Fix missing dependency for pg_dump's ENABLE ROW LEVEL SECURITY items.

The archive should show a dependency on the item's table, but it failed
to include one.  This could cause failures in parallel restore due to
emitting ALTER TABLE ... ENABLE ROW LEVEL SECURITY before restoring
the table's data.  In practice the odds of a problem seem low, since
you would typically need to have set FORCE ROW LEVEL SECURITY as well,
and you'd also need a very high --jobs count to have any chance of this
happening.  That probably explains the lack of field reports.

Still, it's a bug, so back-patch to 9.5 where RLS was introduced.

Discussion: https://postgr.es/m/19784.1535390902@sss.pgh.pa.us

diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index cd325c0484e2e95f96ce7f558cfa45ee6d80f403..6763a899d81d1bcf0bbdc5f16c970d7024ef7146 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -3480,8 +3480,8 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
 
                /*
                 * Get row security enabled information for the table. We represent
-                * RLS enabled on a table by creating PolicyInfo object with an empty
-                * policy.
+                * RLS being enabled on a table by creating a PolicyInfo object with
+                * null polname.
                 */
                if (tbinfo->rowsec)
                {
@@ -3622,8 +3622,13 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo)
                query = createPQExpBuffer();
 
                appendPQExpBuffer(query, "ALTER TABLE %s ENABLE ROW LEVEL SECURITY;",
-                                                 fmtQualifiedDumpable(polinfo));
+                                                 fmtQualifiedDumpable(tbinfo));
 
+               /*
+                * We must emit the ROW SECURITY object's dependency on its table
+                * explicitly, because it will not match anything in pg_depend (unlike
+                * the case for other PolicyInfo objects).
+                */
                if (polinfo->dobj.dump & DUMP_COMPONENT_POLICY)
                        ArchiveEntry(fout, polinfo->dobj.catId, polinfo->dobj.dumpId,
                                                 polinfo->dobj.name,
@@ -3632,7 +3637,7 @@ dumpPolicy(Archive *fout, PolicyInfo *polinfo)
                                                 tbinfo->rolname, false,
                                                 "ROW SECURITY", SECTION_POST_DATA,
                                                 query->data, "", NULL,
-                                                NULL, 0,
+                                                &(tbinfo->dobj.dumpId), 1,
                                                 NULL, NULL);
 
                destroyPQExpBuffer(query);