|
5 | 5 | use strict; |
6 | 6 | use warnings; |
7 | 7 | use PostgreSQL::Test::Cluster; |
| 8 | +use PostgreSQL::Test::Utils; |
8 | 9 | use Test::More; |
9 | 10 |
|
10 | 11 | my ($node_publisher,$node_subscriber,$publisher_connstr,$result,$offset); |
@@ -306,81 +307,91 @@ sub grant_superuser |
306 | 307 | # If the subscription connection requires a password ('password_required' |
307 | 308 | # is true) then a non-superuser must specify that password in the connection |
308 | 309 | # string. |
309 | | -$ENV{"PGPASSWORD"} ='secret'; |
310 | | - |
311 | | -my$node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
312 | | -my$node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
313 | | -$node_publisher1->init(allows_streaming=>'logical'); |
314 | | -$node_subscriber1->init; |
315 | | -$node_publisher1->start; |
316 | | -$node_subscriber1->start; |
317 | | -my$publisher_connstr1 = |
318 | | -$node_publisher1->connstr .' user=regress_test_user dbname=postgres'; |
319 | | -my$publisher_connstr2 = |
320 | | -$node_publisher1->connstr |
321 | | - .' user=regress_test_user dbname=postgres password=secret'; |
322 | | - |
323 | | -formy$node ($node_publisher1,$node_subscriber1) |
| 310 | +SKIP: |
324 | 311 | { |
325 | | -$node->safe_psql( |
| 312 | +skip |
| 313 | +"subscription password_required test cannot run without Unix-domain sockets", |
| 314 | + 3 |
| 315 | +unless$use_unix_sockets; |
| 316 | + |
| 317 | +my$node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
| 318 | +my$node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
| 319 | +$node_publisher1->init(allows_streaming=>'logical'); |
| 320 | +$node_subscriber1->init; |
| 321 | +$node_publisher1->start; |
| 322 | +$node_subscriber1->start; |
| 323 | +my$publisher_connstr1 = |
| 324 | +$node_publisher1->connstr .' user=regress_test_user dbname=postgres'; |
| 325 | +my$publisher_connstr2 = |
| 326 | +$node_publisher1->connstr |
| 327 | + .' user=regress_test_user dbname=postgres password=secret'; |
| 328 | + |
| 329 | +formy$node ($node_publisher1,$node_subscriber1) |
| 330 | +{ |
| 331 | +$node->safe_psql( |
| 332 | +'postgres',qq( |
| 333 | +CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
| 334 | +GRANT CREATE ON DATABASE postgres TO regress_test_user; |
| 335 | +GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
| 336 | +)); |
| 337 | +} |
| 338 | + |
| 339 | +$node_publisher1->safe_psql( |
326 | 340 | 'postgres',qq( |
327 | | - CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
328 | | - GRANT CREATE ON DATABASE postgres TO regress_test_user; |
329 | | - GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
330 | | -)); |
331 | | -} |
| 341 | +SET SESSION AUTHORIZATION regress_test_user; |
| 342 | +CREATE PUBLICATION regress_test_pub; |
| 343 | +)); |
| 344 | +$node_subscriber1->safe_psql( |
| 345 | +'postgres',qq( |
| 346 | +CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
| 347 | +)); |
332 | 348 |
|
333 | | -$node_publisher1->safe_psql( |
334 | | -'postgres',qq( |
335 | | -SET SESSION AUTHORIZATION regress_test_user; |
336 | | -CREATE PUBLICATION regress_test_pub; |
337 | | -)); |
338 | | -$node_subscriber1->safe_psql( |
339 | | -'postgres',qq( |
340 | | -CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
341 | | -)); |
| 349 | +# Wait for initial sync to finish |
| 350 | +$node_subscriber1->wait_for_subscription_sync($node_publisher1, |
| 351 | +'regress_test_sub'); |
342 | 352 |
|
343 | | -# Wait for initial sync to finish |
344 | | -$node_subscriber1->wait_for_subscription_sync($node_publisher1, |
345 | | -'regress_test_sub'); |
346 | | - |
347 | | -# Setup pg_hba configuration so that logical replication connection without |
348 | | -# password is not allowed. |
349 | | -unlink($node_publisher1->data_dir .'/pg_hba.conf'); |
350 | | -$node_publisher1->append_conf('pg_hba.conf', |
351 | | -qq{local all regress_test_user md5}); |
352 | | -$node_publisher1->reload; |
353 | | - |
354 | | -# Change the subscription owner to a non-superuser |
355 | | -$node_subscriber1->safe_psql( |
356 | | -'postgres',qq( |
357 | | -ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
358 | | -)); |
| 353 | +my$save_pgpassword =$ENV{"PGPASSWORD"}; |
| 354 | +$ENV{"PGPASSWORD"} ='secret'; |
359 | 355 |
|
360 | | -# Non-superuser must specify password in the connection string |
361 | | -my ($ret,$stdout,$stderr) =$node_subscriber1->psql( |
362 | | -'postgres',qq( |
363 | | -SET SESSION AUTHORIZATION regress_test_user; |
364 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
365 | | -)); |
366 | | -isnt($ret, 0, |
367 | | -"non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
368 | | -); |
369 | | -ok($stderr =~m/DETAIL: Non-superusers must provide a password in the connection string./, |
370 | | -'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
371 | | -); |
| 356 | +# Setup pg_hba configuration so that logical replication connection without |
| 357 | +# password is not allowed. |
| 358 | +unlink($node_publisher1->data_dir .'/pg_hba.conf'); |
| 359 | +$node_publisher1->append_conf('pg_hba.conf', |
| 360 | +qq{local all regress_test_user md5}); |
| 361 | +$node_publisher1->reload; |
372 | 362 |
|
373 | | -delete$ENV{"PGPASSWORD"}; |
| 363 | +# Change the subscription owner to a non-superuser |
| 364 | +$node_subscriber1->safe_psql( |
| 365 | +'postgres',qq( |
| 366 | +ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
| 367 | +)); |
374 | 368 |
|
375 | | -# It should succeed after including the password parameter of the connection |
376 | | -# string. |
377 | | -($ret,$stdout,$stderr) =$node_subscriber1->psql( |
378 | | -'postgres',qq( |
379 | | -SET SESSION AUTHORIZATION regress_test_user; |
380 | | -ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
381 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
382 | | -)); |
383 | | -is($ret, 0, |
384 | | -"Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
385 | | -); |
| 369 | +# Non-superuser must specify password in the connection string |
| 370 | +my ($ret,$stdout,$stderr) =$node_subscriber1->psql( |
| 371 | +'postgres',qq( |
| 372 | +SET SESSION AUTHORIZATION regress_test_user; |
| 373 | +ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 374 | +)); |
| 375 | +isnt($ret, 0, |
| 376 | +"non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
| 377 | +); |
| 378 | +ok($stderr =~ |
| 379 | +m/DETAIL: Non-superusers must provide a password in the connection string./, |
| 380 | +'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
| 381 | +); |
| 382 | + |
| 383 | +$ENV{"PGPASSWORD"} =$save_pgpassword; |
| 384 | + |
| 385 | +# It should succeed after including the password parameter of the connection |
| 386 | +# string. |
| 387 | +($ret,$stdout,$stderr) =$node_subscriber1->psql( |
| 388 | +'postgres',qq( |
| 389 | +SET SESSION AUTHORIZATION regress_test_user; |
| 390 | +ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
| 391 | +ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 392 | +)); |
| 393 | +is($ret, 0, |
| 394 | +"Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
| 395 | +); |
| 396 | +} |
386 | 397 | done_testing(); |