Fix handling of default option values in createuser

danielgustafsson · danielgustafsson · commit d3406d803607 · 2023-03-06T14:16:32.000+01:00
Add description of which one is the default between two complementary options of --bypassrls and --replication in the help text and docs. In correspondence let the command always include the tokens corresponding to every options of that kind in the SQL command sent to server. Tests are updated accordingly. Also fix the checks of some trivalue vars which were using literal zero for checking default value instead of the enum label TRI_DEFAULT. While not a bug, since TRI_DEFAULT is defined as zero, fixing improves read- ability improved readability (and avoid bugs if the enum is changed). Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com> Discussion: https://postgr.es/m/20220810.151243.1073197628358749087.horikyota.ntt@gmail.com
diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml
@@ -348,7 +348,7 @@ PostgreSQL documentation
        <para>
         The new user will not have the <literal>REPLICATION</literal>
         privilege, which is described more fully in the documentation for <xref
-        linkend="sql-createrole"/>.
+        linkend="sql-createrole"/>.  This is the default.
        </para>
       </listitem>
      </varlistentry>
diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c
@@ -239,7 +239,7 @@ main(int argc, char *argv[])
 		free(pw2);
 	}
 
-	if (superuser == 0)
+	if (superuser == TRI_DEFAULT)
 	{
 		if (interactive && yesno_prompt("Shall the new role be a superuser?"))
 			superuser = TRI_YES;
@@ -254,26 +254,32 @@ main(int argc, char *argv[])
 		createrole = TRI_YES;
 	}
 
-	if (createdb == 0)
+	if (createdb == TRI_DEFAULT)
 	{
 		if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
 			createdb = TRI_YES;
 		else
 			createdb = TRI_NO;
 	}
 
-	if (createrole == 0)
+	if (createrole == TRI_DEFAULT)
 	{
 		if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
 			createrole = TRI_YES;
 		else
 			createrole = TRI_NO;
 	}
 
-	if (inherit == 0)
+	if (bypassrls == TRI_DEFAULT)
+		bypassrls = TRI_NO;
+
+	if (replication == TRI_DEFAULT)
+		replication = TRI_NO;
+
+	if (inherit == TRI_DEFAULT)
 		inherit = TRI_YES;
 
-	if (login == 0)
+	if (login == TRI_DEFAULT)
 		login = TRI_YES;
 
 	cparams.dbname = NULL;		/* this program lacks any dbname option... */
@@ -432,9 +438,10 @@ help(const char *progname)
 	printf(_("  --interactive             prompt for missing role name and attributes rather\n"
 			 "                            than using defaults\n"));
 	printf(_("  --bypassrls               role can bypass row-level security (RLS) policy\n"));
-	printf(_("  --no-bypassrls            role cannot bypass row-level security (RLS) policy\n"));
+	printf(_("  --no-bypassrls            role cannot bypass row-level security (RLS) policy\n"
+			 "                            (default)\n"));
 	printf(_("  --replication             role can initiate replication\n"));
-	printf(_("  --no-replication          role cannot initiate replication\n"));
+	printf(_("  --no-replication          role cannot initiate replication (default)\n"));
 	printf(_("  -?, --help                show this help, then exit\n"));
 	printf(_("\nConnection options:\n"));
 	printf(_("  -h, --host=HOSTNAME       database server host or socket directory\n"));
diff --git a/src/bin/scripts/t/040_createuser.pl b/src/bin/scripts/t/040_createuser.pl
@@ -18,47 +18,47 @@
 
 $node->issues_sql_like(
 	[ 'createuser', 'regress_user1' ],
-	qr/statement: CREATE ROLE regress_user1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;/,
+	qr/statement: CREATE ROLE regress_user1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/,
 	'SQL CREATE USER run');
 $node->issues_sql_like(
 	[ 'createuser', '-L', 'regress_role1' ],
-	qr/statement: CREATE ROLE regress_role1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOLOGIN;/,
+	qr/statement: CREATE ROLE regress_role1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOLOGIN NOREPLICATION NOBYPASSRLS;/,
 	'create a non-login role');
 $node->issues_sql_like(
 	[ 'createuser', '-r', 'regress user2' ],
-	qr/statement: CREATE ROLE "regress user2" NOSUPERUSER NOCREATEDB CREATEROLE INHERIT LOGIN;/,
+	qr/statement: CREATE ROLE "regress user2" NOSUPERUSER NOCREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/,
 	'create a CREATEROLE user');
 $node->issues_sql_like(
 	[ 'createuser', '-s', 'regress_user3' ],
-	qr/statement: CREATE ROLE regress_user3 SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;/,
+	qr/statement: CREATE ROLE regress_user3 SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/,
 	'create a superuser');
 $node->issues_sql_like(
 	[
 		'createuser',    '-a',
 		'regress_user1', '-a',
 		'regress user2', 'regress user #4'
 	],
-	qr/statement: CREATE ROLE "regress user #4" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN ADMIN regress_user1,"regress user2";/,
+	qr/statement: CREATE ROLE "regress user #4" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS ADMIN regress_user1,"regress user2";/,
 	'add a role as a member with admin option of the newly created role');
 $node->issues_sql_like(
 	[
 		'createuser',      '-m',
 		'regress_user3',   '-m',
 		'regress user #4', 'REGRESS_USER5'
 	],
-	qr/statement: CREATE ROLE "REGRESS_USER5" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN ROLE regress_user3,"regress user #4";/,
+	qr/statement: CREATE ROLE "REGRESS_USER5" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS ROLE regress_user3,"regress user #4";/,
 	'add a role as a member of the newly created role');
 $node->issues_sql_like(
 	[ 'createuser', '-v', '2029 12 31', 'regress_user6' ],
-	qr/statement: CREATE ROLE regress_user6 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN VALID UNTIL \'2029 12 31\';/,
+	qr/statement: CREATE ROLE regress_user6 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS VALID UNTIL \'2029 12 31\';/,
 	'create a role with a password expiration date');
 $node->issues_sql_like(
 	[ 'createuser', '--bypassrls', 'regress_user7' ],
-	qr/statement: CREATE ROLE regress_user7 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN BYPASSRLS;/,
+	qr/statement: CREATE ROLE regress_user7 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION BYPASSRLS;/,
 	'create a BYPASSRLS role');
 $node->issues_sql_like(
 	[ 'createuser', '--no-bypassrls', 'regress_user8' ],
-	qr/statement: CREATE ROLE regress_user8 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOBYPASSRLS;/,
+	qr/statement: CREATE ROLE regress_user8 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/,
 	'create a role without BYPASSRLS');
 
 $node->command_fails([ 'createuser', 'regress_user1' ],
