Problem/Motivation
For PostgreSQL in Drupal 10 will the pg_trgm extension be a requirement. The extension needs to be created. Both must be done by a database user that has at least superuser privileges. The database user that is used by Drupal should not have those privileges. That would be a security risk.
Proposed resolution
Add a hook_requirements() that will throw an warning when the extension is not created. In D10 the warning will be replaced by an error.
How to manual test
Install the patch on a system with a PostgreSQL backend and to to the page "admin/reports/status". When the extension PG_TRGM is created, then there should be no warning. When the extension is not created or is dropped, then the following warning should be displayed: "The pg_trgm extension is not created. This extension is only needed on a PostgreSQL database. Extensions on PostgreSQL can only be created by a database user with superuser privileges. The current warning will be replaced by an error before the release of Drupal 10.0.0."
The default command to create the extension is: create extension pg_trgm;
. It can be that the additional contrib package for postgresql needs to be installed.
The default command to remove the esxtension is: drop extension pg_trgm;
.
Remaining tasks
TBD
User interface changes
None
API changes
New method called Drupal\Core\Database\Driver\pgsql\Schema::extensionExists(string $name). Which returns true when the given extension name is installed and created or return false when that is not the case.
Data model changes
None
Release notes snippet
In preparation for Drupal 10 PostgreSQL requirements, sites running PostgreSQL without the pg_trm extension will begin to see a warning in the status report when it is not installed.
For the committer
Could @mixologic get commit credit for his work on the testbot which makes this patch possible.
Comment | File | Size | Author |
---|---|---|---|
#45 | 214921-45.patch | 3.16 KB | daffie |
#45 | interdiff-3214921-43-45.txt | 754 bytes | daffie |
Comments
Comment #2
daffie CreditAttribution: daffie commentedFixed a number of my own typos.
Comment #3
Gábor HojtsyMake target version clear in title, since we want to make a slightly different change in Drupal 10: #3214922: Add a requirements error in Drupal 10 when PostgreSQL is used and the pg_trgm extension is not installed or created.
Comment #4
Gábor HojtsyInterlinking the Drupal 10 issue.
Comment #5
daffie CreditAttribution: daffie commentedUpdated the IS with how to manual test the patch.
Comment #6
daffie CreditAttribution: daffie commentedComment #7
daffie CreditAttribution: daffie commentedComment #8
andypostLooks great except naming to make it more extendable in future
I'd make it more broader - requirementsValid(): bool
Also would be great to mark method @internal
Comment #9
daffie CreditAttribution: daffie commentedComment #10
daffie CreditAttribution: daffie commentedAn extension is a typical PostgreSQL thing for which we test. We already have in the class Drupal\Core\Database\Schema a number of methods in the same style: tableExists(), fieldExists(), constraintExists() and indexExists(). For me the logical thing to do is to name the new method in the same way.
Which other type would you like to test for with: requirementsValid()?
Comment #11
andypostLooks great, I'd just added link to official docs about creation
Comment #12
Taran2Lhey @daffie,
A few comments:
1. Issue description has this:
But the proposed patch does not do anything about that. I guess issue description is misleading a bit
2.
The proposed patch checks if the extension is installed (afaik), but says it's not created. I believe it also could be misleading. Either update the message to include all the options (not created, not installed or dropped) OR add more sophisticated checks (if possible) to clearly state what's wrong.
3. Test coverage is missing, but not sure what can be done here. Maybe unit with mocking the DB queries?
Comment #13
daffie CreditAttribution: daffie commented@Taran2L: Thank you for your review.
For #12.1: Because of it being a security risk, do we not try to install and/or enable the pg_trgm extension. We only test if that has been done.
For #12.2: The problem is that PostgreSQL uses "installed" and "created" not consistently with extensions. PostgreSQL extensions are a bit like Drupal modules. You need to copy the module files to the modules directory and then enable the module. In most linux distributions the pg_trgm extension files are already included in the disto. If not, then you have to "install" the extension files manually or with a package manager. When that is done, you can "install" the extension with the "CREATE EXTENSION 'pg_trgm'" command. See: https://www.postgresql.org/docs/current/sql-createextension.html I have used both "install" and "create" to increase the chance that site owners with a PostgreSQL database end up with the correct fix.
For #12.3: The only way to test this patch is by creating and dropping the extension and see that the warning is there or not depending on the status of the extension. This can only be done manually. You need superuser privileges for crating and dropping extensions.
Comment #14
Taran2L@daffie:
#12.2 As far as I can tell, there is also https://www.postgresql.org/docs/current/view-pg-available-extensions.html, so it should be possible to detect whether the extension is available for loading or not => giving us the ability to set a very detailed warning/error message. What do you think?
