Thread: event_trigger, 'DROP SCHEMA'
Hi,
Goal is, drop schema should trigger drop role.
It does not work if default privileges are altered.
Function and event trigger:
kvpg2=# CREATE or replace FUNCTION trigger_after_drop_schema() RETURNS event_trigger
LANGUAGE plpgsql AS $$
DECLARE
r RECORD;
BEGIN
FOR r IN SELECT * FROM pg_event_trigger_dropped_objects()
LOOP
execute format ('drop role IF EXISTS r_%I', r.object_name);
END LOOP;
END;
$$;
CREATE FUNCTION
kvpg2=# CREATE EVENT TRIGGER after_drop_schema
ON sql_drop
WHEN TAG IN ('DROP SCHEMA')
EXECUTE PROCEDURE trigger_after_drop_schema();
CREATE EVENT TRIGGER
Example 1 (just user)
kvpg2=# create schema test;
CREATE SCHEMA
kvpg2=# create role r_test;
CREATE ROLE
kvpg2=# drop schema test;
DROP SCHEMA
kvpg2=# \du r_test
List of roles
Role name | Attributes
-----------+------------
It does not work if default privileges are altered.
Function and event trigger:
kvpg2=# CREATE or replace FUNCTION trigger_after_drop_schema() RETURNS event_trigger
LANGUAGE plpgsql AS $$
DECLARE
r RECORD;
BEGIN
FOR r IN SELECT * FROM pg_event_trigger_dropped_objects()
LOOP
execute format ('drop role IF EXISTS r_%I', r.object_name);
END LOOP;
END;
$$;
CREATE FUNCTION
kvpg2=# CREATE EVENT TRIGGER after_drop_schema
ON sql_drop
WHEN TAG IN ('DROP SCHEMA')
EXECUTE PROCEDURE trigger_after_drop_schema();
CREATE EVENT TRIGGER
Example 1 (just user)
kvpg2=# create schema test;
CREATE SCHEMA
kvpg2=# create role r_test;
CREATE ROLE
kvpg2=# drop schema test;
DROP SCHEMA
kvpg2=# \du r_test
List of roles
Role name | Attributes
-----------+------------
Example 2 (user with usage on schema)
kvpg2=# create schema test;
CREATE SCHEMA
kvpg2=# create role r_test;
CREATE ROLE
kvpg2=# grant usage on schema test to r_test ;
GRANT
kvpg2=# drop schema test;
DROP SCHEMA
kvpg2=# \du r_test
List of roles
Role name | Attributes
-----------+------------
kvpg2=# create schema test;
CREATE SCHEMA
kvpg2=# create role r_test;
CREATE ROLE
kvpg2=# grant usage on schema test to r_test ;
GRANT
kvpg2=# drop schema test;
DROP SCHEMA
kvpg2=# \du r_test
List of roles
Role name | Attributes
-----------+------------
Example 3 (user with usage on schema and altered default privileges)
kvpg2=# create schema test;
CREATE SCHEMA
kvpg2=# create role r_test;
CREATE ROLE
kvpg2=# grant usage on schema test to r_test ;
GRANT
kvpg2=# alter default privileges for role postgres in schema test grant select on tables to r_test;
ALTER DEFAULT PRIVILEGES
kvpg2=# drop schema test;
ERROR: null values cannot be formatted as an SQL identifier
CONTEXT: PL/pgSQL function trigger_after_drop_schema() line 7 at EXECUTE
Question, what i do wrong?
br
Kaido
kvpg2=# create schema test;
CREATE SCHEMA
kvpg2=# create role r_test;
CREATE ROLE
kvpg2=# grant usage on schema test to r_test ;
GRANT
kvpg2=# alter default privileges for role postgres in schema test grant select on tables to r_test;
ALTER DEFAULT PRIVILEGES
kvpg2=# drop schema test;
ERROR: null values cannot be formatted as an SQL identifier
CONTEXT: PL/pgSQL function trigger_after_drop_schema() line 7 at EXECUTE
Question, what i do wrong?
br
Kaido
kaido vaikla <kaido.vaikla@gmail.com> writes:
> FOR r IN SELECT * FROM pg_event_trigger_dropped_objects()
> LOOP
> execute format ('drop role IF EXISTS r_%I', r.object_name);
> END LOOP;
> kvpg2=# drop schema test;
> ERROR: null values cannot be formatted as an SQL identifier
> CONTEXT: PL/pgSQL function trigger_after_drop_schema() line 7 at EXECUTE
> Question, what i do wrong?
Assume that every dropped object has a name, looks like.
You would probably do well to check object_type before
trying to drop the role.
regards, tom lane
ty tom, works now
kvpg2=# cREATE or replace FUNCTION trigger_after_drop_schema() RETURNS event_trigger
LANGUAGE plpgsql AS $$
DECLARE
r RECORD;
BEGIN
FOR r IN SELECT * FROM pg_event_trigger_dropped_objects()
LOOP
IF r.object_type = 'schema' THEN
execute format ('drop role IF EXISTS r_%I', r.object_name);
end if;
END LOOP;
END;
$$;
CREATE FUNCTION
kvpg2=# drop schema test;
DROP SCHEMA
kvpg2=# \du r_test
List of roles
Role name | Attributes
-----------+------------
br
Kaido
kvpg2=# cREATE or replace FUNCTION trigger_after_drop_schema() RETURNS event_trigger
LANGUAGE plpgsql AS $$
DECLARE
r RECORD;
BEGIN
FOR r IN SELECT * FROM pg_event_trigger_dropped_objects()
LOOP
IF r.object_type = 'schema' THEN
execute format ('drop role IF EXISTS r_%I', r.object_name);
end if;
END LOOP;
END;
$$;
CREATE FUNCTION
kvpg2=# drop schema test;
DROP SCHEMA
kvpg2=# \du r_test
List of roles
Role name | Attributes
-----------+------------
br
Kaido
On Fri, 26 Jul 2024 at 20:44, Tom Lane <tgl@sss.pgh.pa.us> wrote:
kaido vaikla <kaido.vaikla@gmail.com> writes:
> FOR r IN SELECT * FROM pg_event_trigger_dropped_objects()
> LOOP
> execute format ('drop role IF EXISTS r_%I', r.object_name);
> END LOOP;
> kvpg2=# drop schema test;
> ERROR: null values cannot be formatted as an SQL identifier
> CONTEXT: PL/pgSQL function trigger_after_drop_schema() line 7 at EXECUTE
> Question, what i do wrong?
Assume that every dropped object has a name, looks like.
You would probably do well to check object_type before
trying to drop the role.
regards, tom lane