Re: pgsql: Add pg_audit, an auditing extension

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> >> Quite aside from any security risks, that means that running "make
> >> installcheck" twice in a row fails. Please fix.
>
> > Right, will do, though one kind of requires the other (we can't drop the
> > only user we know how to connect as which is a superuser...). I'll
> > figure out a way to make it work though.
>
> Instead of physically reconnecting, could you do SET ROLE or SET SESSION
> AUTHORIZATION? I think that's what we do in the core tests.

Alright, I believe this has been fixed now, using the brand-new \gset
option.

Two installcheck's in a row still breaks though.. I'm not quite sure
what to do about that but I'm certainly open to thoughts. I can reset
the role attributes later, but those get logged with the username used
too in the ALTER statement, which changes.

I'll continue to think about it though, perhaps there's a way I can
disable logging as the superuser without it logging the role involved.

Thanks!

Stephen