Re: upgrade failure from 9.5 to head - Mailing list pgsql-hackers

From Alvaro Herrera
Subject Re: upgrade failure from 9.5 to head
Date
Msg-id 20150729154751.GH2441@postgresql.org
Whole thread Raw
In response to Re: upgrade failure from 9.5 to head  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:

> > Ick! So the dummy_seclabel test more or less only works by accident if I
> > see that correctly. The .so is only loaded because the CREATE EXTENSION
> > in the test triggers a CREATE FUNCTION dummy_seclabel_dummy() ... LANG
> > C.

I set it up that way on purpose, because there doesn't seem to be any
other reasonable way.  (It wasn't like that in the original contrib
module).

> But on reflection, doesn't this mean that the entire implementation of
> SECURITY LABEL is broken?

Heck, see the *very first* hunk of this patch:
https://www.postgresql.org/message-id/CACACo5R4VwGddt00qtPmhUhtd%3Dokwu2ECM-j20B6%2BcmgtZF6mQ%40mail.gmail.com
This was found to be necessary during deparsing of SECURITY LABEL
command, and only of that command -- all other DDL is able to pass back
the OID of the corresponding object, so that the deparsing code can look
up the object in catalogs.  But for security label providers there is no
catalog, and there is no way to obtain the identify of the label
provider that I can see.  Thus the ugly hack in the patch: the parse
node has to be altered during execution to make sure the provider is
correctly set up for deparse to be able to obtain it.

That to me seemed pretty broken, but I found no better way.

I don't think this is dummy_seclabel's fault.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



pgsql-hackers by date:

Previous
From: Joe Conway
Date:
Subject: Re: more RLS oversights
Next
From: Joe Conway
Date:
Subject: Re: more RLS oversights