Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wesE4-00564o-2F for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Jul 2026 10:31:28 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wesE3-00D4DF-23 for pgsql-hackers@arkaria.postgresql.org; Wed, 01 Jul 2026 10:31:27 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wesE3-00D4D6-0e for pgsql-hackers@lists.postgresql.org; Wed, 01 Jul 2026 10:31:27 +0000 Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wesE0-0000000143P-1eVM for pgsql-hackers@lists.postgresql.org; Wed, 01 Jul 2026 10:31:25 +0000 Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-c1254b73d63so63204466b.1 for ; Wed, 01 Jul 2026 03:31:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1782901882; cv=none; d=google.com; s=arc-20260327; b=UDLJOs0DnFkxKYtvFCHlq9Vp8byEoohUd6aw2PJUd06xe2SaS5O+iODVOJ8tfKht+x /6w8trpzua1cyqoD7MEZoueQ2HgKNlSi1ZcockfW9UB04F1ndEWkIDgmAG6eNQXpU4rk 1r48wJ4eCm/vZdl5+JWVmHxVF4tRTj8Wv8GFS2A7rFv9apaZ9UcWpZIACkayPm3eg2mQ bfzNXcChZIqmafUX1R7A1VZIyp2xp4spJDeiAqDY6pquY1p0mbJiQJD1cRf5imNBSWTD 2JCEfDi2lKGRtXInQk1MR1wjki6bGYbudmouuxR+FectRAyULCQLfHrFvnmw5jlZ99ze rkCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=1JJc13IcFPbH+wxeyb+qzY5+5c1XOqwbtOew8bdFIyo=; fh=qdnFwWLHva9gap21f89ES5MLALXDKP1CntpVkPtaDaM=; b=lMgy7NUVdomlLhvc6V09NBiKxL0QXS0t44pHQABnpGBs5pnzFg8Y5ZldjC8mcNmxJl k6LYMHNmmSIJsmrN8g6zclt4GF5w144pK9F5N3f3HFFNJDLFf8tbHjqvU2kZgtQaptB7 LEfJh1bPGfWMfBs4AuJY0bVAE9EzCX33QEGfU4AswpEOrrgOcd9S4tscaZlIVKxS8F4p R4k4Exoja7MhIhqDhRDgqPJuqVXw2zJtwETYzxuA4zEvJthwfiD2fkZF5LJqHBGQ8mNy YPsPz2ybxgqMjQpXEddAtLSsKDFxCscoIOqs3hTs28cfFk/v9c2NBImmQdg8ljRpSRbW +W8w==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1782901882; x=1783506682; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1JJc13IcFPbH+wxeyb+qzY5+5c1XOqwbtOew8bdFIyo=; b=XkOlnetapBBo/3tLV424s07cEbIhnXXEMXWHGVWGWcBN06L+BmQ+nEenB1yw00jRA7 PxmDHbpyqQtFSn88vZdGbqkpOuBVoIqWxqtZB5tMOQxO9vWTvYr68leNfUWxTa783W4I mXYHREsTyPtrNyTjwrgByMSxZEqOMZkBHJT6J7nB4BzPZgf+WeIgYaFdYrSKmK3C7UEw bBFQrCAVOYkUZ3yUdMSDtMbCRpcASdQnvr8XL9XknjVUaZ9noNmUamBbYeYR4ZnnWqP0 aOlrLAouh/tZHmwfSG7tg/oo7udnOV3s3m7Goo7GWlNGZUL8NZqJBl/Fvjr7qZPmBfE+ Rw/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782901882; x=1783506682; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=1JJc13IcFPbH+wxeyb+qzY5+5c1XOqwbtOew8bdFIyo=; b=h/kyK4jOZLHwQbgv18dHFb2a2vWT6P7BFJATKWXSQmXNAEGS9Ovf3ANyNFS7JuSWpU 7Ve8r6LM6kqqNTWBr1sJeCd7ogrpBYZipNTLBhjmHB6CdBppgecRojyCXWlkn6lPHMPX Go/BE5y6wgjnsKXoUeD75UFC7jx0Zp1RW1pA+jRO2+WBsC9JPhdUMgUFt9bk9krYZBVO 4eOldjxIVjWfZ/xeIcsEWwQpChKKFNCJ1Dp7a8qTV6DKVEslT2DRNikKa2jOtvwX2QtN hrNVhEX8KoBe/+qfPyKoJUTxA85j33oUc33v9mxO0Wm1M8Xs8jpQuqYkAXAl1IDkjtcI IsQw== X-Forwarded-Encrypted: i=1; AHgh+RqOe/d5H/plFW1+xo2N6DuqDoX7+9sB1Usv7GGAQx5qpuUahw/2INOW9G9u5s2HXDyZUxZsI4ijL8E1lLFA@lists.postgresql.org X-Gm-Message-State: AOJu0YySBe8g1TUy2u3UpIo38iHzTAysxgDZY1hRecziW4baxPYfQIZw DYcPgKvpjv81fs9UJE6Q33FB+Rzouf1rI1lmCAjG+RXwNrSRPgEf9OfPfwm6Dxqu0S41aZMSQup 0TA4/W7ChekMY7gtP4QsdL07jJtYxLQLOurwgrldm X-Gm-Gg: AfdE7ck6l1uF5uZ6e/CTI0K6OLVId8aIVdudOLjQOMNcXdb5aosqvGuqaYZeTCYe1ZS F/MVW7j6NdXiKAeXoK89znEFfQRke3kcq/tSi2LcnSNg/WD1SBUR+iXFjsbkl0G4eyH+GErlfFZ YDmpjqhvzQl0Uj73Qn4HY/sYZ7g8DtY52pjmAPKJSlLzcyiOO6vJCk9yiH41bwZJs+IgYNcomY0 7Lg2LFiFHJET16ZLPeZPs0EPPNMstI0d5pfCK25fg326V23Ig03yv27p63f5DXt76U+GICN7A== X-Received: by 2002:a17:906:6290:b0:c12:34ed:e0fc with SMTP id a640c23a62f3a-c12aa1d60f1mr49544966b.58.1782901881923; Wed, 01 Jul 2026 03:31:21 -0700 (PDT) MIME-Version: 1.0 References: <177997571870.313758.10720313850275742354.pgcf@coridan.postgresql.org> In-Reply-To: From: Akshay Joshi Date: Wed, 1 Jul 2026 16:01:10 +0530 X-Gm-Features: AVVi8Cddir6h9wAvYf6MziTBxeIGTC6c0MjSkkSdB50pCDITjoBaDLs502u6Dco Message-ID: Subject: Re: [PATCH] Add pg_get_policy_ddl() function to reconstruct CREATE POLICY statement To: solai v Cc: Ilmar Y , pgsql-hackers@lists.postgresql.org Content-Type: multipart/alternative; boundary="00000000000057854706558a31fa" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000057854706558a31fa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jul 1, 2026 at 2:44=E2=80=AFPM solai v wrote= : > Hi all, > > > On Tue, Jun 30, 2026 at 4:48=E2=80=AFPM Akshay Joshi > wrote: > > > > All, > > > > I've updated the patch to align with the interface change introduced by > commit d6ed87d1989 (Andrew Dunstan, 2026-06-26 "Use named boolean > parameters for pg_get_*_ddl option arguments"). > > > > That commit replaced the VARIADIC text[] alternating key/value option > interface with typed named boolean parameters across pg_get_role_ddl(), > pg_get_tablespace_ddl(), and pg_get_database_ddl(), removing the > DdlOption/parse_ddl_options() machinery in favour of direct > PG_GETARG_BOOL() calls. > > > > Updated patch v14 is ready for review/commit. > > > > > I reviewed and tested the v14 patch on the latest master. The patch > applied cleanly, built successfully, and passed make check without any > regression failures. I verified the new function signature and > confirmed that pg_get_policy_ddl() now uses the new interface with the > boolean DEFAULT false argument. Also I tested the function with a > variety of row-level security policies, including: Basic policy > reconstruction, PERMISSIVE and RESTRICTIVE policies, Different command > types (SELECT, INSERT, UPDATE, DELETE), Policies with multiple roles > and the PUBLIC role, Quoted table, policy, and role names, USING and > WITH CHECK clauses, Complex expressions including EXISTS, nested > subqueries, CASE expressions, COALESCE, ANY/ALL operators, and boolean > expressions, NULL inputs, invalid relation names, and non-existent > policies. The generated DDL was correct as per the intent, and the > expected errors were verified for the invalid inputs. I also verified > that the generated DDL is executable by dropping an existing policy, > recreating it using the output of pg_get_policy_ddl(), and confirming > that the recreated policy was reconstructed successfully again by the > function. > One observation I noted is that for policies using default attributes > (TO PUBLIC and AS