Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1ulWlq-002CF1-G4
	for pgsql-hackers@arkaria.postgresql.org; Mon, 11 Aug 2025 17:57:18 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1ulWkq-002mew-TD
	for pgsql-hackers@arkaria.postgresql.org; Mon, 11 Aug 2025 17:56:17 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <robertmhaas@gmail.com>)
	id 1ulWkq-002meo-JJ
	for pgsql-hackers@lists.postgresql.org; Mon, 11 Aug 2025 17:56:16 +0000
Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <robertmhaas@gmail.com>)
	id 1ulWkl-0003cc-0w
	for pgsql-hackers@postgresql.org;
	Mon, 11 Aug 2025 17:56:15 +0000
Received: by mail-ej1-x629.google.com with SMTP id
 a640c23a62f3a-af96fba3b37so873080666b.3
        for <pgsql-hackers@postgresql.org>;
 Mon, 11 Aug 2025 10:56:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1754934970; x=1755539770;
 darn=postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=CJDoN4LdwjKt/sUQJju117XqTMGqp2Noo4QPHv/lvEU=;
        b=V/B9QxA5YTqCGzUhxfVpL6nzcLqJd055ZptQ3APHSrguXHkBfKyEhgtttvRjM+6uj6
         V6/1DOLPrI7ss3NXX8OxWmP8/dvynZW7+WeTKuC87U6Ni+R+JQKMkgGOY5/YkqlwRfCD
         3sCJZc8SWJe9PnxSbXwq2pzSmPRdYPlfUTG4AE/lEfdWuEo7PMgx8Gz0/s1sTUWW+7hQ
         qhHN6FTeTg7zKLZWSyJLKsLuSqvklg6QREWA6rXph1kbIqVaqOVGoqYEccIAcRkrMr8L
         xmoTDyTFPwEXJNKkP7Z+aRUOkfWmlG9hfm5D7KXO6rsHAawN9FkOwLQJVO5VRG70/ZrX
         IYhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1754934970; x=1755539770;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CJDoN4LdwjKt/sUQJju117XqTMGqp2Noo4QPHv/lvEU=;
        b=sRwFxfTp0Ti53lXPsDD5qI37QqWn3mPqv/RZPEwEAmMJej/G87jNR0qOv2DoBJwEmA
         PVHYbwx76UPYJdBquZatyOdHykabMHKm94TX+toGJRNd1Bbp9uTLcxEQCB3rbCo4wMom
         U/B8TZasMDBd51fRNK4a0VeyV25PcT4ptBw8kqgYD75kOO7y9a5tnW2bpIJQY1tmk1Tg
         Wjscsor/8dh8v7lbOfQ28UoNVY73NSyyIt9loFI5e3T0Mq7m8e6Tch7cx6sayXKKGk25
         YTcQfLWHDsW+2pW2RU93mdWly5wFWg4aAQt5TD0h03/jtpWkiV1VMYgoSETUJXA7S9DX
         HTNw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXO5zVVAOcn0cbUKQioCfc8idEbFffOLqCk54RiPtMKka4uvHlbFxl0fVUNEaa7ez0G/roGaDtGk9AefElA@postgresql.org
X-Gm-Message-State: AOJu0YxGFom/XgWnq5MaU17o8Bxh5Wbjnm8sN2hFZhnANaY5YU4UsE+L
	p0G938QJ8k5rH2BhkiYZK9GtAjtjnM1Ms//j1KhHxAUEY0nc8MaWuVjWPV73wFBWE9GR46EOQlu
	Ejn/7NPhmtTivp76Qk3vENO3E2nrT1FM=
X-Gm-Gg: ASbGnctrwlfz02L6z2K64sbKRoox1b8Tf3qJmuAuwxED8Nvb0689pdtgAb9wxDQeA5J
	Fy3HdYaD3NRGOKPI3r8ZaKWOZjobwuMbwx6ainlBuF17XkrK4WbAc/BQ+qPfQ/oM9UqKVoLT8XS
	zx/Van7IOKYan+miUNvixVbMeQx8Lbhw9LiNSuVdzmtSYObfcQ9F/WTA21pryyLns9WU/vCcba2
	QJqICu2brDbmTYxm64=
X-Google-Smtp-Source: 
 AGHT+IHZyMpqj9aJ1hScBLpxH8aWrcACuo1DFeeZ6XVQA98Pr4XHp99JWTg1a9E2yQezOw5HbEeWBRBwnIrTCo6Tya4=
X-Received: by 2002:a17:907:3d8b:b0:ad8:9257:573a with SMTP id
 a640c23a62f3a-afa1dfe563amr36334966b.5.1754934969801; Mon, 11 Aug 2025
 10:56:09 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAGECzQQzDqDzakBkR71ZkQ1N1ffTjAaruRSqppQAKu3WF+6rNQ@mail.gmail.com>
 <dbd3cc5a5edde04941c8624dde7e4bd2a063f366.camel@j-davis.com>
 <CAGECzQTe3y6xwP9aMbFBCxKnQEEn3G3=cEDqoD5xaOwPwypd_A@mail.gmail.com>
 <CAGECzQTAgtTp3G=Em3xEY=T=uiKfyu5xLYri9By=sfNBS5C_9A@mail.gmail.com>
 <CAKFQuwaT4_n=e0YKBZAyox1CQUra2ka0cySs+3pGZR5p50pn-g@mail.gmail.com>
 <CAGECzQTOJrnnJkmMe9nems0jouiKUbFcEb1rb9kE_svsAZiGQg@mail.gmail.com>
 <585e996c-a5c6-4e61-acc4-d92b7a1458ea@vondra.me>
 <CAGECzQS02M6YPDXemo36tShO-ZYObjqnyTJyVttua1PGyN4xRw@mail.gmail.com>
 <CAFPkQKzALOTTBrhj2qDHwVxZQyjF5Xg_P9M=Tn_Dcm3vr=xdTA@mail.gmail.com>
 <DBOFQN54M5FX.1XWJE4LKMR8XH@jeltef.nl>
In-Reply-To: <DBOFQN54M5FX.1XWJE4LKMR8XH@jeltef.nl>
From: Robert Haas <robertmhaas@gmail.com>
Date: Mon, 11 Aug 2025 13:55:57 -0400
X-Gm-Features: Ac12FXx61AfB6VETGIjEY76jqgkvwDy3jmN9tbKIlpcYC8aSsWWVR0xm_dJnhas
Message-ID: 
 <CA+TgmoY=NO7_L=UDuoUWj-icABF-7EP=UNUXCFBYpDNFoUZmbA@mail.gmail.com>
Subject: Re: Extension security improvement: Add support for extensions with
 an owned schema
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Artem Gavrilov <artem.gavrilov@percona.com>,
 Jelte Fennema-Nio <me@jeltef.nl>,
	Tomas Vondra <tomas@vondra.me>,
 "David G. Johnston" <david.g.johnston@gmail.com>,
	Jeff Davis <pgsql@j-davis.com>,
 PostgreSQL-development <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CA%2BTgmoY%3DNO7_L%3DUDuoUWj-icABF-7EP%3DUNUXCFBYpDNFoUZmbA%40mail.gmail.com>
Precedence: bulk

On Tue, Jul 29, 2025 at 5:35=E2=80=AFAM Jelte Fennema-Nio <postgres@jeltef.=
nl> wrote:
> On Wed Jul 23, 2025 at 7:12 PM CEST, Artem Gavrilov wrote:
> > 1) I noticed that pg_dump changes weren't covered with tests.
> >
> > 2) I assume these error messages may be confusing, especially first one=
:
>
> Attached is an updated version that addresses these issues.

I generally like the direction that this is going but there are places
where the new stuff looks too much like it was bolted onto whatever
was there already. It's important to go back and edit things so that
they look natural, as if the new feature had been present all along.

-        relocated.  The named schema must already exist.
+        relocated.  The named schema must already exist, unless
+        <literal>owned_schema</literal> is set to <literal>true</literal> =
in
+        the control file, then the schema must not exist.

This reads awkwardly, at least to me. The smallest possible edit that
would make it passable for me is to replace "the" with "in which
case," but possibly the whole sentence should be rephrased somehow.

+ * If the user is giving us the schema name, it must exist already if
+ * the extension does not want to own the schema

This could be made clearer.

+ errmsg("schema \"%s\" already exists but the extension needs to create it=
",
+ schemaName),

I don't really find this an improvement over: ERROR:  schema
"test_ext_owned_schema" already exists.

+ else if (control->owned_schema)
+ {
+ ereport(ERROR,
+ (errcode(ERRCODE_DUPLICATE_SCHEMA),
+ errmsg("schema \"%s\" already exists but the extension needs to create it=
",
+ schemaName),
+ errhint("Drop schema \"%s\" or specify another schema using CREATE
EXTENSION ... SCHEMA ...", schemaName)));
+ }
+
  }
- else if (!OidIsValid(schemaOid))
+ else if (control->owned_schema)
+ {
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_SCHEMA),
+ errmsg("no schema has been selected to create in")));
+ }
+ else

It certainly seems worth asking whether this if-nest should be
rephrased in some way to make it clearer. But even if it's best to
keep it as it is, I find the absence of comments hard to justify. Who
is going to read the bit that emits "no schema has been selected to
create in" and find that self-explanatory?

I would like to see some improvements in AlterExtensionNamespace. In
the context of the patch, it's possible to puzzle out what is
happening, but I think the picture is not going to be clear to later
readers. It seems to me that this either needs some restructuring to
make the logical flow clearer, or a few well-written comments.

--=20
Robert Haas
EDB: http://www.enterprisedb.com