Thu Mar 1 13:02:33 PST 2007
- Previous message: [Slony1-commit] slony1-engine/tests/testdatestyles gen_weak_user.sh
- Next message: [Slony1-commit] slony1-engine/tests/testddl gen_weak_user.sh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Update of /home/cvsd/slony1/slony1-engine/tests In directory main:/tmp/cvs-serv8746/tests Modified Files: README run_test.sh settings.ik Log Message: Add tests to the testbed that confirm the minimal permissions required by those Slony-I connections stored in sl_path. Index: settings.ik =================================================================== RCS file: /home/cvsd/slony1/slony1-engine/tests/settings.ik,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** settings.ik 13 Dec 2005 21:45:55 -0000 1.4 --- settings.ik 1 Mar 2007 21:02:31 -0000 1.5 *************** *** 13,16 **** --- 13,17 ---- HOST1=${HOST1:-"localhost"} USER1=${USER1:-${PGUSER:-"postgres"}} + WEAKUSER1=${WEAKUSER1:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT1=${PORT1:-${PGPORT:-"5432"}} PGBINDIR1=${PGBINDIR1:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 19,22 **** --- 20,24 ---- HOST2=${HOST2:-"localhost"} USER2=${USER2:-${PGUSER:-"postgres"}} + WEAKUSER2=${WEAKUSER2:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT2=${PORT2:-${PGPORT:-"5432"}} PGBINDIR2=${PGBINDIR2:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 25,28 **** --- 27,31 ---- HOST3=${HOST3:-"localhost"} USER3=${USER3:-${PGUSER:-"postgres"}} + WEAKUSER3=${WEAKUSER3:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT3=${PORT3:-${PGPORT:-"5432"}} PGBINDIR3=${PGBINDIR3:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 31,34 **** --- 34,38 ---- HOST4=${HOST4:-"localhost"} USER4=${USER4:-${PGUSER:-"postgres"}} + WEAKUSER4=${WEAKUSER4:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT4=${PORT4:-${PGPORT:-"5432"}} PGBINDIR4=${PGBINDIR4:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 37,40 **** --- 41,45 ---- HOST5=${HOST5:-"localhost"} USER5=${USER5:-${PGUSER:-"postgres"}} + WEAKUSER5=${WEAKUSER5:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT5=${PORT5:-${PGPORT:-"5432"}} PGBINDIR5=${PGBINDIR5:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 43,46 **** --- 48,52 ---- HOST6=${HOST6:-"localhost"} USER6=${USER6:-${PGUSER:-"postgres"}} + WEAKUSER6=${WEAKUSER6:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT6=${PORT6:-${PGPORT:-"5432"}} PGBINDIR6=${PGBINDIR6:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 49,52 **** --- 55,59 ---- HOST7=${HOST7:-"localhost"} USER7=${USER7:-${PGUSER:-"postgres"}} + WEAKUSER7=${WEAKUSER7:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT7=${PORT7:-${PGPORT:-"5432"}} PGBINDIR7=${PGBINDIR7:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 55,58 **** --- 62,66 ---- HOST8=${HOST8:-"localhost"} USER8=${USER8:-${PGUSER:-"postgres"}} + WEAKUSER8=${WEAKUSER8:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT8=${PORT8:-${PGPORT:-"5432"}} PGBINDIR8=${PGBINDIR8:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 61,64 **** --- 69,73 ---- HOST9=${HOST9:-"localhost"} USER9=${USER9:-${PGUSER:-"postgres"}} + WEAKUSER9=${WEAKUSER9:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT9=${PORT9:-${PGPORT:-"5432"}} PGBINDIR9=${PGBINDIR9:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 67,70 **** --- 76,80 ---- HOST10=${HOST10:-"localhost"} USER10=${USER10:-${PGUSER:-"postgres"}} + WEAKUSER10=${WEAKUSER01:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT10=${PORT10:-${PGPORT:-"5432"}} PGBINDIR10=${PGBINDIR10:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 73,76 **** --- 83,87 ---- HOST11=${HOST11:-"localhost"} USER11=${USER11:-${PGUSER:-"postgres"}} + WEAKUSER11=${WEAKUSER11:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT11=${PORT11:-${PGPORT:-"5432"}} PGBINDIR11=${PGBINDIR11:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 79,82 **** --- 90,94 ---- HOST12=${HOST12:-"localhost"} USER12=${USER12:-${PGUSER:-"postgres"}} + WEAKUSER12=${WEAKUSER12:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT12=${PORT12:-${PGPORT:-"5432"}} PGBINDIR12=${PGBINDIR12:-${PGBINDIR:-"/usr/local/pgsql/bin"}} *************** *** 85,88 **** --- 97,101 ---- HOST13=${HOST13:-"localhost"} USER13=${USER13:-${PGUSER:-"postgres"}} + WEAKUSER13=${WEAKUSER13:-${WEAKUSER:-${PGUSER:-"weakuser"}}} PORT13=${PORT13:-${PGPORT:-"5432"}} PGBINDIR13=${PGBINDIR13:-${PGBINDIR:-"/usr/local/pgsql/bin"}} Index: README =================================================================== RCS file: /home/cvsd/slony1/slony1-engine/tests/README,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** README 17 Mar 2006 19:11:47 -0000 1.3 --- README 1 Mar 2007 21:02:31 -0000 1.4 *************** *** 36,43 **** PGUSER By default, the user postgres is used; this is taken as the default user ! ID to use for all of the databases. There are also