Thu Mar 1 13:02:33 PST 2007
- Previous message: [Slony1-commit] slony1-engine/tests/testdatestyles gen_weak_user.sh
- Next message: [Slony1-commit] slony1-engine/tests/testddl gen_weak_user.sh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Update of /home/cvsd/slony1/slony1-engine/tests
In directory main:/tmp/cvs-serv8746/tests
Modified Files:
README run_test.sh settings.ik
Log Message:
Add tests to the testbed that confirm the minimal permissions required
by those Slony-I connections stored in sl_path.
Index: settings.ik
===================================================================
RCS file: /home/cvsd/slony1/slony1-engine/tests/settings.ik,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** settings.ik 13 Dec 2005 21:45:55 -0000 1.4
--- settings.ik 1 Mar 2007 21:02:31 -0000 1.5
***************
*** 13,16 ****
--- 13,17 ----
HOST1=${HOST1:-"localhost"}
USER1=${USER1:-${PGUSER:-"postgres"}}
+ WEAKUSER1=${WEAKUSER1:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT1=${PORT1:-${PGPORT:-"5432"}}
PGBINDIR1=${PGBINDIR1:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 19,22 ****
--- 20,24 ----
HOST2=${HOST2:-"localhost"}
USER2=${USER2:-${PGUSER:-"postgres"}}
+ WEAKUSER2=${WEAKUSER2:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT2=${PORT2:-${PGPORT:-"5432"}}
PGBINDIR2=${PGBINDIR2:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 25,28 ****
--- 27,31 ----
HOST3=${HOST3:-"localhost"}
USER3=${USER3:-${PGUSER:-"postgres"}}
+ WEAKUSER3=${WEAKUSER3:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT3=${PORT3:-${PGPORT:-"5432"}}
PGBINDIR3=${PGBINDIR3:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 31,34 ****
--- 34,38 ----
HOST4=${HOST4:-"localhost"}
USER4=${USER4:-${PGUSER:-"postgres"}}
+ WEAKUSER4=${WEAKUSER4:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT4=${PORT4:-${PGPORT:-"5432"}}
PGBINDIR4=${PGBINDIR4:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 37,40 ****
--- 41,45 ----
HOST5=${HOST5:-"localhost"}
USER5=${USER5:-${PGUSER:-"postgres"}}
+ WEAKUSER5=${WEAKUSER5:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT5=${PORT5:-${PGPORT:-"5432"}}
PGBINDIR5=${PGBINDIR5:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 43,46 ****
--- 48,52 ----
HOST6=${HOST6:-"localhost"}
USER6=${USER6:-${PGUSER:-"postgres"}}
+ WEAKUSER6=${WEAKUSER6:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT6=${PORT6:-${PGPORT:-"5432"}}
PGBINDIR6=${PGBINDIR6:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 49,52 ****
--- 55,59 ----
HOST7=${HOST7:-"localhost"}
USER7=${USER7:-${PGUSER:-"postgres"}}
+ WEAKUSER7=${WEAKUSER7:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT7=${PORT7:-${PGPORT:-"5432"}}
PGBINDIR7=${PGBINDIR7:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 55,58 ****
--- 62,66 ----
HOST8=${HOST8:-"localhost"}
USER8=${USER8:-${PGUSER:-"postgres"}}
+ WEAKUSER8=${WEAKUSER8:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT8=${PORT8:-${PGPORT:-"5432"}}
PGBINDIR8=${PGBINDIR8:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 61,64 ****
--- 69,73 ----
HOST9=${HOST9:-"localhost"}
USER9=${USER9:-${PGUSER:-"postgres"}}
+ WEAKUSER9=${WEAKUSER9:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT9=${PORT9:-${PGPORT:-"5432"}}
