feat: add config db-hoisted-tx-settings to allow only hoisted function settings

CHANGELOG.md

@@ -9,7 +9,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
  - #2887, Add Preference `max-affected` to limit affected resources - @taimoorzaeem
  - #3171, Add an ability to dump config via admin API - @skywriter
- - #3061, Apply all function settings as transaction-scoped settings - @taimoorzaeem
  - #3171, #3046, Log schema cache stats to stderr - @steve-chavez
  - #3210, Dump schema cache through admin API - @taimoorzaeem
  - #2676, Performance improvement on bulk json inserts, around 10% increase on requests per second by removing `json_typeof` from write queries - @steve-chavez
@@ -23,6 +22,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
  + Shows the correct JSON format in the `hints` field
  - #3340, Log when the LISTEN channel gets a notification - @steve-chavez
  - #3184, Log full pg version to stderr on connection - @steve-chavez
+ - #3242. Add config `db-hoisted-tx-settings` to apply only hoisted function settings - @taimoorzaeem
 
 ### Fixed
 

docs/references/configuration.rst

@@ -298,6 +298,21 @@ db-extra-search-path
 
  Multiple schemas can be added in a comma-separated string, e.g. ``public, extensions``.
 
+.. _db-hoisted-tx-settings:
+
+db-hoisted-tx-settings
+----------------------
+
+ =============== ==================================================================================
+ **Type** String
+ **Default** statement_timeout, plan_filter.statement_cost_limit, default_transaction_isolation
+ **Reloadable** Y
+ **Environment** PGRST_DB_HOISTED_TX_SETTINGS
+ **In-Database** pgrst.db_hoisted_tx_settings
+ =============== ==================================================================================
+
+ Hoisted settings are allowed to be applied as transaction-scoped function settings. Multiple settings can be added in a comma-separated string, e.g. ``work_mem, statement_timeout``.
+
 .. _db-max-rows:
 
 db-max-rows

docs/references/transactions.rst

@@ -303,7 +303,7 @@ When calling the above function (see :ref:`functions`), the statement timeout wi
 
 .. note::
 
- Currently, only ``statement_timeout`` is applied for functions.
+ Only the transactions that are hoisted by config :ref:`db-hoisted-tx-settings` will be applied.
 
 .. _main_query:
 

src/PostgREST/Config.hs

@@ -74,6 +74,7 @@ data AppConfig = AppConfig
  , configDbChannel :: Text
  , configDbChannelEnabled :: Bool
  , configDbExtraSearchPath :: [Text]
+ , configDbHoistedTxSettings :: [Text]
  , configDbMaxRows :: Maybe Integer
  , configDbPlanEnabled :: Bool
  , configDbPoolSize :: Int
@@ -146,6 +147,7 @@ toText conf =
  ,("db-channel", q . configDbChannel)
  ,("db-channel-enabled", T.toLower . show . configDbChannelEnabled)
  ,("db-extra-search-path", q . T.intercalate "," . configDbExtraSearchPath)
+ ,("db-hoisted-tx-settings", q . T.intercalate "," . configDbHoistedTxSettings)
  ,("db-max-rows", maybe "\"\"" show . configDbMaxRows)
  ,("db-plan-enabled", T.toLower . show . configDbPlanEnabled)
  ,("db-pool", show . configDbPoolSize)
@@ -241,6 +243,7 @@ parser optPath env dbSettings roleSettings roleIsolationLvl =
  <*> (fromMaybe "pgrst" <$> optString "db-channel")
  <*> (fromMaybe True <$> optBool "db-channel-enabled")
  <*> (maybe ["public"] splitOnCommas <$> optValue "db-extra-search-path")
+ <*> (maybe defaultHoistedAllowList splitOnCommas <$> optValue "db-hoisted-tx-settings")
  <*> optWithAlias (optInt "db-max-rows")
  (optInt "max-rows")
  <*> (fromMaybe False <$> optBool "db-plan-enabled")
@@ -418,6 +421,8 @@ parser optPath env dbSettings roleSettings roleIsolationLvl =
  splitOnCommas (C.String s) = T.strip <$> T.splitOn "," s
  splitOnCommas _ = []
 
+ defaultHoistedAllowList = ["statement_timeout","plan_filter.statement_cost_limit","default_transaction_isolation"]
+
 -- | Read the JWT secret from a file if configJwtSecret is actually a
 -- filepath(has @ as its prefix). To check if the JWT secret is provided is
 -- in fact a file path, it must be decoded as 'Text' to be processed.

