|
5 | 5 | use strict; |
6 | 6 | use warnings FATAL => 'all'; |
7 | 7 | use PostgreSQL::Test::Cluster; |
| 8 | +use PostgreSQL::Test::Utils; |
8 | 9 | use Test::More; |
9 | 10 |
|
10 | 11 | my ($node_publisher, $node_subscriber, $publisher_connstr, $result, $offset); |
@@ -330,81 +331,91 @@ sub grant_superuser |
330 | 331 | # If the subscription connection requires a password ('password_required' |
331 | 332 | # is true) then a non-superuser must specify that password in the connection |
332 | 333 | # string. |
333 | | -$ENV{"PGPASSWORD"} = 'secret'; |
334 | | - |
335 | | -my $node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
336 | | -my $node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
337 | | -$node_publisher1->init(allows_streaming => 'logical'); |
338 | | -$node_subscriber1->init; |
339 | | -$node_publisher1->start; |
340 | | -$node_subscriber1->start; |
341 | | -my $publisher_connstr1 = |
342 | | - $node_publisher1->connstr . ' user=regress_test_user dbname=postgres'; |
343 | | -my $publisher_connstr2 = |
344 | | - $node_publisher1->connstr |
345 | | - . ' user=regress_test_user dbname=postgres password=secret'; |
346 | | - |
347 | | -for my $node ($node_publisher1, $node_subscriber1) |
| 334 | +SKIP: |
348 | 335 | { |
349 | | - $node->safe_psql( |
| 336 | + skip |
| 337 | + "subscription password_required test cannot run without Unix-domain sockets", |
| 338 | + 3 |
| 339 | + unless $use_unix_sockets; |
| 340 | + |
| 341 | + my $node_publisher1 = PostgreSQL::Test::Cluster->new('publisher1'); |
| 342 | + my $node_subscriber1 = PostgreSQL::Test::Cluster->new('subscriber1'); |
| 343 | + $node_publisher1->init(allows_streaming => 'logical'); |
| 344 | + $node_subscriber1->init; |
| 345 | + $node_publisher1->start; |
| 346 | + $node_subscriber1->start; |
| 347 | + my $publisher_connstr1 = |
| 348 | + $node_publisher1->connstr . ' user=regress_test_user dbname=postgres'; |
| 349 | + my $publisher_connstr2 = |
| 350 | + $node_publisher1->connstr |
| 351 | + . ' user=regress_test_user dbname=postgres password=secret'; |
| 352 | + |
| 353 | + for my $node ($node_publisher1, $node_subscriber1) |
| 354 | + { |
| 355 | + $node->safe_psql( |
| 356 | + 'postgres', qq( |
| 357 | + CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
| 358 | + GRANT CREATE ON DATABASE postgres TO regress_test_user; |
| 359 | + GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
| 360 | + )); |
| 361 | + } |
| 362 | + |
| 363 | + $node_publisher1->safe_psql( |
350 | 364 | 'postgres', qq( |
351 | | - CREATE ROLE regress_test_user PASSWORD 'secret' LOGIN REPLICATION; |
352 | | - GRANT CREATE ON DATABASE postgres TO regress_test_user; |
353 | | - GRANT PG_CREATE_SUBSCRIPTION TO regress_test_user; |
354 | | - )); |
355 | | -} |
| 365 | + SET SESSION AUTHORIZATION regress_test_user; |
| 366 | + CREATE PUBLICATION regress_test_pub; |
| 367 | + )); |
| 368 | + $node_subscriber1->safe_psql( |
| 369 | + 'postgres', qq( |
| 370 | + CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
| 371 | + )); |
356 | 372 |
|
357 | | -$node_publisher1->safe_psql( |
358 | | - 'postgres', qq( |
359 | | -SET SESSION AUTHORIZATION regress_test_user; |
360 | | -CREATE PUBLICATION regress_test_pub; |
361 | | -)); |
362 | | -$node_subscriber1->safe_psql( |
363 | | - 'postgres', qq( |
364 | | -CREATE SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr1' PUBLICATION regress_test_pub; |
365 | | -)); |
| 373 | + # Wait for initial sync to finish |
| 374 | + $node_subscriber1->wait_for_subscription_sync($node_publisher1, |
| 375 | + 'regress_test_sub'); |
366 | 376 |
|
367 | | -# Wait for initial sync to finish |
368 | | -$node_subscriber1->wait_for_subscription_sync($node_publisher1, |
369 | | - 'regress_test_sub'); |
370 | | - |
