search

ossc-db / pgaudit

PostgreSQL Audit Extension
Other
2 stars 4 forks source link

Deletion of subordinate constraints and indexes is not output to the audit log when the table is deleted.(refactoed branch) #24

Closed harada-toshi closed 7 years ago

harada-toshi commented 7 years ago

Hi.

I am trying pgaudit (refactored branch) and PostgreSQL 9.6.1.

Sumary

Constraints and indexes are set in the table. When dropping the table, the "advanced branch" also reports that the constraints and indexes subordinate to the table have been deleted. (* 1)

Is this the "refactored branch" specification?

(* 1) When an event trigger is set.

advanced branch audit log

LOG:  AUDIT: DDL,CREATE TABLE,TABLE,public.foo,CREATE TABLE foo (
LOG:  AUDIT: DDL,CREATE INDEX,INDEX,public.foo_id_key,CREATE TABLE foo (
LOG:  AUDIT: DDL,CREATE TABLE AS,TABLE,public.bar,CREATE TABLE bar AS SELECT * FROM foo;
LOG:  AUDIT: DDL,ALTER TABLE,TABLE,public.baz,ALTER TABLE foo RENAME TO baz;
LOG:  AUDIT: DDL,DROP TABLE,TABLE,public.bar,DROP TABLE bar;
LOG:  AUDIT: DDL,DROP TABLE,TABLE,public.baz,DROP TABLE baz;
LOG:  AUDIT: DDL,DROP TABLE,TABLE CONSTRAINT,foo_id_key on public.baz,DROP TABLE baz;
LOG:  AUDIT: DDL,DROP TABLE,INDEX,public.foo_id_key,DROP TABLE baz;

See "DROP TABLE baz" command. Along with deleting baz, foo_id_key constraint and deletion of index have been reported.

refactored branch audit log.

LOG:  AUDIT: SESSION,1,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/3,2050,,,CREATE FUNCTION,,,"CREATE FUNCTION pgaudit_ddl_command_end()
LOG:  AUDIT: SESSION,2,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/4,2051,,,CREATE EVENT TRIGGER,,,"CREATE EVENT TRIGGER pgaudit_ddl_command_end
LOG:  AUDIT: SESSION,3,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/5,2052,,,CREATE FUNCTION,FUNCTION,public.pgaudit_sql_drop(),"CREATE FUNCTION pgaudit_sql_drop()
LOG:  AUDIT: SESSION,4,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/6,2053,,,CREATE EVENT TRIGGER,,,"CREATE EVENT TRIGGER pgaudit_sql_drop
LOG:  AUDIT: SESSION,1,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/8,2054,,,CREATE TABLE,TABLE,public.foo,"CREATE TABLE foo (
LOG:  AUDIT: SESSION,1,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/8,2054,,,CREATE INDEX,INDEX,public.foo_id_key,"CREATE TABLE foo (
LOG:  AUDIT: SESSION,2,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/9,2055,,,CREATE TABLE AS,TABLE,public.bar,CREATE TABLE bar AS SELECT * FROM foo;,<not logged>
LOG:  AUDIT: SESSION,3,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/10,2056,,,ALTER TABLE,TABLE,public.baz,ALTER TABLE foo RENAME TO baz;,<not logged>
LOG:  AUDIT: SESSION,4,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/11,2057,,,DROP TABLE,TABLE,public.bar,DROP TABLE bar;,<not logged>
LOG:  AUDIT: SESSION,5,1,DDL,2017-02-08 16:14:23 JST,regression,[local],pg_regress,2/12,2058,,,DROP TABLE,TABLE,public.baz,DROP TABLE baz;,<not logged>

However, in the "refactored branch", it is not output to the audit log that the constraints or indexes subordinate to the table have been deleted.

MasahikoSawada commented 7 years ago

Similar to issue #26, this cause of problem is that pgaudit didn't support event trigger functionality. Commit 12832c8b332f4e66796a6d75f7275adb30582794 should fix this issue while fix CREATE EXTENSION pgaudit issue as well.

MasahikoSawada commented 7 years ago

Confirmed to resolve this issue by @harada-toshi , close this issue.