PGBINDIR9=${PGBINDIR9:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 67,70 ****
--- 76,80 ----
HOST10=${HOST10:-"localhost"}
USER10=${USER10:-${PGUSER:-"postgres"}}
+ WEAKUSER10=${WEAKUSER01:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT10=${PORT10:-${PGPORT:-"5432"}}
PGBINDIR10=${PGBINDIR10:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 73,76 ****
--- 83,87 ----
HOST11=${HOST11:-"localhost"}
USER11=${USER11:-${PGUSER:-"postgres"}}
+ WEAKUSER11=${WEAKUSER11:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT11=${PORT11:-${PGPORT:-"5432"}}
PGBINDIR11=${PGBINDIR11:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 79,82 ****
--- 90,94 ----
HOST12=${HOST12:-"localhost"}
USER12=${USER12:-${PGUSER:-"postgres"}}
+ WEAKUSER12=${WEAKUSER12:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT12=${PORT12:-${PGPORT:-"5432"}}
PGBINDIR12=${PGBINDIR12:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
***************
*** 85,88 ****
--- 97,101 ----
HOST13=${HOST13:-"localhost"}
USER13=${USER13:-${PGUSER:-"postgres"}}
+ WEAKUSER13=${WEAKUSER13:-${WEAKUSER:-${PGUSER:-"weakuser"}}}
PORT13=${PORT13:-${PGPORT:-"5432"}}
PGBINDIR13=${PGBINDIR13:-${PGBINDIR:-"/usr/local/pgsql/bin"}}
Index: README
===================================================================
RCS file: /home/cvsd/slony1/slony1-engine/tests/README,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** README 17 Mar 2006 19:11:47 -0000 1.3
--- README 1 Mar 2007 21:02:31 -0000 1.4
***************
*** 36,43 ****
PGUSER
By default, the user postgres is used; this is taken as the default user
! ID to use for all of the databases.
There are also variables USER1 thru USER13 which allow specifying a
separate user name for each database instance. As always, with Slony-I,
this needs to be a PostgreSQL "superuser."
HOST
By default, localhost is used.
--- 36,47 ----
PGUSER
By default, the user postgres is used; this is taken as the default user
! ID to use for all of the databases as the 'generic' user and as the user
! that a slon connects to its node as.
There are also variables USER1 thru USER13 which allow specifying a
separate user name for each database instance. As always, with Slony-I,
this needs to be a PostgreSQL "superuser."
+ WEAKUSER
+ By default, this user is 'weakuser'. It is set up to have read-only
+ permissions on the Slony-I schema and on the replicated tables.
HOST
By default, localhost is used.
Index: run_test.sh
===================================================================
RCS file: /home/cvsd/slony1/slony1-engine/tests/run_test.sh,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** run_test.sh 9 Jun 2006 17:12:20 -0000 1.11
--- run_test.sh 1 Mar 2007 21:02:31 -0000 1.12
***************
*** 210,217 ****
eval bdb=\$DB${j}
eval bhost=\$HOST${j}
! eval buser=\$USER${j}
eval bport=\$PORT${j}
if [ -n "${bdb}" -a "${bhost}" -a "${buser}" -a "${bport}" ]; then
! echo "STORE PATH (SERVER=${i}, CLIENT=${j}, CONNINFO='dbname=${db} host=${host} user=${user} port=${port}');" >> $mktmp/slonik.script
else
err 3 "No conninfo"
--- 210,217 ----
eval bdb=\$DB${j}
eval bhost=\$HOST${j}
! eval buser=\$WEAKUSER${j}
eval bport=\$PORT${j}
if [ -n "${bdb}" -a "${bhost}" -a "${buser}" -a "${bport}" ]; then
