diff options
| author | Jeff Davis <jdavis@postgresql.org> | 2022-01-07 17:38:20 -0800 |
|---|---|---|
| committer | Jeff Davis <jdavis@postgresql.org> | 2022-01-07 17:40:56 -0800 |
| commit | a2ab9c06ea15fbcb2bfde570986a06b37f52bcca (patch) | |
| tree | 8fdee8c9df638b5e0c6850a16ffa2d5677866189 /src/test/perl/PostgreSQL/Test/Cluster.pm | |
| parent | d0d62262d34154965511cfda6b98609d27752d5a (diff) | |
| download | postgresql-a2ab9c06ea15fbcb2bfde570986a06b37f52bcca.tar.gz postgresql-a2ab9c06ea15fbcb2bfde570986a06b37f52bcca.zip | |
Respect permissions within logical replication.
Prevent logical replication workers from performing insert, update,
delete, truncate, or copy commands on tables unless the subscription
owner has permission to do so.
Prevent subscription owners from circumventing row-level security by
forbidding replication into tables with row-level security policies
which the subscription owner is subject to, without regard to whether
the policy would ordinarily allow the INSERT, UPDATE, DELETE or
TRUNCATE which is being replicated. This seems sufficient for now, as
superusers, roles with bypassrls, and target table owners should still
be able to replicate despite RLS policies. We can revisit the
question of applying row-level security policies on a per-row basis if
this restriction proves too severe in practice.
Author: Mark Dilger
Reviewed-by: Jeff Davis, Andrew Dunstan, Ronan Dunklau
Discussion: https://postgr.es/m/9DFC88D3-1300-4DE8-ACBC-4CEF84399A53%40enterprisedb.com
Diffstat (limited to 'src/test/perl/PostgreSQL/Test/Cluster.pm')
| -rw-r--r-- | src/test/perl/PostgreSQL/Test/Cluster.pm | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/test/perl/PostgreSQL/Test/Cluster.pm b/src/test/perl/PostgreSQL/Test/Cluster.pm index 468464d37ef..e18f27276cd 100644 --- a/src/test/perl/PostgreSQL/Test/Cluster.pm +++ b/src/test/perl/PostgreSQL/Test/Cluster.pm @@ -2599,6 +2599,42 @@ sub wait_for_slot_catchup =pod +=item $node->wait_for_log(regexp, offset) + +Waits for the contents of the server log file, starting at the given offset, to +match the supplied regular expression. Checks the entire log if no offset is +given. Times out after 180 seconds. + +If successful, returns the length of the entire log file, in bytes. + +=cut + +sub wait_for_log +{ + my ($self, $regexp, $offset) = @_; + $offset = 0 unless defined $offset; + + my $max_attempts = 180 * 10; + my $attempts = 0; + + while ($attempts < $max_attempts) + { + my $log = PostgreSQL::Test::Utils::slurp_file($self->logfile, $offset); + + return $offset+length($log) if ($log =~ m/$regexp/); + + # Wait 0.1 second before retrying. + usleep(100_000); + + $attempts++; + } + + # The logs didn't match within 180 seconds. Give up. + croak "timed out waiting for match: $regexp"; +} + +=pod + =item $node->query_hash($dbname, $query, @columns) Execute $query on $dbname, replacing any appearance of the string __COLUMNS__ |