Fix missing dependency for pg_dump's ENABLE ROW LEVEL SECURITY items.

The archive should show a dependency on the item's table, but it failed
to include one.  This could cause failures in parallel restore due to
emitting ALTER TABLE ... ENABLE ROW LEVEL SECURITY before restoring
the table's data.  In practice the odds of a problem seem low, since
you would typically need to have set FORCE ROW LEVEL SECURITY as well,
and you'd also need a very high --jobs count to have any chance of this
happening.  That probably explains the lack of field reports.

Still, it's a bug, so back-patch to 9.5 where RLS was introduced.

Discussion: https://postgr.es/m/19784.1535390902@sss.pgh.pa.us

diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index 4f927fc3ef533b1608da6aae24e1795a57442090..67fc1c55593e1e50b3792ea63f1f43070f7ff3eb 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -3229,8 +3229,8 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
 
                /*
                 * Get row security enabled information for the table. We represent
-                * RLS enabled on a table by creating PolicyInfo object with an empty
-                * policy.
+                * RLS being enabled on a table by creating a PolicyInfo object with
+                * null polname.
                 */
                if (tbinfo->rowsec)
                {
@@ -3353,8 +3353,13 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo)
                query = createPQExpBuffer();
 
                appendPQExpBuffer(query, "ALTER TABLE %s ENABLE ROW LEVEL SECURITY;",
-                                                 fmtQualifiedDumpable(polinfo));
+                                                 fmtQualifiedDumpable(tbinfo));
 
+               /*
+                * We must emit the ROW SECURITY object's dependency on its table
+                * explicitly, because it will not match anything in pg_depend (unlike
+                * the case for other PolicyInfo objects).
+                */
                if (polinfo->dobj.dump & DUMP_COMPONENT_POLICY)
                        ArchiveEntry(fout, polinfo->dobj.catId, polinfo->dobj.dumpId,
                                                 polinfo->dobj.name,
@@ -3363,7 +3368,7 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo)
                                                 tbinfo->rolname, false,
                                                 "ROW SECURITY", SECTION_POST_DATA,
                                                 query->data, "", NULL,
-                                                NULL, 0,
+                                                &(tbinfo->dobj.dumpId), 1,
                                                 NULL, NULL);
 
                destroyPQExpBuffer(query);