Remove handling of HBA role/group membership

cbandy · cbandy · commit ff11ce420d88 · 2025-02-28T14:44:17.000-06:00
We don't use it, and how to quote/escape it has been underspecified for years.
diff --git a/internal/postgres/hba.go b/internal/postgres/hba.go
@@ -116,12 +116,6 @@ func (hba *HostBasedAuthentication) Replication() *HostBasedAuthentication {
 	return hba
 }
 
-// Role makes hba match connections by users that are members of a specific role.
-func (hba *HostBasedAuthentication) Role(name string) *HostBasedAuthentication {
-	hba.user = "+" + hba.quote(name)
-	return hba
-}
-
 // SameNetwork makes hba match connection attempts from IP addresses in any
 // subnet to which the server is directly connected.
 func (hba *HostBasedAuthentication) SameNetwork() *HostBasedAuthentication {
diff --git a/internal/postgres/hba_test.go b/internal/postgres/hba_test.go
@@ -52,8 +52,8 @@ func TestHostBasedAuthentication(t *testing.T) {
 			User("KD6-3.7").Method("scram-sha-256").
 			String())
 
-	assert.Equal(t, `hostssl "data" +"admin" all md5  clientcert="verify-ca"`,
-		NewHBA().TLS().Database("data").Role("admin").
+	assert.Equal(t, `hostssl "data" all all md5  clientcert="verify-ca"`,
+		NewHBA().TLS().Database("data").
 			Method("md5").Options(map[string]string{"clientcert": "verify-ca"}).
 			String())
 
