pgAudit 1.0.1 commit log

Closed #9: CREATE EXTENSION problem.

commit   : 3296ceff06d06ab95ea4285e40503509c17a3cec    
  
author   : David Steele <[email protected]>    
date     : Tue, 29 Mar 2016 21:38:54 -0400    
  
committer: David Steele <[email protected]>    
date     : Tue, 29 Mar 2016 21:38:54 -0400    

Click here for diff

This was happening because pgaudit.log was set before CREATE EXTENSION was called.  This caused an issue where pgaudit was trying to log itself being created which won't work properly with event triggers.  Documented that pgaudit.log must not be set when the pgaudit extension is created.  

M README.md

Fixed #7: Audit log problem with CREATE TABLE AS.

commit   : dded12726964ac7075d58529294cc7c5e5616d9d    
  
author   : David Steele <[email protected]>    
date     : Tue, 29 Mar 2016 21:29:07 -0400    
  
committer: David Steele <[email protected]>    
date     : Tue, 29 Mar 2016 21:29:07 -0400    

Click here for diff

This issue was caused by an event that had already been logged being logged again by another call to ExecutorCheckPerms().  Fixed by altering the audit log code so events won't be logged again unless there is new information.  

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Fixed #6: Audit log is not output after the SET ROLE.

commit   : b6dd6b775f426ca57b9ccea981196f4acbb83fcf    
  
author   : David Steele <[email protected]>    
date     : Tue, 29 Mar 2016 12:02:14 -0400    
  
committer: David Steele <[email protected]>    
date     : Tue, 29 Mar 2016 12:02:14 -0400    

Click here for diff

This issue had to do with trying to suppress audit logs for statements that are not run as the current role, which includes security definer functions and foreign key lookups.  If the initial logon was a superuser then no audit logs would be created at all after a set role and while this is not very realistic it still needs to be taken in account.  The downside of this change is that FK lookups and statements in security definer functions will be logged when the user initially logs on a superuser making the audit log much noisier in this case.  

M pgaudit.c