| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Mike Palmiotto <mike(dot)palmiotto(at)crunchydata(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, fte(at)nct(dot)ru, PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org>, Amit Langote <amitlangote09(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [BUGS] BUG #14682: row level security not work with partitioned table |
| Date: | 2017-06-07 01:12:26 |
| Message-ID: | CAB7nPqRfeGU9PMK8qqGvcWTo3PmRSureGWcVYKmqgOWZZ6NKoA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
On Wed, Jun 7, 2017 at 9:52 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 06/06/2017 02:44 PM, Mike Palmiotto wrote:
>> On Tue, Jun 6, 2017 at 4:07 PM, Joe Conway <mail(at)joeconway(dot)com> wrote:
>>> On 06/06/2017 11:57 AM, Mike Palmiotto wrote:
>>>> On Mon, Jun 5, 2017 at 10:36 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>>>>> On Mon, Jun 5, 2017 at 10:20 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
>>>>>> Unless Robert objects, I'll work with Mike to get a fix posted and
>>>>>> committed in the next day or two.
>>>>>
>>>>> That would be great. Thanks.
>>>>
>>>> I have the updated patch with rowsecurity regression tests and rebased
>>>> on master. I've run these and verified locally by feeding
>>>> rowsecurity.sql to psql, but have yet to get the full regression suite
>>>> passing -- it's failing on the constraints regtest and then gets stuck
>>>> in recovery. Undoubtedly something to do with my
>>>> configuration/environment over here. I'm working through those issues
>>>> right now. In the meantime, if you want to see the regression tests as
>>>> they stand, please see the attached patch.
>>>
>>> The constraints test passes here, so presumably something you borked
>>> locally. I only see a rowsecurity failure, which is not surprising since
>>> your patch does not include the changes to expected output ;-)
>>> Please resend with src/test/regress/expected/rowsecurity.out included.
>>
>> It was indeed an issue on my end. Attached are the rowsecurity
>> regression tests and the expected out. Unsurprisingly, all tests pass,
>> because I said so. :)
>>
>> Let me know if you want me to make any revisions.
>
>
> Thanks Mike. I'll take a close look to verify output correctnes, but I
> am concerned that the new tests are unnecessarily complex. Any other
> opinions on that?
Some tests would be good to have. Now, if I read those regression
tests correctly, this is using 10 relations where two would be enough,
one as the parent relation and one as a partition. Then policies apply
on the parent relation. The same kind of policy is defined 4 times,
and there is bloat with GRANT and ALTER TABLE commands.
+SELECT * FROM part_document;
+ did | cid | dlevel | dauthor | dtitle
+-----+-----+--------+-------------------+-------------------------
+ 1 | 11 | 1 | regress_rls_bob | my first novel
Adding an "ORDER BY did" as well here would make the test output more
predictable.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hadar Kuint | 2017-06-07 05:18:24 | pgadmin4 crash |
| Previous Message | Joe Conway | 2017-06-07 00:52:50 | Re: BUG #14682: row level security not work with partitioned table |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Finnerty | 2017-06-07 01:24:20 | Re: postgres_fdw cost estimation defaults and documentation |
| Previous Message | Andres Freund | 2017-06-07 01:00:14 | Re: Get stuck when dropping a subscription during synchronizing table |