! echo "STORE PATH (SERVER=${i}, CLIENT=${j}, CONNINFO='dbname=${db} host=${host} user=${buser} port=${port}');" >> $mktmp/slonik.script
else
err 3 "No conninfo"
***************
*** 241,244 ****
--- 241,245 ----
eval host=\$HOST${originnode}
eval user=\$USER${originnode}
+ eval weakuser=\$WEAKUSER${originnode}
eval pgbindir=\$PGBINDIR${originnode}
eval port=\$PORT${originnode}
***************
*** 257,260 ****
--- 258,264 ----
status "loading origin DB with $testname/init_schema.sql"
$pgbindir/psql -h $host -p $port $db $user < $testname/init_schema.sql 1> ${mktmp}/init_schema.sql.${originnode} 2>${mktmp}/init_schema.sql.${originnode}
+ status "setting up user ${weakuser} to have weak access to data"
+ . ${testname}/gen_weak_user.sh ${weakuser} > ${mktmp}/grant_weak_access.sql
+ $pgbindir/psql -h $host -p $port -d $db -U $user < ${mktmp}/grant_weak_access.sql > ${mktmp}/genweakuser.sql.${originnode} 2> ${mktmp}/genweakuser.sql.${originnode}
status "done"
}
***************
*** 266,269 ****
--- 270,274 ----
eval ohost=\$HOST${originnode}
eval ouser=\$USER${originnode}
+ eval oweakuser=\$WEAKUSER${originnode}
eval opgbindir=\$PGBINDIR${originnode}
eval oport=\$PORT${originnode}
***************
*** 275,278 ****
--- 280,284 ----
eval host=\$HOST${alias}
eval user=\$USER${alias}
+ eval weakuser=\$WEAKUSER${alias}
eval pgbindir=\$PGBINDIR${alias}
eval port=\$PORT${alias}
***************
*** 303,306 ****
--- 309,349 ----
}
+ generate_weak_slony_grants ()
+ {
+ alias=1
+
+ ROTBLS="sl_action_seq sl_config_lock sl_confirm sl_event
+ sl_event_seq sl_listen sl_local_node_id sl_log_1 sl_log_2
+ sl_log_status sl_node sl_path sl_registry
+ sl_rowid_seq sl_seqlastvalue sl_seqlog sl_sequence sl_set sl_setsync
+ sl_status sl_subscribe sl_table sl_trigger"
+
+ RWTBLS="sl_nodelock sl_nodelock_nl_conncnt_seq"
+
+ while : ; do
+ eval db=\$DB${alias}
+ eval host=\$HOST${alias}
+ eval user=\$USER${alias}
+ eval weakuser=\$WEAKUSER${alias}
+ eval pgbindir=\$PGBINDIR${alias}
+ eval port=\$PORT${alias}
+
+ if [ -n "${db}" -a "${host}" -a "${user}" -a "${port}" ]; then
+ $pgbindir/psql -h $host -p $port -U $user -d $db -c "grant usage on schema \"_${CLUSTER1}\" to ${weakuser};" > /dev/null 2> /dev/null
+ for table in `echo $ROTBLS`; do
+ $pgbindir/psql -h $host -p $port -U $user -d $db -c "grant select on \"_${CLUSTER1}\".${table} to ${weakuser};" > /dev/null 2> /dev/null
+ done
+ for table in `echo $RWTBLS`; do
+ $pgbindir/psql -h $host -p $port -U $user -d $db -c "grant all on \"_${CLUSTER1}\".${table} to ${weakuser};" > /dev/null 2> /dev/null
+ done
+ fi
+ if [ ${alias} -ge ${NUMNODES} ]; then
+ break;
+ else
+ alias=$((${alias} + 1))
+ fi
+ done
+ }
+
drop_databases()
{
***************
*** 523,527 ****
break;
else
! alias=expr ${alias} + 1
fi
else
--- 566,570 ----
break;
else
! alias=`expr ${alias} + 1`
fi
else
***************
*** 663,666 ****
--- 706,713 ----
status "done"
+ status "Granting weak access on Slony-I schema"
+ generate_weak_slony_grants
+ status "done"
+
status "storing paths"
init_preamble
- Previous message: [Slony1-commit] slony1-engine/tests/testdatestyles gen_weak_user.sh
- Next message: [Slony1-commit] slony1-engine/tests/testddl gen_weak_user.sh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-commit mailing list