diff --git a/src/bin/pg_rewind/t/RewindTest.pm b/src/bin/pg_rewind/t/RewindTest.pm index 900d452d8b7..f477ffab1da 100644 --- a/src/bin/pg_rewind/t/RewindTest.pm +++ b/src/bin/pg_rewind/t/RewindTest.pm @@ -129,7 +129,12 @@ sub setup_cluster # Initialize master, data checksums are mandatory $node_master = get_new_node('master' . ($extra_name ? "_${extra_name}" : '')); - $node_master->init(allows_streaming => 1, extra => $extra); + + # Set up pg_hba.conf and pg_ident.conf for the role running + # pg_rewind. This role is used for all the tests, and has + # minimal permissions enough to rewind from an online source. + $node_master->init(allows_streaming => 1, extra => $extra, + auth_extra => ['--create-role', 'rewind_user']); # Set wal_keep_segments to prevent WAL segment recycling after enforced # checkpoints in the tests. @@ -144,6 +149,19 @@ sub start_master { $node_master->start; + # Create custom role which is used to run pg_rewind, and adjust its + # permissions to the minimum necessary. + $node_master->psql('postgres', " + CREATE ROLE rewind_user LOGIN; + GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean) + TO rewind_user; + GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean) + TO rewind_user; + GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text) + TO rewind_user; + GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean) + TO rewind_user;"); + #### Now run the test-specific parts to initialize the master before setting # up standby @@ -207,6 +225,9 @@ sub run_pg_rewind my $standby_connstr = $node_standby->connstr('postgres'); my $tmp_folder = TestLib::tempdir; + # Append the rewind-specific role to the connection string. + $standby_connstr = "$standby_connstr user=rewind_user"; + # Stop the master and be ready to perform the rewind $node_master->stop; diff --git a/src/test/perl/PostgresNode.pm b/src/test/perl/PostgresNode.pm index 61d78ad4c0d..d29889d3257 100644 --- a/src/test/perl/PostgresNode.pm +++ b/src/test/perl/PostgresNode.pm @@ -441,7 +441,8 @@ sub init TestLib::system_or_bail('initdb', '-D', $pgdata, '-A', 'trust', '-N', @{ $params{extra} }); - TestLib::system_or_bail($ENV{PG_REGRESS}, '--config-auth', $pgdata); + TestLib::system_or_bail($ENV{PG_REGRESS}, '--config-auth', $pgdata, + @{ $params{auth_extra} }); open my $conf, '>>', "$pgdata/postgresql.conf"; print $conf "\n# Added by PostgresNode.pm\n";