|
5 | 5 | use strict; |
6 | 6 | use warnings; |
7 | 7 | use PostgreSQL::Test::Cluster; |
| 8 | +use PostgreSQL::Test::Utils; |
8 | 9 | use Test::More; |
9 | 10 |
|
10 | 11 | my ($node_publisher, $node_subscriber, $publisher_connstr, $result, $offset); |
@@ -306,81 +307,91 @@ sub grant_superuser |
306 | 307 | # If the subscription connection requires a password ('password_required' |
307 | 308 | # is true) then a non-superuser must specify that password in the connection |
308 | 309 | # string. |
309 | | -$ENV{"PGPASSWORD"} = 'secret'; |
310 | | - |
311 | | -my $node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
312 | | -my $node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
313 | | -$node_publisher1->init(allows_streaming => 'logical'); |
314 | | -$node_subscriber1->init; |
315 | | -$node_publisher1->start; |
316 | | -$node_subscriber1->start; |
317 | | -my $publisher_connstr1 = |
318 | | - $node_publisher1->connstr . ' user=regress_test_user dbname=postgres'; |
319 | | -my $publisher_connstr2 = |
320 | | - $node_publisher1->connstr |
321 | | - . ' user=regress_test_user dbname=postgres password=secret'; |
322 | | - |
323 | | -for my $node ($node_publisher1, $node_subscriber1) |
| 310 | +SKIP: |
324 | 311 | { |
325 | | - $node->safe_psql( |
| 312 | + skip |
| 313 | + "subscription password_required test cannot run without Unix-domain sockets", |
| 314 | + 3 |
| 315 | + unless $use_unix_sockets; |
| 316 | + |
| 317 | + my $node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
| 318 | + my $node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
| 319 | + $node_publisher1->init(allows_streaming => 'logical'); |
| 320 | + $node_subscriber1->init; |
| 321 | + $node_publisher1->start; |
| 322 | + $node_subscriber1->start; |
| 323 | + my $publisher_connstr1 = |
| 324 | + $node_publisher1->connstr . ' user=regress_test_user dbname=postgres'; |
| 325 | + my $publisher_connstr2 = |
| 326 | + $node_publisher1->connstr |
| 327 | + . ' user=regress_test_user dbname=postgres password=secret'; |
| 328 | + |
| 329 | + for my $node ($node_publisher1, $node_subscriber1) |
| 330 | + { |
| 331 | + $node->safe_psql( |
| 332 | + 'postgres', qq( |
| 333 | + CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
| 334 | + GRANT CREATE ON DATABASE postgres TO regress_test_user; |
| 335 | + GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
| 336 | + )); |
| 337 | + } |
| 338 | + |
| 339 | + $node_publisher1->safe_psql( |
326 | 340 | 'postgres', qq( |
327 | | - CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
328 | | - GRANT CREATE ON DATABASE postgres TO regress_test_user; |
329 | | - GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
330 | | - )); |
331 | | -} |
| 341 | + SET SESSION AUTHORIZATION regress_test_user; |
| 342 | + CREATE PUBLICATION regress_test_pub; |
| 343 | + )); |
| 344 | + $node_subscriber1->safe_psql( |
| 345 | + 'postgres', qq( |
| 346 | + CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
| 347 | + )); |
332 | 348 |
|
333 | | -$node_publisher1->safe_psql( |
334 | | - 'postgres', qq( |
335 | | -SET SESSION AUTHORIZATION regress_test_user; |
336 | | -CREATE PUBLICATION regress_test_pub; |
337 | | -)); |
338 | | -$node_subscriber1->safe_psql( |
339 | | - 'postgres', qq( |
340 | | -CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
341 | | -)); |
| 349 | + # Wait for initial sync to finish |
| 350 | + $node_subscriber1->wait_for_subscription_sync($node_publisher1, |
| 351 | + 'regress_test_sub'); |
342 | 352 |
|
343 | | -# Wait for initial sync to finish |
344 | | -$node_subscriber1->wait_for_subscription_sync($node_publisher1, |
