Thread: BUG #17487: Parallel execution fails when original user is removed
The following bug has been logged on the website: Bug reference: 17487 Logged by: Kirill Kravtsov Email address: kravtsov.k@gmail.com PostgreSQL version: 14.3 Operating system: Centos 7 Description: We're using temporary credentials to access the DB. The temporary credentials are granted a role and automatically become that role on connect. As soon as temporary credential is removed while the connection is still alive, any regular query would continue to work, however, a parallel query would cause an error: ERROR: role with OID XXXXXX does not exist CONTEXT: parallel worker Reproduction steps: Session 1 (postgres): $ psql -U postgres create role testparallelrole; create role testparalleluser with login password '1'; grant testparallelrole to testparalleluser; alter role testparalleluser set role testparallelrole; Session 2 (testparalleluser): $ psql -U testparalleluser -d postgres; show role; -- shows testparallelrole set force_parallel_mode TO 1; select count(*) from pg_class ; -- ok Session 1 (postgres): drop role testparalleluser; Session 2 (testparalleluser): set force_parallel_mode TO 0; select count(*) from pg_class ; -- ok set force_parallel_mode TO 1; select count(*) from pg_class ; -- fails
PG Bug reporting form <noreply@postgresql.org> writes: > We're using temporary credentials to access the DB. The temporary > credentials are granted a role and automatically become that role on > connect. As soon as temporary credential is removed while the connection is > still alive, any regular query would continue to work, however, a parallel > query would cause an error: > ERROR: role with OID XXXXXX does not exist > CONTEXT: parallel worker I don't think this is particularly a bug. You are relying on an undocumented and un-guaranteed implementation artifact that it's possible to drop a role at all while it's still in use in some session. If we were to make any effort in this area, the end result would certainly be that the DROP ROLE would be rejected, not that the parallel query case would start to work. One reason why we'd want to go in that direction is that there are almost certainly many other cases where such an "orphaned" session misbehaves. (Doing that has in fact been discussed, but nothing's been done about it so far AFAIK.) regards, tom lane
Hey Tom,
Thanks for the response. I agree that this implementation looks shady, and I would rather have postgres to disallow role drops in such situations. Currently, the same behaviour can be observed even without the "proxy" role that I used in my example. I think that would be consistent with the way SQLServer/Oracle deals with it - not allowing the context to be removed while in use.
Kirill.
On Thu, May 19, 2022 at 1:47 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
PG Bug reporting form <noreply@postgresql.org> writes:
> We're using temporary credentials to access the DB. The temporary
> credentials are granted a role and automatically become that role on
> connect. As soon as temporary credential is removed while the connection is
> still alive, any regular query would continue to work, however, a parallel
> query would cause an error:
> ERROR: role with OID XXXXXX does not exist
> CONTEXT: parallel worker
I don't think this is particularly a bug. You are relying on an
undocumented and un-guaranteed implementation artifact that it's
possible to drop a role at all while it's still in use in some
session. If we were to make any effort in this area, the end result
would certainly be that the DROP ROLE would be rejected, not that the
parallel query case would start to work. One reason why we'd want
to go in that direction is that there are almost certainly many other
cases where such an "orphaned" session misbehaves.
(Doing that has in fact been discussed, but nothing's been done
about it so far AFAIK.)
regards, tom lane