Re: Auditing extension for PostgreSQL (Take 2)

On 3/23/15 12:40 PM, David Steele wrote:
> On 3/23/15 1:31 AM, Abhijit Menon-Sen wrote:
>> I'm experimenting with a few approaches to do this without reintroducing
>> switch statements to test every command. That will require core changes,
>> but I think we can find an acceptable arrangement. I'll post a proof of
>> concept in a few days.

Any progress on the POC?  I'm interested in trying to get the ROLE class
back in before the Commitfest winds up, but not very happy with my
current string-matching options.

>>> + * Takes an AuditEvent and, if it log_check(), writes it to the audit
>>> log.
>>
>> I don't think log_check is the most useful name, because this sentence
>> doesn't tell me what the function may do. Similarly, I would prefer to
>> have log_acl_check be renamed acl_grants_audit or similar. (These are
>> all static functions anyway, I don't think a log_ prefix is needed.)
>
> log_check() has become somewhat vestigial at this point since it is only
> called from one place - I've been considering removing it and merging
> into log_audit_event().  For the moment I've improved the comments.

log_check() got rolled into log_audit_event().

> I like acl_grants_audit() and agree that it's a clearer name.  I'll
> incorporate that into the next version and apply the same scheme to the
> other ACL functionsas well as do a general review of naming.

I ended up going with audit_on_acl, audit_on_relation, etc. and reworked
some of the other function names.

I attached the v6 patch to my previous email, or you can find it on the
CF page.

--
- David Steele
david@pgmasters.net