Support postgresql 15 and newer (#10)

* Support postgresql 15 and newer
deric · Apr 4, 2024 · 4c1e69b · 4c1e69b
1 parent 7cdec10
commit 4c1e69b
Show file tree

Hide file tree

Showing 3 changed files with 132 additions and 24 deletions.
diff --git a/manifests/grants/psql10.pp → manifests/grants.pp b/manifests/grants/psql10.pp → manifests/grants.pp
@@ -1,7 +1,10 @@
+# @summary Manages priviledges required for executing backup
 # @api private
-class pgprobackup::grants::psql10 (
+# @see https://postgrespro.com/docs/enterprise/15/app-pgprobackup
+class pgprobackup::grants (
   String $db_name,
-  String $db_user
+  String $db_user,
+  String $version,
 ) {
   # GRANT USAGE ON SCHEMA pg_catalog TO backup;
   postgresql::server::grant { "pg_catalog_usage_to_${db_user}":
@@ -22,6 +25,16 @@
     object_arguments => ['text'],
   }
 
+  # GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
+  postgresql::server::grant { "set_config-to-${db_user}":
+    db               => $db_name,
+    role             => $db_user,
+    privilege        => 'EXECUTE',
+    object_type      => 'FUNCTION',
+    object_name      => ['pg_catalog', 'set_config'],
+    object_arguments => ['text','text','boolean'],
+  }
+
   # GRANT EXECUTE ON FUNCTION pg_catalog.pg_is_in_recovery() TO backup;
   postgresql::server::grant { "pg_is_in_recovery-to-${db_user}":
     db          => $db_name,
@@ -31,24 +44,47 @@
     object_name => ['pg_catalog', 'pg_is_in_recovery'],
   }
 
-  # GRANT EXECUTE ON FUNCTION pg_catalog.pg_start_backup(text, boolean, boolean) TO backup;
-  postgresql::server::grant { "pg_start_backup-to-${db_user}":
-    db               => $db_name,
-    role             => $db_user,
-    privilege        => 'EXECUTE',
-    object_type      => 'FUNCTION',
-    object_name      => ['pg_catalog','pg_start_backup'],
-    object_arguments => ['text', 'boolean', 'boolean'],
-  }
+  if versioncmp($version, '15') < 0 {
+    # GRANT EXECUTE ON FUNCTION pg_catalog.pg_start_backup(text, boolean, boolean) TO backup;
+    postgresql::server::grant { "pg_start_backup-to-${db_user}":
+      db               => $db_name,
+      role             => $db_user,
+      privilege        => 'EXECUTE',
+      object_type      => 'FUNCTION',
+      object_name      => ['pg_catalog','pg_start_backup'],
+      object_arguments => ['text', 'boolean', 'boolean'],
+    }
 
-  # GRANT EXECUTE ON FUNCTION pg_catalog.pg_stop_backup(boolean, boolean) TO backup;
-  postgresql::server::grant { "pg_stop_backup-to-${db_user}":
-    db               => $db_name,
-    role             => $db_user,
-    privilege        => 'EXECUTE',
-    object_type      => 'FUNCTION',
-    object_name      => ['pg_catalog','pg_stop_backup'],
-    object_arguments => ['boolean', 'boolean'],
+    # GRANT EXECUTE ON FUNCTION pg_catalog.pg_stop_backup(boolean, boolean) TO backup;
+    postgresql::server::grant { "pg_stop_backup-to-${db_user}":
+      db               => $db_name,
+      role             => $db_user,
+      privilege        => 'EXECUTE',
+      object_type      => 'FUNCTION',
+      object_name      => ['pg_catalog','pg_stop_backup'],
+      object_arguments => ['boolean', 'boolean'],
+    }
+  } else {
+    # Introduced in PostgreSQL 15: https://pgpedia.info/p/pg_backup_start.html
+    # GRANT EXECUTE ON FUNCTION pg_catalog.pg_backup_start(text, boolean) TO backup;
+    postgresql::server::grant { "pg_backup_start-to-${db_user}":
+      db               => $db_name,
+      role             => $db_user,
+      privilege        => 'EXECUTE',
+      object_type      => 'FUNCTION',
+      object_name      => ['pg_catalog','pg_backup_start'],
+      object_arguments => ['text', 'boolean'],
+    }
+
+    # GRANT EXECUTE ON FUNCTION pg_catalog.pg_backup_stop(boolean) TO backup;
+    postgresql::server::grant { "pg_backup_stop-to-${db_user}":
+      db               => $db_name,
+      role             => $db_user,
+      privilege        => 'EXECUTE',
+      object_type      => 'FUNCTION',
+      object_name      => ['pg_catalog','pg_backup_stop'],
+      object_arguments => ['boolean'],
+    }
   }
 
