Re: pgsql: Add pg_audit, an auditing extension

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-committers(at)postgresql(dot)org
Subject: Re: pgsql: Add pg_audit, an auditing extension
Date: 2015-05-14 15:46:19
Message-ID: 20150514154619.GY30322@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> >> + ERROR: pg_audit must be loaded via shared_preload_libraries
> >>
> >> This seems like a rather poorly thought-through error check.
> >> It will break not only the buildfarm but any dump/restore scenario.
> >> You really can't have extensions that refuse to let themselves
> >> be created.
>
> > Yeah, the original idea behind it was to force the user to think about
> > if they really would want to load it later on down the line rather than
> > have it pre-loaded always.
>
> > I'll put something in the docs which recommends it and provides the
> > reasoning behind it.
>
> Could we apply a check at some later time, when the user actually does
> something that is not sensible unless the library was preloaded? Even
> then, just a WARNING might be better than ERROR.

Actually, we do.. The order in which the hooks are called matters and
if it's not loaded before anything real is called then it's going to
blow up.

> (Still, it's not clear how you'd get buildfarm testing to pass, so
> maybe this line of thought is just as fruitless.)

I've pushed a change which should clean it up by simply loading the
module after each reconnects is done, more-or-less simulating having it
be in shared_preload_libraries. It also wasn't using the correct
database for reconnecting.

I'll keep an eye on it.

Thanks!

Stephen

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Tom Lane 2015-05-14 15:51:52 Re: pgsql: Add pg_audit, an auditing extension
Previous Message Stephen Frost 2015-05-14 15:44:21 pgsql: Further fixes for the buildfarm for pg_audit

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2015-05-14 15:51:52 Re: pgsql: Add pg_audit, an auditing extension
Previous Message David G. Johnston 2015-05-14 15:22:45 Re: trust authentication behavior