Clarification on pg_dump behavior for security labels and policies on extension objects
| От | Fujii Masao |
|---|---|
| Тема | Clarification on pg_dump behavior for security labels and policies on extension objects |
| Дата | |
| Msg-id | CAHGQGwGUC0yRLAhOSR3S3PDKHKtjYz1uHkYK9=2ogsLfNP--RA@mail.gmail.com обсуждение исходный текст |
| Список | pgsql-hackers |
Hi, While working on the patch committed at 762faf702c6, I noticed the following section in the docs: https://www.postgresql.org/docs/devel/extend-extensions.html > PostgreSQL does not currently support extension scripts issuing CREATE POLICY > or SECURITY LABEL statements. These are expected to be set after > the extension has been created. All RLS policies and security labels on > extension objects will be included in dumps created by pg_dump. It seems the last sentence isn't entirely accurate. My quick test (below) shows that a security label on the pgstattuple function is included in the dump only when the --binary-upgrade option is used. Should we update the docs to say something like: -------------------- Note that all RLS policies and security labels on extension objects will be included in dumps created by pg_dump only when --binary-upgrade option is specified -------------------- Or is this a bug - should pg_dump include them even without --binary-upgrade? For reference, the current behavior comes from checkExtensionMembership() in pg_dump.c, which skips dumping components like DUMP_COMPONENT_SECLABEL unless --binary-upgrade is specified. ------------------------ $ psql =# CREATE EXTENSION dummy_seclabel ; =# CREATE EXTENSION pgstattuple ; =# SECURITY LABEL ON FUNCTION pgstattuple(regclass) IS 'classified'; =# \q $ pg_dump | grep -i "security label" COMMENT ON EXTENSION dummy_seclabel IS 'Test code for SECURITY LABEL feature'; $ pg_dump --binary-upgrade | grep -i "security label" COMMENT ON EXTENSION dummy_seclabel IS 'Test code for SECURITY LABEL feature'; -- Name: FUNCTION pgstattuple(reloid regclass, OUT table_len bigint, OUT tuple_count bigint, OUT tuple_len bigint, OUT tuple_percent double precision, OUT dead_tuple_count bigint, OUT dead_tuple_len bigint, OUT dead_tuple_percent double precision, OUT free_space bigint, OUT free_percent double precision); Type: SECURITY LABEL; Schema: public; Owner: postgres SECURITY LABEL FOR dummy ON FUNCTION public.pgstattuple(reloid regclass, OUT table_len bigint, OUT tuple_count bigint, OUT tuple_len bigint, OUT tuple_percent double precision, OUT dead_tuple_count bigint, OUT dead_tuple_len bigint, OUT dead_tuple_percent double precision, OUT free_space bigint, OUT free_percent double precision) IS 'classified'; ------------------------ Regards, -- Fujii Masao
В списке pgsql-hackers по дате отправления: