This is really cool stuff and I've been considering extending Postgres or MySQL similarly, but too many people use managed database offerings that don't allow for modifications. I'd love to hear from anyone that has found a compromise in terms of portability.
I use to swear on RDS being an AWS certified person. AWS taugh us managed is the best and always put warning when you want to self hosted.
Then recently at my small company(an email forwarding app that process 500K email daily https://hanami.run) I want to cut cost and go with dedicated server for our Postgres database.
At that moment, so many cool thing appear. You suddenly give super power to tune yoru database however you like.
On the other hand, RDS and multi-az deployment is just DNS failure at the end of day. You still have to handle stuff like restarting the app to make sure it got the right DNS after RDS failover.
Speaking for myself, I tried managed solutions at the major cloud providers. Way overpriced and not that performant.
I then decided to go back to running my own database but this time in a docker container on k3s on bare metal. A few hours fiddling with the config upon launch and that's it. Rock solid, way more performant because I can tweak the config to my specific needs.
In the 2 years I have been running a MySQL server on k3s, I have about 60-90 seconds of down time. Caused by 3 separate instances where the db became unresponsive and k3s rebooted it. Most likely just some tweaks i need to make with the health check timeouts.
It has been more set it and forget than a managed solution and about 20% the cost.
I use a single dedicated server that I rent from a hosting provider like Hetzner.
If I needed to use multiple servers it would admittedly get a bit more complicated. But only if i needed to replicate persistent data like the database.
Always interesting to see products that push down users or roles into DB users / roles. Seems like it could be a lot more secure if grants were also carefully managed. IME though there is rarely time for such pleasantries and they often get in the way of connection pooling.
For the problem mentioned in the blog post — protecting roles — it's not possible to use event triggers because PostgreSQL doesn't fire[2] a DDL event for `CREATE/ALTER/DROP ROLE`.
If an event for role modification was added, then maybe the same could be accomplished with event triggers(perhaps in pure SQL). Though hooks will always be more strict, since you can enforce conditions by preloading the extension in C code, without custom SQL. Also, hooks can enforce a condition even in presence of superusers[3], something that event triggers can't because a superuser can drop them.
Not a 100% technically correct answer most likely but first look suggests they hook into the statement preprocessing pipeline. In the example, they’re hooking into the ALTER ROLE statement and deny execution if the role is a protected one. I don’t think this can be done with triggers without creating triggers on system tables and knowing the exact places where postgres would try to make changes. This seems to be an ott solution and probably a pretty bulletproof one.
Very timely article, I wonder if this works with yugabyte...
Check this line here[1]. That shows that Yugabyte also has the `ProcessUtility_hook`(same one used in the article) defined. It would be a matter of installing and loading the Supautils extension.