src/PostgREST/Config/Database.hs

@@ -56,6 +56,7 @@ dbSettingsNames =
  ,"db_root_spec"
  ,"db_schemas"
  ,"db_tx_end"
+ ,"db_hoisted_tx_settings"
  ,"jwt_aud"
  ,"jwt_role_claim_key"
  ,"jwt_secret"

src/PostgREST/Query.hs

@@ -181,7 +181,7 @@ actionQuery (MaybeDb plan@InspectPlan{ipSchema=tSchema}) AppConfig{..} _ pgVer s
  tableAccess <- SQL.statement [tSchema] (SchemaCache.accessibleTables pgVer configDbPreparedStatements)
  MaybeDbResult plan . Just <$> ((,,)
  (HM.filterWithKey (\qi _ -> S.member qi tableAccess) $ SchemaCache.dbTables sCache)
- <$> SQL.statement tSchema (SchemaCache.accessibleFuncs pgVer configDbPreparedStatements)
+ <$> SQL.statement (tSchema, configDbHoistedTxSettings) (SchemaCache.accessibleFuncs pgVer configDbPreparedStatements)
  <*> SQL.statement tSchema (SchemaCache.schemaDescription configDbPreparedStatements))
  OAIgnorePriv ->
  MaybeDbResult plan . Just <$> ((,,)

src/PostgREST/SchemaCache.hs

@@ -150,7 +150,7 @@ querySchemaCache AppConfig{..} = do
  tabs <- SQL.statement schemas $ allTables pgVer prepared
  keyDeps <- SQL.statement (schemas, configDbExtraSearchPath) $ allViewsKeyDependencies prepared
  m2oRels <- SQL.statement mempty $ allM2OandO2ORels pgVer prepared
- funcs <- SQL.statement schemas $ allFunctions pgVer prepared
+ funcs <- SQL.statement (schemas, configDbHoistedTxSettings) $ allFunctions pgVer prepared
  cRels <- SQL.statement mempty $ allComputedRels prepared
  reps <- SQL.statement schemas $ dataRepresentations prepared
  mHdlers <- SQL.statement schemas $ mediaHandlers pgVer prepared
@@ -363,13 +363,13 @@ dataRepresentations = SQL.Statement sql (arrayParam HE.text) decodeRepresentatio
  OR (dst_t.typtype = 'd' AND c.castsource IN ('json'::regtype::oid , 'text'::regtype::oid)))
  |]
 
-allFunctions :: PgVersion -> Bool -> SQL.Statement [Schema] RoutineMap
-allFunctions pgVer = SQL.Statement sql (arrayParam HE.text) decodeFuncs
+allFunctions :: PgVersion -> Bool -> SQL.Statement ([Schema], [Text]) RoutineMap
+allFunctions pgVer = SQL.Statement sql (contrazip2 (arrayParam HE.text) (arrayParam HE.text)) decodeFuncs
  where
  sql = funcsSqlQuery pgVer <> " AND pn.nspname = ANY($1)"
 
-accessibleFuncs :: PgVersion -> Bool -> SQL.Statement Schema RoutineMap
-accessibleFuncs pgVer = SQL.Statement sql (param HE.text) decodeFuncs
+accessibleFuncs :: PgVersion -> Bool -> SQL.Statement (Schema, [Text]) RoutineMap
+accessibleFuncs pgVer = SQL.Statement sql (contrazip2 (param HE.text) (arrayParam HE.text)) decodeFuncs
  where
  sql = funcsSqlQuery pgVer <> " AND pn.nspname = $1 AND has_function_privilege(p.oid, 'execute')"
 
@@ -451,15 +451,15 @@ funcsSqlQuery pgVer = [q|
  JOIN pg_namespace tn ON tn.oid = t.typnamespace
  LEFT JOIN pg_class comp ON comp.oid = t.typrelid
  LEFT JOIN pg_description as d ON d.objoid = p.oid
- LEFT JOIN LATERAL unnest(proconfig) iso_config ON iso_config like 'default_transaction_isolation%'
+ LEFT JOIN LATERAL unnest(proconfig) iso_config ON iso_config LIKE 'default_transaction_isolation%'
  LEFT JOIN LATERAL (
  SELECT
  array_agg(row(
  substr(setting, 1, strpos(setting, '=') - 1),
  substr(setting, strpos(setting, '=') + 1)
  )) as kvs
  FROM unnest(proconfig) setting
- WHERE setting not LIKE 'default_transaction_isolation%'
+ WHERE setting ~ ANY($2)
  ) func_settings ON TRUE
  WHERE t.oid <> 'trigger'::regtype AND COALESCE(a.callable, true)
 |] <> (if pgVer >= pgVersion110 then "AND prokind = 'f'" else "AND NOT (proisagg OR proiswindow)")

test/io/__snapshots__/test_cli/test_schema_cache_snapshot[dbRoutines].yaml

@@ -59,31 +59,32 @@
  pdSchema: public
  pdVolatility: Volatile
 
-- - qiName: multiple_func_settings_test
+- - qiName: rpc_with_one_hoisted
  qiSchema: public
  - - pdDescription: null
  pdFuncSettings:
- - - work_mem
- - '5000'
  - - statement_timeout
- - 10s
+ - 7s
  pdHasVariadic: false
- pdName: multiple_func_settings_test
+ pdName: rpc_with_one_hoisted
  pdParams: []
  pdReturnType:
  contents:
  contents:
- qiName: record
- qiSchema: pg_catalog
- tag: Scalar
- tag: SetOf
+ - qiName: items
+ qiSchema: public
+ - false
+ tag: Composite
+ tag: Single
  pdSchema: public
  pdVolatility: Volatile
 
 - - qiName: serializable_isolation_level
  qiSchema: public
  - - pdDescription: null
- pdFuncSettings: []
+ pdFuncSettings:
+ - - default_transaction_isolation
+ - serializable
  pdHasVariadic: false
  pdName: serializable_isolation_level
  pdParams: []
@@ -170,6 +171,26 @@
  pdSchema: public
  pdVolatility: Volatile
 
+- - qiName: rpc_with_two_hoisted
+ qiSchema: public
+ - - pdDescription: null
+ pdFuncSettings:
+ - - statement_timeout
+ - 10s
+ pdHasVariadic: false
+ pdName: rpc_with_two_hoisted
+ pdParams: []
+ pdReturnType:
+ contents:
+ contents:
+ - qiName: items
+ qiSchema: public
+ - false
+ tag: Composite
+ tag: Single
+ pdSchema: public
+ pdVolatility: Volatile
+
 - - qiName: set_statement_timeout
  qiSchema: public
  - - pdDescription: null
@@ -219,25 +240,6 @@
  pdSchema: public
  pdVolatility: Volatile
 
-- - qiName: work_mem_test
- qiSchema: public
- - - pdDescription: null
- pdFuncSettings:
- - - work_mem
- - 6000kB
- pdHasVariadic: false
- pdName: work_mem_test
- pdParams: []
- pdReturnType:
- contents:
- contents:
- qiName: text
- qiSchema: pg_catalog
- tag: Scalar
- tag: Single
- pdSchema: public
- pdVolatility: Volatile
-
 - - qiName: invalid_role_claim_key_reload
  qiSchema: public
  - - pdDescription: null
@@ -348,7 +350,9 @@
 - - qiName: repeatable_read_isolation_level
  qiSchema: public
  - - pdDescription: null
- pdFuncSettings: []
+ pdFuncSettings:
+ - - default_transaction_isolation
+ - REPEATABLE READ
  pdHasVariadic: false
  pdName: repeatable_read_isolation_level
  pdParams: []
@@ -454,6 +458,24 @@
  pdSchema: public
  pdVolatility: Volatile
 
+- - qiName: rpc_work_mem
+ qiSchema: public
+ - - pdDescription: null
+ pdFuncSettings: []
+ pdHasVariadic: false
+ pdName: rpc_work_mem
+ pdParams: []
+ pdReturnType:
+ contents:
+ contents:
+ - qiName: items
+ qiSchema: public
+ - false
+ tag: Composite
+ tag: Single
+ pdSchema: public
+ pdVolatility: Volatile
+
 - - qiName: four_sec_timeout
  qiSchema: public
  - - pdDescription: null

test/io/configs/expected/aliases.config

@@ -3,6 +3,7 @@ db-anon-role = ""
 db-channel = "pgrst"
 db-channel-enabled = true
 db-extra-search-path = "public"
+db-hoisted-tx-settings = "statement_timeout,plan_filter.statement_cost_limit,default_transaction_isolation"
 db-max-rows = 1000
 db-plan-enabled = false
 db-pool = 10

test/io/configs/expected/boolean-numeric.config

@@ -3,6 +3,7 @@ db-anon-role = ""
 db-channel = "pgrst"
 db-channel-enabled = true
 db-extra-search-path = "public"
+db-hoisted-tx-settings = "statement_timeout,plan_filter.statement_cost_limit,default_transaction_isolation"
 db-max-rows = ""
 db-plan-enabled = false
 db-pool = 10

