYt1Pbb VslmJZoi02TY0413DJw90KoFJYje2XJ27C7XJM6ZxSG2lQD6BzA8l03j9O2zJxkoiCZu rhcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782897280; x=1783502080; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=+Xjmfwx+YEX+bBNQh/IaPQGyHfvWwbJNodDgu/05pK8=; b=liklWUtmyCMtyWrnAlkkV45vfbuXZwqrM5eqzLOrage9q1C3kLdTmIVvX88kZcT7F/ NBRl4lf8gN0ohlciaJh8VUsROKpjNfIk0HvLN05JtGQfDaKz18CK5oX2UoUshUbxi65O hGQsD5l61iEBDWu8p10kRgjI86RUZZVbbl1M+mzBOXI/6HA48iFXdQqnEV8PyXGHAvVR BcBP/N3MkhvlT1R62l2hNXeY9s0Ps21ZfVFXi1KUiAUmeEcUJjI6v/YJUrzW8u0wJvOO WcJvV+ksdPwCZb2lvfhAkXjSn9gztaeKNJGqS6Sec0KP4JE6YdPYulxDKfGJ873W0DEo b2lA== X-Forwarded-Encrypted: i=1; AHgh+RqovWoOBfhaPtD9QKYmAOPysZyHGuabX5DWgIlZ7teLr0qh2z+Xbovo2w5vvg1qjO+gLC+5nCW7N2HMwic/@lists.postgresql.org X-Gm-Message-State: AOJu0YzY8NBpAqYwYXmzVcFscUKPPeD4nQ8GQ4+VsfJN1Z09cvBAyWdc 0R3WPPo7Yn0hlxwYxUlkU9ofN57j7c8y2OV3istdWSK2cYKWL4/eGqLPl+FtmARbbG/Q6DMpoOp fEhY5I6tkrYvqzqfjirX4NsKLDxdcejo= X-Gm-Gg: AfdE7ckmyTaHG6LBFXhJOjs5Tyz5PqEYtHnlgBg5lCh9Mi8j3c4tyVRaUO2zw9fOrMd 5oqOWzuqDrnsHJN0Ww74NdbTxRXz1gfd9gYVcEUXdYxZt1/6RV79i+a0vd/BKrkmanqubzpiwS+ 6q1yjxB8MHqGdLvazxMwqpHcNNMHrXmUeWOZn4sTQjwMaEM0NaHAXIlWimKDttirRMfQgPrMIvF vwwqd9MoJkvXhvF3svph1Co+9YAB0SQ2cVP2JYshmBGUTdfC9CyStJYGrnu3Zfs6jM0nUtNoo/U mD2ubDA= X-Received: by 2002:a0c:e086:0:b0:8ef:dde7:bd69 with SMTP id 6a1803df08f44-8f2549e5647mr63778616d6.29.1782897280246; Wed, 01 Jul 2026 02:14:40 -0700 (PDT) MIME-Version: 1.0 References: <177997571870.313758.10720313850275742354.pgcf@coridan.postgresql.org> In-Reply-To: From: solai v Date: Wed, 1 Jul 2026 14:45:02 +0530 X-Gm-Features: AVVi8CcGhZEE-ziT7STbXNDoGQk2lRFj8xhk52lq6GRhz2VNDwpsStKLFjst2f0 Message-ID: Subject: Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement To: Akshay Joshi Cc: Ilmar Y , pgsql-hackers@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi all, On Tue, Jun 30, 2026 at 4:48=E2=80=AFPM Akshay Joshi wrote: > > All, > > I've updated the patch to align with the interface change introduced by c= ommit d6ed87d1989 (Andrew Dunstan, 2026-06-26 "Use named boolean parameters= for pg_get_*_ddl option arguments"). > > That commit replaced the VARIADIC text[] alternating key/value option int= erface with typed named boolean parameters across pg_get_role_ddl(), pg_get= _tablespace_ddl(), and pg_get_database_ddl(), removing the DdlOption/parse_= ddl_options() machinery in favour of direct PG_GETARG_BOOL() calls. > > Updated patch v14 is ready for review/commit. > I reviewed and tested the v14 patch on the latest master. The patch applied cleanly, built successfully, and passed make check without any regression failures. I verified the new function signature and confirmed that pg_get_policy_ddl() now uses the new interface with the boolean DEFAULT false argument. Also I tested the function with a variety of row-level security policies, including: Basic policy reconstruction, PERMISSIVE and RESTRICTIVE policies, Different command types (SELECT, INSERT, UPDATE, DELETE), Policies with multiple roles and the PUBLIC role, Quoted table, policy, and role names, USING and WITH CHECK clauses, Complex expressions including EXISTS, nested subqueries, CASE expressions, COALESCE, ANY/ALL operators, and boolean expressions, NULL inputs, invalid relation names, and non-existent policies. The generated DDL was correct as per the intent, and the expected errors were verified for the invalid inputs. I also verified that the generated DDL is executable by dropping an existing policy, recreating it using the output of pg_get_policy_ddl(), and confirming that the recreated policy was reconstructed successfully again by the function. One observation I noted is that for policies using default attributes (TO PUBLIC and AS PERMISSIVE), the generated DDL omits those clauses and produces a semantically equivalent statement which seems intentional but thought of sending it here for further clarification. Overall, I did not encounter any functional issues during testing. The patch looks good to me and worked as expected in all the scenarios I tested. Regards, Solai