Re: On login trigger: take three
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Alexander Korotkov <aekorotkov@gmail.com>,
Mikhail Gribkov <youzhick@gmail.com>, Andres Freund <andres@anarazel.de>, Tom Lane <tgl@sss.pgh.pa.us>, Greg Nancarrow <gregn4422@gmail.com>, Ivan Panchenko <wao@mail.ru>,
Teodor Sigaev <teodor@sigaev.ru>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, vignesh C <vignesh21@gmail.com>, Pavel Stehule <pavel.stehule@gmail.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Amit Kapila <amit.kapila16@gmail.com>,
Masahiko Sawada <sawada.mshk@gmail.com>
Date: 2023-10-03T14:21:28Z
Lists: pgsql-hackers
On Tue, Oct 3, 2023 at 9:43 AM Daniel Gustafsson <daniel@yesql.se> wrote: > That's exactly what happens, the patch is using BuildEventTriggerCache() to > build the hash for EVT which is then checked for login triggers. This is > clearly the bottleneck and there needs to be a fast-path. There used to be a > cache flag in an earlier version of the patch but it was a but klugy, a version > of that needs to be reimplemented for this patch to fly. So I haven't looked at this patch, but we basically saying that only the superuser can create login triggers, and if they do, those triggers apply to every single user on the system? That would seem to be the logical extension of the existing event trigger mechanism, but it isn't obviously as good of a fit for this case as it is for other cases where event triggers are a thing. Changing the catalog representation could be a way around this. What if you only allowed one login trigger per database, and instead of being stored in pg_event_trigger, the OID of the function gets recorded in the pg_database row? Then this would be a lot cheaper since we have to fetch the pg_database row anyway. Or change the SQL syntax to something entirely new so you can have different login triggers for different users -- and maybe users are allowed to create their own -- but the relevant ones can be found by an index scan instead of a sequential scan. I'm just spitballing here. If you think the present design is good and just want to try to speed it up, I'm not deeply opposed to that. But it's also not obvious to me how to stick a cache in front of something that's basically a full-table scan. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Fix some typos in event trigger docs
- 5fce30e77fe1 17.0 landed
-
Use heap_inplace_update() to unset pg_database.dathasloginevt
- 8be93177c46b 17.0 landed
-
Remove the flaky check in event_trigger_login regression test
- 4b885d01f967 17.0 landed
-
Fix instable 006_login_trigger.pl test
- 06be01eb266b 17.0 landed
-
Add support event triggers on authenticated login
- e83d1b0c40cc 17.0 landed
-
Add GUC for temporarily disabling event triggers
- 7750fefdb2b8 17.0 landed
-
Fix typo in reference to __FreeBSD__.
- e52f8b301ed5 16.0 cited
-
Restore robustness of TAP tests that wait for postmaster restart.
- f452aaf7d4a9 14.0 cited
-
Restore the portal-level snapshot after procedure COMMIT/ROLLBACK.
- 84f5c2908dad 14.0 cited