Participants
Stephen Frost
Stephen Frost
Tom Lane
Tom Lane
Attachments
Download Latest Patchset
+602-589
Show all attachments
Thread Outline
#1...#2
Stephen FrostTom Lane
Apr 07, 2016
#1Stephen FrostStephen Frost
Apr 07, 2016
#2Tom LaneTom Laneto Stephen Frost (#1)
Apr 07, 2016
#3Stephen FrostStephen Frostto Tom Lane (#2)
Apr 07, 2016
#4...#6
Stephen FrostTom Lane
to Tom Lane (#2)
Apr 10, 2016
#4Stephen FrostStephen Frostto Tom Lane (#2)
Apr 10, 2016
#5Tom LaneTom Laneto Stephen Frost (#4)
Apr 10, 2016
#6Stephen FrostStephen Frostto Tom Lane (#5)
Apr 10, 2016

pgsql: In pg_dump, include pg_catalog and extension ACLs, if changed

Started by Stephen Frostabout 10 years ago6 messageshackers
Jump to latest
#1Stephen Frost
Stephen Frost
sfrost@snowman.net

In pg_dump, include pg_catalog and extension ACLs, if changed

Now that all of the infrastructure exists, add in the ability to
dump out the ACLs of the objects inside of pg_catalog or the ACLs
for objects which are members of extensions, but only if they have
been changed from their original values.

The original values are tracked in pg_init_privs. When pg_dump'ing
9.6-and-above databases, we will dump out the ACLs for all objects
in pg_catalog and the ACLs for all extension members, where the ACL
has been changed from the original value which was set during either
initdb or CREATE EXTENSION.

This should not change dumps against pre-9.6 databases.

Reviews by Alexander Korotkov, Jose Luis Tallon

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/23f34fa4ba358671adab16773e79c17c92cbc870

Modified Files
--------------
doc/src/sgml/extend.sgml | 21 +
src/backend/catalog/aclchk.c | 17 +-
src/backend/utils/adt/pg_upgrade_support.c | 12 +
src/bin/initdb/initdb.c | 6 +-
src/bin/pg_dump/dumputils.c | 274 ++++++-
src/bin/pg_dump/dumputils.h | 9 +-
src/bin/pg_dump/pg_dump.c | 1077 +++++++++++++++++++++++-----
src/bin/pg_dump/pg_dump.h | 24 +
src/bin/pg_dump/pg_dumpall.c | 6 +-
src/include/catalog/binary_upgrade.h | 2 +
src/include/catalog/pg_proc.h | 2 +
src/test/regress/expected/init_privs.out | 13 +
src/test/regress/parallel_schedule | 2 +-
src/test/regress/serial_schedule | 1 +
src/test/regress/sql/init_privs.sql | 11 +
15 files changed, 1268 insertions(+), 209 deletions(-)

--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Stephen Frost (#1)
Re: [COMMITTERS] pgsql: In pg_dump, include pg_catalog and extension ACLs, if changed

Stephen Frost <sfrost@snowman.net> writes:

In pg_dump, include pg_catalog and extension ACLs, if changed

This patch added a regression test step that creates some roles
and doesn't drop them again. This is unacceptable, because

(1) it breaks the ability to do "make installcheck" more than once.

(2) it leaves roles lying around in a production installation,
if installcheck is used there.

And it doesn't even adhere to the convention we've agreed to about
naming test roles regress_something. OK, it's not as dangerously
broken that way as rowsecurity.sql, which is (still) creating roles
named "alice" and "bob", but it's not acceptable like this.

It'd be possible to fix (1) by adding "drop if exists", but I think the
whole thing is wrongheaded due to (2). Perhaps the needs of the test
could be met by granting/revoking some rights explicitly to current_user
(ie, the test superuser)? That wouldn't have any real effects on a
superuser, but it would provide some grist for testing the behavior.
Or you could test this behavior in some other setting than the core
regression tests; perhaps in a TAP test for pg_dump.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#3Stephen Frost
Stephen Frost
sfrost@snowman.net
In reply to: Tom Lane (#2)
Re: [COMMITTERS] pgsql: In pg_dump, include pg_catalog and extension ACLs, if changed

Tom,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

It'd be possible to fix (1) by adding "drop if exists", but I think the
whole thing is wrongheaded due to (2). Perhaps the needs of the test
could be met by granting/revoking some rights explicitly to current_user
(ie, the test superuser)? That wouldn't have any real effects on a
superuser, but it would provide some grist for testing the behavior.

Sure, I can do that.

Or you could test this behavior in some other setting than the core
regression tests; perhaps in a TAP test for pg_dump.

I have to admit that I'm not terrible familiar with setting that up, but
will take a look at it. This is what I'd really like to have as we
have far too little testing of pg_dump in the test suite.

Thanks!

Stephen

#4Stephen Frost
Stephen Frost
sfrost@snowman.net
In reply to: Tom Lane (#2)
Regression test CREATE USER/ROLE usage

Tom,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

broken that way as rowsecurity.sql, which is (still) creating roles
named "alice" and "bob", but it's not acceptable like this.

Attached is a patch to fix all of the role usage in rowsecurity.sql
(I believe, feel free to let me know if there's anything else). In
particular, all of the roles are changed to begin with 'regress_', and
they are all now created with NOLOGIN.

I'll plan to push this in the next day or so.

I'll also work up a patch for the rest of the CREATE USER/ROLE usage in
the core regression tests.

This will result in a bit of not-strictly-necessary code churn, but
having consistency in the code base really is valuable where we have an
agreed upon policy as to what all the tests should be doing, for new
(and even old) developers to follow.

Comments and concerns welcome, of course.

Thanks!

Stephen

Attachments:

prefix-rls-users.patchtext/x-diff; charset=us-asciiDownload+602-589
#5Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Stephen Frost (#4)
Re: Regression test CREATE USER/ROLE usage

Stephen Frost <sfrost@snowman.net> writes:

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

broken that way as rowsecurity.sql, which is (still) creating roles
named "alice" and "bob", but it's not acceptable like this.

Attached is a patch to fix all of the role usage in rowsecurity.sql
(I believe, feel free to let me know if there's anything else). In
particular, all of the roles are changed to begin with 'regress_', and
they are all now created with NOLOGIN.

+1 for the general idea, although there's something to be said for
using names like 'regress_alice' and 'regress_bob' in this context.
'regress_user1' and 'regress_user2' are awfully gray and same-y,
and therefore a bit error-prone IMO.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#6Stephen Frost
Stephen Frost
sfrost@snowman.net
In reply to: Tom Lane (#5)
Re: Regression test CREATE USER/ROLE usage

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

Stephen Frost <sfrost@snowman.net> writes:

* Tom Lane (tgl@sss.pgh.pa.us) wrote:

broken that way as rowsecurity.sql, which is (still) creating roles
named "alice" and "bob", but it's not acceptable like this.

Attached is a patch to fix all of the role usage in rowsecurity.sql
(I believe, feel free to let me know if there's anything else). In
particular, all of the roles are changed to begin with 'regress_', and
they are all now created with NOLOGIN.

+1 for the general idea, although there's something to be said for
using names like 'regress_alice' and 'regress_bob' in this context.
'regress_user1' and 'regress_user2' are awfully gray and same-y,
and therefore a bit error-prone IMO.

Fair enough.

I'll adjust the ending '_userX' to be actual names along the lines of
'alice', 'bob', 'carol', 'dave', 'eve', 'frank', etc.

(List pulled from https://en.wikipedia.org/wiki/Alice_and_Bob).

Thanks!

Stephen

← Back to Topics