Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd4e2a84

Browse files
committed
Switch TAP tests of pg_rewind to use a role with minimal permissions
Up to now the tests of pg_rewind have been using a superuser for all thetests (which is the default of many tests actually, and something thatought to be reviewed) when involving an online source server, still itis possible to use a non-superuser role to do that as long as this roleis granted permissions to execute all the source-side functions used forthe rewind. This is possible since v11, and was already documented asofbfc8068.This will allow to catch up easily any change in pg_rewind if the toolbegins to use more backend-side functions, so as the propertiesintroduced by v11 are kept.Per suggestion from Peter Eisentraut.Author: Michael PaquierReviewed-by: Magnus HaganderDiscussion:https://postgr.es/m/20190411041336.GM2728@paquier.xyz
1 parentd527fda commitd4e2a84

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

‎src/bin/pg_rewind/t/RewindTest.pm

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,20 @@ sub start_master
144144
{
145145
$node_master->start;
146146

147+
# Create a custom role which will be used to run pg_rewind. This
148+
# role is used for all the tests, and has minimal permissions enough
149+
# to rewind from an online source.
150+
$node_master->psql('postgres',"
151+
CREATE ROLE rewind_user LOGIN;
152+
GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean)
153+
TO rewind_user;
154+
GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean)
155+
TO rewind_user;
156+
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text)
157+
TO rewind_user;
158+
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean)
159+
TO rewind_user;");
160+
147161
#### Now run the test-specific parts to initialize the master before setting
148162
# up standby
149163

@@ -207,6 +221,9 @@ sub run_pg_rewind
207221
my$standby_connstr =$node_standby->connstr('postgres');
208222
my$tmp_folder = TestLib::tempdir;
209223

224+
# Append the rewind-specific role to the connection string.
225+
$standby_connstr ="$standby_connstr user=rewind_user";
226+
210227
# Stop the master and be ready to perform the rewind
211228
$node_master->stop;
212229

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp