|
5 | 5 | use strict; |
6 | 6 | use warningsFATAL=>'all'; |
7 | 7 | use PostgreSQL::Test::Cluster; |
| 8 | +use PostgreSQL::Test::Utils; |
8 | 9 | use Test::More; |
9 | 10 |
|
10 | 11 | my ($node_publisher,$node_subscriber,$publisher_connstr,$result,$offset); |
@@ -330,81 +331,91 @@ sub grant_superuser |
330 | 331 | # If the subscription connection requires a password ('password_required' |
331 | 332 | # is true) then a non-superuser must specify that password in the connection |
332 | 333 | # string. |
333 | | -$ENV{"PGPASSWORD"} ='secret'; |
334 | | - |
335 | | -my$node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
336 | | -my$node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
337 | | -$node_publisher1->init(allows_streaming=>'logical'); |
338 | | -$node_subscriber1->init; |
339 | | -$node_publisher1->start; |
340 | | -$node_subscriber1->start; |
341 | | -my$publisher_connstr1 = |
342 | | -$node_publisher1->connstr .' user=regress_test_user dbname=postgres'; |
343 | | -my$publisher_connstr2 = |
344 | | -$node_publisher1->connstr |
345 | | - .' user=regress_test_user dbname=postgres password=secret'; |
346 | | - |
347 | | -formy$node ($node_publisher1,$node_subscriber1) |
| 334 | +SKIP: |
348 | 335 | { |
349 | | -$node->safe_psql( |
| 336 | +skip |
| 337 | +"subscription password_required test cannot run without Unix-domain sockets", |
| 338 | + 3 |
| 339 | +unless$use_unix_sockets; |
| 340 | + |
| 341 | +my$node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
| 342 | +my$node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
| 343 | +$node_publisher1->init(allows_streaming=>'logical'); |
| 344 | +$node_subscriber1->init; |
| 345 | +$node_publisher1->start; |
| 346 | +$node_subscriber1->start; |
| 347 | +my$publisher_connstr1 = |
| 348 | +$node_publisher1->connstr .' user=regress_test_user dbname=postgres'; |
| 349 | +my$publisher_connstr2 = |
| 350 | +$node_publisher1->connstr |
| 351 | + .' user=regress_test_user dbname=postgres password=secret'; |
| 352 | + |
| 353 | +formy$node ($node_publisher1,$node_subscriber1) |
| 354 | +{ |
| 355 | +$node->safe_psql( |
| 356 | +'postgres',qq( |
| 357 | +CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
| 358 | +GRANT CREATE ON DATABASE postgres TO regress_test_user; |
| 359 | +GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
| 360 | +)); |
| 361 | +} |
| 362 | + |
| 363 | +$node_publisher1->safe_psql( |
350 | 364 | 'postgres',qq( |
351 | | - CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
352 | | - GRANT CREATE ON DATABASE postgres TO regress_test_user; |
353 | | - GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
354 | | -)); |
355 | | -} |
| 365 | +SET SESSION AUTHORIZATION regress_test_user; |
| 366 | +CREATE PUBLICATION regress_test_pub; |
| 367 | +)); |
| 368 | +$node_subscriber1->safe_psql( |
| 369 | +'postgres',qq( |
| 370 | +CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
| 371 | +)); |
356 | 372 |
|
357 | | -$node_publisher1->safe_psql( |
358 | | -'postgres',qq( |
359 | | -SET SESSION AUTHORIZATION regress_test_user; |
360 | | -CREATE PUBLICATION regress_test_pub; |
361 | | -)); |
362 | | -$node_subscriber1->safe_psql( |
363 | | -'postgres',qq( |
364 | | -CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
365 | | -)); |
| 373 | +# Wait for initial sync to finish |
| 374 | +$node_subscriber1->wait_for_subscription_sync($node_publisher1, |
| 375 | +'regress_test_sub'); |
366 | 376 |
|
367 | | -# Wait for initial sync to finish |
368 | | -$node_subscriber1->wait_for_subscription_sync($node_publisher1, |
369 | | -'regress_test_sub'); |
370 | | - |
371 | | -# Setup pg_hba configuration so that logical replication connection without |
372 | | -# password is not allowed. |
373 | | -unlink($node_publisher1->data_dir .'/pg_hba.conf'); |
374 | | -$node_publisher1->append_conf('pg_hba.conf', |
375 | | -qq{local all regress_test_user md5}); |
376 | | -$node_publisher1->reload; |
377 | | - |
378 | | -# Change the subscription owner to a non-superuser |
379 | | -$node_subscriber1->safe_psql( |
380 | | -'postgres',qq( |
381 | | -ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
382 | | -)); |
| 377 | +my$save_pgpassword =$ENV{"PGPASSWORD"}; |
| 378 | +$ENV{"PGPASSWORD"} ='secret'; |
383 | 379 |
|
384 | | -# Non-superuser must specify password in the connection string |
385 | | -my ($ret,$stdout,$stderr) =$node_subscriber1->psql( |
386 | | -'postgres',qq( |
387 | | -SET SESSION AUTHORIZATION regress_test_user; |
388 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
389 | | -)); |
390 | | -isnt($ret, 0, |
391 | | -"non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
392 | | -); |
393 | | -ok($stderr =~m/DETAIL: Non-superusers must provide a password in the connection string./, |
394 | | -'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
395 | | -); |
| 380 | +# Setup pg_hba configuration so that logical replication connection without |
| 381 | +# password is not allowed. |
| 382 | +unlink($node_publisher1->data_dir .'/pg_hba.conf'); |
| 383 | +$node_publisher1->append_conf('pg_hba.conf', |
| 384 | +qq{local all regress_test_user md5}); |
| 385 | +$node_publisher1->reload; |
396 | 386 |
|
397 | | -delete$ENV{"PGPASSWORD"}; |
| 387 | +# Change the subscription owner to a non-superuser |
| 388 | +$node_subscriber1->safe_psql( |
| 389 | +'postgres',qq( |
| 390 | +ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
| 391 | +)); |
398 | 392 |
|
399 | | -# It should succeed after including the password parameter of the connection |
400 | | -# string. |
401 | | -($ret,$stdout,$stderr) =$node_subscriber1->psql( |
402 | | -'postgres',qq( |
403 | | -SET SESSION AUTHORIZATION regress_test_user; |
404 | | -ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
405 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
406 | | -)); |
407 | | -is($ret, 0, |
408 | | -"Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
409 | | -); |
| 393 | +# Non-superuser must specify password in the connection string |
| 394 | +my ($ret,$stdout,$stderr) =$node_subscriber1->psql( |
| 395 | +'postgres',qq( |
| 396 | +SET SESSION AUTHORIZATION regress_test_user; |
| 397 | +ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 398 | +)); |
| 399 | +isnt($ret, 0, |
| 400 | +"non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
| 401 | +); |
| 402 | +ok($stderr =~ |
| 403 | +m/DETAIL: Non-superusers must provide a password in the connection string./, |
| 404 | +'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
| 405 | +); |
| 406 | + |
| 407 | +$ENV{"PGPASSWORD"} =$save_pgpassword; |
| 408 | + |
| 409 | +# It should succeed after including the password parameter of the connection |
| 410 | +# string. |
| 411 | +($ret,$stdout,$stderr) =$node_subscriber1->psql( |
| 412 | +'postgres',qq( |
| 413 | +SET SESSION AUTHORIZATION regress_test_user; |
| 414 | +ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
| 415 | +ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 416 | +)); |
| 417 | +is($ret, 0, |
| 418 | +"Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
| 419 | +); |
| 420 | +} |
410 | 421 | done_testing(); |