Comment #15
daffie CreditAttribution: daffie commented@taran2L: Again that you for your input. I have added an extra test for the availability of the pg_trgm extension. The warning message now depends on the outcome of the test. I have created a new method in the PostgreSQL Schema class. The method is called
Schema::extensionAvailable()
When the extension files are NOT available the warning will be:
"The pg_trgm extension files are not available in the database. Therefor the extension cannot be created. This extension is only needed on a PostgreSQL database. Extensions on PostgreSQL can only be created by a database user with superuser privileges. The current warning will be replaced by an error before the release of Drupal 10.0.0."
When the extension files are available the warning will be:
"The pg_trgm extension is not created. This extension is only needed on a PostgreSQL database. Extensions on PostgreSQL can only be created by a database user with superuser privileges. The current warning will be replaced by an error before the release of Drupal 10.0.0."
I ahve also updated the title and the summary to only talk about creating the extension.
Comment #16
mondrakeI'd rather say
t('PostgreSQL pg_trgm database extension')
two methods here seem a bit overkill, I think it'd be better have one select and return an array of [name, installed_version], then do the processing in calling code.
Comment #17
andypostThere's new major release is out so would be great to check support for the extension in 14.0
Comment #18
daffie CreditAttribution: daffie commentedUpdated the title as requested by @mondrake.
Changed back to the more simple solution from the patch of comment #10.
Comment #19
mondrakeSeems sensible to me, we warn the user something is wrong, point to the solution, but not fall in trying to provide all steps to solve, which would be overdoing IMO. +1 for RTBC, but needs someone to confirm the message works by testing manually.
Comment #20
daffie CreditAttribution: daffie commentedUpdating the IS with a bit more info about how to manual test this patch.
Comment #21
xurizaemonPatch looks good and works, identifying that the pg_trgm is not enabled. I feel the wording could be simplified and clarified to direct the user to why pg_trgm is recommended (and will be required).
Current wording for the warning description is:
I propose:
Reasoning behind this rewriting:
The linked DB docs don't currently include the linkage to creating extensions under PostgreSQL, but I feel that's the right place to move those links to.
Testing
I created a fresh Drupal 9.3.x environment with the patch from #18 and a PostgreSQL DB (10.12) on Lando.
~/Projects/drupal-core/.lando.yml:
I also required
drush/drush
.I installed Drupal on PostgreSQL.
lando drush site-install standard --db-url=pgsql://postgres@database/drupal9
I checked the requirements warning in CLI, where it appears correctly. (screenshot of CLI output, abbreviated below)
I checked the web UI for the warning also (screenshot of warning in browser). NB: I've removed an unrelated Drupal warning from this image for clarity.
I created the extension:
The warning was no longer displayed once the extension was created. I then dropped the extension, and saw that the warning was once more visible.
The functionality is great, setting NW for proposed wording changes. Thanks everyone!
Comment #22
xurizaemonComment #23
xurizaemonTested with PostgreSQL 13 also, success also.
My recollection from #2988018: [PP-1] Performance issues with path alias generated queries on PostgreSQL was that there was index configuration / regeneration required after the pg_trgm extension was enabled. Is the scope of this issue solely to ensure that required extension is available to the DB engine?
Comment #24
daffie CreditAttribution: daffie commented@xurizaemon: Thank you for your review.
Yes, that is correct and if the extension is not installed, then we give a hook_requirements warning. We will not be using the extension in D9. We are preparing site owners for the fact that in D10 the extension will be required. For D10 we shall change the warning to an error. An error will block installing or upgrading to D10.
I propose:
I have changed your proposal a bit to make it clear that we will not be using it in D9.
For the 2 extra zero's in 10.0.0 reference minor and patch version numbers. See: https://semver.org/.
Comment #25
jweowu CreditAttribution: jweowu at Catalyst IT commentedIs there any reason why, IFF the extension is detected as enabled, that an option to create the path_alias indexes wouldn't be provided for Drupal 9 ?
If the requirements test for "is the pg_trm extension enabled?" succeeds, then the additional test "are the pg_trm indexes present on the path_alias table?" could be executed, with a warning and a link to generate them if the answer is "no".
Comment #26
daffie CreditAttribution: daffie commentedYes, we can do that. Only it will be a lot more work. We shall then have to support sites on PostgreSQL with the extension installed and sites without. Then we have to also support sites that change from without the extension to with the extension and the other way around. That is a lot of work in code as a lot of work in communication. As I am getting not much help with this problem, it was my decision to do it in the way that is the least amount of work (a.k.a. only start using it in D10).
If we do not get this issue to land in D9.3, there is a good change that using pg_trgm extension will be postponed to D11.
