Documentation
¶
Overview ¶
Package identmap contains the code for parsing a pg_ident.conf file, which allows a database operator to create some number of mappings between system identities (e.g.: GSSAPI or X.509 principals) and database usernames.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Conf ¶
type Conf struct {
// contains filtered or unexported fields
}
Conf provides a multi-level, user-configurable mapping between an external system identity (e.g.: GSSAPI or X.509 principals) and zero or more database usernames which the external principal may act as.
The Conf supports being initialized from a file format that is compatible with Postgres's pg_ident.conf file:
# Comments map-name system-identity database-username # Convert "carl@example.com" ==> "example-carl" map-name /^(.*)@example.com$ example-\1
If the system-identity field starts with a slash, it will be interpreted as a regular expression. The system-identity expression may include a single capturing group, which may be substituted into database-username with the character sequence \1 (backslash one). The regular expression will be un-anchored for compatibility; users are therefore encouraged to always specify anchors to eliminate ambiguity.
See also: https://www.postgresql.org/docs/13/auth-username-maps.html
func (*Conf) Map ¶
func (c *Conf) Map(mapName, systemIdentity string) ([]security.SQLUsername, error)
Map returns the database usernames that a system identity maps to within the named mapping. If there are no matching usernames, or if mapName is unknown, nil will be returned. The returned list will be ordered based on the order in which the rules were defined. If there are rules which generate identical mappings, only the first one will be returned. That is, the returned list will be deduplicated, preferring the first instance of any given username.
Source Files