PERMISSIVE), the generated DDL omits those clauses > and produces a semantically equivalent statement which seems > intentional but thought of sending it here for further clarification. > Overall, I did not encounter any functional issues during testing. The > patch looks good to me and worked as expected in all the scenarios I > tested. > Yes, it's intentional for all pg_get_***_ddl functions. Clause with defaults won't be reconstructed. > > > Regards, > Solai > --00000000000057854706558a31fa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Jul 1, = 2026 at 2:44=E2=80=AFPM solai v <solai.cdac@gmail.com> wrote:
Hi all,


On Tue, Jun 30, 2026 at 4:48=E2=80=AFPM Akshay Joshi
<aksh= ay.joshi@enterprisedb.com> wrote:
>
> All,
>
> I've updated the patch to align with the interface change introduc= ed by commit d6ed87d1989 (Andrew Dunstan, 2026-06-26 "Use named boolea= n parameters for pg_get_*_ddl option arguments").
>
> That commit replaced the VARIADIC text[] alternating key/value option = interface with typed named boolean parameters across pg_get_role_ddl(), pg_= get_tablespace_ddl(), and pg_get_database_ddl(), removing the DdlOption/par= se_ddl_options() machinery in favour of direct PG_GETARG_BOOL() calls.
>
> Updated patch v14 is ready for review/commit.
>


I reviewed and tested the v14 patch on the latest master. The patch
applied cleanly, built successfully, and passed make check without any
regression failures. I verified the new function signature and
confirmed that pg_get_policy_ddl() now uses the new interface with the
boolean DEFAULT false argument. Also I tested the function with a
variety of row-level security policies, including: Basic policy
reconstruction, PERMISSIVE and RESTRICTIVE policies, Different command
types (SELECT, INSERT, UPDATE, DELETE), Policies with multiple roles
and the PUBLIC role, Quoted table, policy, and role names, USING and
WITH CHECK clauses, Complex expressions including EXISTS, nested
subqueries, CASE expressions, COALESCE, ANY/ALL operators, and boolean
expressions, NULL inputs, invalid relation names, and non-existent
policies. The generated DDL was correct as per the intent, and the
expected errors were verified for the invalid inputs. I also verified
that the generated DDL is executable by dropping an existing policy,
recreating it using the output of pg_get_policy_ddl(), and confirming
that the recreated policy was reconstructed successfully again by the
function.
One observation I noted is that for policies using default attributes
(TO PUBLIC and AS PERMISSIVE), the generated DDL omits those clauses
and produces a semantically equivalent statement which seems
intentional but thought of sending it here for further clarification.
Overall, I did not encounter any functional issues during testing. The
patch looks good to me and worked as expected in all the scenarios I
tested.

=C2=A0 =C2=A0 Yes, it's intentional fo= r all pg_get_***_ddl functions. Clause with defaults won't be reconstru= cted.=C2=A0 =C2=A0 =C2=A0


Regards,
Solai
--00000000000057854706558a31fa--