Previously, bdr_replicate_ddl_command() would always execute any
command, no matter if it's considered safe or not. But this behaviour is
too much of a footgun for users of this function. Plus we already have
mechanism to override command filter - the
bdr.permit_unsafe_ddl_commands GUC, so it makes sense that
bdr_replicate_ddl_command() function should behave according to this GUC
just like plain DDL in BDR.
/* GUCs */
bool bdr_permit_unsafe_commands = false;
-bool bdr_always_allow_ddl = false;
-
static void error_unsupported_command(const char *cmdtag) __attribute__((noreturn));
/*
goto done;
/* don't filter if explicitly told so */
- if (bdr_always_allow_ddl || bdr_permit_unsafe_commands)
+ if (bdr_permit_unsafe_commands)
goto done;
/* extension contents aren't individually replicated */
dest, completionTag);
}
-void
-bdr_commandfilter_always_allow_ddl(bool always_allow)
-{
- Assert(IsUnderPostmaster);
- bdr_always_allow_ddl = always_allow;
-}
-
/* Module load */
void
init_bdr_commandfilter(void)
GUC_ACTION_SAVE, true, 0);
/* Execute the query locally. */
- bdr_commandfilter_always_allow_ddl(true);
in_bdr_replicate_ddl_command = true;
PG_TRY();
bdr_execute_ddl_command(query, GetUserNameFromId(GetUserId()), false);
PG_CATCH();
in_bdr_replicate_ddl_command = false;
- bdr_commandfilter_always_allow_ddl(false);
PG_RE_THROW();
PG_END_TRY();
in_bdr_replicate_ddl_command = false;
- bdr_commandfilter_always_allow_ddl(false);
PG_RETURN_VOID();
}
projects / 2ndquadrant_bdr.git / commitdiff