Skip to content

Commit

Permalink
Check for USAGE (instead of MEMBER) privilege in all pg_has_role occu…
Browse files Browse the repository at this point in the history
…rrences
  • Loading branch information
RealGreenDragon committed Sep 9, 2024
1 parent 58b2653 commit 90543f1
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 12 deletions.
14 changes: 7 additions & 7 deletions barman/postgres.py
Original file line number Diff line number Diff line change
Expand Up @@ -610,11 +610,11 @@ def has_backup_privileges(self):
OR
(
(
pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER')
pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE')
OR
(
pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER')
AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER')
pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE')
AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE')
)
)
AND
Expand Down Expand Up @@ -664,7 +664,7 @@ def has_checkpoint_privileges(self):
return True
else:
role_check_query = (
"select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');"
"select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');"
)
try:
cur = self._cursor()
Expand Down Expand Up @@ -694,11 +694,11 @@ def has_monitoring_privileges(self):
monitoring_check_query = """
SELECT
(
pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER')
pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE')
OR
(
pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER')
AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER')
pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE')
AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE')
)
)
"""
Expand Down
10 changes: 5 additions & 5 deletions tests/test_postgres.py
Original file line number Diff line number Diff line change
Expand Up @@ -1092,7 +1092,7 @@ def test_has_checkpoint_privileges(
cursor_mock.fetchone.side_effect = [(False,)]
assert not server.postgres.has_checkpoint_privileges
cursor_mock.execute.assert_called_with(
"select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');"
"select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');"
)

# no superuser, pg_checkpoint -> True
Expand All @@ -1101,7 +1101,7 @@ def test_has_checkpoint_privileges(
cursor_mock.fetchone.side_effect = [(True,)]
assert server.postgres.has_checkpoint_privileges
cursor_mock.execute.assert_called_with(
"select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');"
"select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');"
)

# superuser, no pg_checkpoint -> True
Expand Down Expand Up @@ -1718,11 +1718,11 @@ def test_has_monitoring_privileges(
"""
SELECT
(
pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER')
pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE')
OR
(
pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER')
AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER')
pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE')
AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE')
)
)
"""
Expand Down

0 comments on commit 90543f1

Please sign in to comment.