Technical Analysis: postgres_fdw, dblink — Validate use_scram_passthrough Values

Core Problem

The use_scram_passthrough option, introduced as part of SCRAM authentication passthrough support in postgres_fdw and dblink, lacks input validation for its boolean value. This is an inconsistency in the FDW option validation infrastructure.

Why This Matters Architecturally

PostgreSQL's Foreign Data Wrapper (FDW) options are validated at DDL time through validator functions (postgres_fdw_validator for postgres_fdw, analogous functions for dblink). These validators are responsible for catching invalid option values early — at CREATE SERVER, ALTER SERVER, CREATE USER MAPPING, etc. — rather than allowing garbage values to persist in the catalog and cause confusing failures at connection time.

The existing boolean options in postgres_fdw (e.g., keep_connections, async_capable, parallel_commit, parallel_abort) all use defGetBoolean() in their validation paths, which performs strict boolean parsing and raises an error like:

ERROR: <option_name> requires a Boolean value

The use_scram_passthrough option was added without this validation step, meaning values like 'invalid', 'foo', or '42' would be silently accepted into pg_foreign_server or pg_user_mapping catalog entries. The actual failure would only surface later during connection establishment when the option is interpreted, leading to confusing runtime errors rather than clean DDL-time validation.

Proposed Solution

The patch adds defGetBoolean() validation for use_scram_passthrough in both postgres_fdw and dblink validator functions. This is a straightforward fix that brings the option in line with the existing validation pattern for other boolean FDW options.

The fix ensures that:

1. CREATE SERVER ... OPTIONS (use_scram_passthrough 'invalid') raises an immediate error
2. CREATE USER MAPPING ... OPTIONS (use_scram_passthrough 'invalid') raises an immediate error
3. Both postgres_fdw and dblink are covered (since both support this option)

Technical Context: SCRAM Passthrough

The use_scram_passthrough option enables SCRAM authentication credential forwarding from client to remote server. When enabled, the FDW reuses the SCRAM exchange from the client's authentication with the local server to authenticate against the remote server, avoiding the need to store plaintext passwords in user mappings. This is a security-sensitive feature, making correct configuration validation even more important — a misconfigured value should fail fast and clearly.

Design Assessment

This is a minimal, low-risk bug fix with no design controversy. The pattern is well-established in the codebase. The only question is why the validation was omitted in the original SCRAM passthrough commit — likely a simple oversight given that new options need to be manually added to the validator's boolean-checking code path.

Patch Risk Profile

• Risk: Very low — adds a validation check using existing infrastructure
• Backward compatibility: Technically breaks any deployment that stored invalid values, but such configurations were already broken at runtime
• Test coverage: Manual verification confirmed the error message for both CREATE SERVER and CREATE USER MAPPING in both extensions