Reject "ALTER DATABASE/USER ... RESET foo" with invalid GUC name.

If the database or user had no entry in pg_db_role_setting,
RESET silently did nothing --- including not checking the
validity of the given GUC name.  This is quite inconsistent
and surprising, because you *would* get such an error if there
were any pg_db_role_setting entry, even though it contains
values for unrelated GUCs.

While this is clearly a bug, changing it in stable branches seems
unwise.  The effect will be that some ALTER commands that formerly
were no-ops will now be errors, and people don't like that sort of
thing in minor releases.

Author: Vitaly Davydov <v.davydov@postgrespro.ru>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/30783e-68c28a00-9-41004480@130449754

3 files changed, 31 insertions, 0 deletions

diff --git a/src/backend/catalog/pg_db_role_setting.c b/src/backend/catalog/pg_db_role_setting.c
index 090fc07c28a..832e49a34be 100644
--- a/src/backend/catalog/pg_db_role_setting.c
+++ b/src/backend/catalog/pg_db_role_setting.c
@@ -151,6 +151,15 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
 
 		CatalogTupleInsert(rel, newtuple);
 	}
+	else
+	{
+		/*
+		 * RESET doesn't need to change any state if there's no pre-existing
+		 * pg_db_role_setting entry, but for consistency we should still check
+		 * that the option is valid and we're allowed to set it.
+		 */
+		(void) GUCArrayDelete(NULL, setstmt->name);
+	}
 
 	InvokeObjectPostAlterHookArg(DbRoleSettingRelationId,
 								 databaseid, 0, roleid, false);
diff --git a/src/test/modules/unsafe_tests/expected/setconfig.out b/src/test/modules/unsafe_tests/expected/setconfig.out
index 5f42443e144..37e33709012 100644
--- a/src/test/modules/unsafe_tests/expected/setconfig.out
+++ b/src/test/modules/unsafe_tests/expected/setconfig.out
@@ -62,6 +62,19 @@ SELECT current_user, session_user;
 SET ROLE NONE;
 DO $$BEGIN EXECUTE format(
 	'ALTER DATABASE %I RESET role', current_catalog); END$$;
+-- Test some error cases
+DO $$BEGIN EXECUTE format(
+	'ALTER DATABASE %I SET bogus = 0', current_catalog); END$$;
+ERROR:  unrecognized configuration parameter "bogus"
+CONTEXT:  SQL statement "ALTER DATABASE contrib_regression SET bogus = 0"
+PL/pgSQL function inline_code_block line 1 at EXECUTE
+DO $$BEGIN EXECUTE format(
+	'ALTER DATABASE %I RESET bogus', current_catalog); END$$;
+ERROR:  unrecognized configuration parameter "bogus"
+CONTEXT:  SQL statement "ALTER DATABASE contrib_regression RESET bogus"
+PL/pgSQL function inline_code_block line 1 at EXECUTE
+ALTER USER regress_authenticated_user_db_ssa RESET bogus;
+ERROR:  unrecognized configuration parameter "bogus"
 -- Test connection string options
 \c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
 SELECT current_user, session_user;
diff --git a/src/test/modules/unsafe_tests/sql/setconfig.sql b/src/test/modules/unsafe_tests/sql/setconfig.sql
index 81296d1091b..d9e1fc908a1 100644
--- a/src/test/modules/unsafe_tests/sql/setconfig.sql
+++ b/src/test/modules/unsafe_tests/sql/setconfig.sql
@@ -50,6 +50,15 @@ DO $$BEGIN EXECUTE format(
 	'ALTER DATABASE %I RESET role', current_catalog); END$$;
 
 
+-- Test some error cases
+
+DO $$BEGIN EXECUTE format(
+	'ALTER DATABASE %I SET bogus = 0', current_catalog); END$$;
+DO $$BEGIN EXECUTE format(
+	'ALTER DATABASE %I RESET bogus', current_catalog); END$$;
+ALTER USER regress_authenticated_user_db_ssa RESET bogus;
+
+
 -- Test connection string options
 
 \c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"