public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jacob Champion <[email protected]>
To: Zsolt Parragi <[email protected]>
Cc: Andrew Dunstan <[email protected]>
Cc: Tristan Partin <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Proposal: new file format for hba/ident/hosts configuration?
Date: Thu, 9 Jul 2026 15:48:37 -0700
Message-ID: <CAOYmi+nxQwwkmb5NEj_LUS6ZCstWqyM-Do3KbqdV9JW3YmwbWA@mail.gmail.com> (raw)
In-Reply-To: <CAN4CZFPQiNvfX2k35zYi9eZ7-kC5vEeQtiM_nOce3MNpK4Ai_w@mail.gmail.com>
References: <CAN4CZFNXdKL4eb_GwT_h-vUuUV+CbPCk_8-+S3kV8iFmNmUw7A@mail.gmail.com>
<[email protected]>
<CAD5tBc+ki9ynMuFRkFCCXVtyOO7HaEU7EEdGKA1LWgofNgdNOQ@mail.gmail.com>
<CAOYmi+m8PrWyhY7diTA+UTGNNzQ8eCZZLRA07LTuzj4VCBaudA@mail.gmail.com>
<CAN4CZFPQiNvfX2k35zYi9eZ7-kC5vEeQtiM_nOce3MNpK4Ai_w@mail.gmail.com>
On Wed, Jul 8, 2026 at 8:33 AM Zsolt Parragi <[email protected]> wrote:
> I focused on TOML in my email because I think that's still a better
> configuration format than JSON5.
(I agree)
> * do we agree on working towards another configuration format?
> * if yes, what requirements do we have for it?
> * what exact issues do we want to solve, and what to leave as non-goals?
Adding small pieces to this pile: I'm primarily motivated by authn/z,
and I'd like to be able to more intuitively attach parameters to
certain connection contexts. This is something that neither a flat
configuration, nor separated tabular configurations, have really
helped us with.
"Connections using SCRAM authentication should time out in X seconds
instead of the default." Or "this group of users should use the
following list of GUCs." The sample I used in [1] a long time ago was
Everyone has to use LDAP auth
With this server
And these TLS settings
Except admins
who additionally need client certificates
with this CA root
And Jacob
who isn't allowed in anymore
We don't handle these (perfectly reasonable IMO) cases very well, or
sometimes at all. I'm primarily used to servers in the web space
(httpd, nginx, caddy, haproxy) when it comes to this configuration
style, which I think I called "contexts with property bags" in that
other thread.
> * I am unsure about using the array syntax for hba rules, but so far I
> like it better than the alternative ideas I tried
FWIW I find that part of it pretty hard to read and understand, though
that should not in any way spike the general concept into the ground.
Thanks!
--Jacob
[1] https://postgr.es/m/0e0c038ab962c3f6dab00934fe5ae1ae115f44c0.camel%40vmware.com
view thread (4+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Proposal: new file format for hba/ident/hosts configuration?
In-Reply-To: <CAOYmi+nxQwwkmb5NEj_LUS6ZCstWqyM-Do3KbqdV9JW3YmwbWA@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox