Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8a2e1ed

Browse files
committed
Further fixes for the buildfarm for pg_audit
Also, use a function to load the extension ahead of all other calls,simulating load from shared_libraries_preload, to make sure thehooks are in place before logging start.
1 parentc703b1e commit8a2e1ed

File tree

3 files changed

+122
-1
lines changed

3 files changed

+122
-1
lines changed

‎contrib/pg_audit/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ OBJS = pg_audit.o
66

77
EXTENSION = pg_audit
88
REGRESS = pg_audit
9-
REGRESS_OPTS = --temp-config=$(top_srcdir)/contrib/pg_audit/pg_audit.conf
9+
REGRESS_OPTS =
1010
DATA = pg_audit--1.0.0.sql
1111

1212
ifdefUSE_PGXS

‎contrib/pg_audit/expected/pg_audit.out

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,27 @@ create extension pg_audit;
1717
CREATE USER super SUPERUSER;
1818
ALTER ROLE super SET pg_audit.log = 'Role';
1919
ALTER ROLE super SET pg_audit.log_level = 'notice';
20+
CREATE FUNCTION load_pg_audit( )
21+
RETURNS VOID
22+
LANGUAGE plpgsql
23+
SECURITY DEFINER
24+
AS $function$
25+
declare
26+
begin
27+
LOAD 'pg_audit';
28+
end;
29+
$function$;
30+
-- After each connect, we need to load pg_audit, as if it was
31+
-- being loaded from shared_preload_libraries. Otherwise, the hooks
32+
-- won't be set up and called correctly, leading to lots of ugly
33+
-- errors.
2034
\connect - super;
35+
select load_pg_audit();
36+
load_pg_audit
37+
---------------
38+
39+
(1 row)
40+
2141
--
2242
-- Create auditor role
2343
CREATE ROLE auditor;
@@ -33,6 +53,12 @@ NOTICE: AUDIT: SESSION,4,1,ROLE,ALTER ROLE,,,ALTER ROLE user1 SET pg_audit.log_
3353
--
3454
-- Create, select, drop (select will not be audited)
3555
\connect - user1
56+
select load_pg_audit();
57+
load_pg_audit
58+
---------------
59+
60+
(1 row)
61+
3662
CREATE TABLE public.test (id INT);
3763
NOTICE: AUDIT: SESSION,1,1,DDL,CREATE TABLE,TABLE,public.test,CREATE TABLE public.test (id INT);,<not logged>
3864
SELECT * FROM test;
@@ -45,6 +71,12 @@ NOTICE: AUDIT: SESSION,2,1,DDL,DROP TABLE,TABLE,public.test,DROP TABLE test;,<n
4571
--
4672
-- Create second test user
4773
\connect - super
74+
select load_pg_audit();
75+
load_pg_audit
76+
---------------
77+
78+
(1 row)
79+
4880
CREATE USER user2;
4981
NOTICE: AUDIT: SESSION,1,1,ROLE,CREATE ROLE,,,CREATE USER user2;,<not logged>
5082
ALTER ROLE user2 SET pg_audit.log = 'Read, writE';
@@ -58,6 +90,12 @@ NOTICE: AUDIT: SESSION,5,1,ROLE,ALTER ROLE,,,ALTER ROLE user2 SET pg_audit.role
5890
ALTER ROLE user2 SET pg_audit.log_statement_once = ON;
5991
NOTICE: AUDIT: SESSION,6,1,ROLE,ALTER ROLE,,,ALTER ROLE user2 SET pg_audit.log_statement_once = ON;,<not logged>
6092
\connect - user2
93+
select load_pg_audit();
94+
load_pg_audit
95+
---------------
96+
97+
(1 row)
98+
6199
CREATE TABLE test2 (id INT);
62100
GRANT SELECT ON TABLE public.test2 TO auditor;
63101
--
@@ -204,9 +242,21 @@ WARNING: AUDIT: OBJECT,6,1,WRITE,INSERT,TABLE,public.test2,<previously logged>,
204242
--
205243
-- Change permissions of user 2 so that only object logging will be done
206244
\connect - super
245+
select load_pg_audit();
246+
load_pg_audit
247+
---------------
248+
249+
(1 row)
250+
207251
alter role user2 set pg_audit.log = 'NONE';
208252
NOTICE: AUDIT: SESSION,1,1,ROLE,ALTER ROLE,,,alter role user2 set pg_audit.log = 'NONE';,<not logged>
209253
\connect - user2
254+
select load_pg_audit();
255+
load_pg_audit
256+
---------------
257+
258+
(1 row)
259+
210260
--
211261
-- Create test4 and add permissions
212262
CREATE TABLE test4
@@ -279,9 +329,21 @@ DROP TABLE test4;
279329
--
280330
-- Change permissions of user 1 so that session logging will be done
281331
\connect - super
332+
select load_pg_audit();
333+
load_pg_audit
334+
---------------
335+
336+
(1 row)
337+
282338
alter role user1 set pg_audit.log = 'DDL, READ';
283339
NOTICE: AUDIT: SESSION,1,1,ROLE,ALTER ROLE,,,"alter role user1 set pg_audit.log = 'DDL, READ';",<not logged>
284340
\connect - user1
341+
select load_pg_audit();
342+
load_pg_audit
343+
---------------
344+
345+
(1 row)
346+
285347
--
286348
-- Create table is session logged
287349
CREATE TABLE public.account
@@ -315,11 +377,23 @@ INSERT INTO account (id, name, password, description)
315377
--
316378
-- Change permissions of user 1 so that only object logging will be done
317379
\connect - super
380+
select load_pg_audit();
381+
load_pg_audit
382+
---------------
383+
384+
(1 row)
385+
318386
alter role user1 set pg_audit.log = 'none';
319387
NOTICE: AUDIT: SESSION,1,1,ROLE,ALTER ROLE,,,alter role user1 set pg_audit.log = 'none';,<not logged>
320388
alter role user1 set pg_audit.role = 'auditor';
321389
NOTICE: AUDIT: SESSION,2,1,ROLE,ALTER ROLE,,,alter role user1 set pg_audit.role = 'auditor';,<not logged>
322390
\connect - user1
391+
select load_pg_audit();
392+
load_pg_audit
393+
---------------
394+
395+
(1 row)
396+
323397
--
324398
-- ROLE class not set, so auditor grants not logged
325399
GRANT SELECT (password),
@@ -362,11 +436,23 @@ NOTICE: AUDIT: OBJECT,2,1,WRITE,UPDATE,TABLE,public.account,"UPDATE account
362436
--
363437
-- Change permissions of user 1 so that session relation logging will be done
364438
\connect - super
439+
select load_pg_audit();
440+
load_pg_audit
441+
---------------
442+
443+
(1 row)
444+
365445
alter role user1 set pg_audit.log_relation = on;
366446
NOTICE: AUDIT: SESSION,1,1,ROLE,ALTER ROLE,,,alter role user1 set pg_audit.log_relation = on;,<not logged>
367447
alter role user1 set pg_audit.log = 'read, WRITE';
368448
NOTICE: AUDIT: SESSION,2,1,ROLE,ALTER ROLE,,,"alter role user1 set pg_audit.log = 'read, WRITE';",<not logged>
369449
\connect - user1
450+
select load_pg_audit();
451+
load_pg_audit
452+
---------------
453+
454+
(1 row)
455+
370456
--
371457
-- Not logged
372458
create table ACCOUNT_ROLE_MAP
@@ -461,6 +547,12 @@ NOTICE: AUDIT: SESSION,5,1,WRITE,UPDATE,TABLE,public.account,"UPDATE account
461547
--
462548
-- Change back to superuser to do exhaustive tests
463549
\connect - super
550+
select load_pg_audit();
551+
load_pg_audit
552+
---------------
553+
554+
(1 row)
555+
464556
SET pg_audit.log = 'ALL';
465557
NOTICE: AUDIT: SESSION,1,1,MISC,SET,,,SET pg_audit.log = 'ALL';,<not logged>
466558
SET pg_audit.log_level = 'notice';

