pgsql: Default monitoring roles
Default monitoring roles
Three nologin roles with non-overlapping privs are created by default
* pg_read_all_settings - read all GUCs.
* pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size()
* pg_stat_scan_tables - may lock/scan tables
Top level role - pg_monitor includes all of the above by default, plus others
Author: Dave Page
Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/25fff40798fc4ac11a241bfd9ab0c45c085e2212
Modified Files
--------------
contrib/pg_buffercache/Makefile | 5 +--
.../pg_buffercache/pg_buffercache--1.2--1.3.sql | 7 +++++
contrib/pg_buffercache/pg_buffercache.control | 2 +-
contrib/pg_freespacemap/Makefile | 4 +--
.../pg_freespacemap/pg_freespacemap--1.1--1.2.sql | 7 +++++
contrib/pg_freespacemap/pg_freespacemap.control | 2 +-
contrib/pg_stat_statements/Makefile | 7 +++--
.../pg_stat_statements--1.4--1.5.sql | 6 ++++
contrib/pg_stat_statements/pg_stat_statements.c | 8 +++--
.../pg_stat_statements/pg_stat_statements.control | 2 +-
contrib/pg_visibility/Makefile | 3 +-
contrib/pg_visibility/pg_visibility--1.1--1.2.sql | 13 ++++++++
contrib/pg_visibility/pg_visibility.control | 2 +-
contrib/pgrowlocks/pgrowlocks.c | 9 ++++--
contrib/pgstattuple/pgstattuple--1.4--1.5.sql | 9 ++++++
doc/src/sgml/catalogs.sgml | 8 +++--
doc/src/sgml/func.sgml | 23 ++++++++------
doc/src/sgml/pgbuffercache.sgml | 5 +--
doc/src/sgml/pgfreespacemap.sgml | 5 +--
doc/src/sgml/pgrowlocks.sgml | 7 +++++
doc/src/sgml/pgstatstatements.sgml | 9 +++---
doc/src/sgml/pgstattuple.sgml | 3 +-
doc/src/sgml/pgvisibility.sgml | 5 ++-
doc/src/sgml/user-manag.sgml | 36 ++++++++++++++++++++++
src/backend/catalog/system_views.sql | 6 ++++
src/backend/replication/walreceiver.c | 3 +-
src/backend/utils/adt/dbsize.c | 20 ++++++++----
src/backend/utils/adt/pgstatfuncs.c | 6 ++--
src/backend/utils/misc/guc.c | 21 ++++++++-----
src/include/catalog/pg_authid.h | 8 +++++
30 files changed, 196 insertions(+), 55 deletions(-)
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
On 2017-03-30 20:20, Simon Riggs wrote:
Default monitoring roles
The buildfarm is showing red (the same errors that I get...):
pgrowlocks.c: In function ‘pgrowlocks’:
pgrowlocks.c:105:65: error: expected ‘)’ before ‘;’ token
is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES);
^
[...]
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
On 30 March 2017 at 19:31, Erik Rijkers <er@xs4all.nl> wrote:
On 2017-03-30 20:20, Simon Riggs wrote:
Default monitoring roles
The buildfarm is showing red (the same errors that I get...):
pgrowlocks.c: In function ‘pgrowlocks’:
pgrowlocks.c:105:65: error: expected ‘)’ before ‘;’ token
is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES);
^
[...]
Weird. make check-world just skipped that directory. I guess for Dave also.
Bug fixed, but will look at makefile
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
Simon Riggs <simon@2ndquadrant.com> writes:
On 30 March 2017 at 19:31, Erik Rijkers <er@xs4all.nl> wrote:
The buildfarm is showing red (the same errors that I get...):
pgrowlocks.c: In function ‘pgrowlocks’:
pgrowlocks.c:105:65: error: expected ‘)’ before ‘;’ token
is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES);
Weird. make check-world just skipped that directory. I guess for Dave also.
If you just did check-world, it probably didn't build contrib modules that
don't have tests, because the "check" target wouldn't do anything without
tests to run.
AFAICS, there isn't any top-level make target that will build all of
contrib except "make world", which also builds the docs and therefore
isn't very fast. I wonder if we should create some more convenient
testing target that builds all code but not the docs.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Thu, Mar 30, 2017 at 2:57 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
On 30 March 2017 at 19:31, Erik Rijkers <er@xs4all.nl> wrote:
On 2017-03-30 20:20, Simon Riggs wrote:
Default monitoring roles
The buildfarm is showing red (the same errors that I get...):
pgrowlocks.c: In function ‘pgrowlocks’:
pgrowlocks.c:105:65: error: expected ‘)’ before ‘;’ token
is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES);
^
[...]Weird. make check-world just skipped that directory. I guess for Dave also.
Bug fixed, but will look at makefile
Yes, Stephen and I were just trying to figure out how that happened. I
ran make check from within /contrib before I sent the patch, and that
passes just fine. I guess maybe it doesn't build modules that don't
have any tests.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
I wrote:
Simon Riggs <simon@2ndquadrant.com> writes:
Weird. make check-world just skipped that directory. I guess for Dave also.
If you just did check-world, it probably didn't build contrib modules that
don't have tests, because the "check" target wouldn't do anything without
tests to run.
I wondered why this is --- wouldn't "check" depend on "all", so that
things get built, even if there's no tests to run?
The answer is, no it doesn't. "check" depends on "temp-install", and
then temp-install indirectly depends on "all". So when you say
"make check-world", the reason that any code gets built at all is that
we're trying to install all the executables into the temporary
installation. However, the basic temp-install target only installs
(and therefore only forces building of) the core code. In a contrib
subdirectory, what is supposed to happen is that this line in
pgxs.mk causes that contrib subdirectory to also get built/installed:
temp-install: EXTRA_INSTALL+=$(subdir)
But if you look around a bit further, you discover that that line is
inside an "ifdef REGRESS" block --- therefore, unless the module
defines at least one REGRESS-style test, it's not built by "make check".
I thought that the attached patch would be a narrow fix for this,
just moving that dependency out of the "ifdef REGRESS" block.
However, it seems to send "make" into some infinite loop, at
least with make 3.81 which I'm using here. Not sure why.
I also experimented with just changing "check: temp-install"
in Makefile.global to be "check: all temp-install", and that
seemed to work, but since I don't understand why it wasn't
like that already, I'm a bit afraid of that solution.
regards, tom lane
Attachments:
make-check-fix-FAILS.patchtext/x-diff; charset=us-ascii; name=make-check-fix-FAILS.patchDownload
diff --git a/src/makefiles/pgxs.mk b/src/makefiles/pgxs.mk
index c27004e..c156806 100644
*** a/src/makefiles/pgxs.mk
--- b/src/makefiles/pgxs.mk
*************** check:
*** 282,291 ****
else
check: submake $(REGRESS_PREP)
$(pg_regress_check) $(REGRESS_OPTS) $(REGRESS)
temp-install: EXTRA_INSTALL+=$(subdir)
endif
- endif # REGRESS
# STANDARD RULES
--- 282,293 ----
else
check: submake $(REGRESS_PREP)
$(pg_regress_check) $(REGRESS_OPTS) $(REGRESS)
+ endif
+ endif # REGRESS
+ ifndef PGXS
temp-install: EXTRA_INSTALL+=$(subdir)
endif
# STANDARD RULES