345 | | - 'regress_test_sub'); |
346 | | - |
347 | | -# Setup pg_hba configuration so that logical replication connection without |
348 | | -# password is not allowed. |
349 | | -unlink($node_publisher1->data_dir . '/pg_hba.conf'); |
350 | | -$node_publisher1->append_conf('pg_hba.conf', |
351 | | - qq{local all regress_test_user md5}); |
352 | | -$node_publisher1->reload; |
353 | | - |
354 | | -# Change the subscription owner to a non-superuser |
355 | | -$node_subscriber1->safe_psql( |
356 | | - 'postgres', qq( |
357 | | -ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
358 | | -)); |
| 353 | + my $save_pgpassword = $ENV{"PGPASSWORD"}; |
| 354 | + $ENV{"PGPASSWORD"} = 'secret'; |
359 | 355 |
|
360 | | -# Non-superuser must specify password in the connection string |
361 | | -my ($ret, $stdout, $stderr) = $node_subscriber1->psql( |
362 | | - 'postgres', qq( |
363 | | -SET SESSION AUTHORIZATION regress_test_user; |
364 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
365 | | -)); |
366 | | -isnt($ret, 0, |
367 | | - "non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
368 | | -); |
369 | | -ok( $stderr =~ m/DETAIL: Non-superusers must provide a password in the connection string./, |
370 | | - 'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
371 | | -); |
| 356 | + # Setup pg_hba configuration so that logical replication connection without |
| 357 | + # password is not allowed. |
| 358 | + unlink($node_publisher1->data_dir . '/pg_hba.conf'); |
| 359 | + $node_publisher1->append_conf('pg_hba.conf', |
| 360 | + qq{local all regress_test_user md5}); |
| 361 | + $node_publisher1->reload; |
372 | 362 |
|
373 | | -delete $ENV{"PGPASSWORD"}; |
| 363 | + # Change the subscription owner to a non-superuser |
| 364 | + $node_subscriber1->safe_psql( |
| 365 | + 'postgres', qq( |
| 366 | + ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
| 367 | + )); |
374 | 368 |
|
375 | | -# It should succeed after including the password parameter of the connection |
376 | | -# string. |
377 | | -($ret, $stdout, $stderr) = $node_subscriber1->psql( |
378 | | - 'postgres', qq( |
379 | | -SET SESSION AUTHORIZATION regress_test_user; |
380 | | -ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
381 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
382 | | -)); |
383 | | -is($ret, 0, |
384 | | - "Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
385 | | -); |
| 369 | + # Non-superuser must specify password in the connection string |
| 370 | + my ($ret, $stdout, $stderr) = $node_subscriber1->psql( |
| 371 | + 'postgres', qq( |
| 372 | + SET SESSION AUTHORIZATION regress_test_user; |
| 373 | + ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 374 | + )); |
| 375 | + isnt($ret, 0, |
| 376 | + "non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
| 377 | + ); |
| 378 | + ok( $stderr =~ |
| 379 | + m/DETAIL: Non-superusers must provide a password in the connection string./, |
| 380 | + 'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
| 381 | + ); |
| 382 | + |
| 383 | + $ENV{"PGPASSWORD"} = $save_pgpassword; |
| 384 | + |
| 385 | + # It should succeed after including the password parameter of the connection |
| 386 | + # string. |
| 387 | + ($ret, $stdout, $stderr) = $node_subscriber1->psql( |
| 388 | + 'postgres', qq( |
| 389 | + SET SESSION AUTHORIZATION regress_test_user; |
| 390 | + ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
| 391 | + ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 392 | + )); |
| 393 | + is($ret, 0, |
| 394 | + "Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
| 395 | + ); |
| 396 | +} |
386 | 397 | done_testing(); |
0 commit comments