test/io/configs/expected/boolean-string.config

@@ -3,6 +3,7 @@ db-anon-role = ""
 db-channel = "pgrst"
 db-channel-enabled = true
 db-extra-search-path = "public"
+db-hoisted-tx-settings = "statement_timeout,plan_filter.statement_cost_limit,default_transaction_isolation"
 db-max-rows = ""
 db-plan-enabled = false
 db-pool = 10

test/io/configs/expected/defaults.config

@@ -3,6 +3,7 @@ db-anon-role = ""
 db-channel = "pgrst"
 db-channel-enabled = true
 db-extra-search-path = "public"
+db-hoisted-tx-settings = "statement_timeout,plan_filter.statement_cost_limit,default_transaction_isolation"
 db-max-rows = ""
 db-plan-enabled = false
 db-pool = 10

test/io/configs/expected/no-defaults-with-db-other-authenticator.config

@@ -3,6 +3,7 @@ db-anon-role = "pre_config_role"
 db-channel = "postgrest"
 db-channel-enabled = false
 db-extra-search-path = "public,extensions,other"
+db-hoisted-tx-settings = "maintenance_work_mem"
 db-max-rows = 100
 db-plan-enabled = true
 db-pool = 1

test/io/configs/expected/no-defaults-with-db.config

@@ -3,6 +3,7 @@ db-anon-role = "anonymous"
 db-channel = "postgrest"
 db-channel-enabled = false
 db-extra-search-path = "public,extensions,private"
+db-hoisted-tx-settings = "autovacuum_work_mem"
 db-max-rows = 500
 db-plan-enabled = false
 db-pool = 1

test/io/configs/expected/no-defaults.config

@@ -3,6 +3,7 @@ db-anon-role = "root"
 db-channel = "postgrest"
 db-channel-enabled = false
 db-extra-search-path = "public,test"
+db-hoisted-tx-settings = "work_mem"
 db-max-rows = 1000
 db-plan-enabled = true
 db-pool = 1

test/io/configs/expected/types.config

@@ -3,6 +3,7 @@ db-anon-role = ""
 db-channel = "pgrst"
 db-channel-enabled = true
 db-extra-search-path = "public"
+db-hoisted-tx-settings = "statement_timeout,plan_filter.statement_cost_limit,default_transaction_isolation"
 db-max-rows = ""
 db-plan-enabled = false
 db-pool = 10

test/io/configs/no-defaults-env.yaml

@@ -5,6 +5,7 @@ PGRST_DB_ANON_ROLE: root
 PGRST_DB_CHANNEL: postgrest
 PGRST_DB_CHANNEL_ENABLED: false
 PGRST_DB_EXTRA_SEARCH_PATH: public, test
+PGRST_DB_HOISTED_TX_SETTINGS: work_mem
 PGRST_DB_MAX_ROWS: 1000
 PGRST_DB_PLAN_ENABLED: true
 PGRST_DB_POOL: 1

test/io/configs/no-defaults.config

@@ -3,6 +3,7 @@ db-anon-role = "root"
 db-channel = "postgrest"
 db-channel-enabled = false
 db-extra-search-path = "public, test"
+db-hoisted-tx-settings = "work_mem"
 db-max-rows = 1000
 db-plan-enabled = true
 db-pool = 1

test/io/db_config.sql

@@ -23,6 +23,7 @@ ALTER ROLE db_config_authenticator SET pgrst.openapi_server_proxy_uri = 'https:/
 ALTER ROLE db_config_authenticator SET pgrst.server_cors_allowed_origins = 'http://origin.com';
 ALTER ROLE db_config_authenticator SET pgrst.server_timing_enabled = 'false';
 ALTER ROLE db_config_authenticator SET pgrst.server_trace_header = 'CF-Ray';
+ALTER ROLE db_config_authenticator SET pgrst.db_hoisted_tx_settings = 'autovacuum_work_mem';
 
 -- override with database specific setting
 ALTER ROLE db_config_authenticator IN DATABASE :DBNAME SET pgrst.db_extra_search_path = 'public, extensions, private';
@@ -72,6 +73,7 @@ ALTER ROLE other_authenticator SET pgrst.openapi_server_proxy_uri = 'https://oth
 ALTER ROLE other_authenticator SET pgrst.server_cors_allowed_origins = 'http://otherorigin.com';
 ALTER ROLE other_authenticator SET pgrst.server_timing_enabled = 'true';
 ALTER ROLE other_authenticator SET pgrst.server_trace_header = 'traceparent';
+ALTER ROLE other_authenticator SET pgrst.db_hoisted_tx_settings = 'maintenance_work_mem';
 
 create schema postgrest;
 grant usage on schema postgrest to db_config_authenticator;