views:

50

answers:

2

I write PSQL script and using variables (for psql --variable key=value commandline syntax).

This works perfectly for top level scope like select * from :key, but I create functions with the script and need variable value inside them.

So, the syntax like

create function foo() returns void as
$$
declare
begin
    grant select on my_table to group :user;
end;
$$
language plpgsql;

fails at :user.

As far as I understand psql variables is a plain macro substitution feature, but it doesn't process function bodies. Are there any escaping syntax for such cases? Surrounding :user with $$ works regarding substitution, but psql fails at $$.

Are there any other way to do this besides standalone macro processing (sed, awk, etc)?

+3  A: 

PSQL SET variables aren't interpolated inside dollar-quoted strings. I don't know this for certain, but I think there's no escape or other trickery to turn on SET variable interpolation in there.

One might think you could wedge an unquoted :user between two dollar-quoted stretches of PL/pgSQL to get the desired effect. But this doesn't seem to work... I think the syntax requires a single string and not an expression concatenating strings. Might be mistaken on that.

Anyway, that doesn't matter. There's another approach (as Pasco noted): write the stored procedure to accept a PL/pgSQL argument. Here's what that would look like.

CREATE OR REPLACE FUNCTION foo("user" TEXT) RETURNS void AS
$$
BEGIN
        EXECUTE 'GRANT SELECT ON my_table TO GROUP ' || quote_ident(user);
END;    
$$ LANGUAGE plpgsql;

Notes on this function:

  1. EXECUTE generates an appropriate GRANT on each invocation using on our procedure argument. The PG manual section called "Executing Dynamic Commands" explains EXECUTE in detail.
  2. The declaration of procedure argument user must be double quoted. Double quotes force it to be interpreted as an identifier.

Once you define the function like this, you can call it using interpolated PSQL variables. Here's an outline.

  1. Run psql --variable user="'whoever'" --file=myscript.sql. Single quotes are required around the username!
  2. In myscript.sql, define function like above.
  3. In myscript.sql, put select foo(:user);. This is where we rely on those single quotes we put in the value of user.

Although this seems to work, it strikes me as rather squirrely. I thought SET variables were intended for runtime configuration. Carrying data around in SET seems odd.

Edit: here's a concrete reason to not use SET variables. From the manpage: "These assignments are done during a very early stage of startup, so variables reserved for internal purposes might get overwritten later." If Postgres decided to use a variable named user (or whatever you pick), it could overwrite your script argument with something you never intended. In fact, psql already takes USER for itself -- this only works because SET is case sensitive. This very nearly broke things from the start!

Dan LaRocque
you should use EXECUTE 'GRANT SELECT ON my_table TO GROUP ' || quote_ident(user); I believe.
rfusca
@rfusca yeah, can't hurt to sanitize it!
Dan LaRocque
+2  A: 

You could use the method Dan LaRocque describes to make it kind of hack'ishly work (not a knock at Dan) - but psql is not really your friend for doing this kind of work (assuming this kind of work is scripting and not one-off things). If you've got a function, rewrite it to take a parameter like so:

create function foo(v_user text) returns void as
$$
begin
    execute 'grant select on my_table to group '||quote_ident(v_user);
end;
$$
language plpgsql;

(quote_ident() makes it so you don't have to assure the double-quotes, it handles all that.)

But then use a real scripting language like Perl, Python, Ruby, etc that has a Postgres driver to invoke your function with a parameter.

Psql has its place, I'm just not sure that this is it.

rfusca
I agree that using psql `SET` like this is probably a maintenance hazard. I shared your misgivings when I wrote my answer too. There's a little paragraph at the end giving a concrete reason *why* it's risky.
Dan LaRocque
@Dan LaRocque: Yup, thats why I didn't feel the need reiterate that and why I even upvoted your answer. :)
rfusca