Comment #27
jweowu CreditAttribution: jweowu at Catalyst IT commentedUnderstood. My suggestions could be follow-ups in any case -- there's no reason why they should delay the current issue.
Comment #28
mondrakeJust a nit on language:
seems duplicate, I suggest
Manually tested in #21.
Comment #29
daffie CreditAttribution: daffie commentedUpdated the patch with the suggestion from comment #28.
@mondrake: Thank you for the review and the RTBC!
Comment #31
alexpottThis can have tests on postgres ie. we can test for an extension we know to exist and one we are sure does not and test the return values.
Also I think this warning should only occur on new installs and at runtime. I.e. I don't think we should issue this warning on an update at the moment because if someone is doing a security update I don't think that they need to be thinking about this warning.
Creditting @Mixologic as per issue summary.
Comment #32
alexpottReading the postgres docs are we sure about the whole super user requirement thing?
The docs say:
Comment #33
alexpottThe docs changed for postrges 13 and 14 to add that line. I'm pretty sure for postgres 13 and 14 we can install the extension automatically so I think this change should account for that.
Comment #34
daffie CreditAttribution: daffie commentedThat sounds great, only this is for D9 and the minimum required version is PostgreSQL 10. For D10 the minimum required version of will be PostgreSQL 12. Unless we are changing the minimum required version for PostgreSQL for Drupal 10, this is something that will need to wait for Drupal 11.
From the PostgreSQL 13 release notes; "Such extensions can be installed in a database by users with database-level CREATE privileges, even if they are not superusers." See: https://www.postgresql.org/docs/13/release-13.html.
As for adding tests for this change: At the moment we do not have any PostgreSQL 13 or higher testbots. We have #3240346: Add Postgresql 15.4/16.0 to CI. My question is do we want to wait for that or not. This issue need to land in D9.3 to give site owners a warning about the requirement!
@todo: "Also I think this warning should only occur on new installs and at runtime. I.e. I don't think we should issue this warning on an update at the moment because if someone is doing a security update I don't think that they need to be thinking about this warning."
Comment #35
longwaveA tiny nit but there are 3 "Drupal"s in this paragraph, I think we can change the middle sentence to just say "The extension will be required by Drupal 10 to improve performance when using PostgreSQL."
Comment #36
alexpott@daffie re tests...
This must be testable on the CI supported version of PostgreSQL.
Comment #37
daffie CreditAttribution: daffie commentedI have updated the warning message as requested by @longwave in comment #35.
On the current CI this is only possible, because the PostgreSQL database user in the testbot has superuser privileges. To me that is wrong and we should not add tests that use those privileges.
As of PostgreSQL 13 the required privileges to execute the added test will be lowered to users with create privileges. A normal database user for Drupal should have those privileges. Therefor adding the new test is OK.
Comment #38
daffie CreditAttribution: daffie commentedRemoved a couple of spaces.
Comment #39
daffie CreditAttribution: daffie commentedFixed another style guide violation.
Comment #40
alexpottpg_trgm is installed on DrupalCI right? So we only need to test that it is installed. Going by my local psql you could probably test that plpgsql is installed.
Imo this test shouldn't be installing an extensions but it is perfectly acceptable to assume that an extension is installed.
Comment #41
alexpottSo the prefix deprecation is also being checked on update. I think this is wrong. We should only be making deprecation checks at runtime. They shouldn't interrupt an install or an update at this point. So I think this should be in a
if ($phase === 'runtime') {
and we should open an issue to make the prefix deprecation only occur at runtime.Comment #42
catchAgreed with #42 - this should be a runtime warning in Drupal 9, and an upgrade error for Drupal 10.
Comment #43
daffie CreditAttribution: daffie commentedChanged the test and made it an runtime only warning.
Comment #44
mondrakeI do not think we should be doing this. The effect of this would go beyond the scope of the test if the extension was not created previously. Per #40, let's just test the extension is there. In DrupalCI is OK, and running the tests locally from Drupal 9.3 onwards will simply point the testers to create the extension in their environment.
Comment #45
daffie CreditAttribution: daffie commented@mondrake: Thank you for the review.
For #44: Fixed.
Comment #46
mondrakeAFAICS, all feedback addressed. Back to RTBC.
Comment #48
catchCommitted 84e8b97 and pushed to 9.4.x. Thanks! Also cherry-picked to 9.3.x.
Comment #50
mondrake? Status change did not work :(
Comment #51
catchComment #52
Gábor HojtsyOpened #3249178: Add a requirements warning in Drupal 9 when PostgreSQL is used and the pg_trgm extension is not created for upgrade status too.
Comment #54
djassie CreditAttribution: djassie commentedFor using Lando, it will resolve issues with Drupal 10 and postgreSQL