On Mon, Apr 08, 2019 at 10:03:48AM +0200, Peter Eisentraut wrote: > How about some tests to show that this is actually true?
Sure. With something like the attached? I don't think that there is much point to complicate the test code with multiple roles if the default is a superuser. -- Michael
diff --git a/src/bin/pg_rewind/t/RewindTest.pm b/src/bin/pg_rewind/t/RewindTest.pm
index 900d452d8b..618de85161 100644
--- a/src/bin/pg_rewind/t/RewindTest.pm
+++ b/src/bin/pg_rewind/t/RewindTest.pm
@@ -144,6 +144,20 @@ sub start_master
{
$node_master->start;
+ # Create a custom role which will be used to run pg_rewind. This has
+ # minimal permissions to make pg_rewind able to work with an online
+ # source.
+ $node_master->psql('postgres', "
+ CREATE ROLE rewind_user LOGIN;
+ GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean)
+ TO rewind_user;
+ GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean)
+ TO rewind_user;
+ GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text)
+ TO rewind_user;
+ GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean)
+ TO rewind_user;");
+
#### Now run the test-specific parts to initialize the master before setting
# up standby
@@ -207,6 +221,9 @@ sub run_pg_rewind
my $standby_connstr = $node_standby->connstr('postgres');
my $tmp_folder = TestLib::tempdir;
+ # Append the rewind role to the connection string.
+ $standby_connstr = "$standby_connstr user=rewind_user";
+
# Stop the master and be ready to perform the rewind
$node_master->stop;
signature.asc
Description: PGP signature
