query_supervisor: add option 'limits_enabled' instead of 'limited_users' list

query_supervisor: add option 'limits_enabled' instead of 'limited_users' list

The new option can be set for any role with ALTER ROLE or SET statements.
When a role got the option set to 'true' then all its queries are
limited by the supervisor.

Changes in functional test: use the new options instead of 'limted_users'
ALTER ROLE during tests must be used with ;IN DATABASE' to avoid change
global postrges state.

Unfortunately, all attempts to introduce a predefined role group with limitations on queries for its members have failed due to the following reasons:

• Custom options such as 'query_supervisor.*' are not inherited from the group by its members
• It is currently impossible to determine whether a user's role is a member of a group (using either textual names or OIDs postgres crashes) at the moment when the decision to enable query hooks needs to be made (in PG_Init ). This makes it impossible to enforce query restrictions based on group membership.

Added limit (1000) for number of contexts per a role

requested review from @bwrona

assigned to @Ickiewicz

changed title from chan to query_supervisor: add option 'limits_enabled' instead of 'limited_users' list

changed the description

changed the description

added 1 commit

• 60cbf20f - add haf_app_public role

Compare with previous version

added 14 commits

• 60cbf20f...c22b3727 - 5 commits from branch develop
• 96145134 - hive_fork_manager: more tollerant droping contexts and contexts tables
• 022512b7 - limit number of contexts for any of roles
• b611f435 - functional tests: check if tests function are actually added
• 1d8d8882 - psql_tools: add boolean option to custom configuration
• 9f8ae1c2 - query_supervisor: add option 'limits_enabled' instead of 'limited_users' list
• 4009a508 - hfm got dependency to query_supervisor
• 42a2b353 - add --public to create_haf_app_role.sh
• 86d67fac - disable test test_double_haf_replay.sh because of issue #132 (closed)
• aa65f0e2 - add haf_app_public role

Compare with previous version

added 8 commits

• ddaf152b - hive_fork_manager: more tollerant droping contexts and contexts tables
• 210baddd - limit number of contexts for any of roles
• 8e70af66 - functional tests: check if tests function are actually added
• e0c2e7b5 - psql_tools: add boolean option to custom configuration
• 9908873a - query_supervisor: add option 'limits_enabled' instead of 'limited_users' list
• 4c5cdfaa - hfm got dependency to query_supervisor
• 1e63c935 - add --public to create_haf_app_role.sh
• 9ae22644 - add haf_app_public role

Compare with previous version

added 13 commits

• 9ae22644...c22b3727 - 5 commits from branch develop
• 054d4e3b - hive_fork_manager: more tollerant droping contexts and contexts tables
• 521d3fe5 - limit number of contexts for any of roles
• 67a11e28 - functional tests: check if tests function are actually added
• 8df4d23e - psql_tools: add boolean option to custom configuration
• cca1d5d5 - query_supervisor: add option 'limits_enabled' instead of 'limited_users' list
• 7402321d - hfm got dependency to query_supervisor
• 9417d8b8 - add --public to create_haf_app_role.sh
• e6923705 - add haf_app_public role

Compare with previous version

merged

mentioned in merge request !316 (merged)