aws / pg_tle

Framework for building trusted language extensions for PostgreSQL
Apache License 2.0
337 stars 31 forks source link

Warn the user if a hook function is registered but a necessary parameter is not enabled #270

Closed TianzeMYou closed 8 months ago

TianzeMYou commented 8 months ago

Issue #, if available: https://github.com/aws/pg_tle/issues/269

Description of changes: Warn the user if a hook function is registered but a necessary parameter is not enabled

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

anth0nyleung commented 8 months ago

I think we can ask @jkatz to take a look at the customer-facing wording / messages in this PR.

anth0nyleung commented 8 months ago

Could you also test upgrading from 1.3 -> 1.4 to ensure that it succeeds

TianzeMYou commented 8 months ago

` postgres=# create extension pg_tle version '1.3.4'; CREATE EXTENSION postgres=# CREATE FUNCTION testhook1(username text, shadow_pass text, password_types pgtle.password_types, validuntil_time TimestampTz, validuntil_null boolean) RETURNS void AS $$ BEGIN if lengthpostgres-# postgres$# postgres$# (shadow_pass) < 8 THEN RAISE EXCEPTIONpostgres$# 'Passwords needs to be longer than 8'; ENpostgres$# D IF; END; $$ LANGUAGE PLPGSQL;postgres$# postgres$# postgres-# CREATE FUNCTION postgres=# CREATE FUNCTION testhook2(username text, shadow_pass text, password_types pgtle.password_types, validuntil_time TimestampTz, validuntil_null boolean) RETURNS void AS $$ BEGIN if lengthpostgres-# postgres$# postgres$# (shadow_pass) < 7 THEN RAISE EXCEPTIONpostgres$# 'Passwords needs to be longer than 8'; ENpostgres$# D IF; END; $$ LANGUAGE PLPGSQL;postgres$# postgres$# postgres-# CREATE FUNCTION postgres=# ALTER SYSTEM SET pgtle.enable_password_check = 'off'; ALTER SYSTEM postgres=# SELECT pg_reload_conf(); pg_reload_conf

t (1 row)

postgres=# SELECT pgtle.register_feature('testhook1', 'passcheck'); register_feature

(1 row)

postgres=# alter extension pg_tle update to '1.4.0'; ALTER EXTENSION postgres=# SELECT pgtle.register_feature('testhook2', 'passcheck'); NOTICE: Required parameter pgtle.enable_password_check is "off". To enable passcheck, set pgtle.enable_password_check = "on" register_feature

(1 row)

postgres=# alter system set pgtle.enable_password_check = "on"; ALTER SYSTEM postgres=# SELECT pg_reload_conf(); pg_reload_conf

t (1 row)

postgres=# SELECT pgtle.unregister_feature('testhook2', 'passcheck'); unregister_feature

(1 row)

postgres=# SELECT pgtle.register_feature('testhook2', 'passcheck'); NOTICE: pgtle.passcheck_db_name is currently contrib_regression. To trigger this passcheck function, register the function in that database. HINT: Alternatively, to use the current database for passcheck, set pgtle.passcheck_db_name = "postgres" and reload the PostgreSQL configuration. register_feature

...

(1 row)`