diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2023-03-06 14:16:32 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2023-03-06 14:16:32 +0100 |
| commit | d3406d80360776bbcafa05d8b966806012f9594e (patch) | |
| tree | dfd4dd751d869857ffc8309265699709751c4f3c | |
| parent | 4211fbd8413b26e0abedbe4338aa7cda2cd469b4 (diff) | |
| download | postgresql-d3406d80360776bbcafa05d8b966806012f9594e.tar.gz | |
Fix handling of default option values in createuser
Add description of which one is the default between two complementary
options of --bypassrls and --replication in the help text and docs. In
correspondence let the command always include the tokens corresponding
to every options of that kind in the SQL command sent to server. Tests
are updated accordingly.
Also fix the checks of some trivalue vars which were using literal zero
for checking default value instead of the enum label TRI_DEFAULT. While
not a bug, since TRI_DEFAULT is defined as zero, fixing improves read-
ability improved readability (and avoid bugs if the enum is changed).
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
Discussion: https://postgr.es/m/20220810.151243.1073197628358749087.horikyota.ntt@gmail.com
| -rw-r--r-- | doc/src/sgml/ref/createuser.sgml | 2 | ||||
| -rw-r--r-- | src/bin/scripts/createuser.c | 21 | ||||
| -rw-r--r-- | src/bin/scripts/t/040_createuser.pl | 18 |
3 files changed, 24 insertions, 17 deletions
diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml index e3af87f71b..0e19da90d3 100644 --- a/doc/src/sgml/ref/createuser.sgml +++ b/doc/src/sgml/ref/createuser.sgml @@ -348,7 +348,7 @@ PostgreSQL documentation <para> The new user will not have the <literal>REPLICATION</literal> privilege, which is described more fully in the documentation for <xref - linkend="sql-createrole"/>. + linkend="sql-createrole"/>. This is the default. </para> </listitem> </varlistentry> diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c index 3a1825e61f..3f58759aa2 100644 --- a/src/bin/scripts/createuser.c +++ b/src/bin/scripts/createuser.c @@ -239,7 +239,7 @@ main(int argc, char *argv[]) free(pw2); } - if (superuser == 0) + if (superuser == TRI_DEFAULT) { if (interactive && yesno_prompt("Shall the new role be a superuser?")) superuser = TRI_YES; @@ -254,7 +254,7 @@ main(int argc, char *argv[]) createrole = TRI_YES; } - if (createdb == 0) + if (createdb == TRI_DEFAULT) { if (interactive && yesno_prompt("Shall the new role be allowed to create databases?")) createdb = TRI_YES; @@ -262,7 +262,7 @@ main(int argc, char *argv[]) createdb = TRI_NO; } - if (createrole == 0) + if (createrole == TRI_DEFAULT) { if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?")) createrole = TRI_YES; @@ -270,10 +270,16 @@ main(int argc, char *argv[]) createrole = TRI_NO; } - if (inherit == 0) + if (bypassrls == TRI_DEFAULT) + bypassrls = TRI_NO; + + if (replication == TRI_DEFAULT) + replication = TRI_NO; + + if (inherit == TRI_DEFAULT) inherit = TRI_YES; - if (login == 0) + if (login == TRI_DEFAULT) login = TRI_YES; cparams.dbname = NULL; /* this program lacks any dbname option... */ @@ -432,9 +438,10 @@ help(const char *progname) printf(_(" --interactive prompt for missing role name and attributes rather\n" " than using defaults\n")); printf(_(" --bypassrls role can bypass row-level security (RLS) policy\n")); - printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n")); + printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n" + " (default)\n")); printf(_(" --replication role can initiate replication\n")); - printf(_(" --no-replication role cannot initiate replication\n")); + printf(_(" --no-replication role cannot initiate replication (default)\n")); printf(_(" -?, --help show this help, then exit\n")); printf(_("\nConnection options:\n")); printf(_(" -h, --host=HOSTNAME database server host or socket directory\n")); diff --git a/src/bin/scripts/t/040_createuser.pl b/src/bin/scripts/t/040_createuser.pl index 03830120fd..d60cae4f58 100644 --- a/src/bin/scripts/t/040_createuser.pl +++ b/src/bin/scripts/t/040_createuser.pl @@ -18,19 +18,19 @@ $node->start; $node->issues_sql_like( [ 'createuser', 'regress_user1' ], - qr/statement: CREATE ROLE regress_user1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;/, + qr/statement: CREATE ROLE regress_user1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'SQL CREATE USER run'); $node->issues_sql_like( [ 'createuser', '-L', 'regress_role1' ], - qr/statement: CREATE ROLE regress_role1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOLOGIN;/, + qr/statement: CREATE ROLE regress_role1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOLOGIN NOREPLICATION NOBYPASSRLS;/, 'create a non-login role'); $node->issues_sql_like( [ 'createuser', '-r', 'regress user2' ], - qr/statement: CREATE ROLE "regress user2" NOSUPERUSER NOCREATEDB CREATEROLE INHERIT LOGIN;/, + qr/statement: CREATE ROLE "regress user2" NOSUPERUSER NOCREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'create a CREATEROLE user'); $node->issues_sql_like( [ 'createuser', '-s', 'regress_user3' ], - qr/statement: CREATE ROLE regress_user3 SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;/, + qr/statement: CREATE ROLE regress_user3 SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'create a superuser'); $node->issues_sql_like( [ @@ -38,7 +38,7 @@ $node->issues_sql_like( 'regress_user1', '-a', 'regress user2', 'regress user #4' ], - qr/statement: CREATE ROLE "regress user #4" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN ADMIN regress_user1,"regress user2";/, + qr/statement: CREATE ROLE "regress user #4" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS ADMIN regress_user1,"regress user2";/, 'add a role as a member with admin option of the newly created role'); $node->issues_sql_like( [ @@ -46,19 +46,19 @@ $node->issues_sql_like( 'regress_user3', '-m', 'regress user #4', 'REGRESS_USER5' ], - qr/statement: CREATE ROLE "REGRESS_USER5" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN ROLE regress_user3,"regress user #4";/, + qr/statement: CREATE ROLE "REGRESS_USER5" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS ROLE regress_user3,"regress user #4";/, 'add a role as a member of the newly created role'); $node->issues_sql_like( [ 'createuser', '-v', '2029 12 31', 'regress_user6' ], - qr/statement: CREATE ROLE regress_user6 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN VALID UNTIL \'2029 12 31\';/, + qr/statement: CREATE ROLE regress_user6 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS VALID UNTIL \'2029 12 31\';/, 'create a role with a password expiration date'); $node->issues_sql_like( [ 'createuser', '--bypassrls', 'regress_user7' ], - qr/statement: CREATE ROLE regress_user7 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN BYPASSRLS;/, + qr/statement: CREATE ROLE regress_user7 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION BYPASSRLS;/, 'create a BYPASSRLS role'); $node->issues_sql_like( [ 'createuser', '--no-bypassrls', 'regress_user8' ], - qr/statement: CREATE ROLE regress_user8 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOBYPASSRLS;/, + qr/statement: CREATE ROLE regress_user8 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'create a role without BYPASSRLS'); $node->command_fails([ 'createuser', 'regress_user1' ], |