Closed #9: CREATE EXTENSION problem.
commit : 3296ceff06d06ab95ea4285e40503509c17a3cec
author : David Steele <[email protected]>
date : Tue, 29 Mar 2016 21:38:54 -0400
committer: David Steele <[email protected]>
date : Tue, 29 Mar 2016 21:38:54 -0400
This was happening because pgaudit.log was set before CREATE EXTENSION was called. This caused an issue where pgaudit was trying to log itself being created which won't work properly with event triggers. Documented that pgaudit.log must not be set when the pgaudit extension is created.
M README.md
Fixed #7: Audit log problem with CREATE TABLE AS.
commit : dded12726964ac7075d58529294cc7c5e5616d9d
author : David Steele <[email protected]>
date : Tue, 29 Mar 2016 21:29:07 -0400
committer: David Steele <[email protected]>
date : Tue, 29 Mar 2016 21:29:07 -0400
This issue was caused by an event that had already been logged being logged again by another call to ExecutorCheckPerms(). Fixed by altering the audit log code so events won't be logged again unless there is new information.
M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql
Fixed #6: Audit log is not output after the SET ROLE.
commit : b6dd6b775f426ca57b9ccea981196f4acbb83fcf
author : David Steele <[email protected]>
date : Tue, 29 Mar 2016 12:02:14 -0400
committer: David Steele <[email protected]>
date : Tue, 29 Mar 2016 12:02:14 -0400
This issue had to do with trying to suppress audit logs for statements that are not run as the current role, which includes security definer functions and foreign key lookups. If the initial logon was a superuser then no audit logs would be created at all after a set role and while this is not very realistic it still needs to be taken in account. The downside of this change is that FK lookups and statements in security definer functions will be logged when the user initially logs on a superuser making the audit log much noisier in this case.
M pgaudit.c