Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd9f543e

Browse files
committed
Switch TAP tests of pg_rewind to use non-superuser role, take two
Up to now the tests of pg_rewind have been using a superuser for all itstests (which is the default of many tests actually, and something thatought to be reviewed) when involving an online source server, still itis possible to use a non-superuser role to do that as long as this roleis granted permissions to execute all the source-side functions used forthe rewind. This is possible since v11, and was already documented asofbfc8068.PostgresNode::init is extended so as callers of this routine can addextra options to configure the authentication of a new node, which getsused by this commit, and allows the tests to work properly on Windowswhere SSPI is used.This will allow to catch up easily any change in pg_rewind if the toolbegins to use more backend-side functions, so as the propertiesintroduced by v11 are kept.Per suggestion from Peter Eisentraut.Author: Michael PaquierReviewed-by: Magnus HaganderDiscussion:https://postgr.es/m/20190411041336.GM2728@paquier.xyz
1 parent9daefff commitd9f543e

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

‎src/bin/pg_rewind/t/RewindTest.pm

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,12 @@ sub setup_cluster
129129
# Initialize master, data checksums are mandatory
130130
$node_master =
131131
get_new_node('master' . ($extra_name ?"_${extra_name}" :''));
132-
$node_master->init(allows_streaming=> 1,extra=>$extra);
132+
133+
# Set up pg_hba.conf and pg_ident.conf for the role running
134+
# pg_rewind. This role is used for all the tests, and has
135+
# minimal permissions enough to rewind from an online source.
136+
$node_master->init(allows_streaming=> 1,extra=>$extra,
137+
auth_extra=> ['--create-role','rewind_user']);
133138

134139
# Set wal_keep_segments to prevent WAL segment recycling after enforced
135140
# checkpoints in the tests.
@@ -144,6 +149,19 @@ sub start_master
144149
{
145150
$node_master->start;
146151

152+
# Create custom role which is used to run pg_rewind, and adjust its
153+
# permissions to the minimum necessary.
154+
$node_master->psql('postgres',"
155+
CREATE ROLE rewind_user LOGIN;
156+
GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean)
157+
TO rewind_user;
158+
GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean)
159+
TO rewind_user;
160+
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text)
161+
TO rewind_user;
162+
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean)
163+
TO rewind_user;");
164+
147165
#### Now run the test-specific parts to initialize the master before setting
148166
# up standby
149167

@@ -207,6 +225,9 @@ sub run_pg_rewind
207225
my$standby_connstr =$node_standby->connstr('postgres');
208226
my$tmp_folder = TestLib::tempdir;
209227

228+
# Append the rewind-specific role to the connection string.
229+
$standby_connstr ="$standby_connstr user=rewind_user";
230+
210231
# Stop the master and be ready to perform the rewind
211232
$node_master->stop;
212233

‎src/test/perl/PostgresNode.pm

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -441,7 +441,8 @@ sub init
441441

442442
TestLib::system_or_bail('initdb','-D',$pgdata,'-A','trust','-N',
443443
@{$params{extra} });
444-
TestLib::system_or_bail($ENV{PG_REGRESS},'--config-auth',$pgdata);
444+
TestLib::system_or_bail($ENV{PG_REGRESS},'--config-auth',$pgdata,
445+
@{$params{auth_extra} });
445446

446447
openmy$conf,'>>',"$pgdata/postgresql.conf";
447448
print$conf"\n# Added by PostgresNode.pm\n";

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp