Switch TAP tests of pg_rewind to use non-superuser role, take two

Up to now the tests of pg_rewind have been using a superuser for all its
tests (which is the default of many tests actually, and something that
ought to be reviewed) when involving an online source server, still it
is possible to use a non-superuser role to do that as long as this role
is granted permissions to execute all the source-side functions used for
the rewind.  This is possible since v11, and was already documented as
of bfc8068.

PostgresNode::init is extended so as callers of this routine can add
extra options to configure the authentication of a new node, which gets
used by this commit, and allows the tests to work properly on Windows
where SSPI is used.

This will allow to catch up easily any change in pg_rewind if the tool
begins to use more backend-side functions, so as the properties
introduced by v11 are kept.

Per suggestion from Peter Eisentraut.

Author: Michael Paquier
Reviewed-by: Magnus Hagander
Discussion: https://postgr.es/m/20190411041336.GM2728@paquier.xyz

diff --git a/src/bin/pg_rewind/t/RewindTest.pm b/src/bin/pg_rewind/t/RewindTest.pm
index 900d452d8b765d307162419a7c62ee2b71dd1d88..f477ffab1dac2a3206c27cd1d7ba1471273124bf 100644 (file)
--- a/src/bin/pg_rewind/t/RewindTest.pm
+++ b/src/bin/pg_rewind/t/RewindTest.pm
@@ -129,7 +129,12 @@ sub setup_cluster
        # Initialize master, data checksums are mandatory
        $node_master =
          get_new_node('master' . ($extra_name ? "_${extra_name}" : ''));
-       $node_master->init(allows_streaming => 1, extra => $extra);
+
+       # Set up pg_hba.conf and pg_ident.conf for the role running
+       # pg_rewind.  This role is used for all the tests, and has
+       # minimal permissions enough to rewind from an online source.
+       $node_master->init(allows_streaming => 1, extra => $extra,
+         auth_extra => ['--create-role', 'rewind_user']);
 
        # Set wal_keep_segments to prevent WAL segment recycling after enforced
        # checkpoints in the tests.
@@ -144,6 +149,19 @@ sub start_master
 {
        $node_master->start;
 
+       # Create custom role which is used to run pg_rewind, and adjust its
+       # permissions to the minimum necessary.
+       $node_master->psql('postgres', "
+               CREATE ROLE rewind_user LOGIN;
+               GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean)
+                 TO rewind_user;
+               GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean)
+                 TO rewind_user;
+               GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text)
+                 TO rewind_user;
+               GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean)
+                 TO rewind_user;");
+
        #### Now run the test-specific parts to initialize the master before setting
        # up standby
 
@@ -207,6 +225,9 @@ sub run_pg_rewind
        my $standby_connstr = $node_standby->connstr('postgres');
        my $tmp_folder      = TestLib::tempdir;
 
+       # Append the rewind-specific role to the connection string.
+       $standby_connstr = "$standby_connstr user=rewind_user";
+
        # Stop the master and be ready to perform the rewind
        $node_master->stop;
 

diff --git a/src/test/perl/PostgresNode.pm b/src/test/perl/PostgresNode.pm
index 61d78ad4c0d910cf5dcd0275031cfa8ff19bf5f3..d29889d3257f8f1f5e701681f66424ba0a04f571 100644 (file)
--- a/src/test/perl/PostgresNode.pm
+++ b/src/test/perl/PostgresNode.pm
@@ -441,7 +441,8 @@ sub init
 
        TestLib::system_or_bail('initdb', '-D', $pgdata, '-A', 'trust', '-N',
                @{ $params{extra} });
-       TestLib::system_or_bail($ENV{PG_REGRESS}, '--config-auth', $pgdata);
+       TestLib::system_or_bail($ENV{PG_REGRESS}, '--config-auth', $pgdata,
+               @{ $params{auth_extra} });
 
        open my $conf, '>>', "$pgdata/postgresql.conf";
        print $conf "\n# Added by PostgresNode.pm\n";