   # GRANT EXECUTE ON FUNCTION pg_catalog.pg_create_restore_point(text) TO backup;

diff --git a/manifests/instance.pp b/manifests/instance.pp
@@ -185,11 +185,19 @@
     }
 
     if $manage_grants {
-      # grants for postgresql 10 and newer
-      class { 'pgprobackup::grants::psql10':
-        db_name => $db_name,
-        db_user => $db_user,
-        require => Postgresql::Server::Database[$db_name],
+      case $version {
+        '9.6': {
+          fail("PostgreSQL ${version} not supported")
+        }
+        default: {
+          # grants for postgresql 10 and newer
+          class { 'pgprobackup::grants':
+            db_name => $db_name,
+            db_user => $db_user,
+            version => $version,
+            require => Postgresql::Server::Database[$db_name],
+          }
+        }
       }
     }
   }

diff --git a/spec/classes/instance_spec.rb b/spec/classes/instance_spec.rb
@@ -51,6 +51,20 @@
       }
     end
 
+    it { is_expected.to contain_postgresql__server__grant('current_setting-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_start_backup-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_stop_backup-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_catalog_usage_to_backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_control_checkpoint-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_is_in_recovery-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_last_wal_replay_lsn-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_create_restore_point-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('pg_switch_wal-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('set_config-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('txid_current-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('txid_current_snapshot-to-backup') }
+    it { is_expected.to contain_postgresql__server__grant('txid_snapshot_xmax-to-backup') }
+
     context 'with enabled FULL backup' do
       let(:params) do
         {
@@ -1001,5 +1015,55 @@
         }
       end
     end
+
+    context 'with grants on postgresql 14' do
+      let(:params) do
+        {
+          version: '14',
+          id: 'psql',
+          db_name: 'pg_backup',
+          db_user:  'pg_probackup',
+          manage_grants: true
+        }
+      end
+
+      it { is_expected.to contain_postgresql__server__grant('current_setting-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_start_backup-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_stop_backup-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_catalog_usage_to_pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_control_checkpoint-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_is_in_recovery-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_last_wal_replay_lsn-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_create_restore_point-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_switch_wal-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('set_config-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('txid_current-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('txid_current_snapshot-to-pg_probackup') }
+      it { is_expected.to contain_postgresql__server__grant('txid_snapshot_xmax-to-pg_probackup') }
+    end
+
+    context 'with grants on postgresql 15' do
+      let(:params) do
+        {
+          version: '15',
+          id: 'psql',
+          manage_grants: true
+        }
+      end
+
+      it { is_expected.to contain_postgresql__server__grant('current_setting-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_backup_start-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_backup_stop-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_catalog_usage_to_backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_control_checkpoint-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_is_in_recovery-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_last_wal_replay_lsn-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_create_restore_point-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('pg_switch_wal-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('set_config-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('txid_current-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('txid_current_snapshot-to-backup') }
+      it { is_expected.to contain_postgresql__server__grant('txid_snapshot_xmax-to-backup') }
+    end
   end
 end