371 | | -# Setup pg_hba configuration so that logical replication connection without |
372 | | -# password is not allowed. |
373 | | -unlink($node_publisher1->data_dir . '/pg_hba.conf'); |
374 | | -$node_publisher1->append_conf('pg_hba.conf', |
375 | | - qq{local all regress_test_user md5}); |
376 | | -$node_publisher1->reload; |
377 | | - |
378 | | -# Change the subscription owner to a non-superuser |
379 | | -$node_subscriber1->safe_psql( |
380 | | - 'postgres', qq( |
381 | | -ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
382 | | -)); |
| 377 | + my $save_pgpassword = $ENV{"PGPASSWORD"}; |
| 378 | + $ENV{"PGPASSWORD"} = 'secret'; |
383 | 379 |
|
384 | | -# Non-superuser must specify password in the connection string |
385 | | -my ($ret, $stdout, $stderr) = $node_subscriber1->psql( |
386 | | - 'postgres', qq( |
387 | | -SET SESSION AUTHORIZATION regress_test_user; |
388 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
389 | | -)); |
390 | | -isnt($ret, 0, |
391 | | - "non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
392 | | -); |
393 | | -ok( $stderr =~ m/DETAIL: Non-superusers must provide a password in the connection string./, |
394 | | - 'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
395 | | -); |
| 380 | + # Setup pg_hba configuration so that logical replication connection without |
| 381 | + # password is not allowed. |
| 382 | + unlink($node_publisher1->data_dir . '/pg_hba.conf'); |
| 383 | + $node_publisher1->append_conf('pg_hba.conf', |
| 384 | + qq{local all regress_test_user md5}); |
| 385 | + $node_publisher1->reload; |
396 | 386 |
|
397 | | -delete $ENV{"PGPASSWORD"}; |
| 387 | + # Change the subscription owner to a non-superuser |
| 388 | + $node_subscriber1->safe_psql( |
| 389 | + 'postgres', qq( |
| 390 | + ALTER SUBSCRIPTION regress_test_sub OWNER TO regress_test_user; |
| 391 | + )); |
398 | 392 |
|
399 | | -# It should succeed after including the password parameter of the connection |
400 | | -# string. |
401 | | -($ret, $stdout, $stderr) = $node_subscriber1->psql( |
402 | | - 'postgres', qq( |
403 | | -SET SESSION AUTHORIZATION regress_test_user; |
404 | | -ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
405 | | -ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
406 | | -)); |
407 | | -is($ret, 0, |
408 | | - "Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
409 | | -); |
| 393 | + # Non-superuser must specify password in the connection string |
| 394 | + my ($ret, $stdout, $stderr) = $node_subscriber1->psql( |
| 395 | + 'postgres', qq( |
| 396 | + SET SESSION AUTHORIZATION regress_test_user; |
| 397 | + ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 398 | + )); |
| 399 | + isnt($ret, 0, |
| 400 | + "non zero exit for subscription whose owner is a non-superuser must specify password parameter of the connection string" |
| 401 | + ); |
| 402 | + ok( $stderr =~ |
| 403 | + m/DETAIL: Non-superusers must provide a password in the connection string./, |
| 404 | + 'subscription whose owner is a non-superuser must specify password parameter of the connection string' |
| 405 | + ); |
| 406 | + |
| 407 | + $ENV{"PGPASSWORD"} = $save_pgpassword; |
| 408 | + |
| 409 | + # It should succeed after including the password parameter of the connection |
| 410 | + # string. |
| 411 | + ($ret, $stdout, $stderr) = $node_subscriber1->psql( |
| 412 | + 'postgres', qq( |
| 413 | + SET SESSION AUTHORIZATION regress_test_user; |
| 414 | + ALTER SUBSCRIPTION regress_test_sub CONNECTION '$publisher_connstr2'; |
| 415 | + ALTER SUBSCRIPTION regress_test_sub REFRESH PUBLICATION; |
| 416 | + )); |
| 417 | + is($ret, 0, |
| 418 | + "Non-superuser will be able to refresh the publication after specifying the password parameter of the connection string" |
| 419 | + ); |
| 420 | +} |
410 | 421 | done_testing(); |
0 commit comments