Thread: Dumping security labels for extension owned tables?
Hello,
I have an issue I've run into that is puzzling me, I have an extension pgsodium that uses SECURITY LABEL to trigger the creation of encrypting triggers and a decrypting view. When a table not associated with an extension is dumped, the label gets dumped as well, and that's fine.
But if I have an extension that creates a table (and is "owned" by it) and I apply a label, the table gets dumped (when I use pg_extension_config_dump), but the label does not get dumped. If I run `ALTER EXTENSION <extension_name> DROP TABEL <table_name>` the label does get correctly dumped.
Is there a reason why extension associated tables do not have their label's dumped, or is this a bug in pg_dump where it's dumping the table but not the label? Hoping someone might have a suggestion for me before I go digging into it too much further.
Thanks!
-Michel
Hi On Wed, Dec 14, 2022 at 7:02 PM Michel Pelletier <pelletier.michel@gmail.com> wrote: > > I have an issue I've run into that is puzzling me, I have an extension pgsodium that uses SECURITY LABEL to trigger thecreation of encrypting triggers and a decrypting view. When a table not associated with an extension is dumped, the labelgets dumped as well, and that's fine. > > But if I have an extension that creates a table (and is "owned" by it) and I apply a label, the table gets dumped (whenI use pg_extension_config_dump), but the label does not get dumped. If I run `ALTER EXTENSION <extension_name> DROPTABEL <table_name>` the label does get correctly dumped. > > Is there a reason why extension associated tables do not have their label's dumped, or is this a bug in pg_dump where it'sdumping the table but not the label? Hoping someone might have a suggestion for me before I go digging into it too muchfurther. Note that if a table is part of an extension, pg_extension_config_dump will only lead pg_dump to emit the table data, not the table DDL. The table itself must be entirely created by the extension script, and any modification done afterwards to a table (or any other object) that is part of an extension (a security label but also a comment, new columns or anything else) will just be lost. That's how extensions are designed, and indeed trying to do inter-extension dependencies like this isn't going to work.
On Wed, Dec 14, 2022 at 11:29 AM Julien Rouhaud <rjuju123@gmail.com> wrote:
Note that if a table is part of an extension, pg_extension_config_dump
will only lead pg_dump to emit the table data, not the table DDL. The
table itself must be entirely created by the extension script, and any
modification done afterwards to a table (or any other object) that is
part of an extension (a security label but also a comment, new columns
or anything else) will just be lost. That's how extensions are
designed, and indeed trying to do inter-extension dependencies like
this isn't going to work.
Ah my bad, sorry for the noise Julien, the create extension statement is correctly dumped and it applies the label, so I shouldn't have been expecting the label in the dump (as you informed me). There is some other root cause for the problem we are observing and we are continuing to dig into it.
Thank you for your quick reply!
-Michel