From 01e72308034822fbc7c9ec45480444dc4ec628a2 Mon Sep 17 00:00:00 2001 From: RealGreenDragon <14246920+RealGreenDragon@users.noreply.github.com> Date: Mon, 9 Sep 2024 20:54:35 +0200 Subject: [PATCH] Check for USAGE (instead of MEMBER) privilege in all pg_has_role occurrences --- barman/postgres.py | 14 +++++++------- tests/test_postgres.py | 10 +++++----- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/barman/postgres.py b/barman/postgres.py index 90ef07d7f..21df0e3d4 100644 --- a/barman/postgres.py +++ b/barman/postgres.py @@ -610,11 +610,11 @@ def has_backup_privileges(self): OR ( ( - pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER') + pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE') OR ( - pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER') - AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER') + pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE') + AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE') ) ) AND @@ -664,7 +664,7 @@ def has_checkpoint_privileges(self): return True else: role_check_query = ( - "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');" + "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');" ) try: cur = self._cursor() @@ -694,11 +694,11 @@ def has_monitoring_privileges(self): monitoring_check_query = """ SELECT ( - pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER') + pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE') OR ( - pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER') - AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER') + pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE') + AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE') ) ) """ diff --git a/tests/test_postgres.py b/tests/test_postgres.py index e4b6a2d40..0384607ab 100644 --- a/tests/test_postgres.py +++ b/tests/test_postgres.py @@ -1092,7 +1092,7 @@ def test_has_checkpoint_privileges( cursor_mock.fetchone.side_effect = [(False,)] assert not server.postgres.has_checkpoint_privileges cursor_mock.execute.assert_called_with( - "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');" + "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');" ) # no superuser, pg_checkpoint -> True @@ -1101,7 +1101,7 @@ def test_has_checkpoint_privileges( cursor_mock.fetchone.side_effect = [(True,)] assert server.postgres.has_checkpoint_privileges cursor_mock.execute.assert_called_with( - "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');" + "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');" ) # superuser, no pg_checkpoint -> True @@ -1718,11 +1718,11 @@ def test_has_monitoring_privileges( """ SELECT ( - pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER') + pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE') OR ( - pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER') - AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER') + pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE') + AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE') ) ) """