variables USER1 thru USER13 which allow specifying a separate user name for each database instance. As always, with Slony-I, this needs to be a PostgreSQL "superuser." HOST By default, localhost is used. --- 36,47 ---- PGUSER By default, the user postgres is used; this is taken as the default user ! ID to use for all of the databases as the 'generic' user and as the user ! that a slon connects to its node as. There are also variables USER1 thru USER13 which allow specifying a separate user name for each database instance. As always, with Slony-I, this needs to be a PostgreSQL "superuser." + WEAKUSER + By default, this user is 'weakuser'. It is set up to have read-only + permissions on the Slony-I schema and on the replicated tables. HOST By default, localhost is used. Index: run_test.sh =================================================================== RCS file: /home/cvsd/slony1/slony1-engine/tests/run_test.sh,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** run_test.sh 9 Jun 2006 17:12:20 -0000 1.11 --- run_test.sh 1 Mar 2007 21:02:31 -0000 1.12 *************** *** 210,217 **** eval bdb=\$DB${j} eval bhost=\$HOST${j} ! eval buser=\$USER${j} eval bport=\$PORT${j} if [ -n "${bdb}" -a "${bhost}" -a "${buser}" -a "${bport}" ]; then ! echo "STORE PATH (SERVER=${i}, CLIENT=${j}, CONNINFO='dbname=${db} host=${host} user=${user} port=${port}');" >> $mktmp/slonik.script else err 3 "No conninfo" --- 210,217 ---- eval bdb=\$DB${j} eval bhost=\$HOST${j} ! eval buser=\$WEAKUSER${j} eval bport=\$PORT${j} if [ -n "${bdb}" -a "${bhost}" -a "${buser}" -a "${bport}" ]; then ! echo "STORE PATH (SERVER=${i}, CLIENT=${j}, CONNINFO='dbname=${db} host=${host} user=${buser} port=${port}');" >> $mktmp/slonik.script else err 3 "No conninfo" *************** *** 241,244 **** --- 241,245 ---- eval host=\$HOST${originnode} eval user=\$USER${originnode} + eval weakuser=\$WEAKUSER${originnode} eval pgbindir=\$PGBINDIR${originnode} eval port=\$PORT${originnode} *************** *** 257,260 **** --- 258,264 ---- status "loading origin DB with $testname/init_schema.sql" $pgbindir/psql -h $host -p $port $db $user < $testname/init_schema.sql 1> ${mktmp}/init_schema.sql.${originnode} 2>${mktmp}/init_schema.sql.${originnode} + status "setting up user ${weakuser} to have weak access to data" + . ${testname}/gen_weak_user.sh ${weakuser} > ${mktmp}/grant_weak_access.sql + $pgbindir/psql -h $host -p $port -d $db -U $user < ${mktmp}/grant_weak_access.sql > ${mktmp}/genweakuser.sql.${originnode} 2> ${mktmp}/genweakuser.sql.${originnode} status "done" } *************** *** 266,269 **** --- 270,274 ---- eval ohost=\$HOST${originnode} eval ouser=\$USER${originnode} + eval oweakuser=\$WEAKUSER${originnode} eval opgbindir=\$PGBINDIR${originnode} eval oport=\$PORT${originnode} *************** *** 275,278 **** --- 280,284 ---- eval host=\$HOST${alias} eval user=\$USER${alias} + eval weakuser=\$WEAKUSER${alias} eval pgbindir=\$PGBINDIR${alias} eval port=\$PORT${alias} *************** *** 303,306 **** --- 309,349 ---- } + generate_weak_slony_grants () + { + alias=1 + + ROTBLS="sl_action_seq sl_config_lock sl_confirm sl_event + sl_event_seq sl_listen sl_local_node_id sl_log_1 sl_log_2 + sl_log_status sl_node sl_path sl_registry + sl_rowid_seq sl_seqlastvalue sl_seqlog sl_sequence sl_set sl_setsync + sl_status sl_subscribe sl_table sl_trigger" + + RWTBLS="sl_nodelock sl_nodelock_nl_conncnt_seq" + + while : ; do + eval db=\$DB${alias} + eval host=\$HOST${alias} + eval user=\$USER${alias} + eval weakuser=\$WEAKUSER${alias} + eval pgbindir=\$PGBINDIR${alias} + eval port=\$PORT${alias} + + if [ -n "${db}" -a "${host}" -a "${user}" -a "${port}" ]; then + $pgbindir/psql -h $host -p $port -U $user -d $db -c "grant usage on schema \"_${CLUSTER1}\" to ${weakuser};" > /dev/null 2> /dev/null + for table in `echo $ROTBLS`; do + $pgbindir/psql -h $host -p $port -U $user -d $db -c "grant select on \"_${CLUSTER1}\".${table} to ${weakuser};" > /dev/null 2> /dev/null + done + for table in `echo $RWTBLS`; do + $pgbindir/psql -h $host -p $port -U $user -d $db -c "grant all on \"_${CLUSTER1}\".${table} to ${weakuser};" > /dev/null 2> /dev/null + done + fi + if [ ${alias} -ge ${NUMNODES} ]; then + break; + else + alias=$((${alias} + 1)) + fi + done + } + drop_databases() { *************** *** 523,527 **** break; else ! alias=expr ${alias} + 1 fi else --- 566,570 ---- break; else ! alias=`expr ${alias} + 1` fi else *************** *** 663,666 **** --- 706,713 ---- status "done" + status "Granting weak access on Slony-I schema" + generate_weak_slony_grants + status "done" + status "storing paths" init_preamble
- Previous message: [Slony1-commit] slony1-engine/tests/testdatestyles gen_weak_user.sh
- Next message: [Slony1-commit] slony1-engine/tests/testddl gen_weak_user.sh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-commit mailing list