BUG #17487: Parallel execution fails when original user is removed
The following bug has been logged on the website:
Bug reference: 17487
Logged by: Kirill Kravtsov
Email address: kravtsov.k@gmail.com
PostgreSQL version: 14.3
Operating system: Centos 7
Description:
We're using temporary credentials to access the DB. The temporary
credentials are granted a role and automatically become that role on
connect. As soon as temporary credential is removed while the connection is
still alive, any regular query would continue to work, however, a parallel
query would cause an error:
ERROR: role with OID XXXXXX does not exist
CONTEXT: parallel worker
Reproduction steps:
Session 1 (postgres):
$ psql -U postgres
create role testparallelrole;
create role testparalleluser with login password '1';
grant testparallelrole to testparalleluser;
alter role testparalleluser set role testparallelrole;
Session 2 (testparalleluser):
$ psql -U testparalleluser -d postgres;
show role; -- shows testparallelrole
set force_parallel_mode TO 1;
select count(*) from pg_class ; -- ok
Session 1 (postgres):
drop role testparalleluser;
Session 2 (testparalleluser):
set force_parallel_mode TO 0;
select count(*) from pg_class ; -- ok
set force_parallel_mode TO 1;
select count(*) from pg_class ; -- fails
PG Bug reporting form <noreply@postgresql.org> writes:
We're using temporary credentials to access the DB. The temporary
credentials are granted a role and automatically become that role on
connect. As soon as temporary credential is removed while the connection is
still alive, any regular query would continue to work, however, a parallel
query would cause an error:
ERROR: role with OID XXXXXX does not exist
CONTEXT: parallel worker
I don't think this is particularly a bug. You are relying on an
undocumented and un-guaranteed implementation artifact that it's
possible to drop a role at all while it's still in use in some
session. If we were to make any effort in this area, the end result
would certainly be that the DROP ROLE would be rejected, not that the
parallel query case would start to work. One reason why we'd want
to go in that direction is that there are almost certainly many other
cases where such an "orphaned" session misbehaves.
(Doing that has in fact been discussed, but nothing's been done
about it so far AFAIK.)
regards, tom lane
Hey Tom,
Thanks for the response. I agree that this implementation looks shady, and
I would rather have postgres to disallow role drops in such situations.
Currently, the same behaviour can be observed even without the "proxy" role
that I used in my example. I think that would be consistent with the way
SQLServer/Oracle deals with it - not allowing the context to be removed
while in use.
Kirill.
On Thu, May 19, 2022 at 1:47 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Show quoted text
PG Bug reporting form <noreply@postgresql.org> writes:
We're using temporary credentials to access the DB. The temporary
credentials are granted a role and automatically become that role on
connect. As soon as temporary credential is removed while the connectionis
still alive, any regular query would continue to work, however, a
parallel
query would cause an error:
ERROR: role with OID XXXXXX does not exist
CONTEXT: parallel workerI don't think this is particularly a bug. You are relying on an
undocumented and un-guaranteed implementation artifact that it's
possible to drop a role at all while it's still in use in some
session. If we were to make any effort in this area, the end result
would certainly be that the DROP ROLE would be rejected, not that the
parallel query case would start to work. One reason why we'd want
to go in that direction is that there are almost certainly many other
cases where such an "orphaned" session misbehaves.(Doing that has in fact been discussed, but nothing's been done
about it so far AFAIK.)regards, tom lane