rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disable event triggers in standalone mode. 

Per discussion, this seems necessary to allow recovery from broken event
triggers, or broken indexes on pg_event_trigger.

Dimitri Fontaine
This commit is contained in:
Tom Lane 2012-12-11 19:28:31 -05:00
parent b19e4250b4
commit cd3413ec36
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/src/sgml/ref/create_event_trigger.sgml
View File

@ -108,7 +108,14 @@ CREATE EVENT TRIGGER <replaceable class="PARAMETER">name</replaceable>
<title>Notes</title>
<para>
To create a trigger on a event, the user must be superuser.
Only superusers can create event triggers.
</para>
<para>
Event triggers are disabled in single-user mode (see <xref
linkend="app-postgres">). If an erroneous event trigger disables the
database so much that you can't even drop the trigger, restart in
single-user mode and you'll be able to do that.
</para>
</refsect1>
@ -116,7 +123,7 @@ CREATE EVENT TRIGGER <replaceable class="PARAMETER">name</replaceable>
<title>Examples</title>
<para>
Forbid the execution of any <link linkend="ddl">ddl</link> command:
Forbid the execution of any <link linkend="ddl">DDL</link> command:
<programlisting>
CREATE OR REPLACE FUNCTION abort_any_command()

19
src/backend/commands/event_trigger.c
View File

@ -566,6 +566,25 @@ EventTriggerDDLCommandStart(Node *parsetree)
const char *tag;
EventTriggerData trigdata;
/*
* Event Triggers are completely disabled in standalone mode. There are
* (at least) two reasons for this:
*
* 1. A sufficiently broken event trigger might not only render the
* database unusable, but prevent disabling itself to fix the situation.
* In this scenario, restarting in standalone mode provides an escape
* hatch.
*
* 2. BuildEventTriggerCache relies on systable_beginscan_ordered, and
* therefore will malfunction if pg_event_trigger's indexes are damaged.
* To allow recovery from a damaged index, we need some operating mode
* wherein event triggers are disabled. (Or we could implement
* heapscan-and-sort logic for that case, but having disaster recovery
* scenarios depend on code that's otherwise untested isn't appetizing.)
*/
if (!IsUnderPostmaster)
return;
/*
* We want the list of command tags for which this procedure is actually
* invoked to match up exactly with the list that CREATE EVENT TRIGGER