Skip to content

Commit

Permalink
Support postgresql 15 and newer
Browse files Browse the repository at this point in the history
  • Loading branch information
@deric
deric committed Apr 4, 2024
1 parent 7cdec10 commit b32e513
Show file tree
Hide file tree
Showing 3 changed files with 283 additions and 5 deletions.
128 changes: 128 additions & 0 deletions manifests/grants/psql11.pp
View file
@@ -0,0 +1,128 @@
# @api private
class pgprobackup::grants::psql11 (
String $db_name,
String $db_user
) {
# GRANT USAGE ON SCHEMA pg_catalog TO backup;
postgresql::server::grant { "pg_catalog_usage_to_${db_user}":
db => $db_name,
role => $db_user,
privilege => 'USAGE',
object_type => 'SCHEMA',
object_name => 'pg_catalog',
}

# GRANT EXECUTE ON FUNCTION pg_catalog.current_setting(text) TO backup;
postgresql::server::grant { "current_setting-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog', 'current_setting'],
object_arguments => ['text'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
postgresql::server::grant { "current_setting-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog', 'set_config'],
object_arguments => ['text','text','boolean'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_is_in_recovery() TO backup;
postgresql::server::grant { "pg_is_in_recovery-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog', 'pg_is_in_recovery'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_start_backup(text, boolean, boolean) TO backup;
postgresql::server::grant { "pg_start_backup-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_start_backup'],
object_arguments => ['text', 'boolean', 'boolean'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_stop_backup(boolean, boolean) TO backup;
postgresql::server::grant { "pg_stop_backup-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_stop_backup'],
object_arguments => ['boolean', 'boolean'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_create_restore_point(text) TO backup;
postgresql::server::grant { "pg_create_restore_point-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_create_restore_point'],
object_arguments => ['text'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_wal() TO backup;
postgresql::server::grant { "pg_switch_wal-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_switch_wal'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_wal_replay_lsn() TO backup;
postgresql::server::grant { "pg_last_wal_replay_lsn-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_last_wal_replay_lsn'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.txid_current() TO backup;
postgresql::server::grant { "txid_current-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','txid_current'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup;
postgresql::server::grant { "txid_current_snapshot-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','txid_current_snapshot'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;
postgresql::server::grant { "txid_snapshot_xmax-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','txid_snapshot_xmax'],
object_arguments => ['txid_snapshot'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_checkpoint() TO backup;
postgresql::server::grant { "pg_control_checkpoint-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_control_checkpoint'],
}
}
129 changes: 129 additions & 0 deletions manifests/grants/psql15.pp
View file
@@ -0,0 +1,129 @@
# @api private
# @see https://postgrespro.com/docs/enterprise/15/app-pgprobackup
class pgprobackup::grants::psql15 (
String $db_name,
String $db_user
) {
# GRANT USAGE ON SCHEMA pg_catalog TO backup;
postgresql::server::grant { "pg_catalog_usage_to_${db_user}":
db => $db_name,
role => $db_user,
privilege => 'USAGE',
object_type => 'SCHEMA',
object_name => 'pg_catalog',
}

# GRANT EXECUTE ON FUNCTION pg_catalog.current_setting(text) TO backup;
postgresql::server::grant { "current_setting-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog', 'current_setting'],
object_arguments => ['text'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
postgresql::server::grant { "current_setting-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog', 'set_config'],
object_arguments => ['text','text','boolean'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_is_in_recovery() TO backup;
postgresql::server::grant { "pg_is_in_recovery-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog', 'pg_is_in_recovery'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_backup_start(text, boolean) TO backup;
postgresql::server::grant { "pg_backup_start-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_backup_start'],
object_arguments => ['text', 'boolean'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_backup_stop(boolean) TO backup;
postgresql::server::grant { "pg_backup_stop-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_backup_stop'],
object_arguments => ['boolean'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_create_restore_point(text) TO backup;
postgresql::server::grant { "pg_create_restore_point-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_create_restore_point'],
object_arguments => ['text'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_wal() TO backup;
postgresql::server::grant { "pg_switch_wal-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_switch_wal'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_wal_replay_lsn() TO backup;
postgresql::server::grant { "pg_last_wal_replay_lsn-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_last_wal_replay_lsn'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.txid_current() TO backup;
postgresql::server::grant { "txid_current-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','txid_current'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup;
postgresql::server::grant { "txid_current_snapshot-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','txid_current_snapshot'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;
postgresql::server::grant { "txid_snapshot_xmax-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','txid_snapshot_xmax'],
object_arguments => ['txid_snapshot'],
}

# GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_checkpoint() TO backup;
postgresql::server::grant { "pg_control_checkpoint-to-${db_user}":
db => $db_name,
role => $db_user,
privilege => 'EXECUTE',
object_type => 'FUNCTION',
object_name => ['pg_catalog','pg_control_checkpoint'],
}
}
31 changes: 26 additions & 5 deletions manifests/instance.pp
View file
Expand Up @@ -185,11 +185,32 @@
}

if $manage_grants {
# grants for postgresql 10 and newer
class { 'pgprobackup::grants::psql10':
db_name => $db_name,
db_user => $db_user,
require => Postgresql::Server::Database[$db_name],
case $version {
'9.6': {
fail("PostgreSQL ${version} not supported")
}
'10': {
class { 'pgprobackup::grants::psql10':
db_name => $db_name,
db_user => $db_user,
require => Postgresql::Server::Database[$db_name],
}
}
'11','12','13','14': {
class { 'pgprobackup::grants::psql11':
db_name => $db_name,
db_user => $db_user,
require => Postgresql::Server::Database[$db_name],
}
}
default: {
# grants for postgresql 15 and newer
class { 'pgprobackup::grants::psql15':
db_name => $db_name,
db_user => $db_user,
require => Postgresql::Server::Database[$db_name],
}
}
}
}
}
Expand Down

0 comments on commit b32e513

Please sign in to comment.