Re: On login trigger: take three
Alexander Korotkov <aekorotkov@gmail.com>
From: Alexander Korotkov <aekorotkov@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, Mikhail Gribkov <youzhick@gmail.com>, Andres Freund <andres@anarazel.de>, Tom Lane <tgl@sss.pgh.pa.us>, Greg Nancarrow <gregn4422@gmail.com>, Ivan Panchenko <wao@mail.ru>,
Teodor Sigaev <teodor@sigaev.ru>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, vignesh C <vignesh21@gmail.com>, Pavel Stehule <pavel.stehule@gmail.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Amit Kapila <amit.kapila16@gmail.com>,
Masahiko Sawada <sawada.mshk@gmail.com>
Date: 2023-10-03T17:35:57Z
Lists: pgsql-hackers
Hi, Robert! On Tue, Oct 3, 2023 at 5:21 PM Robert Haas <robertmhaas@gmail.com> wrote: > On Tue, Oct 3, 2023 at 9:43 AM Daniel Gustafsson <daniel@yesql.se> wrote: > > That's exactly what happens, the patch is using BuildEventTriggerCache() to > > build the hash for EVT which is then checked for login triggers. This is > > clearly the bottleneck and there needs to be a fast-path. There used to be a > > cache flag in an earlier version of the patch but it was a but klugy, a version > > of that needs to be reimplemented for this patch to fly. > > So I haven't looked at this patch, but we basically saying that only > the superuser can create login triggers, and if they do, those > triggers apply to every single user on the system? That would seem to > be the logical extension of the existing event trigger mechanism, but > it isn't obviously as good of a fit for this case as it is for other > cases where event triggers are a thing. > > Changing the catalog representation could be a way around this. What > if you only allowed one login trigger per database, and instead of > being stored in pg_event_trigger, the OID of the function gets > recorded in the pg_database row? Then this would be a lot cheaper > since we have to fetch the pg_database row anyway. Or change the SQL > syntax to something entirely new so you can have different login > triggers for different users -- and maybe users are allowed to create > their own -- but the relevant ones can be found by an index scan > instead of a sequential scan. > > I'm just spitballing here. If you think the present design is good and > just want to try to speed it up, I'm not deeply opposed to that. But > it's also not obvious to me how to stick a cache in front of something > that's basically a full-table scan. Thank you for the interesting ideas. I'd like to try to revive the version with the flag in pg_database. Will use other ideas as backup if no success. ------ Regards, Alexander Korotkov
Commits
-
Fix some typos in event trigger docs
- 5fce30e77fe1 17.0 landed
-
Use heap_inplace_update() to unset pg_database.dathasloginevt
- 8be93177c46b 17.0 landed
-
Remove the flaky check in event_trigger_login regression test
- 4b885d01f967 17.0 landed
-
Fix instable 006_login_trigger.pl test
- 06be01eb266b 17.0 landed
-
Add support event triggers on authenticated login
- e83d1b0c40cc 17.0 landed
-
Add GUC for temporarily disabling event triggers
- 7750fefdb2b8 17.0 landed
-
Fix typo in reference to __FreeBSD__.
- e52f8b301ed5 16.0 cited
-
Restore robustness of TAP tests that wait for postmaster restart.
- f452aaf7d4a9 14.0 cited
-
Restore the portal-level snapshot after procedure COMMIT/ROLLBACK.
- 84f5c2908dad 14.0 cited