‎contrib/pg_audit/sql/pg_audit.sql

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,24 @@ create extension pg_audit;
1919
CREATEUSERsuper SUPERUSER;
2020
ALTER ROLE superSETpg_audit.log='Role';
2121
ALTER ROLE superSETpg_audit.log_level='notice';
22+
23+
CREATEFUNCTIONload_pg_audit( )
24+
RETURNS VOID
25+
LANGUAGE plpgsql
26+
SECURITY DEFINER
27+
AS $function$
28+
declare
29+
begin
30+
LOAD'pg_audit';
31+
end;
32+
$function$;
33+
34+
-- After each connect, we need to load pg_audit, as if it was
35+
-- being loaded from shared_preload_libraries. Otherwise, the hooks
36+
-- won't be set up and called correctly, leading to lots of ugly
37+
-- errors.
2238
\connect- super;
39+
select load_pg_audit();
2340

2441
--
2542
-- Create auditor role
@@ -34,13 +51,15 @@ ALTER ROLE user1 SET pg_audit.log_level = 'notice';
3451
--
3552
-- Create, select, drop (select will not be audited)
3653
\connect- user1
54+
select load_pg_audit();
3755
CREATETABLEpublic.test (idINT);
3856
SELECT*FROM test;
3957
DROPTABLE test;
4058

4159
--
4260
-- Create second test user
4361
\connect- super
62+
select load_pg_audit();
4463

4564
CREATEUSERuser2;
4665
ALTER ROLE user2SETpg_audit.log='Read, writE';
@@ -50,6 +69,7 @@ ALTER ROLE user2 SET pg_audit.role = auditor;
5069
ALTER ROLE user2SETpg_audit.log_statement_once=ON;
5170

5271
\connect- user2
72+
select load_pg_audit();
5373
CREATETABLEtest2 (idINT);
5474
GRANTSELECTON TABLEpublic.test2 TO auditor;
5575

@@ -149,9 +169,11 @@ UPDATE test3
149169
--
150170
-- Change permissions of user 2 so that only object logging will be done
151171
\connect- super
172+
select load_pg_audit();
152173
alter role user2setpg_audit.log='NONE';
153174

154175
\connect- user2
176+
select load_pg_audit();
155177

156178
--
157179
-- Create test4 and add permissions
@@ -222,8 +244,10 @@ DROP TABLE test4;
222244
--
223245
-- Change permissions of user 1 so that session logging will be done
224246
\connect- super
247+
select load_pg_audit();
225248
alter role user1setpg_audit.log='DDL, READ';
226249
\connect- user1
250+
select load_pg_audit();
227251

228252
--
229253
-- Create table is session logged
@@ -248,9 +272,11 @@ INSERT INTO account (id, name, password, description)
248272
--
249273
-- Change permissions of user 1 so that only object logging will be done
250274
\connect- super
275+
select load_pg_audit();
251276
alter role user1setpg_audit.log='none';
252277
alter role user1setpg_audit.role='auditor';
253278
\connect- user1
279+
select load_pg_audit();
254280

255281
--
256282
-- ROLE class not set, so auditor grants not logged
@@ -285,9 +311,11 @@ UPDATE account
285311
--
286312
-- Change permissions of user 1 so that session relation logging will be done
287313
\connect- super
314+
select load_pg_audit();
288315
alter role user1setpg_audit.log_relation=on;
289316
alter role user1setpg_audit.log='read, WRITE';
290317
\connect- user1
318+
select load_pg_audit();
291319

292320
--
293321
-- Not logged
@@ -345,6 +373,7 @@ UPDATE account
345373
--
346374
-- Change back to superuser to do exhaustive tests
347375
\connect- super
376+
select load_pg_audit();
348377
SETpg_audit.log='ALL';
349378
SETpg_audit.log_level='notice';
350379
SETpg_audit.log_relation=ON;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp