public inbox for [email protected]help / color / mirror / Atom feed
Re: [17] CREATE SUBSCRIPTION ... SERVER 63+ messages / 10 participants [nested] [flat]
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-08-30 13:41 Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2023-08-30 13:41 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: pgsql-hackers Hi Jeff, On Wed, Aug 30, 2023 at 2:12 PM Jeff Davis <[email protected]> wrote: > > The server "myserver" must have been created with the new syntax: > > CREATE SERVER myserver FOR CONNECTION ONLY > > instead of specifying FOREIGN DATA WRAPPER. In other words, a server > FOR CONNECTION ONLY doesn't have a real FDW, it's a special server just > used for the postgres connection options. To create a server FOR > CONNECTION ONLY, the user must be a member of the new predefined role > pg_create_connection. A server FOR CONNECTION ONLY still uses ACLs and > user mappings the same way as other foreign servers, but cannot be used > to create foreign tables. Are you suggesting that SERVERs created with FDW can not be used as publishers? I think there's value in knowing that the publisher which contains a replica of a table is the same as the foreign server which is referenced by another foreign table. We can push down a join between a replicated table and foreign table down to the foreign server. A basic need for sharding with replicated tables. Of course there's a lot work that we have to do in order to actually achieve such a push down but by restricting this feature to only CONNECTION ONLY, we are restricting the possibility of such a push down. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-08-30 15:30 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2023-08-30 15:30 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: pgsql-hackers On Wed, 2023-08-30 at 19:11 +0530, Ashutosh Bapat wrote: > Are you suggesting that SERVERs created with FDW can not be used as > publishers? Correct. Without that, how would the subscription know that the FDW contains valid postgres connection information? I suppose it could create a connection string out of the options itself and do another round of validation, is that what you had in mind? > We can push down a join > between a replicated table and foreign table down to the foreign > server. Interesting idea. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-08-31 05:29 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2023-08-31 05:29 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: pgsql-hackers On Wed, Aug 30, 2023 at 9:00 PM Jeff Davis <[email protected]> wrote: > > On Wed, 2023-08-30 at 19:11 +0530, Ashutosh Bapat wrote: > > Are you suggesting that SERVERs created with FDW can not be used as > > publishers? > > Correct. Without that, how would the subscription know that the FDW > contains valid postgres connection information? I suppose it could > create a connection string out of the options itself and do another > round of validation, is that what you had in mind? The server's FDW has to be postgres_fdw. So we have to handle the awkward dependency between core and postgres_fdw (an extension). The connection string should be created from options itself. A special user mapping for replication may be used. That's how I see it at a high level. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-08-31 16:52 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2023-08-31 16:52 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: pgsql-hackers On Thu, 2023-08-31 at 10:59 +0530, Ashutosh Bapat wrote: > The server's FDW has to be postgres_fdw. So we have to handle the > awkward dependency between core and postgres_fdw (an extension). That sounds more than just "awkward". I can't think of any precedent for that and it seems to violate the idea of an "extension" entirely. Can you explain more concretely how we might resolve that? Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-08-31 21:17 Joe Conway <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 2 replies; 63+ messages in thread From: Joe Conway @ 2023-08-31 21:17 UTC (permalink / raw) To: Jeff Davis <[email protected]>; Ashutosh Bapat <[email protected]>; +Cc: pgsql-hackers On 8/31/23 12:52, Jeff Davis wrote: > On Thu, 2023-08-31 at 10:59 +0530, Ashutosh Bapat wrote: >> The server's FDW has to be postgres_fdw. So we have to handle the >> awkward dependency between core and postgres_fdw (an extension). > > That sounds more than just "awkward". I can't think of any precedent > for that and it seems to violate the idea of an "extension" entirely. > > Can you explain more concretely how we might resolve that? Maybe move postgres_fdw to be a first class built in feature instead of an extension? -- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-01 06:58 Ashutosh Bapat <[email protected]> parent: Joe Conway <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2023-09-01 06:58 UTC (permalink / raw) To: Joe Conway <[email protected]>; Jeff Davis <[email protected]>; +Cc: pgsql-hackers On Fri, Sep 1, 2023 at 2:47 AM Joe Conway <[email protected]> wrote: > > On 8/31/23 12:52, Jeff Davis wrote: > > On Thu, 2023-08-31 at 10:59 +0530, Ashutosh Bapat wrote: > >> The server's FDW has to be postgres_fdw. So we have to handle the > >> awkward dependency between core and postgres_fdw (an extension). > > > > That sounds more than just "awkward". I can't think of any precedent > > for that and it seems to violate the idea of an "extension" entirely. > > > > Can you explain more concretely how we might resolve that? > > > Maybe move postgres_fdw to be a first class built in feature instead of > an extension? Yes, that's one way. Thinking larger, how about we allow any FDW to be used here. We might as well, allow extensions to start logical receivers which accept changes from non-PostgreSQL databases. So we don't have to make an exception for postgres_fdw. But I think there's some value in bringing together these two subsystems which deal with foreign data logically (as in logical vs physical view of data). -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-01 18:54 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2023-09-01 18:54 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; +Cc: pgsql-hackers On Fri, 2023-09-01 at 12:28 +0530, Ashutosh Bapat wrote: > Thinking larger, how about we allow any FDW to be used here. That's a possibility, but I think that means the subscription would need to constantly re-check the parameters rather than relying on the FDW's validator. Otherwise it might be the wrong kind of FDW, and the user might be able to circumvent the password_required protection. It might not even be a postgres-related FDW at all, which would be a bit strange. If it's constantly re-checking the parameters then it raises the possibility that some "ALTER SERVER" or "ALTER USER MAPPING" succeeds but then subscriptions to that foreign server start failing, which would not be ideal. But I could be fine with that. > But I think there's some value in bringing > together these two subsystems which deal with foreign data logically > (as in logical vs physical view of data). I still don't understand how a core dependency on an extension would work. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-01 18:57 Jeff Davis <[email protected]> parent: Joe Conway <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Jeff Davis @ 2023-09-01 18:57 UTC (permalink / raw) To: Joe Conway <[email protected]>; Ashutosh Bapat <[email protected]>; +Cc: pgsql-hackers On Thu, 2023-08-31 at 17:17 -0400, Joe Conway wrote: > Maybe move postgres_fdw to be a first class built in feature instead > of > an extension? That could make sense, but we still have to solve the problem of how to present a built-in FDW. FDWs don't have a schema, so it can't be inside pg_catalog. So we'd need some special logic somewhere to make pg_dump and psql \dew work as expected, and I'm not quite sure what to do there. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-01 20:11 Robert Haas <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Robert Haas @ 2023-09-01 20:11 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Joe Conway <[email protected]>; Ashutosh Bapat <[email protected]>; pgsql-hackers On Fri, Sep 1, 2023 at 4:04 PM Jeff Davis <[email protected]> wrote: > On Thu, 2023-08-31 at 17:17 -0400, Joe Conway wrote: > > Maybe move postgres_fdw to be a first class built in feature instead > > of > > an extension? > > That could make sense, but we still have to solve the problem of how to > present a built-in FDW. > > FDWs don't have a schema, so it can't be inside pg_catalog. So we'd > need some special logic somewhere to make pg_dump and psql \dew work as > expected, and I'm not quite sure what to do there. I'm worried that an approach based on postgres_fdw would have security problems. I think that we don't want postgres_fdw installed in every PostgreSQL cluster for security reasons. And I think that the set of people who should be permitted to manage connection strings for logical replication subscriptions could be different from the set of people who are entitled to use postgres_fdw. -- Robert Haas EDB: http://www.enterprisedb.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-04 12:31 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2023-09-04 12:31 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Joe Conway <[email protected]>; pgsql-hackers On Sat, Sep 2, 2023 at 12:24 AM Jeff Davis <[email protected]> wrote: > > On Fri, 2023-09-01 at 12:28 +0530, Ashutosh Bapat wrote: > > Thinking larger, how about we allow any FDW to be used here. > > That's a possibility, but I think that means the subscription would > need to constantly re-check the parameters rather than relying on the > FDW's validator. > > Otherwise it might be the wrong kind of FDW, and the user might be able > to circumvent the password_required protection. It might not even be a > postgres-related FDW at all, which would be a bit strange. > > If it's constantly re-checking the parameters then it raises the > possibility that some "ALTER SERVER" or "ALTER USER MAPPING" succeeds > but then subscriptions to that foreign server start failing, which > would not be ideal. But I could be fine with that. Why do we need to re-check parameters constantly? We will need to restart subscriptions which are using the user mapping of FDW when user mapping or server options change. If that mechanism isn't there, we will need to build it. But that's doable. I didn't understand your worry about circumventing password_required protection. > > > But I think there's some value in bringing > > together these two subsystems which deal with foreign data logically > > (as in logical vs physical view of data). > > I still don't understand how a core dependency on an extension would > work. We don't need to if we allow any FDW (even if non-postgreSQL) to be specified there. For non-postgresql FDW the receiver will need to construct the appropriate command and use appropriate protocol to get the changes and apply locally. The server at the other end may not even have logical replication capability. The extension or "input plugin" (as against output plugin) would decide whether it can deal with the foreign server specific logical replication protocol. We add another callback to FDW which can return whether the given foreign server supports logical replication or not. If the users misconfigured, their subscriptions will throw errors. But with this change we open a built-in way to "replicate in" as we have today to "replicate out". -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-04 12:34 Ashutosh Bapat <[email protected]> parent: Robert Haas <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Ashutosh Bapat @ 2023-09-04 12:34 UTC (permalink / raw) To: Robert Haas <[email protected]>; +Cc: Jeff Davis <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sat, Sep 2, 2023 at 1:41 AM Robert Haas <[email protected]> wrote: > > On Fri, Sep 1, 2023 at 4:04 PM Jeff Davis <[email protected]> wrote: > > On Thu, 2023-08-31 at 17:17 -0400, Joe Conway wrote: > > > Maybe move postgres_fdw to be a first class built in feature instead > > > of > > > an extension? > > > > That could make sense, but we still have to solve the problem of how to > > present a built-in FDW. > > > > FDWs don't have a schema, so it can't be inside pg_catalog. So we'd > > need some special logic somewhere to make pg_dump and psql \dew work as > > expected, and I'm not quite sure what to do there. > > I'm worried that an approach based on postgres_fdw would have security > problems. I think that we don't want postgres_fdw installed in every > PostgreSQL cluster for security reasons. And I think that the set of > people who should be permitted to manage connection strings for > logical replication subscriptions could be different from the set of > people who are entitled to use postgres_fdw. If postgres_fdw was the only way to specify a connection to be used with subscriptions, what you are saying makes sense. But it's not. We will continue to support current mechanism which doesn't require postgres_fdw to be installed on every PostgreSQL cluster. What security problems do you foresee if postgres_fdw is used in addition to the current mechanism? -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-05 19:08 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 2 replies; 63+ messages in thread From: Jeff Davis @ 2023-09-05 19:08 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Joe Conway <[email protected]>; pgsql-hackers On Mon, 2023-09-04 at 18:01 +0530, Ashutosh Bapat wrote: > Why do we need to re-check parameters constantly? We will need to > restart subscriptions which are using the user mapping of FDW when > user mapping or server options change. "Constantly" was an exaggeration, but the point is that it's a separate validation step after the ALTER SERVER or ALTER USER MAPPING has already happened, so the subscription would start failing. Perhaps this is OK, but it's not the ideal user experience. Ideally, the user would get some indication from the ALTER SERVER or ALTER USER MAPPING that it's about to break a subscription that depends on it. > I didn't understand your worry about circumventing password_required > protection. If the subscription doesn't do its own validation, and if the FDW doesn't ensure that the password is set, then it could end up creating a creating a connection string without supplying the password. > We don't need to if we allow any FDW (even if non-postgreSQL) to be > specified there. OK, so we could have a built-in FDW called pg_connection that would do the right kinds of validation; and then also allow other FDWs but the subscription would have to do its own validation. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-09-12 22:55 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 0 replies; 63+ messages in thread From: Jeff Davis @ 2023-09-12 22:55 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Joe Conway <[email protected]>; pgsql-hackers On Tue, 2023-09-05 at 12:08 -0700, Jeff Davis wrote: > OK, so we could have a built-in FDW called pg_connection that would > do > the right kinds of validation; and then also allow other FDWs but the > subscription would have to do its own validation. While working on this, I found a minor bug and there's another discussion happening here: https://www.postgresql.org/message-id/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com It looks like that's going in the direction of checking for the presence of a password in the connection string at connection time. Ashutosh, that's compatible with your suggestion that CREATE SUBSCRIPTION ... SERVER works for any FDW that supplies the right information, because we need to validate it at connection time anyway. I'll wait to see how that discussion gets resolved, and then I'll post the next version. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-12-29 23:22 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Jeff Davis @ 2023-12-29 23:22 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Joe Conway <[email protected]>; pgsql-hackers On Tue, 2023-09-05 at 12:08 -0700, Jeff Davis wrote: > OK, so we could have a built-in FDW called pg_connection that would > do > the right kinds of validation; and then also allow other FDWs but the > subscription would have to do its own validation. Attached a rough rebased version implementing the above with a pg_connection_fdw foreign data wrapper built in. Regards, Jeff Davis Attachments: [text/x-patch] v3-0001-CREATE-SUBSCRIPTION-.-SERVER.patch (62.4K, 2-v3-0001-CREATE-SUBSCRIPTION-.-SERVER.patch) download | inline diff: From 776cd8e5e1541c56b1767aa595fc609fdeffa5e3 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Wed, 23 Aug 2023 10:31:16 -0700 Subject: [PATCH v3] CREATE SUBSCRIPTION ... SERVER. --- doc/src/sgml/ref/alter_subscription.sgml | 7 +- doc/src/sgml/ref/create_subscription.sgml | 15 +- doc/src/sgml/user-manag.sgml | 21 +- src/backend/catalog/Makefile | 1 + src/backend/catalog/pg_subscription.c | 17 +- src/backend/catalog/system_functions.sql | 2 + src/backend/commands/subscriptioncmds.c | 197 ++++++++++++++-- src/backend/foreign/foreign.c | 214 ++++++++++++++++++ src/backend/parser/gram.y | 20 ++ src/backend/replication/logical/worker.c | 12 +- src/bin/pg_dump/pg_dump.c | 59 ++++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/describe.c | 2 +- src/bin/psql/tab-complete.c | 2 +- src/include/catalog/meson.build | 1 + src/include/catalog/pg_authid.dat | 5 + .../catalog/pg_foreign_data_wrapper.dat | 22 ++ src/include/catalog/pg_proc.dat | 8 + src/include/catalog/pg_subscription.h | 5 +- src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/foreign_data.out | 60 ++++- src/test/regress/expected/subscription.out | 38 ++++ src/test/regress/sql/foreign_data.sql | 41 +++- src/test/regress/sql/subscription.sql | 39 ++++ src/test/subscription/t/001_rep_changes.pl | 57 +++++ 26 files changed, 799 insertions(+), 51 deletions(-) create mode 100644 src/include/catalog/pg_foreign_data_wrapper.dat diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d36ff0dc9..f2235061bb 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -98,9 +99,9 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index f1c20b3a46..cd76b2e32d 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> @@ -363,6 +372,10 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl The default is <literal>true</literal>. Only superusers can set this value to <literal>false</literal>. </para> + <para> + Only allowed when <literal>CONNECTION</literal> is + specified. Otherwise, see <xref linkend="sql-createusermapping"/>. + </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 92a299d2d3..d63a33a4b3 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -687,11 +687,20 @@ DROP ROLE doomed_role; <entry>Allow use of connection slots reserved via <xref linkend="guc-reserved-connections"/>.</entry> </row> + <row> + <entry>pg_create_connection</entry> + <entry>Allow users with <literal>CREATE</literal> permission on the + database to issue <link linkend="sql-createserver"><command>CREATE + SERVER</command></link> if <literal>FOR CONNECTION ONLY</literal> is + specified.</entry> + </row> <row> <entry>pg_create_subscription</entry> <entry>Allow users with <literal>CREATE</literal> permission on the - database to issue - <link linkend="sql-createsubscription"><command>CREATE SUBSCRIPTION</command></link>.</entry> + database to issue <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>. This role is a member of + <literal>pg_create_connection</literal>.</entry> </row> </tbody> </tgroup> @@ -737,6 +746,14 @@ DROP ROLE doomed_role; great care should be taken when granting these roles to users. </para> + <para> + The <literal>pg_create_subscription</literal> role is a member of + <literal>pg_create_connection</literal>. It may be useful to revoke that + membership in order to permit roles to create subscriptions only to a + foreign server, without allowing them to specify a connection string + directly. + </para> + <para> Care should be taken when granting these roles to ensure they are only used where needed and with the understanding that these roles grant access to privileged diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile index ec7b6f5362..365c956dea 100644 --- a/src/backend/catalog/Makefile +++ b/src/backend/catalog/Makefile @@ -136,6 +136,7 @@ POSTGRES_BKI_DATA = $(addprefix $(top_srcdir)/src/include/catalog/,\ pg_collation.dat \ pg_conversion.dat \ pg_database.dat \ + pg_foreign_data_wrapper.dat \ pg_language.dat \ pg_namespace.dat \ pg_opclass.dat \ diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index d6a978f136..f5c4ec8d99 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -23,6 +23,7 @@ #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "storage/lmgr.h" @@ -75,10 +76,18 @@ GetSubscription(Oid subid, bool missing_ok) sub->runasowner = subform->subrunasowner; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index 4206752881..e1abda41ba 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -781,3 +781,5 @@ GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; GRANT pg_stat_scan_tables TO pg_monitor; + +GRANT pg_create_connection TO pg_create_subscription; diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index edc82c11be..c46900182e 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -574,6 +577,8 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; + Oid umid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -594,6 +599,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, SUBOPT_RUN_AS_OWNER | SUBOPT_ORIGIN); parse_subscription_options(pstate, stmt->options, supported_opts, &opts); + if (IsSet(opts.specified_opts, SUBOPT_PASSWORD_REQUIRED) && stmt->servername) + ereport(ERROR, + (errcode(ERRCODE_SYNTAX_ERROR), + errmsg("option \"password_required\" invalid on subscriptions to a foreign server"), + errhint("Use the \"password_required\" option on the user mappings associated with the foreign server."))); + /* * Since creating a replication slot is not transactional, rolling back * the transaction leaves the created replication slot. So we cannot run @@ -604,9 +615,9 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, PreventInTransactionBlock(isTopLevel, "CREATE SUBSCRIPTION ... WITH (create_slot = true)"); /* - * We don't want to allow unprivileged users to be able to trigger - * attempts to access arbitrary network destinations, so require the user - * to have been specifically authorized to create subscriptions. + * We don't want to allow unprivileged users to utilize the resources that + * a subscription requires (such as a background worker), so require the + * user to have been specifically authorized to create subscriptions. */ if (!has_privs_of_role(owner, ROLE_PG_CREATE_SUBSCRIPTION)) ereport(ERROR, @@ -666,14 +677,54 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); - /* Check the connection info string. */ - walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + if (stmt->servername) + { + ForeignServer *server; + UserMapping *um; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + um = GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + umid = um->umid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + /* + * We don't want to allow unprivileged users to be able to trigger + * attempts to access arbitrary network destinations, so require the user + * to have been specifically authorized to create connections. + */ + if (!has_privs_of_role(owner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create subscription with a connection string"), + errdetail("Only roles with privileges of the \"%s\" role may create subscriptions with CONNECTION specified.", + "pg_create_connection"), + errhint("Create a subscription to a foreign server by specifying SERVER instead."))); + + /* Check the connection info string. */ + walrcv_check_conninfo(stmt->conninfo, opts.passwordrequired && !superuser()); + + serverid = InvalidOid; + umid = InvalidOid; + conninfo = stmt->conninfo; + } + + publications = stmt->publication; /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); @@ -697,8 +748,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subdisableonerr - 1] = BoolGetDatum(opts.disableonerr); values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -719,6 +774,20 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid) && OidIsValid(umid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -835,8 +904,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1124,6 +1191,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1191,6 +1260,12 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, if (IsSet(opts.specified_opts, SUBOPT_PASSWORD_REQUIRED)) { + if (OidIsValid(form->subserver)) + ereport(ERROR, + (errcode(ERRCODE_SYNTAX_ERROR), + errmsg("option \"password_required\" invalid on subscriptions to a foreign server"), + errhint("Use the \"password_required\" option on the user mappings associated with the foreign server."))); + /* Non-superuser may not disable password_required. */ if (!opts.passwordrequired && !superuser()) ereport(ERROR, @@ -1244,7 +1319,77 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + UserMapping *new_um; + ObjectAddress referenced; + AclResult aclresult; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + new_server->servername); + + new_um = GetUserMapping(form->subowner, new_server->serverid); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, new_um->umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1455,8 +1600,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1541,9 +1684,17 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1644,6 +1795,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ @@ -1853,6 +2005,17 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) aclcheck_error(aclresult, OBJECT_DATABASE, get_database_name(MyDatabaseId)); + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + UserMapping *new_um = GetUserMapping(newOwnerId, form->subserver); + + if (changeDependencyFor(SubscriptionRelationId, form->oid, + UserMappingRelationId, old_um->umid, new_um->umid) != 1) + elog(ERROR, "could not change user mapping dependency for subscription %u", + form->oid); + } + form->subowner = newOwnerId; CatalogTupleUpdate(rel, &tup->t_self, tup); diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index fc3edef2a8..5a800fc48f 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -18,11 +18,14 @@ #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" #include "catalog/pg_user_mapping.h" +#include "commands/defrem.h" #include "foreign/fdwapi.h" #include "foreign/foreign.h" #include "funcapi.h" #include "lib/stringinfo.h" +#include "mb/pg_wchar.h" #include "miscadmin.h" +#include "replication/walreceiver.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" @@ -190,6 +193,94 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Escape a connection option value. Helper for options_to_connstr(). + */ +static char * +escape_value(char *val) +{ + StringInfoData result; + + initStringInfo(&result); + + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(&result, '\\'); + appendStringInfoChar(&result, val[i]); + } + + return result.data; +} + + +/* + * Helper for ForeignServerConnectionString() and pg_connection_validator(). + * + * Transform a List of DefElem into a connection string. + * + * XXX: might leak memory, investigate + */ +static char * +options_to_connstr(List *options) +{ + StringInfoData connstr; + ListCell *lc; + bool first = true; + + initStringInfo(&connstr); + foreach(lc, options) + { + DefElem *d = (DefElem *) lfirst(lc); + char *name = d->defname; + char *value; + + /* not a libpq option; skip */ + if (strcmp(name, "password_required") == 0) + continue; + + /* XXX: pfree() result of defGetString() if needed? */ + value = escape_value(defGetString(d)); + + appendStringInfo(&connstr, "%s%s = '%s'", + first ? "" : " ", name, value); + first = false; + + pfree(value); + } + + /* override client_encoding */ + appendStringInfo(&connstr, "%sclient_encoding = '%s'", + first ? "" : " ", GetDatabaseEncodingName()); + + return connstr.data; +} + + +/* + * Given a user ID and server ID, return a postgres connection string suitable + * to pass to libpq. + * + * XXX: might leak memory, investigate + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + ForeignServer *server = GetForeignServer(serverid); + UserMapping *um = GetUserMapping(userid, serverid); + List *options = list_concat(um->options, server->options); + char *connstr; + + connstr = options_to_connstr(options); + + pfree(server); + pfree(um); + list_free(options); + + return connstr; +} + + /* * GetUserMapping - look up the user mapping. * @@ -599,6 +690,129 @@ is_conninfo_option(const char *option, Oid context) return false; } +/* + * pg_connection_handler + * + * pg_connection_fdw is not used for foreign tables, so the handler should + * never be called. + */ +Datum +pg_connection_handler(PG_FUNCTION_ARGS) +{ + elog(ERROR, "pg_connection_handler unexpectedly called"); +} + +/* + * Option validator for CREATE SERVER ... FOR CONNECTION ONLY. + * + * XXX: try to unify with validators for CREATE SUBSCRIPTION ... CONNECTION, + * postgres_fdw, and dblink. Also investigate if memory leaks are a problem + * here. + */ +Datum +pg_connection_validator(PG_FUNCTION_ARGS) +{ + List *options_list = untransformRelOptions(PG_GETARG_DATUM(0)); + Oid catalog = PG_GETARG_OID(1); + + if (catalog == ForeignServerRelationId) + { + char *conninfo; + ListCell *lc; + + foreach(lc, options_list) + { + DefElem *d = (DefElem *) lfirst(lc); + + if (strcmp(d->defname, "client_encoding") == 0) + ereport(ERROR, + (errmsg("cannot specify client_encoding for pg_connection_fdw"))); + + if (strcmp(d->defname, "user") == 0 || + strcmp(d->defname, "password") == 0 || + strcmp(d->defname, "sslpassword") == 0 || + strcmp(d->defname, "password_required") == 0) + ereport(ERROR, + (errmsg("invalid option \"%s\" for pg_connection_fdw", + d->defname), + errhint("Specify option \"%s\" for a user mapping associated with the server instead.", + d->defname))); + } + + conninfo = options_to_connstr(options_list); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + walrcv_check_conninfo(conninfo, false); + } + else if (catalog == UserMappingRelationId) + { + bool password_required = true; + bool password_provided = false; + ListCell *lc; + + foreach(lc, options_list) + { + DefElem *d = (DefElem *) lfirst(lc); + + if (strcmp(d->defname, "password_required") == 0) + { + /* + * Only the superuser may set this option on a user mapping, or + * alter a user mapping on which this option is set. We allow a + * user to clear this option if it's set - in fact, we don't have + * a choice since we can't see the old mapping when validating an + * alter. + */ + if (!superuser() && !defGetBoolean(d)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("password_required=false is superuser-only for pg_connection_fdw"), + errhint("User mappings with the password_required option set to false may only be created or modified by the superuser."))); + + password_required = defGetBoolean(d); + } + + if ((strcmp(d->defname, "sslkey") == 0 || strcmp(d->defname, "sslcert") == 0) && !superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("sslcert and sslkey are superuser-only for pg_connection_fdw"), + errhint("User mappings with the sslcert or sslkey options set may only be created or modified by the superuser."))); + + if (strcmp(d->defname, "password") == 0) + password_provided = true; + + if (strcmp(d->defname, "user") != 0 && + strcmp(d->defname, "password") != 0 && + strcmp(d->defname, "sslpassword") != 0 && + strcmp(d->defname, "sslkey") != 0 && + strcmp(d->defname, "sslcert") != 0 && + strcmp(d->defname, "password_required") != 0) + ereport(ERROR, + (errmsg("invalid user mapping option \"%s\" for pg_connection_fdw", + d->defname))); + } + + if (password_required && !password_provided) + ereport(ERROR, + (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED), + errmsg("password is required"), + errdetail("Non-superusers must provide a password in the connection string."))); + } + else if (catalog == ForeignTableRelationId) + ereport(ERROR, + (errmsg("cannot create foreign table using a pg_connection_fdw server"), + errhint("Use the server with CREATE SUBSCRIPTION instead."))); + else if (catalog == AttributeRelationId) + elog(ERROR, "unexpected call to pg_connection_validator for pg_attribute catalog"); + else + elog(ERROR, "unexpected call to pg_connection_validator for catalog %d", catalog); + + + PG_RETURN_BOOL(true); +} + /* * Validate the generic option given to SERVER or USER MAPPING. diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 63f172e175..259b5ca42b 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -10638,6 +10638,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10667,6 +10677,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 21abf34ef7..be63ab5a5d 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -4003,7 +4003,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4639,6 +4641,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 050a831226..d603feec6e 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -2066,6 +2066,27 @@ selectDumpableStatisticsObject(StatsExtInfo *sobj, Archive *fout) sobj->dobj.dump = DUMP_COMPONENT_NONE; } +/* + * selectDumpableAccessMethod: policy-setting subroutine + * Mark an access method as to be dumped or not + * + * Access methods do not belong to any particular namespace. To identify + * built-in access methods, we must resort to checking whether the + * method's OID is in the range reserved for initdb. + */ +static void +selectDumpableFdw(FdwInfo *fdwinfo, Archive *fout) +{ + if (checkExtensionMembership(&fdwinfo->dobj, fout)) + return; /* extension membership overrides all else */ + + if (fdwinfo->dobj.catId.oid <= (Oid) g_last_builtin_oid) + fdwinfo->dobj.dump = DUMP_COMPONENT_NONE; + else + fdwinfo->dobj.dump = fout->dopt->include_everything ? + DUMP_COMPONENT_ALL : DUMP_COMPONENT_NONE; +} + /* * selectDumpableObject: policy-setting subroutine * Mark a generic dumpable object as to be dumped or not @@ -4633,6 +4654,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4701,10 +4723,19 @@ getSubscriptions(Archive *fout) " '%s' AS suborigin\n", LOGICALREP_ORIGIN_ANY); - appendPQExpBufferStr(query, - "FROM pg_subscription s\n" - "WHERE s.subdbid = (SELECT oid FROM pg_database\n" - " WHERE datname = current_database())"); + if (fout->remoteVersion >= 170000) + appendPQExpBufferStr(query, + " fs.srvname AS subservername\n" + "FROM pg_subscription s LEFT JOIN pg_foreign_server fs\n" + " ON (s.subserver = fs.oid)\n" + "WHERE s.subdbid = (SELECT oid FROM pg_database\n" + " WHERE datname = current_database())"); + else + appendPQExpBufferStr(query, + " NULL AS subservername\n" + "FROM pg_subscription s\n" + "WHERE s.subdbid = (SELECT oid FROM pg_database\n" + " WHERE datname = current_database())"); res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK); @@ -4724,6 +4755,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4741,7 +4773,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -4804,9 +4839,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) @@ -9513,7 +9556,7 @@ getForeignDataWrappers(Archive *fout, int *numForeignDataWrappers) fdwinfo[i].fdwoptions = pg_strdup(PQgetvalue(res, i, i_fdwoptions)); /* Decide whether we want to dump it */ - selectDumpableObject(&(fdwinfo[i].dobj), fout); + selectDumpableFdw(&fdwinfo[i], fout); /* Mark whether FDW has an ACL */ if (!PQgetisnull(res, i, i_fdwacl)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 673ca5c92d..0a94b9b7ae 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -667,6 +667,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c index 5077e7b358..fb4ea96968 100644 --- a/src/bin/psql/describe.c +++ b/src/bin/psql/describe.c @@ -5793,7 +5793,7 @@ listForeignDataWrappers(const char *pattern, bool verbose) gettext_noop("Description")); } - appendPQExpBufferStr(&buf, "\nFROM pg_catalog.pg_foreign_data_wrapper fdw\n"); + appendPQExpBufferStr(&buf, "\nFROM (SELECT tableoid, * FROM pg_catalog.pg_foreign_data_wrapper WHERE oid>=16384) fdw\n"); if (verbose) appendPQExpBufferStr(&buf, diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 049801186c..230683a850 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3314,7 +3314,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/meson.build b/src/include/catalog/meson.build index dcb3c5f766..01e92089bf 100644 --- a/src/include/catalog/meson.build +++ b/src/include/catalog/meson.build @@ -83,6 +83,7 @@ bki_data = [ 'pg_collation.dat', 'pg_conversion.dat', 'pg_database.dat', + 'pg_foreign_data_wrapper.dat', 'pg_language.dat', 'pg_namespace.dat', 'pg_opclass.dat', diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat index 6b4a0aaaad..8fce457ab1 100644 --- a/src/include/catalog/pg_authid.dat +++ b/src/include/catalog/pg_authid.dat @@ -94,5 +94,10 @@ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', rolpassword => '_null_', rolvaliduntil => '_null_' }, +{ oid => '6123', oid_symbol => 'ROLE_PG_CREATE_CONNECTION', + rolname => 'pg_create_connection', rolsuper => 'f', rolinherit => 't', + rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', + rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', + rolpassword => '_null_', rolvaliduntil => '_null_' }, ] diff --git a/src/include/catalog/pg_foreign_data_wrapper.dat b/src/include/catalog/pg_foreign_data_wrapper.dat new file mode 100644 index 0000000000..7d489bf849 --- /dev/null +++ b/src/include/catalog/pg_foreign_data_wrapper.dat @@ -0,0 +1,22 @@ +#---------------------------------------------------------------------- +# +# pg_foreign_data_wrapper.dat +# Initial contents of the pg_foreign_data_wrapper system catalog. +# +# Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group +# Portions Copyright (c) 1994, Regents of the University of California +# +# src/include/catalog/pg_foreign_data_wrapper.dat +# +#---------------------------------------------------------------------- + +[ + +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', + descr => 'Pseudo FDW for connections to Postgres', + fdwname => 'pg_connection_fdw', fdwowner => 'POSTGRES', + fdwhandler => 'pg_connection_handler', + fdwvalidator => 'pg_connection_validator', + fdwacl => '_null_', fdwoptions => '_null_'}, + +] diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 9052f5262a..8e81e5f6bb 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7516,6 +7516,14 @@ proname => 'postgresql_fdw_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, +{ oid => '6122', descr => '(internal)', + proname => 'pg_connection_handler', prorettype => 'fdw_handler', + proargtypes => '', prosrc => 'pg_connection_handler' }, + +{ oid => '6124', descr => '(internal)', + proname => 'pg_connection_validator', prorettype => 'bool', + proargtypes => '_text oid', prosrc => 'pg_connection_validator' }, + { oid => '2290', descr => 'I/O', proname => 'record_in', provolatile => 's', prorettype => 'record', proargtypes => 'cstring oid int4', prosrc => 'record_in' }, diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index e0b91eacd2..4b83c8ca8b 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -93,9 +93,12 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subrunasowner; /* True if replication should execute as the * subscription owner */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo BKI_FORCE_NULL; /* Set if connecting with + connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 5256d4d91f..7058335d63 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -69,6 +69,7 @@ extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index e494309da8..4b316d4664 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4040,6 +4040,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4048,6 +4049,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4062,6 +4064,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 1dfe23cc1e..b551405a3d 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -25,7 +25,7 @@ CREATE FOREIGN DATA WRAPPER dummy; COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384 ORDER BY 1, 2, 3; fdwname | fdwhandler | fdwvalidator | fdwoptions ------------+------------+--------------------------+------------ dummy | - | - | @@ -394,6 +394,47 @@ CREATE SERVER t2 FOREIGN DATA WRAPPER foo; RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- test SERVER ... FOR CONNECTION ONLY +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: not a member of pg_create_connection +ERROR: permission denied for foreign-data wrapper pg_connection_fdw +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (client_encoding 'foo'); --fails +ERROR: cannot specify client_encoding for pg_connection_fdw +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (user 'foo'); --fails +ERROR: invalid option "user" for pg_connection_fdw +HINT: Specify option "user" for a user mapping associated with the server instead. +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password 'foo'); --fails +ERROR: invalid option "password" for pg_connection_fdw +HINT: Specify option "password" for a user mapping associated with the server instead. +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password_required 'true'); --fails +ERROR: invalid option "password_required" for pg_connection_fdw +HINT: Specify option "password_required" for a user mapping associated with the server instead. +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails +ERROR: schema "bar" does not exist +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- fails +ERROR: password is required +DETAIL: Non-superusers must provide a password in the connection string. +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); -- fails +ERROR: password_required=false is superuser-only for pg_connection_fdw +HINT: User mappings with the password_required option set to false may only be created or modified by the superuser. +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', application_name 'nonsense'); -- fails +ERROR: invalid user mapping option "application_name" for pg_connection_fdw +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +RESET ROLE; +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- still fails +ERROR: password is required +DETAIL: Non-superusers must provide a password in the connection string. +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" @@ -966,13 +1007,14 @@ NOTICE: relation "doesnt_exist_ft1" does not exist, skipping ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; NOTICE: relation "doesnt_exist_ft1" does not exist, skipping -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; - foreign_data_wrapper_catalog | foreign_data_wrapper_name | authorization_identifier | library_name | foreign_data_wrapper_language -------------------------------+---------------------------+---------------------------+--------------+------------------------------- - regression | dummy | regress_foreign_data_user | | c - regression | foo | regress_foreign_data_user | | c - regression | postgresql | regress_foreign_data_user | | c -(3 rows) +SELECT foreign_data_wrapper_catalog,foreign_data_wrapper_name FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; + foreign_data_wrapper_catalog | foreign_data_wrapper_name +------------------------------+--------------------------- + regression | dummy + regression | foo + regression | pg_connection_fdw + regression | postgresql +(4 rows) SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; foreign_data_wrapper_catalog | foreign_data_wrapper_name | option_name | option_value @@ -2186,7 +2228,7 @@ NOTICE: drop cascades to server s0 \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384; fdwname | fdwhandler | fdwvalidator | fdwoptions ---------+------------+--------------+------------ (0 rows) diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b15eddbff3..738f1b1678 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -144,6 +144,44 @@ ERROR: could not connect to the publisher: invalid port number: "-1" ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +RESET SESSION AUTHORIZATION; +REVOKE pg_create_connection FROM pg_create_subscription; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: permission denied to create subscription with a connection string +DETAIL: Only roles with privileges of the "pg_create_connection" role may create subscriptions with CONNECTION specified. +HINT: Create a subscription to a foreign server by specifying SERVER instead. +-- re-grant pg_create_connection to pg_create_subscription +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO pg_create_subscription; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_testsub6; +-- test using a server object instead of connection string +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password_required 'false'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +RESET SESSION AUTHORIZATION; +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +ERROR: user mapping not found for user "regress_subscription_user", server "regress_testserver" +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Synchronous commit | Conninfo | Skip LSN diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index eefb860adc..15a28de9ac 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -36,7 +36,7 @@ COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384 ORDER BY 1, 2, 3; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; @@ -180,6 +180,41 @@ CREATE SERVER t2 FOREIGN DATA WRAPPER foo; RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- test SERVER ... FOR CONNECTION ONLY + +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: not a member of pg_create_connection +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; + +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (client_encoding 'foo'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (user 'foo'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password 'foo'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password_required 'true'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; + +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- fails +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); -- fails +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', application_name 'nonsense'); -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; + +RESET ROLE; +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- still fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); + +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR @@ -453,7 +488,7 @@ ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT foreign_data_wrapper_catalog,foreign_data_wrapper_name FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; @@ -861,6 +896,6 @@ DROP FOREIGN DATA WRAPPER dummy CASCADE; DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 444e563ff3..bef6bc8074 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -88,6 +88,45 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +RESET SESSION AUTHORIZATION; +REVOKE pg_create_connection FROM pg_create_subscription; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +-- re-grant pg_create_connection to pg_create_subscription +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO pg_create_subscription; +SET SESSION AUTHORIZATION regress_subscription_user3; + +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +-- test using a server object instead of connection string + +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password_required 'false'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +RESET SESSION AUTHORIZATION; + +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; + \dRs+ ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 16c7fb94eb..d12c182f16 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -27,6 +27,8 @@ $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins2 AS SELECT generate_series(1,1002) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); @@ -65,6 +67,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_notrep (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins2 (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); $node_subscriber->safe_psql('postgres', @@ -110,6 +113,22 @@ $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr' PUBLICATION tap_pub, tap_pub_ins_only" ); +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_sub2_server OPTIONS (password_required 'false')" +); + +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_simple_pub FOR TABLE tab_ins2"); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub2 SERVER tap_sub2_server PUBLICATION tap_simple_pub" +); + # Wait for initial table sync to finish $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); @@ -121,11 +140,22 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check initial data was copied to subscriber'); +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins2"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 CONNECTION '$publisher_connstr'"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_ins WHERE a > 20"); $node_publisher->safe_psql('postgres', "UPDATE tab_ins SET a = -a"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1,50)"); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 SERVER tap_sub2_server"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_rep SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep WHERE a > 20"); @@ -158,6 +188,10 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_ins"); is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), 'check replicated changes on subscriber'); @@ -449,10 +483,27 @@ $node_publisher->poll_query_until('postgres', or die "Timed out while waiting for apply to restart after changing PUBLICATION"; +# test that changes to a foreign server subscription cause the worker +# to restart +$oldpid = $node_publisher->safe_psql('postgres', + "SELECT pid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" +); +$node_subscriber->safe_psql('postgres', + "ALTER SERVER tap_sub2_server OPTIONS (sslmode 'disable')" +); +$node_publisher->poll_query_until('postgres', + "SELECT pid != $oldpid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" + ) + or die + "Timed out while waiting for apply to restart after changing PUBLICATION"; + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1001,1100)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1001,1100)"); + # Restart the publisher and check the state of the subscriber which # should be in a streaming state after catching up. $node_publisher->stop('fast'); @@ -465,6 +516,11 @@ $result = $node_subscriber->safe_psql('postgres', is($result, qq(1152|1|1100), 'check replicated inserts after subscription publication change'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1152|1|1100), + 'check replicated inserts after subscription publication change'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), @@ -533,6 +589,7 @@ $node_publisher->poll_query_until('postgres', # check all the cleanup $node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub_renamed"); +$node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub2"); $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM pg_subscription"); -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2023-12-31 18:59 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2023-12-31 18:59 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Joe Conway <[email protected]>; pgsql-hackers On Fri, 2023-12-29 at 15:22 -0800, Jeff Davis wrote: > On Tue, 2023-09-05 at 12:08 -0700, Jeff Davis wrote: > > OK, so we could have a built-in FDW called pg_connection that would > > do > > the right kinds of validation; and then also allow other FDWs but > > the > > subscription would have to do its own validation. > > Attached a rough rebased version. Attached a slightly better version which fixes a pg_dump issue and improves the documentation. Regards, Jeff Davis Attachments: [text/x-patch] v4-0001-CREATE-SUBSCRIPTION-.-SERVER.patch (62.6K, 2-v4-0001-CREATE-SUBSCRIPTION-.-SERVER.patch) download | inline diff: From 0b8cb23157b86909d38cc10723f19d94787efed2 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Wed, 23 Aug 2023 10:31:16 -0700 Subject: [PATCH v4] CREATE SUBSCRIPTION ... SERVER. --- doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 16 +- doc/src/sgml/user-manag.sgml | 12 +- src/backend/catalog/Makefile | 1 + src/backend/catalog/pg_subscription.c | 17 +- src/backend/catalog/system_functions.sql | 2 + src/backend/commands/subscriptioncmds.c | 197 ++++++++++++++-- src/backend/foreign/foreign.c | 214 ++++++++++++++++++ src/backend/parser/gram.y | 20 ++ src/backend/replication/logical/worker.c | 12 +- src/bin/pg_dump/pg_dump.c | 63 +++++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/describe.c | 2 +- src/bin/psql/tab-complete.c | 2 +- src/include/catalog/meson.build | 1 + src/include/catalog/pg_authid.dat | 5 + .../catalog/pg_foreign_data_wrapper.dat | 22 ++ src/include/catalog/pg_proc.dat | 8 + src/include/catalog/pg_subscription.h | 5 +- src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/foreign_data.out | 60 ++++- src/test/regress/expected/subscription.out | 38 ++++ src/test/regress/sql/foreign_data.sql | 41 +++- src/test/regress/sql/subscription.sql | 39 ++++ src/test/subscription/t/001_rep_changes.pl | 57 +++++ 26 files changed, 804 insertions(+), 53 deletions(-) create mode 100644 src/include/catalog/pg_foreign_data_wrapper.dat diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d36ff0dc9..6d219145a9 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -94,13 +95,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index f1c20b3a46..8cf67516cf 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> @@ -363,6 +372,11 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl The default is <literal>true</literal>. Only superusers can set this value to <literal>false</literal>. </para> + <para> + Only allowed when using a connection string. If using a foreign + server, specify <literal>password_required</literal> as part of the + user mapping for the foreign server, instead. + </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 92a299d2d3..4f4c20ba3c 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -687,11 +687,19 @@ DROP ROLE doomed_role; <entry>Allow use of connection slots reserved via <xref linkend="guc-reserved-connections"/>.</entry> </row> + <row> + <entry>pg_create_connection</entry> + <entry>Allow users to specify a connection string directly in <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>.</entry> + </row> <row> <entry>pg_create_subscription</entry> <entry>Allow users with <literal>CREATE</literal> permission on the - database to issue - <link linkend="sql-createsubscription"><command>CREATE SUBSCRIPTION</command></link>.</entry> + database to issue <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>. This role is a member of + <literal>pg_create_connection</literal>.</entry> </row> </tbody> </tgroup> diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile index ec7b6f5362..365c956dea 100644 --- a/src/backend/catalog/Makefile +++ b/src/backend/catalog/Makefile @@ -136,6 +136,7 @@ POSTGRES_BKI_DATA = $(addprefix $(top_srcdir)/src/include/catalog/,\ pg_collation.dat \ pg_conversion.dat \ pg_database.dat \ + pg_foreign_data_wrapper.dat \ pg_language.dat \ pg_namespace.dat \ pg_opclass.dat \ diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index d6a978f136..f5c4ec8d99 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -23,6 +23,7 @@ #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "storage/lmgr.h" @@ -75,10 +76,18 @@ GetSubscription(Oid subid, bool missing_ok) sub->runasowner = subform->subrunasowner; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index 4206752881..e1abda41ba 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -781,3 +781,5 @@ GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; GRANT pg_stat_scan_tables TO pg_monitor; + +GRANT pg_create_connection TO pg_create_subscription; diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index edc82c11be..c46900182e 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -574,6 +577,8 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; + Oid umid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -594,6 +599,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, SUBOPT_RUN_AS_OWNER | SUBOPT_ORIGIN); parse_subscription_options(pstate, stmt->options, supported_opts, &opts); + if (IsSet(opts.specified_opts, SUBOPT_PASSWORD_REQUIRED) && stmt->servername) + ereport(ERROR, + (errcode(ERRCODE_SYNTAX_ERROR), + errmsg("option \"password_required\" invalid on subscriptions to a foreign server"), + errhint("Use the \"password_required\" option on the user mappings associated with the foreign server."))); + /* * Since creating a replication slot is not transactional, rolling back * the transaction leaves the created replication slot. So we cannot run @@ -604,9 +615,9 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, PreventInTransactionBlock(isTopLevel, "CREATE SUBSCRIPTION ... WITH (create_slot = true)"); /* - * We don't want to allow unprivileged users to be able to trigger - * attempts to access arbitrary network destinations, so require the user - * to have been specifically authorized to create subscriptions. + * We don't want to allow unprivileged users to utilize the resources that + * a subscription requires (such as a background worker), so require the + * user to have been specifically authorized to create subscriptions. */ if (!has_privs_of_role(owner, ROLE_PG_CREATE_SUBSCRIPTION)) ereport(ERROR, @@ -666,14 +677,54 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); - /* Check the connection info string. */ - walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + if (stmt->servername) + { + ForeignServer *server; + UserMapping *um; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + um = GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + umid = um->umid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + /* + * We don't want to allow unprivileged users to be able to trigger + * attempts to access arbitrary network destinations, so require the user + * to have been specifically authorized to create connections. + */ + if (!has_privs_of_role(owner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create subscription with a connection string"), + errdetail("Only roles with privileges of the \"%s\" role may create subscriptions with CONNECTION specified.", + "pg_create_connection"), + errhint("Create a subscription to a foreign server by specifying SERVER instead."))); + + /* Check the connection info string. */ + walrcv_check_conninfo(stmt->conninfo, opts.passwordrequired && !superuser()); + + serverid = InvalidOid; + umid = InvalidOid; + conninfo = stmt->conninfo; + } + + publications = stmt->publication; /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); @@ -697,8 +748,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subdisableonerr - 1] = BoolGetDatum(opts.disableonerr); values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -719,6 +774,20 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid) && OidIsValid(umid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -835,8 +904,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1124,6 +1191,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1191,6 +1260,12 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, if (IsSet(opts.specified_opts, SUBOPT_PASSWORD_REQUIRED)) { + if (OidIsValid(form->subserver)) + ereport(ERROR, + (errcode(ERRCODE_SYNTAX_ERROR), + errmsg("option \"password_required\" invalid on subscriptions to a foreign server"), + errhint("Use the \"password_required\" option on the user mappings associated with the foreign server."))); + /* Non-superuser may not disable password_required. */ if (!opts.passwordrequired && !superuser()) ereport(ERROR, @@ -1244,7 +1319,77 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + UserMapping *new_um; + ObjectAddress referenced; + AclResult aclresult; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + new_server->servername); + + new_um = GetUserMapping(form->subowner, new_server->serverid); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, new_um->umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1455,8 +1600,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1541,9 +1684,17 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1644,6 +1795,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ @@ -1853,6 +2005,17 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) aclcheck_error(aclresult, OBJECT_DATABASE, get_database_name(MyDatabaseId)); + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + UserMapping *new_um = GetUserMapping(newOwnerId, form->subserver); + + if (changeDependencyFor(SubscriptionRelationId, form->oid, + UserMappingRelationId, old_um->umid, new_um->umid) != 1) + elog(ERROR, "could not change user mapping dependency for subscription %u", + form->oid); + } + form->subowner = newOwnerId; CatalogTupleUpdate(rel, &tup->t_self, tup); diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index fc3edef2a8..5a800fc48f 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -18,11 +18,14 @@ #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" #include "catalog/pg_user_mapping.h" +#include "commands/defrem.h" #include "foreign/fdwapi.h" #include "foreign/foreign.h" #include "funcapi.h" #include "lib/stringinfo.h" +#include "mb/pg_wchar.h" #include "miscadmin.h" +#include "replication/walreceiver.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" @@ -190,6 +193,94 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Escape a connection option value. Helper for options_to_connstr(). + */ +static char * +escape_value(char *val) +{ + StringInfoData result; + + initStringInfo(&result); + + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(&result, '\\'); + appendStringInfoChar(&result, val[i]); + } + + return result.data; +} + + +/* + * Helper for ForeignServerConnectionString() and pg_connection_validator(). + * + * Transform a List of DefElem into a connection string. + * + * XXX: might leak memory, investigate + */ +static char * +options_to_connstr(List *options) +{ + StringInfoData connstr; + ListCell *lc; + bool first = true; + + initStringInfo(&connstr); + foreach(lc, options) + { + DefElem *d = (DefElem *) lfirst(lc); + char *name = d->defname; + char *value; + + /* not a libpq option; skip */ + if (strcmp(name, "password_required") == 0) + continue; + + /* XXX: pfree() result of defGetString() if needed? */ + value = escape_value(defGetString(d)); + + appendStringInfo(&connstr, "%s%s = '%s'", + first ? "" : " ", name, value); + first = false; + + pfree(value); + } + + /* override client_encoding */ + appendStringInfo(&connstr, "%sclient_encoding = '%s'", + first ? "" : " ", GetDatabaseEncodingName()); + + return connstr.data; +} + + +/* + * Given a user ID and server ID, return a postgres connection string suitable + * to pass to libpq. + * + * XXX: might leak memory, investigate + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + ForeignServer *server = GetForeignServer(serverid); + UserMapping *um = GetUserMapping(userid, serverid); + List *options = list_concat(um->options, server->options); + char *connstr; + + connstr = options_to_connstr(options); + + pfree(server); + pfree(um); + list_free(options); + + return connstr; +} + + /* * GetUserMapping - look up the user mapping. * @@ -599,6 +690,129 @@ is_conninfo_option(const char *option, Oid context) return false; } +/* + * pg_connection_handler + * + * pg_connection_fdw is not used for foreign tables, so the handler should + * never be called. + */ +Datum +pg_connection_handler(PG_FUNCTION_ARGS) +{ + elog(ERROR, "pg_connection_handler unexpectedly called"); +} + +/* + * Option validator for CREATE SERVER ... FOR CONNECTION ONLY. + * + * XXX: try to unify with validators for CREATE SUBSCRIPTION ... CONNECTION, + * postgres_fdw, and dblink. Also investigate if memory leaks are a problem + * here. + */ +Datum +pg_connection_validator(PG_FUNCTION_ARGS) +{ + List *options_list = untransformRelOptions(PG_GETARG_DATUM(0)); + Oid catalog = PG_GETARG_OID(1); + + if (catalog == ForeignServerRelationId) + { + char *conninfo; + ListCell *lc; + + foreach(lc, options_list) + { + DefElem *d = (DefElem *) lfirst(lc); + + if (strcmp(d->defname, "client_encoding") == 0) + ereport(ERROR, + (errmsg("cannot specify client_encoding for pg_connection_fdw"))); + + if (strcmp(d->defname, "user") == 0 || + strcmp(d->defname, "password") == 0 || + strcmp(d->defname, "sslpassword") == 0 || + strcmp(d->defname, "password_required") == 0) + ereport(ERROR, + (errmsg("invalid option \"%s\" for pg_connection_fdw", + d->defname), + errhint("Specify option \"%s\" for a user mapping associated with the server instead.", + d->defname))); + } + + conninfo = options_to_connstr(options_list); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + walrcv_check_conninfo(conninfo, false); + } + else if (catalog == UserMappingRelationId) + { + bool password_required = true; + bool password_provided = false; + ListCell *lc; + + foreach(lc, options_list) + { + DefElem *d = (DefElem *) lfirst(lc); + + if (strcmp(d->defname, "password_required") == 0) + { + /* + * Only the superuser may set this option on a user mapping, or + * alter a user mapping on which this option is set. We allow a + * user to clear this option if it's set - in fact, we don't have + * a choice since we can't see the old mapping when validating an + * alter. + */ + if (!superuser() && !defGetBoolean(d)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("password_required=false is superuser-only for pg_connection_fdw"), + errhint("User mappings with the password_required option set to false may only be created or modified by the superuser."))); + + password_required = defGetBoolean(d); + } + + if ((strcmp(d->defname, "sslkey") == 0 || strcmp(d->defname, "sslcert") == 0) && !superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("sslcert and sslkey are superuser-only for pg_connection_fdw"), + errhint("User mappings with the sslcert or sslkey options set may only be created or modified by the superuser."))); + + if (strcmp(d->defname, "password") == 0) + password_provided = true; + + if (strcmp(d->defname, "user") != 0 && + strcmp(d->defname, "password") != 0 && + strcmp(d->defname, "sslpassword") != 0 && + strcmp(d->defname, "sslkey") != 0 && + strcmp(d->defname, "sslcert") != 0 && + strcmp(d->defname, "password_required") != 0) + ereport(ERROR, + (errmsg("invalid user mapping option \"%s\" for pg_connection_fdw", + d->defname))); + } + + if (password_required && !password_provided) + ereport(ERROR, + (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED), + errmsg("password is required"), + errdetail("Non-superusers must provide a password in the connection string."))); + } + else if (catalog == ForeignTableRelationId) + ereport(ERROR, + (errmsg("cannot create foreign table using a pg_connection_fdw server"), + errhint("Use the server with CREATE SUBSCRIPTION instead."))); + else if (catalog == AttributeRelationId) + elog(ERROR, "unexpected call to pg_connection_validator for pg_attribute catalog"); + else + elog(ERROR, "unexpected call to pg_connection_validator for catalog %d", catalog); + + + PG_RETURN_BOOL(true); +} + /* * Validate the generic option given to SERVER or USER MAPPING. diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 63f172e175..259b5ca42b 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -10638,6 +10638,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10667,6 +10677,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 21abf34ef7..be63ab5a5d 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -4003,7 +4003,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4639,6 +4641,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 050a831226..b0664b6bbb 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -2066,6 +2066,27 @@ selectDumpableStatisticsObject(StatsExtInfo *sobj, Archive *fout) sobj->dobj.dump = DUMP_COMPONENT_NONE; } +/* + * selectDumpableFdw: policy-setting subroutine + * Mark foreign data wrapper as to be dumped or not + * + * Froeign Data Wrappers do not belong to any particular namespace. To + * identify built-in foreign data wrappers, we must resort to checking whether + * the method's OID is in the range reserved for initdb. + */ +static void +selectDumpableFdw(FdwInfo *fdwinfo, Archive *fout) +{ + if (checkExtensionMembership(&fdwinfo->dobj, fout)) + return; /* extension membership overrides all else */ + + if (fdwinfo->dobj.catId.oid <= (Oid) g_last_builtin_oid) + fdwinfo->dobj.dump = DUMP_COMPONENT_NONE; + else + fdwinfo->dobj.dump = fout->dopt->include_everything ? + DUMP_COMPONENT_ALL : DUMP_COMPONENT_NONE; +} + /* * selectDumpableObject: policy-setting subroutine * Mark a generic dumpable object as to be dumped or not @@ -4633,6 +4654,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4693,18 +4715,27 @@ getSubscriptions(Archive *fout) appendPQExpBufferStr(query, " s.subpasswordrequired,\n" " s.subrunasowner,\n" - " s.suborigin\n"); + " s.suborigin,\n"); else appendPQExpBuffer(query, " 't' AS subpasswordrequired,\n" " 't' AS subrunasowner,\n" - " '%s' AS suborigin\n", + " '%s' AS suborigin,\n", LOGICALREP_ORIGIN_ANY); - appendPQExpBufferStr(query, - "FROM pg_subscription s\n" - "WHERE s.subdbid = (SELECT oid FROM pg_database\n" - " WHERE datname = current_database())"); + if (fout->remoteVersion >= 170000) + appendPQExpBufferStr(query, + " fs.srvname AS subservername\n" + "FROM pg_subscription s LEFT JOIN \n" + "pg_foreign_server fs ON s.subserver = fs.oid\n" + "WHERE s.subdbid = (SELECT oid FROM pg_database\n" + " WHERE datname = current_database())"); + else + appendPQExpBufferStr(query, + " NULL AS subservername\n" + "FROM pg_subscription s\n" + "WHERE s.subdbid = (SELECT oid FROM pg_database\n" + " WHERE datname = current_database())"); res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK); @@ -4724,6 +4755,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4741,7 +4773,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -4804,9 +4839,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) @@ -9513,7 +9556,7 @@ getForeignDataWrappers(Archive *fout, int *numForeignDataWrappers) fdwinfo[i].fdwoptions = pg_strdup(PQgetvalue(res, i, i_fdwoptions)); /* Decide whether we want to dump it */ - selectDumpableObject(&(fdwinfo[i].dobj), fout); + selectDumpableFdw(&fdwinfo[i], fout); /* Mark whether FDW has an ACL */ if (!PQgetisnull(res, i, i_fdwacl)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 673ca5c92d..0a94b9b7ae 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -667,6 +667,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c index 5077e7b358..fb4ea96968 100644 --- a/src/bin/psql/describe.c +++ b/src/bin/psql/describe.c @@ -5793,7 +5793,7 @@ listForeignDataWrappers(const char *pattern, bool verbose) gettext_noop("Description")); } - appendPQExpBufferStr(&buf, "\nFROM pg_catalog.pg_foreign_data_wrapper fdw\n"); + appendPQExpBufferStr(&buf, "\nFROM (SELECT tableoid, * FROM pg_catalog.pg_foreign_data_wrapper WHERE oid>=16384) fdw\n"); if (verbose) appendPQExpBufferStr(&buf, diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 049801186c..230683a850 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3314,7 +3314,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/meson.build b/src/include/catalog/meson.build index dcb3c5f766..01e92089bf 100644 --- a/src/include/catalog/meson.build +++ b/src/include/catalog/meson.build @@ -83,6 +83,7 @@ bki_data = [ 'pg_collation.dat', 'pg_conversion.dat', 'pg_database.dat', + 'pg_foreign_data_wrapper.dat', 'pg_language.dat', 'pg_namespace.dat', 'pg_opclass.dat', diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat index 6b4a0aaaad..8fce457ab1 100644 --- a/src/include/catalog/pg_authid.dat +++ b/src/include/catalog/pg_authid.dat @@ -94,5 +94,10 @@ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', rolpassword => '_null_', rolvaliduntil => '_null_' }, +{ oid => '6123', oid_symbol => 'ROLE_PG_CREATE_CONNECTION', + rolname => 'pg_create_connection', rolsuper => 'f', rolinherit => 't', + rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', + rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', + rolpassword => '_null_', rolvaliduntil => '_null_' }, ] diff --git a/src/include/catalog/pg_foreign_data_wrapper.dat b/src/include/catalog/pg_foreign_data_wrapper.dat new file mode 100644 index 0000000000..7d489bf849 --- /dev/null +++ b/src/include/catalog/pg_foreign_data_wrapper.dat @@ -0,0 +1,22 @@ +#---------------------------------------------------------------------- +# +# pg_foreign_data_wrapper.dat +# Initial contents of the pg_foreign_data_wrapper system catalog. +# +# Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group +# Portions Copyright (c) 1994, Regents of the University of California +# +# src/include/catalog/pg_foreign_data_wrapper.dat +# +#---------------------------------------------------------------------- + +[ + +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', + descr => 'Pseudo FDW for connections to Postgres', + fdwname => 'pg_connection_fdw', fdwowner => 'POSTGRES', + fdwhandler => 'pg_connection_handler', + fdwvalidator => 'pg_connection_validator', + fdwacl => '_null_', fdwoptions => '_null_'}, + +] diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 9052f5262a..8e81e5f6bb 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7516,6 +7516,14 @@ proname => 'postgresql_fdw_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, +{ oid => '6122', descr => '(internal)', + proname => 'pg_connection_handler', prorettype => 'fdw_handler', + proargtypes => '', prosrc => 'pg_connection_handler' }, + +{ oid => '6124', descr => '(internal)', + proname => 'pg_connection_validator', prorettype => 'bool', + proargtypes => '_text oid', prosrc => 'pg_connection_validator' }, + { oid => '2290', descr => 'I/O', proname => 'record_in', provolatile => 's', prorettype => 'record', proargtypes => 'cstring oid int4', prosrc => 'record_in' }, diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index e0b91eacd2..4b83c8ca8b 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -93,9 +93,12 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subrunasowner; /* True if replication should execute as the * subscription owner */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo BKI_FORCE_NULL; /* Set if connecting with + connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 5256d4d91f..7058335d63 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -69,6 +69,7 @@ extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index e494309da8..4b316d4664 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4040,6 +4040,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4048,6 +4049,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4062,6 +4064,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 1dfe23cc1e..b551405a3d 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -25,7 +25,7 @@ CREATE FOREIGN DATA WRAPPER dummy; COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384 ORDER BY 1, 2, 3; fdwname | fdwhandler | fdwvalidator | fdwoptions ------------+------------+--------------------------+------------ dummy | - | - | @@ -394,6 +394,47 @@ CREATE SERVER t2 FOREIGN DATA WRAPPER foo; RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- test SERVER ... FOR CONNECTION ONLY +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: not a member of pg_create_connection +ERROR: permission denied for foreign-data wrapper pg_connection_fdw +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (client_encoding 'foo'); --fails +ERROR: cannot specify client_encoding for pg_connection_fdw +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (user 'foo'); --fails +ERROR: invalid option "user" for pg_connection_fdw +HINT: Specify option "user" for a user mapping associated with the server instead. +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password 'foo'); --fails +ERROR: invalid option "password" for pg_connection_fdw +HINT: Specify option "password" for a user mapping associated with the server instead. +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password_required 'true'); --fails +ERROR: invalid option "password_required" for pg_connection_fdw +HINT: Specify option "password_required" for a user mapping associated with the server instead. +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails +ERROR: schema "bar" does not exist +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- fails +ERROR: password is required +DETAIL: Non-superusers must provide a password in the connection string. +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); -- fails +ERROR: password_required=false is superuser-only for pg_connection_fdw +HINT: User mappings with the password_required option set to false may only be created or modified by the superuser. +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', application_name 'nonsense'); -- fails +ERROR: invalid user mapping option "application_name" for pg_connection_fdw +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +RESET ROLE; +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- still fails +ERROR: password is required +DETAIL: Non-superusers must provide a password in the connection string. +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" @@ -966,13 +1007,14 @@ NOTICE: relation "doesnt_exist_ft1" does not exist, skipping ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; NOTICE: relation "doesnt_exist_ft1" does not exist, skipping -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; - foreign_data_wrapper_catalog | foreign_data_wrapper_name | authorization_identifier | library_name | foreign_data_wrapper_language -------------------------------+---------------------------+---------------------------+--------------+------------------------------- - regression | dummy | regress_foreign_data_user | | c - regression | foo | regress_foreign_data_user | | c - regression | postgresql | regress_foreign_data_user | | c -(3 rows) +SELECT foreign_data_wrapper_catalog,foreign_data_wrapper_name FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; + foreign_data_wrapper_catalog | foreign_data_wrapper_name +------------------------------+--------------------------- + regression | dummy + regression | foo + regression | pg_connection_fdw + regression | postgresql +(4 rows) SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; foreign_data_wrapper_catalog | foreign_data_wrapper_name | option_name | option_value @@ -2186,7 +2228,7 @@ NOTICE: drop cascades to server s0 \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384; fdwname | fdwhandler | fdwvalidator | fdwoptions ---------+------------+--------------+------------ (0 rows) diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b15eddbff3..738f1b1678 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -144,6 +144,44 @@ ERROR: could not connect to the publisher: invalid port number: "-1" ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +RESET SESSION AUTHORIZATION; +REVOKE pg_create_connection FROM pg_create_subscription; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: permission denied to create subscription with a connection string +DETAIL: Only roles with privileges of the "pg_create_connection" role may create subscriptions with CONNECTION specified. +HINT: Create a subscription to a foreign server by specifying SERVER instead. +-- re-grant pg_create_connection to pg_create_subscription +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO pg_create_subscription; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_testsub6; +-- test using a server object instead of connection string +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password_required 'false'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +RESET SESSION AUTHORIZATION; +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +ERROR: user mapping not found for user "regress_subscription_user", server "regress_testserver" +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Synchronous commit | Conninfo | Skip LSN diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index eefb860adc..15a28de9ac 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -36,7 +36,7 @@ COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384 ORDER BY 1, 2, 3; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; @@ -180,6 +180,41 @@ CREATE SERVER t2 FOREIGN DATA WRAPPER foo; RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- test SERVER ... FOR CONNECTION ONLY + +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: not a member of pg_create_connection +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; + +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (client_encoding 'foo'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (user 'foo'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password 'foo'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (password_required 'true'); --fails +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; + +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- fails +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); -- fails +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', application_name 'nonsense'); -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; + +RESET ROLE; +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x'); -- still fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password_required 'false'); + +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR @@ -453,7 +488,7 @@ ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT foreign_data_wrapper_catalog,foreign_data_wrapper_name FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; @@ -861,6 +896,6 @@ DROP FOREIGN DATA WRAPPER dummy CASCADE; DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE oid >= 16384; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 444e563ff3..bef6bc8074 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -88,6 +88,45 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +RESET SESSION AUTHORIZATION; +REVOKE pg_create_connection FROM pg_create_subscription; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +-- re-grant pg_create_connection to pg_create_subscription +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO pg_create_subscription; +SET SESSION AUTHORIZATION regress_subscription_user3; + +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +-- test using a server object instead of connection string + +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password_required 'false'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +RESET SESSION AUTHORIZATION; + +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; + \dRs+ ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 16c7fb94eb..d12c182f16 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -27,6 +27,8 @@ $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins2 AS SELECT generate_series(1,1002) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); @@ -65,6 +67,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_notrep (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins2 (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); $node_subscriber->safe_psql('postgres', @@ -110,6 +113,22 @@ $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr' PUBLICATION tap_pub, tap_pub_ins_only" ); +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_sub2_server OPTIONS (password_required 'false')" +); + +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_simple_pub FOR TABLE tab_ins2"); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub2 SERVER tap_sub2_server PUBLICATION tap_simple_pub" +); + # Wait for initial table sync to finish $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); @@ -121,11 +140,22 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check initial data was copied to subscriber'); +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins2"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 CONNECTION '$publisher_connstr'"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_ins WHERE a > 20"); $node_publisher->safe_psql('postgres', "UPDATE tab_ins SET a = -a"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1,50)"); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 SERVER tap_sub2_server"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_rep SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep WHERE a > 20"); @@ -158,6 +188,10 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_ins"); is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), 'check replicated changes on subscriber'); @@ -449,10 +483,27 @@ $node_publisher->poll_query_until('postgres', or die "Timed out while waiting for apply to restart after changing PUBLICATION"; +# test that changes to a foreign server subscription cause the worker +# to restart +$oldpid = $node_publisher->safe_psql('postgres', + "SELECT pid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" +); +$node_subscriber->safe_psql('postgres', + "ALTER SERVER tap_sub2_server OPTIONS (sslmode 'disable')" +); +$node_publisher->poll_query_until('postgres', + "SELECT pid != $oldpid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" + ) + or die + "Timed out while waiting for apply to restart after changing PUBLICATION"; + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1001,1100)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1001,1100)"); + # Restart the publisher and check the state of the subscriber which # should be in a streaming state after catching up. $node_publisher->stop('fast'); @@ -465,6 +516,11 @@ $result = $node_subscriber->safe_psql('postgres', is($result, qq(1152|1|1100), 'check replicated inserts after subscription publication change'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1152|1|1100), + 'check replicated inserts after subscription publication change'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), @@ -533,6 +589,7 @@ $node_publisher->poll_query_until('postgres', # check all the cleanup $node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub_renamed"); +$node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub2"); $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM pg_subscription"); -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-02 09:44 Bharath Rupireddy <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Bharath Rupireddy @ 2024-01-02 09:44 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, Jan 1, 2024 at 12:29 AM Jeff Davis <[email protected]> wrote: > > On Fri, 2023-12-29 at 15:22 -0800, Jeff Davis wrote: > > On Tue, 2023-09-05 at 12:08 -0700, Jeff Davis wrote: > > > OK, so we could have a built-in FDW called pg_connection that would > > > do > > > the right kinds of validation; and then also allow other FDWs but > > > the > > > subscription would have to do its own validation. > > > > Attached a rough rebased version. > > Attached a slightly better version which fixes a pg_dump issue and > improves the documentation. Hi, I spent some time today reviewing the v4 patch and below are my comments. BTW, the patch needs a rebase due to commit 9a17be1e2. 1. + /* + * We don't want to allow unprivileged users to be able to trigger + * attempts to access arbitrary network destinations, so require the user + * to have been specifically authorized to create connections. + */ + if (!has_privs_of_role(owner, ROLE_PG_CREATE_CONNECTION)) Can the pg_create_connection predefined role related code be put into a separate 0001 patch? I think this can go in a separate commit. 2. Can one use {FDW, user_mapping, foreign_server} combo other than the built-in pg_connection_fdw? If yes, why to allow say oracle_fdw foreign server and user mapping with logical replication? Isn't this a security concern? 3. I'd like to understand how the permission model works with this feature amidst various users a) subscription owner b) table owner c) FDW owner d) user mapping owner e) foreign server owner f) superuser g) user with which logical replication bg workers (table sync, {parallel} apply workers) are started up and running. What if foreign server owner doesn't have permissions on the table being applied by logical replication bg workers? What if foreign server owner is changed with ALTER SERVER ... OWNER TO when logical replication is in-progress? What if the owner of {FDW, user_mapping, foreign_server} is different from a subscription owner with USAGE privilege granted? Can the subscription still use the foreign server? 4. How does the invalidation of {FDW, user_mapping, foreign_server} affect associated subscription and vice-versa? 5. What if the password is changed in user mapping with ALTER USER MAPPING? Will it refresh the subscription so that all the logical replication workers get restarted with new connection info? 6. How does this feature fit if a subscription is created with run_as_owner? Will it check if the table owner has permissions to use {FDW, user_mapping, foreign_server} comob? 7. + if (strcmp(d->defname, "user") == 0 || + strcmp(d->defname, "password") == 0 || + strcmp(d->defname, "sslpassword") == 0 || + strcmp(d->defname, "password_required") == 0) + ereport(ERROR, + (errmsg("invalid option \"%s\" for pg_connection_fdw", + ereport(ERROR, + (errmsg("invalid user mapping option \"%s\" for pg_connection_fdw", + d->defname))); Can we emit an informative error message and hint using initClosestMatch, updateClosestMatch, getClosestMatch similar to other FDWs elsewhere in the code? 8. + errmsg("password is required"), + errdetail("Non-superusers must provide a password in the connection string."))); The error message and detail look generic, can it be improved to include something about pg_connection_fdw? 9. +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', + descr => 'Pseudo FDW for connections to Postgres', + fdwname => 'pg_connection_fdw', fdwowner => 'POSTGRES', What if the database cluster is initialized with an owner different than 'POSTGRES' at the time of initdb? Will the fdwowner be correct in that case? 10. +# src/include/catalog/pg_foreign_data_wrapper.dat +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', Do we want to REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM PUBLIC and REVOKE EXECUTE ON its handler functions? With this, the permissions are granted explicitly to the foreign server/user mapping creators. 11. How about splitting patches in the following manner for better manageability (all of which can go as separate commits) of this feature? 0001 for pg_create_connection predefined role per comment #1. 0002 for introducing in-built FDW pg_connection_fdw. 0003 utilizing in-built FDW for logical replication to provide CREATE SUBSCRIPTION ... SERVER. -- Bharath Rupireddy PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-05 00:56 Jeff Davis <[email protected]> parent: Bharath Rupireddy <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-01-05 00:56 UTC (permalink / raw) To: Bharath Rupireddy <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, 2024-01-02 at 15:14 +0530, Bharath Rupireddy wrote: > Can the pg_create_connection predefined role related code be put into > a separate 0001 patch? I think this can go in a separate commit. Done (see below for details). > 2. Can one use {FDW, user_mapping, foreign_server} combo other than > the built-in pg_connection_fdw? Yes, you can use any FDW for which you have USAGE privileges, passes the validations, and provides enough of the expected fields to form a connection string. There was some discussion on this point already. Initially, I implemented it with more catalog and grammar support, which improved error checking, but others objected that the grammar wasn't worth it and that it was too inflexible. See: https://www.postgresql.org/message-id/172273.1693403385%40sss.pgh.pa.us https://www.postgresql.org/message-id/CAExHW5unvpDv6yMSmqurHP7Du1PqoJFWVxeK-4YNm5EnoNJiSQ%40mail.gma... > If yes, why to allow say oracle_fdw > foreign server and user mapping with logical replication? Isn't this > a > security concern? A user would need USAGE privileges on that other FDW and also must be a member of pg_create_subscription. In v16, a user with such privileges would already be able to create such connection by specifying the raw connection string, so that's not a new risk with my proposal. > 3. I'd like to understand how the permission model works with this > feature amidst various users a) subscription owner b) table owner c) > FDW owner d) user mapping owner e) foreign server owner f) superuser > g) user with which logical replication bg workers (table sync, > {parallel} apply workers) are started up and running. (a) The subscription owner is only relevant if the subscription is created with run_as_owner=true, in which case the logical worker applies the changes with the privileges of the subscription owner. [No change.] (b) The table owner is only relevant if the subscription is created with run_as_owner=false (default), in which case the logical worker applies the changes with the privileges of the table owner. [No change.] (c) The FDW owner is irrelevant, though the creator of a foreign server must have USAGE privileges on it. [No change.] (d) User mappings do not have owners. [No change.] (e) The foreign server owner is irrelevant, but USAGE privileges on the foreign server are needed to create a subscription to it. [New behavior.] (f) Not sure what you mean here, but superusers can do anything. [No change.] (g) The actual user the process runs as is still the subscription owner. If run_as_owner=false, the actions are performed as the table owner; if run_as_owner=true, the actions are performed as the subscription owner. [No change.] There are only two actual changes to the model: 1. Users with USAGE privileges on a foreign server can create subscriptions using that foreign server instead of a connection string (they still need to be a member of pg_create_subscription). 2. I created a conceptual separation of privileges between pg_create_subscription and pg_create_connection; though by default pg_create_subscription has exactly the same capabilities as before. There is no behavior change unless the administrator revokes pg_create_connection from pg_create_subscription. I'd like to also add the capability for subscriptions to a server to use a passwordless connection as long as the server is trusted somehow. The password_required subscription option is already fairly complex, so we'd need to come up with a sensible way for those options to interact. > What if foreign server owner doesn't have permissions on the table > being applied by logical replication bg workers? The owner of the foreign server is irrelevant -- only the USAGE privileges on that foreign server matter, and only when it comes to creating subscriptions. > What if foreign server owner is changed with ALTER SERVER ... OWNER > TO > when logical replication is in-progress? That should have no effect as long as the USAGE priv is still present. Note that if the owner of the *subscription* changes, it may find a different user mapping. > What if the owner of {FDW, user_mapping, foreign_server} is > different > from a subscription owner with USAGE privilege granted? Can the > subscription still use the foreign server? Yes. > 4. How does the invalidation of {FDW, user_mapping, foreign_server} > affect associated subscription and vice-versa? If the user mapping or foreign server change, it causes the apply worker to re-build the connection string from those objects and restart if something important changed. If the FDW changes I don't think that matters. > 5. What if the password is changed in user mapping with ALTER USER > MAPPING? Will it refresh the subscription so that all the logical > replication workers get restarted with new connection info? Yes. Notice the subscription_change_cb. That's actually one of the nice features -- if your connection info changes, update it in one place to affect all subscriptions to that server. > 6. How does this feature fit if a subscription is created with > run_as_owner? Will it check if the table owner has permissions to use > {FDW, user_mapping, foreign_server} comob? See above. > Can we emit an informative error message and hint using > initClosestMatch, updateClosestMatch, getClosestMatch similar to > other > FDWs elsewhere in the code? Done. > 8. > + errmsg("password is required"), > + errdetail("Non-superusers must provide a > password in the connection string."))); > > The error message and detail look generic, can it be improved to > include something about pg_connection_fdw? I believe this is addressed after some refactoring -- the FDW itself doesn't try to validate that a password exists, because we can't rely on that anyway (someone can use an FDW with no validation or different validation). Instead, the subscription does this validation. Note that there is an unrelated hole in the way the subscription does the validation of password_required, which will be addressed separately as a part of this other thread: https://www.postgresql.org/message-id/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com > 9. > +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', > + descr => 'Pseudo FDW for connections to Postgres', > + fdwname => 'pg_connection_fdw', fdwowner => 'POSTGRES', > > What if the database cluster is initialized with an owner different > than 'POSTGRES' at the time of initdb? Will the fdwowner be correct > in > that case? Thank you, I changed it to use the conventional BKI_DEFAULT(POSTGRES) instead. (The previous way worked, but was not consistent with existing patterns.) > 10. > +# src/include/catalog/pg_foreign_data_wrapper.dat > +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', > > Do we want to REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw > FROM PUBLIC The FDW doesn't have USAGE privileges by default so we don't need to revoke them. > and REVOKE EXECUTE ON its handler functions? It has no handler function. I don't see a reason to restrict privileges on postgresql_fdw_validator(); it seems useful for testing/debugging. > 11. How about splitting patches in the following manner for better > manageability (all of which can go as separate commits) of this > feature? > 0001 for pg_create_connection predefined role per comment #1. > 0002 for introducing in-built FDW pg_connection_fdw. > 0003 utilizing in-built FDW for logical replication to provide CREATE > SUBSCRIPTION ... SERVER. Good suggestion, though I split it a bit differently: 0001: fix postgresql_fdw_validator to use libpq options via walrcv method. This is appropriate for looser validation that doesn't try to check for password_required or that a password is set -- that's left up to the subscription. 0002: built-in pg_connection_fdw, also includes code for validation and transforming into a connection string. This creates a lot of test diffs in foreign_data.out because I need to exclude the built in FDW (it's owned by the bootstrap supseruser which is not a stable username). It would be nice if there was a way to use a negative-matching regex in a psql \dew+ command -- something like "(?!pg_)*" -- but I couldn't find a way to do that because "(?...)" seems to not work in psql. Let me know if you know a trick to do so. 0003: CREATE SUBSCRIPTION... SERVER. 0004: Add pg_create_connection role. Regards, Jeff Davis Attachments: [text/x-patch] v5-0001-Fix-postgresql_fdw_validator-to-use-full-libpq-op.patch (8.5K, 2-v5-0001-Fix-postgresql_fdw_validator-to-use-full-libpq-op.patch) download | inline diff: From 5cd100aca49c23357b7fda02187cd59dc6df4da9 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Thu, 4 Jan 2024 12:15:54 -0800 Subject: [PATCH v5 1/4] Fix postgresql_fdw_validator to use full libpq options list. Extend the walrcv_ API to retrieve the options list from libpq, and use that for postgresql_fdw_validator(). Un-deprecate it. --- src/backend/foreign/foreign.c | 67 +++++++------------ .../libpqwalreceiver/libpqwalreceiver.c | 47 +++++++++++++ src/include/replication/walreceiver.h | 20 ++++++ 3 files changed, 90 insertions(+), 44 deletions(-) diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 02e1898131..747cc11a60 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -23,6 +23,7 @@ #include "funcapi.h" #include "lib/stringinfo.h" #include "miscadmin.h" +#include "replication/walreceiver.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" @@ -549,40 +550,6 @@ pg_options_to_table(PG_FUNCTION_ARGS) } -/* - * Describes the valid options for postgresql FDW, server, and user mapping. - */ -struct ConnectionOption -{ - const char *optname; - Oid optcontext; /* Oid of catalog in which option may appear */ -}; - -/* - * Copied from fe-connect.c PQconninfoOptions. - * - * The list is small - don't bother with bsearch if it stays so. - */ -static const struct ConnectionOption libpq_conninfo_options[] = { - {"authtype", ForeignServerRelationId}, - {"service", ForeignServerRelationId}, - {"user", UserMappingRelationId}, - {"password", UserMappingRelationId}, - {"connect_timeout", ForeignServerRelationId}, - {"dbname", ForeignServerRelationId}, - {"host", ForeignServerRelationId}, - {"hostaddr", ForeignServerRelationId}, - {"port", ForeignServerRelationId}, - {"tty", ForeignServerRelationId}, - {"options", ForeignServerRelationId}, - {"requiressl", ForeignServerRelationId}, - {"sslmode", ForeignServerRelationId}, - {"gsslib", ForeignServerRelationId}, - {"gssdelegation", ForeignServerRelationId}, - {NULL, InvalidOid} -}; - - /* * Check if the provided option is one of libpq conninfo options. * context is the Oid of the catalog the option came from, or 0 if we @@ -593,9 +560,23 @@ is_conninfo_option(const char *option, Oid context) { const struct ConnectionOption *opt; - for (opt = libpq_conninfo_options; opt->optname; opt++) - if (context == opt->optcontext && strcmp(opt->optname, option) == 0) - return true; + /* skip options that must be overridden */ + if (strcmp(option, "client_encoding") == 0) + return false; + + for (opt = walrcv_conninfo_options(); opt->optname; opt++) + { + if (strcmp(opt->optname, option) == 0) + { + if (opt->isdebug) + return false; + + if (opt->issecret || strcmp(opt->optname, "user") == 0) + return (context == UserMappingRelationId); + + return (context == ForeignServerRelationId); + } + } return false; } @@ -606,11 +587,6 @@ is_conninfo_option(const char *option, Oid context) * * Valid server options are all libpq conninfo options except * user and password -- these may only appear in USER MAPPING options. - * - * Caution: this function is deprecated, and is now meant only for testing - * purposes, because the list of options it knows about doesn't necessarily - * square with those known to whichever libpq instance you might be using. - * Inquire of libpq itself, instead. */ Datum postgresql_fdw_validator(PG_FUNCTION_ARGS) @@ -620,6 +596,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) ListCell *cell; + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + foreach(cell, options_list) { DefElem *def = lfirst(cell); @@ -636,9 +615,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) * with a valid option that looks similar, if there is one. */ initClosestMatch(&match_state, def->defname, 4); - for (opt = libpq_conninfo_options; opt->optname; opt++) + for (opt = walrcv_conninfo_options(); opt->optname; opt++) { - if (catalog == opt->optcontext) + if (is_conninfo_option(opt->optname, catalog)) { has_valid_options = true; updateClosestMatch(&match_state, opt->optname); diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index c9748539aa..2c4c440126 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -53,6 +53,7 @@ static WalReceiverConn *libpqrcv_connect(const char *conninfo, const char *appname, char **err); static void libpqrcv_check_conninfo(const char *conninfo, bool must_use_password); +static const struct ConnectionOption *libpqrcv_conninfo_options(void); static char *libpqrcv_get_conninfo(WalReceiverConn *conn); static void libpqrcv_get_senderinfo(WalReceiverConn *conn, char **sender_host, int *sender_port); @@ -86,6 +87,7 @@ static void libpqrcv_disconnect(WalReceiverConn *conn); static WalReceiverFunctionsType PQWalReceiverFunctions = { .walrcv_connect = libpqrcv_connect, .walrcv_check_conninfo = libpqrcv_check_conninfo, + .walrcv_conninfo_options = libpqrcv_conninfo_options, .walrcv_get_conninfo = libpqrcv_get_conninfo, .walrcv_get_senderinfo = libpqrcv_get_senderinfo, .walrcv_identify_system = libpqrcv_identify_system, @@ -284,6 +286,51 @@ libpqrcv_check_conninfo(const char *conninfo, bool must_use_password) PQconninfoFree(opts); } +static const struct ConnectionOption * +libpqrcv_conninfo_options(void) +{ + static struct ConnectionOption *connection_options = NULL; + struct ConnectionOption *popt; + PQconninfoOption *conndefaults; + PQconninfoOption *lopt; + int num_libpq_opts = 0; + + if (connection_options) + return connection_options; + + conndefaults = PQconndefaults(); + for (lopt = conndefaults; lopt->keyword; lopt++) + num_libpq_opts++; + + connection_options = MemoryContextAlloc( + TopMemoryContext, + sizeof(struct ConnectionOption) * (num_libpq_opts + 1)); + + popt = connection_options; + for (lopt = conndefaults; lopt->keyword; lopt++) + { + popt->issecret = false; + popt->isdebug = false; + + if (strchr(lopt->dispchar, '*')) + popt->issecret = true; + else if (strchr(lopt->dispchar, 'D')) + popt->isdebug = true; + + popt->optname = MemoryContextStrdup(TopMemoryContext, + lopt->keyword); + popt++; + } + + popt->optname = NULL; + popt->issecret = false; + popt->isdebug = false; + + PQconninfoFree(conndefaults); + + return connection_options; +} + /* * Return a user-displayable conninfo string. Any security-sensitive fields * are obfuscated. diff --git a/src/include/replication/walreceiver.h b/src/include/replication/walreceiver.h index 0899891cdb..541377e095 100644 --- a/src/include/replication/walreceiver.h +++ b/src/include/replication/walreceiver.h @@ -223,6 +223,16 @@ typedef struct WalRcvExecResult TupleDesc tupledesc; } WalRcvExecResult; +/* + * Describes the valid options for postgresql FDW, server, and user mapping. + */ +struct ConnectionOption +{ + const char *optname; + bool issecret; /* is option for a password? */ + bool isdebug; /* is option a debug option? */ +}; + /* WAL receiver - libpqwalreceiver hooks */ /* @@ -250,6 +260,13 @@ typedef WalReceiverConn *(*walrcv_connect_fn) (const char *conninfo, typedef void (*walrcv_check_conninfo_fn) (const char *conninfo, bool must_use_password); +/* + * walrcv_conninfo_options_fn + * + * Return a pointer to a static array of the available options from libpq. + */ +typedef const struct ConnectionOption *(*walrcv_conninfo_options_fn) (void); + /* * walrcv_get_conninfo_fn * @@ -389,6 +406,7 @@ typedef struct WalReceiverFunctionsType { walrcv_connect_fn walrcv_connect; walrcv_check_conninfo_fn walrcv_check_conninfo; + walrcv_conninfo_options_fn walrcv_conninfo_options; walrcv_get_conninfo_fn walrcv_get_conninfo; walrcv_get_senderinfo_fn walrcv_get_senderinfo; walrcv_identify_system_fn walrcv_identify_system; @@ -410,6 +428,8 @@ extern PGDLLIMPORT WalReceiverFunctionsType *WalReceiverFunctions; WalReceiverFunctions->walrcv_connect(conninfo, logical, must_use_password, appname, err) #define walrcv_check_conninfo(conninfo, must_use_password) \ WalReceiverFunctions->walrcv_check_conninfo(conninfo, must_use_password) +#define walrcv_conninfo_options() \ + WalReceiverFunctions->walrcv_conninfo_options() #define walrcv_get_conninfo(conn) \ WalReceiverFunctions->walrcv_get_conninfo(conn) #define walrcv_get_senderinfo(conn, sender_host, sender_port) \ -- 2.34.1 [text/x-patch] v5-0002-Add-built-in-foreign-data-wrapper-pg_connection_f.patch (124.9K, 3-v5-0002-Add-built-in-foreign-data-wrapper-pg_connection_f.patch) download | inline diff: From 7f4426da0e840a515a207d00d36fed8837792702 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:33:28 -0800 Subject: [PATCH v5 2/4] Add built-in foreign data wrapper pg_connection_fdw. In preparation for CREATE SUBSCRIPTION ... SERVER. --- doc/src/sgml/func.sgml | 19 + src/backend/catalog/Makefile | 1 + src/backend/foreign/foreign.c | 145 ++++ src/bin/pg_dump/pg_dump.c | 23 +- src/include/catalog/meson.build | 1 + .../catalog/pg_foreign_data_wrapper.dat | 21 + src/include/catalog/pg_foreign_data_wrapper.h | 4 +- src/include/catalog/pg_proc.dat | 4 + src/include/foreign/foreign.h | 2 + src/test/regress/expected/foreign_data.out | 760 +++++++++--------- src/test/regress/sql/foreign_data.sql | 276 ++++--- 11 files changed, 770 insertions(+), 486 deletions(-) create mode 100644 src/include/catalog/pg_foreign_data_wrapper.dat diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index cec21e42c0..83a573f8d1 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -27877,6 +27877,25 @@ postgres=# SELECT '0/0'::pg_lsn + pd.segment_number * ps.setting::int + :offset </para></entry> </row> + <row> + <entry role="func_table_entry"><para role="func_signature"> + <indexterm> + <primary>pg_conninfo_from_server</primary> + </indexterm> + <function>pg_conninfo_from_server</function> ( <parameter>servername</parameter> <type>text</type>, <parameter>username</parameter> <type>text</type>, <parameter>append_overrides</parameter> <type>boolean</type> ) + <returnvalue>text</returnvalue> + </para> + <para> + Returns connection string generated from the options for the server + and user mapping associated with the given + <replaceable>servername</replaceable> and + <replaceable>username</replaceable>. If + <replaceable>append_overrides</replaceable> is + <literal>true</literal>, it appends override parameters necessary for + making connections from the server. + </para></entry> + </row> + <row> <entry id="pg-logical-emit-message" role="func_table_entry"><para role="func_signature"> <indexterm> diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile index d6b23b4bfd..756a052a70 100644 --- a/src/backend/catalog/Makefile +++ b/src/backend/catalog/Makefile @@ -136,6 +136,7 @@ POSTGRES_BKI_DATA = $(addprefix $(top_srcdir)/src/include/catalog/,\ pg_collation.dat \ pg_conversion.dat \ pg_database.dat \ + pg_foreign_data_wrapper.dat \ pg_language.dat \ pg_namespace.dat \ pg_opclass.dat \ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 747cc11a60..fd1b644d72 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -18,18 +18,22 @@ #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" #include "catalog/pg_user_mapping.h" +#include "commands/defrem.h" #include "foreign/fdwapi.h" #include "foreign/foreign.h" #include "funcapi.h" #include "lib/stringinfo.h" +#include "mb/pg_wchar.h" #include "miscadmin.h" #include "replication/walreceiver.h" +#include "utils/acl.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" #include "utils/syscache.h" #include "utils/varlena.h" +static bool is_conninfo_option(const char *option, Oid context); /* * GetForeignDataWrapper - look up the foreign-data wrapper by OID. @@ -191,6 +195,115 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + + +/* + * Helper for ForeignServerConnectionString() and pg_connection_validator(). + * + * Transform a List of DefElem into a connection string. + */ +static char * +options_to_conninfo(List *options, bool append_overrides) +{ + StringInfoData str; + ListCell *lc; + bool first = true; + + initStringInfo(&str); + foreach(lc, options) + { + DefElem *d = (DefElem *) lfirst(lc); + char *name = d->defname; + char *value; + + /* ignore unknown options */ + if (!is_conninfo_option(name, ForeignServerRelationId) && + !is_conninfo_option(name, UserMappingRelationId)) + continue; + + value = defGetString(d); + + appendStringInfo(&str, "%s%s = ", + first ? "" : " ", name); + appendEscapedValue(&str, value); + first = false; + } + + /* override client_encoding */ + if (append_overrides) + { + appendStringInfo(&str, "%sclient_encoding = ", + first ? "" : " "); + appendEscapedValue(&str, GetDatabaseEncodingName()); + } + + return str.data; +} + + +/* + * Given a user ID and server ID, return a postgres connection string suitable + * to pass to libpq. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid, bool append_overrides) +{ + static MemoryContext tmpcontext = NULL; + ForeignServer *server; + UserMapping *um; + List *options; + char *conninfo; + MemoryContext oldcontext; + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + /* + * Use a temporary context rather than trying to track individual + * allocations in GetForeignServer() and GetUserMapping(). + */ + if (tmpcontext == NULL) + tmpcontext = AllocSetContextCreate(TopMemoryContext, + "temp context for building connection string", + ALLOCSET_DEFAULT_SIZES); + + oldcontext = MemoryContextSwitchTo(tmpcontext); + + server = GetForeignServer(serverid); + um = GetUserMapping(userid, serverid); + + /* user mapping options override server options */ + options = list_concat(server->options, um->options); + + conninfo = options_to_conninfo(options, append_overrides); + + /* copy only conninfo into the current context */ + MemoryContextSwitchTo(oldcontext); + + conninfo = pstrdup(conninfo); + + MemoryContextReset(tmpcontext); + + return conninfo; +} + + /* * GetUserMapping - look up the user mapping. * @@ -580,6 +693,38 @@ is_conninfo_option(const char *option, Oid context) return false; } +/* + * pg_conninfo_from_server + * + * Extract connection string from the given foreign server. + */ +Datum +pg_conninfo_from_server(PG_FUNCTION_ARGS) +{ + char *server_name = text_to_cstring(PG_GETARG_TEXT_P(0)); + char *user_name = text_to_cstring(PG_GETARG_TEXT_P(1)); + bool append_overrides = PG_GETARG_BOOL(2); + Oid serverid = get_foreign_server_oid(server_name, false); + Oid userid = get_role_oid_or_public(user_name); + AclResult aclresult; + char *conninfo; + + /* if the specified userid is not PUBLIC, check SET ROLE privileges */ + if (userid != ACL_ID_PUBLIC) + check_can_set_role(GetUserId(), userid); + + /* ACL check on foreign server */ + aclresult = object_aclcheck(ForeignServerRelationId, serverid, + GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server_name); + + conninfo = ForeignServerConnectionString(userid, serverid, + append_overrides); + + PG_RETURN_TEXT_P(cstring_to_text(conninfo)); +} + /* * Validate the generic option given to SERVER or USER MAPPING. diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 22d1e6cf92..7b9c79005e 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -2067,6 +2067,27 @@ selectDumpableStatisticsObject(StatsExtInfo *sobj, Archive *fout) sobj->dobj.dump = DUMP_COMPONENT_NONE; } +/* + * selectDumpableFdw: policy-setting subroutine + * Mark foreign data wrapper as to be dumped or not + * + * Froeign Data Wrappers do not belong to any particular namespace. To + * identify built-in foreign data wrappers, we must resort to checking whether + * the method's OID is in the range reserved for initdb. + */ +static void +selectDumpableFdw(FdwInfo *fdwinfo, Archive *fout) +{ + if (checkExtensionMembership(&fdwinfo->dobj, fout)) + return; /* extension membership overrides all else */ + + if (fdwinfo->dobj.catId.oid <= (Oid) g_last_builtin_oid) + fdwinfo->dobj.dump = DUMP_COMPONENT_NONE; + else + fdwinfo->dobj.dump = fout->dopt->include_everything ? + DUMP_COMPONENT_ALL : DUMP_COMPONENT_NONE; +} + /* * selectDumpableObject: policy-setting subroutine * Mark a generic dumpable object as to be dumped or not @@ -9732,7 +9753,7 @@ getForeignDataWrappers(Archive *fout, int *numForeignDataWrappers) fdwinfo[i].fdwoptions = pg_strdup(PQgetvalue(res, i, i_fdwoptions)); /* Decide whether we want to dump it */ - selectDumpableObject(&(fdwinfo[i].dobj), fout); + selectDumpableFdw(&fdwinfo[i], fout); /* Mark whether FDW has an ACL */ if (!PQgetisnull(res, i, i_fdwacl)) diff --git a/src/include/catalog/meson.build b/src/include/catalog/meson.build index 2bcbe327cf..c87533c9b2 100644 --- a/src/include/catalog/meson.build +++ b/src/include/catalog/meson.build @@ -83,6 +83,7 @@ bki_data = [ 'pg_collation.dat', 'pg_conversion.dat', 'pg_database.dat', + 'pg_foreign_data_wrapper.dat', 'pg_language.dat', 'pg_namespace.dat', 'pg_opclass.dat', diff --git a/src/include/catalog/pg_foreign_data_wrapper.dat b/src/include/catalog/pg_foreign_data_wrapper.dat new file mode 100644 index 0000000000..ef68fe5966 --- /dev/null +++ b/src/include/catalog/pg_foreign_data_wrapper.dat @@ -0,0 +1,21 @@ +#---------------------------------------------------------------------- +# +# pg_foreign_data_wrapper.dat +# Initial contents of the pg_foreign_data_wrapper system catalog. +# +# Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group +# Portions Copyright (c) 1994, Regents of the University of California +# +# src/include/catalog/pg_foreign_data_wrapper.dat +# +#---------------------------------------------------------------------- + +[ + +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', + descr => 'Pseudo FDW for connections to Postgres', + fdwname => 'pg_connection_fdw', + fdwvalidator => 'postgresql_fdw_validator', + fdwacl => '_null_', fdwoptions => '_null_'}, + +] diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index 5e39e4b42f..a78707fb59 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -30,8 +30,8 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) { Oid oid; /* oid */ NameData fdwname; /* foreign-data wrapper name */ - Oid fdwowner BKI_LOOKUP(pg_authid); /* FDW owner */ - Oid fdwhandler BKI_LOOKUP_OPT(pg_proc); /* handler function, or 0 + Oid fdwowner BKI_DEFAULT(POSTGRES) BKI_LOOKUP(pg_authid); /* FDW owner */ + Oid fdwhandler BKI_DEFAULT(0) BKI_LOOKUP_OPT(pg_proc); /* handler function, or 0 * if none */ Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 7979392776..b251775dbb 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7516,6 +7516,10 @@ proname => 'postgresql_fdw_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, +{ oid => '6123', descr => 'extract connection string from the given foreign server', + proname => 'pg_conninfo_from_server', prorettype => 'text', + proargtypes => 'text text bool', prosrc => 'pg_conninfo_from_server' }, + { oid => '2290', descr => 'I/O', proname => 'record_in', provolatile => 's', prorettype => 'record', proargtypes => 'cstring oid int4', prosrc => 'record_in' }, diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100..b5b9b97f4d 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -69,6 +69,8 @@ extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid, + bool append_overrides); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 1dfe23cc1e..d51e83ff92 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -21,15 +21,15 @@ CREATE ROLE regress_test_role2; CREATE ROLE regress_test_role_super SUPERUSER; CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER dummy; -COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER regress_dummy; +COMMENT ON FOREIGN DATA WRAPPER regress_dummy IS 'useless'; +CREATE FOREIGN DATA WRAPPER regress_postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; - fdwname | fdwhandler | fdwvalidator | fdwoptions -------------+------------+--------------------------+------------ - dummy | - | - | - postgresql | - | postgresql_fdw_validator | +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%' ORDER BY 1, 2, 3; + fdwname | fdwhandler | fdwvalidator | fdwoptions +--------------------+------------+--------------------------+------------ + regress_dummy | - | - | + regress_postgresql | - | postgresql_fdw_validator | (2 rows) SELECT srvname, srvoptions FROM pg_foreign_server; @@ -43,180 +43,180 @@ SELECT * FROM pg_user_mapping; (0 rows) -- CREATE FOREIGN DATA WRAPPER -CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist -CREATE FOREIGN DATA WRAPPER foo; -\dew - List of foreign-data wrappers - Name | Owner | Handler | Validator -------------+---------------------------+---------+-------------------------- - dummy | regress_foreign_data_user | - | - - foo | regress_foreign_data_user | - | - - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator +CREATE FOREIGN DATA WRAPPER regress_foo; +\dew regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator +--------------------+---------------------------+---------+-------------------------- + regress_dummy | regress_foreign_data_user | - | - + regress_foo | regress_foreign_data_user | - | - + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator (3 rows) -CREATE FOREIGN DATA WRAPPER foo; -- duplicate -ERROR: foreign-data wrapper "foo" already exists -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo; -- duplicate +ERROR: foreign-data wrapper "regress_foo" already exists +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (testing '1') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', testing '2'); -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', testing '2'); -- ERROR ERROR: option "testing" provided more than once -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', another '2'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; SET ROLE regress_test_role; -CREATE FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foo" +CREATE FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foo" HINT: Must be superuser to create a foreign-data wrapper. RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -- HANDLER related checks CREATE FUNCTION invalid_fdw_handler() RETURNS int LANGUAGE SQL AS 'SELECT 1;'; -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER invalid_fdw_handler; -- ERROR ERROR: function invalid_fdw_handler must return type fdw_handler -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR ERROR: conflicting or redundant options -LINE 1: ...GN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER in... +LINE 1: ...WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER in... ^ -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler; -DROP FOREIGN DATA WRAPPER test_fdw; +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler; +DROP FOREIGN DATA WRAPPER regress_test_fdw; -- ALTER FOREIGN DATA WRAPPER -ALTER FOREIGN DATA WRAPPER foo OPTIONS (nonexistent 'fdw'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (nonexistent 'fdw'); -- ERROR ERROR: invalid option "nonexistent" HINT: There are no valid options in this context. -ALTER FOREIGN DATA WRAPPER foo; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo; -- ERROR ERROR: syntax error at or near ";" -LINE 1: ALTER FOREIGN DATA WRAPPER foo; - ^ -ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR +LINE 1: ALTER FOREIGN DATA WRAPPER regress_foo; + ^ +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist -ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo NO VALIDATOR; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (SET c '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '1', b '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (SET c '4'); -- ERROR ERROR: option "c" not found -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP c); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP c); -- ERROR ERROR: option "c" not found -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (a '1', b '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD x '1', DROP x); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (a '1', b '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP a, SET b '3', ADD c '4'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (b '4'); -- ERROR ERROR: option "b" provided more than once -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) SET ROLE regress_test_role; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR -ERROR: permission denied to change owner of foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role; -- ERROR +ERROR: permission denied to change owner of foreign-data wrapper "regress_foo" HINT: The owner of a foreign-data wrapper must be a superuser. -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role_super; +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role_super; ALTER ROLE regress_test_role_super NOSUPERUSER; SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD e '6'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD e '6'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. RESET ROLE; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo RENAME TO regress_foo1; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; +ALTER FOREIGN DATA WRAPPER regress_foo1 RENAME TO regress_foo; -- HANDLER related checks -ALTER FOREIGN DATA WRAPPER foo HANDLER invalid_fdw_handler; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER invalid_fdw_handler; -- ERROR ERROR: function invalid_fdw_handler must return type fdw_handler -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER anything; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER anything; -- ERROR ERROR: conflicting or redundant options -LINE 1: ...FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER an... +LINE 1: ...DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER an... ^ -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler; +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler; WARNING: changing the foreign-data wrapper handler can change behavior of existing foreign tables DROP FUNCTION invalid_fdw_handler(); -- DROP FOREIGN DATA WRAPPER @@ -224,52 +224,52 @@ DROP FOREIGN DATA WRAPPER nonexistent; -- ERROR ERROR: foreign-data wrapper "nonexistent" does not exist DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; NOTICE: foreign-data wrapper "nonexistent" does not exist, skipping -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) DROP ROLE regress_test_role_super; -- ERROR ERROR: role "regress_test_role_super" cannot be dropped because some objects depend on it -DETAIL: owner of foreign-data wrapper foo +DETAIL: owner of foreign-data wrapper regress_foo SET ROLE regress_test_role_super; -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; RESET ROLE; DROP ROLE regress_test_role_super; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (2 rows) -CREATE FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; +CREATE FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; COMMENT ON SERVER s1 IS 'foreign server'; CREATE USER MAPPING FOR current_user SERVER s1; CREATE USER MAPPING FOR current_user SERVER s1; -- ERROR ERROR: user mapping for "regress_foreign_data_user" already exists for server "s1" CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE NOTICE: user mapping for "regress_foreign_data_user" already exists for server "s1", skipping -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+------+---------+-------------+---------------- - s1 | regress_foreign_data_user | foo | | | | | foreign server + s1 | regress_foreign_data_user | regress_foo | | | | | foreign server (1 row) \deu+ @@ -279,25 +279,25 @@ NOTICE: user mapping for "regress_foreign_data_user" already exists for server s1 | regress_foreign_data_user | (1 row) -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: cannot drop foreign-data wrapper foo because other objects depend on it -DETAIL: server s1 depends on foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: cannot drop foreign-data wrapper regress_foo because other objects depend on it +DETAIL: server s1 depends on foreign-data wrapper regress_foo user mapping for regress_foreign_data_user on server s1 depends on server s1 HINT: Use DROP ... CASCADE to drop the dependent objects too. SET ROLE regress_test_role; -DROP FOREIGN DATA WRAPPER foo CASCADE; -- ERROR -ERROR: must be owner of foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo RESET ROLE; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to server s1 drop cascades to user mapping for regress_foreign_data_user on server s1 -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (2 rows) \des+ @@ -313,87 +313,125 @@ drop cascades to user mapping for regress_foreign_data_user on server s1 (0 rows) -- exercise CREATE SERVER -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: foreign-data wrapper "foo" does not exist -CREATE FOREIGN DATA WRAPPER foo OPTIONS ("test wrapper" 'true'); -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: foreign-data wrapper "regress_foo" does not exist +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS ("test wrapper" 'true'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR ERROR: server "s1" already exists -CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER foo; -- No ERROR, just NOTICE +CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER regress_foo; -- No ERROR, just NOTICE NOTICE: server "s1" already exists, skipping -CREATE SERVER s2 FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER foo; -CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER foo; -CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (foo '1'); -- ERROR +CREATE SERVER s2 FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (foo '1'); -- ERROR ERROR: invalid option "foo" -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (host 'localhost', dbname 's8db'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (host 'localhost', dbname 's8db'); \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | (8 rows) SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; -- ERROR: no usage on FDW -ERROR: permission denied for foreign-data wrapper foo +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; -- ERROR: no usage on FDW +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; RESET ROLE; \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | (9 rows) -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_test_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- +-- test pg_connection_fdw +-- +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +ERROR: invalid option "client_encoding" +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +ERROR: invalid option "nonsense" +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +ERROR: invalid option "password" +\set VERBOSITY default +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', port '5432'); +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail +ERROR: invalid option "host" +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password 'secret2'); +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + pg_conninfo_from_server +------------------------------------------------------------------ + host = 'thehost' port = '5432' user = 'role' password = 'secret' +(1 row) + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + pg_conninfo_from_server +------------------------------------------------------------------------- + host = 'thehost' port = '5432' user = 'publicuser' password = 'secret2' +(1 row) + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" @@ -410,18 +448,18 @@ GRANT USAGE ON FOREIGN SERVER s6 TO regress_test_role2 WITH GRANT OPTION; List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 1.0 | (servername 's1') | + s1 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 1.0 | (servername 's1') | | | | regress_test_role=U/regress_foreign_data_user | | | | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) SET ROLE regress_test_role; @@ -435,7 +473,7 @@ GRANT regress_test_role2 TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 VERSION '1.1'; ALTER SERVER s1 OWNER TO regress_test_role2; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; ALTER SERVER s8 OPTIONS (foo '1'); -- ERROR option validation ERROR: invalid option "foo" @@ -448,29 +486,29 @@ GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; DROP ROLE regress_test_indirect; -- ERROR ERROR: role "regress_test_indirect" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper foo +DETAIL: privileges for foreign-data wrapper regress_foo owner of server s1 \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+--------------------------------------+------------- - s1 | regress_test_indirect | foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s1 | regress_test_indirect | regress_foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (dbname 'db1', connect_timeout '30') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (dbname 'db1', connect_timeout '30') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) ALTER SERVER s8 RENAME to s8new; @@ -478,17 +516,17 @@ ALTER SERVER s8 RENAME to s8new; List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description -------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+--------------------------------------+------------- - s1 | regress_test_indirect | foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s1 | regress_test_indirect | regress_foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8new | regress_foreign_data_user | postgresql | | | | (dbname 'db1', connect_timeout '30') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8new | regress_foreign_data_user | regress_postgresql | | | | (dbname 'db1', connect_timeout '30') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) ALTER SERVER s8new RENAME to s8; @@ -501,16 +539,16 @@ NOTICE: server "nonexistent" does not exist, skipping List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s1 | regress_test_indirect | foo - s2 | regress_foreign_data_user | foo - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s1 | regress_test_indirect | regress_foo + s2 | regress_foreign_data_user | regress_foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (10 rows) SET ROLE regress_test_role; @@ -522,15 +560,15 @@ RESET ROLE; List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s2 | regress_foreign_data_user | foo - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s2 | regress_foreign_data_user | regress_foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (9 rows) ALTER SERVER s2 OWNER TO regress_test_role; @@ -541,14 +579,14 @@ RESET ROLE; List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (8 rows) CREATE USER MAPPING FOR current_user SERVER s3; @@ -569,13 +607,13 @@ NOTICE: drop cascades to user mapping for regress_foreign_data_user on server s List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (7 rows) \deu @@ -690,7 +728,7 @@ DROP SERVER s7; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; -CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; +CREATE SERVER s0 FOREIGN DATA WRAPPER regress_dummy; CREATE FOREIGN TABLE ft1 (); -- ERROR ERROR: syntax error at or near ";" LINE 1: CREATE FOREIGN TABLE ft1 (); @@ -758,9 +796,9 @@ CREATE INDEX id_ft1_c2 ON ft1 (c2); -- ERROR ERROR: cannot create index on relation "ft1" DETAIL: This operation is not supported for foreign tables. SELECT * FROM ft1; -- ERROR -ERROR: foreign-data wrapper "dummy" has no handler +ERROR: foreign-data wrapper "regress_dummy" has no handler EXPLAIN SELECT * FROM ft1; -- ERROR -ERROR: foreign-data wrapper "dummy" has no handler +ERROR: foreign-data wrapper "regress_dummy" has no handler CREATE TABLE lt1 (a INT) PARTITION BY RANGE (a); CREATE FOREIGN TABLE ft_part1 PARTITION OF lt1 FOR VALUES FROM (0) TO (1000) SERVER s0; @@ -966,30 +1004,30 @@ NOTICE: relation "doesnt_exist_ft1" does not exist, skipping ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; NOTICE: relation "doesnt_exist_ft1" does not exist, skipping -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT * FROM information_schema.foreign_data_wrappers WHERE authorization_identifier = 'regress_foreign_data_user' ORDER BY 1, 2; foreign_data_wrapper_catalog | foreign_data_wrapper_name | authorization_identifier | library_name | foreign_data_wrapper_language ------------------------------+---------------------------+---------------------------+--------------+------------------------------- - regression | dummy | regress_foreign_data_user | | c - regression | foo | regress_foreign_data_user | | c - regression | postgresql | regress_foreign_data_user | | c + regression | regress_dummy | regress_foreign_data_user | | c + regression | regress_foo | regress_foreign_data_user | | c + regression | regress_postgresql | regress_foreign_data_user | | c (3 rows) SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; foreign_data_wrapper_catalog | foreign_data_wrapper_name | option_name | option_value ------------------------------+---------------------------+--------------+-------------- - regression | foo | test wrapper | true + regression | regress_foo | test wrapper | true (1 row) SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; foreign_server_catalog | foreign_server_name | foreign_data_wrapper_catalog | foreign_data_wrapper_name | foreign_server_type | foreign_server_version | authorization_identifier ------------------------+---------------------+------------------------------+---------------------------+---------------------+------------------------+--------------------------- - regression | s0 | regression | dummy | | | regress_foreign_data_user - regression | s4 | regression | foo | oracle | | regress_foreign_data_user - regression | s5 | regression | foo | | 15.0 | regress_test_role - regression | s6 | regression | foo | | 16.0 | regress_test_indirect - regression | s8 | regression | postgresql | | | regress_foreign_data_user - regression | t1 | regression | foo | | | regress_test_indirect - regression | t2 | regression | foo | | | regress_test_role + regression | s0 | regression | regress_dummy | | | regress_foreign_data_user + regression | s4 | regression | regress_foo | oracle | | regress_foreign_data_user + regression | s5 | regression | regress_foo | | 15.0 | regress_test_role + regression | s6 | regression | regress_foo | | 16.0 | regress_test_indirect + regression | s8 | regression | regress_postgresql | | | regress_foreign_data_user + regression | t1 | regression | regress_foo | | | regress_test_indirect + regression | t2 | regression | regress_foo | | | regress_test_role (7 rows) SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; @@ -1028,20 +1066,20 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY lower(authorizati regress_test_role | regression | t1 | username | bob (7 rows) -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+---------------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_foreign_data_user | regression | | foo | FOREIGN DATA WRAPPER | USAGE | YES - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_foreign_data_user | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | YES + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (4 rows) -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+---------------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_foreign_data_user | regression | | foo | FOREIGN DATA WRAPPER | USAGE | YES - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_foreign_data_user | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | YES + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (4 rows) @@ -1071,18 +1109,18 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; regress_test_role | regression | t1 | username | bob (5 rows) -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+-----------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (3 rows) -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+-----------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (3 rows) @@ -1098,13 +1136,13 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; RESET ROLE; -- has_foreign_data_wrapper_privilege SELECT has_foreign_data_wrapper_privilege('regress_test_role', - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t @@ -1112,34 +1150,34 @@ SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); SELECT has_foreign_data_wrapper_privilege( (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'foo', 'USAGE'); + (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -SELECT has_foreign_data_wrapper_privilege('foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t @@ -1199,25 +1237,25 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; WARNING: changing the foreign-data wrapper validator can cause the options for dependent objects to become invalid -- Privileges SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foobar" +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foobar" HINT: Must be superuser to create a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_unprivileged_role; -- ERROR -ERROR: permission denied to change owner of foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_unprivileged_role; -- ERROR +ERROR: permission denied to change owner of foreign-data wrapper "regress_foo" HINT: Must be superuser to change owner of a foreign-data wrapper. -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: must be owner of foreign-data wrapper foo -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -ERROR: permission denied for foreign-data wrapper foo -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo ALTER SERVER s4 VERSION '0.5'; -- ERROR ERROR: must be owner of foreign server s4 ALTER SERVER s4 OWNER TO regress_unprivileged_role; -- ERROR @@ -1233,21 +1271,21 @@ ERROR: must be owner of foreign server s6 DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR ERROR: must be owner of foreign server s6 RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_unprivileged_role WITH GRANT OPTION; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_unprivileged_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_unprivileged_role WITH GRANT OPTION; SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foobar" +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foobar" HINT: Must be superuser to create a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: must be owner of foreign-data wrapper foo -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_test_role; -- WARNING -WARNING: no privileges were granted for "postgresql" -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -CREATE SERVER s9 FOREIGN DATA WRAPPER postgresql; +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_test_role; -- WARNING +WARNING: no privileges were granted for "regress_postgresql" +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_postgresql; ALTER SERVER s6 VERSION '0.5'; -- ERROR ERROR: must be owner of foreign server s6 DROP SERVER s6; -- ERROR @@ -1263,15 +1301,15 @@ ERROR: must be owner of foreign server s6 DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR ERROR: must be owner of foreign server s6 RESET ROLE; -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role; -- ERROR +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role; -- ERROR ERROR: dependent privileges exist HINT: Use CASCADE to revoke them too. -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role CASCADE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role CASCADE; SET ROLE regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -ERROR: permission denied for foreign-data wrapper foo -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo ALTER SERVER s9 VERSION '1.1'; GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; CREATE USER MAPPING FOR current_user SERVER s9; @@ -1280,7 +1318,7 @@ NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to user mapping for public on server s9 drop cascades to user mapping for regress_unprivileged_role on server s9 RESET ROLE; -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; GRANT USAGE ON FOREIGN SERVER s9 TO regress_unprivileged_role; SET ROLE regress_unprivileged_role; ALTER SERVER s9 VERSION '1.2'; -- ERROR @@ -1292,7 +1330,7 @@ DROP SERVER s9 CASCADE; -- ERROR ERROR: must be owner of foreign server s9 -- Check visibility of user mapping data SET ROLE regress_test_role; -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret'); CREATE USER MAPPING FOR regress_unprivileged_role SERVER s10 OPTIONS (user 'secret'); -- owner of server can see some option fields @@ -1890,14 +1928,14 @@ DROP TABLE fd_pt1 CASCADE; NOTICE: drop cascades to foreign table ft2 -- IMPORT FOREIGN SCHEMA IMPORT FOREIGN SCHEMA s1 FROM SERVER s9 INTO public; -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 LIMIT TO (t1) FROM SERVER s9 INTO public; --ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 EXCEPT (t1) FROM SERVER s9 INTO public; -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 EXCEPT (t1, t2) FROM SERVER s9 INTO public OPTIONS (option1 'value1', option2 'value2'); -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler -- DROP FOREIGN TABLE DROP FOREIGN TABLE no_table; -- ERROR ERROR: foreign table "no_table" does not exist @@ -2155,13 +2193,13 @@ DROP TABLE temp_parted; DROP SCHEMA foreign_schema CASCADE; DROP ROLE regress_test_role; -- ERROR ERROR: role "regress_test_role" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper foo +DETAIL: privileges for foreign-data wrapper regress_foo privileges for server s4 owner of user mapping for regress_test_role on server s6 DROP SERVER t1 CASCADE; NOTICE: drop cascades to user mapping for public on server t1 DROP USER MAPPING FOR regress_test_role SERVER s6; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; NOTICE: drop cascades to 5 other objects DETAIL: drop cascades to server s4 drop cascades to user mapping for regress_foreign_data_user on server s4 @@ -2176,17 +2214,17 @@ DROP ROLE regress_test_indirect; DROP ROLE regress_test_role; DROP ROLE regress_unprivileged_role; -- ERROR ERROR: role "regress_unprivileged_role" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper postgresql -REVOKE ALL ON FOREIGN DATA WRAPPER postgresql FROM regress_unprivileged_role; +DETAIL: privileges for foreign-data wrapper regress_postgresql +REVOKE ALL ON FOREIGN DATA WRAPPER regress_postgresql FROM regress_unprivileged_role; DROP ROLE regress_unprivileged_role; DROP ROLE regress_test_role2; -DROP FOREIGN DATA WRAPPER postgresql CASCADE; -DROP FOREIGN DATA WRAPPER dummy CASCADE; +DROP FOREIGN DATA WRAPPER regress_postgresql CASCADE; +DROP FOREIGN DATA WRAPPER regress_dummy CASCADE; NOTICE: drop cascades to server s0 \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%'; fdwname | fdwhandler | fdwvalidator | fdwoptions ---------+------------+--------------+------------ (0 rows) diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index eefb860adc..43461de7f9 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -31,155 +31,187 @@ CREATE ROLE regress_test_role_super SUPERUSER; CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER dummy; -COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER regress_dummy; +COMMENT ON FOREIGN DATA WRAPPER regress_dummy IS 'useless'; +CREATE FOREIGN DATA WRAPPER regress_postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%' ORDER BY 1, 2, 3; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; -- CREATE FOREIGN DATA WRAPPER -CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR -CREATE FOREIGN DATA WRAPPER foo; -\dew +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo; +\dew regress_* -CREATE FOREIGN DATA WRAPPER foo; -- duplicate -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); -\dew+ +CREATE FOREIGN DATA WRAPPER regress_foo; -- duplicate +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1'); +\dew+ regress_* -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', testing '2'); -- ERROR -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); -\dew+ +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', testing '2'); -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', another '2'); +\dew+ regress_* -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; SET ROLE regress_test_role; -CREATE FOREIGN DATA WRAPPER foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo; -- ERROR RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; -\dew+ +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; +\dew+ regress_* -- HANDLER related checks CREATE FUNCTION invalid_fdw_handler() RETURNS int LANGUAGE SQL AS 'SELECT 1;'; -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER invalid_fdw_handler; -- ERROR -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler; -DROP FOREIGN DATA WRAPPER test_fdw; +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler; +DROP FOREIGN DATA WRAPPER regress_test_fdw; -- ALTER FOREIGN DATA WRAPPER -ALTER FOREIGN DATA WRAPPER foo OPTIONS (nonexistent 'fdw'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (nonexistent 'fdw'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo; -- ERROR -ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo NO VALIDATOR; +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (SET c '4'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP c); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '1', b '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (SET c '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP c); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD x '1', DROP x); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP a, SET b '3', ADD c '4'); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (b '4'); -- ERROR +\dew+ regress_* SET ROLE regress_test_role; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); -- ERROR SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role_super; +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role_super; ALTER ROLE regress_test_role_super NOSUPERUSER; SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD e '6'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD e '6'); -- ERROR RESET ROLE; -\dew+ +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; -\dew+ -ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; +ALTER FOREIGN DATA WRAPPER regress_foo RENAME TO regress_foo1; +\dew+ regress_* +ALTER FOREIGN DATA WRAPPER regress_foo1 RENAME TO regress_foo; -- HANDLER related checks -ALTER FOREIGN DATA WRAPPER foo HANDLER invalid_fdw_handler; -- ERROR -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER anything; -- ERROR -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler; +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER invalid_fdw_handler; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER anything; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler; DROP FUNCTION invalid_fdw_handler(); -- DROP FOREIGN DATA WRAPPER DROP FOREIGN DATA WRAPPER nonexistent; -- ERROR DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; -\dew+ +\dew+ regress_* DROP ROLE regress_test_role_super; -- ERROR SET ROLE regress_test_role_super; -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; RESET ROLE; DROP ROLE regress_test_role_super; -\dew+ +\dew+ regress_* -CREATE FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; +CREATE FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; COMMENT ON SERVER s1 IS 'foreign server'; CREATE USER MAPPING FOR current_user SERVER s1; CREATE USER MAPPING FOR current_user SERVER s1; -- ERROR CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE -\dew+ +\dew+ regress_* \des+ \deu+ -DROP FOREIGN DATA WRAPPER foo; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR SET ROLE regress_test_role; -DROP FOREIGN DATA WRAPPER foo CASCADE; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; -- ERROR RESET ROLE; -DROP FOREIGN DATA WRAPPER foo CASCADE; -\dew+ +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; +\dew+ regress_* \des+ \deu+ -- exercise CREATE SERVER -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -CREATE FOREIGN DATA WRAPPER foo OPTIONS ("test wrapper" 'true'); -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER foo; -- No ERROR, just NOTICE -CREATE SERVER s2 FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER foo; -CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER foo; -CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (foo '1'); -- ERROR -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (host 'localhost', dbname 's8db'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS ("test wrapper" 'true'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER regress_foo; -- No ERROR, just NOTICE +CREATE SERVER s2 FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (foo '1'); -- ERROR +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (host 'localhost', dbname 's8db'); \des+ SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; -- ERROR: no usage on FDW +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; -- ERROR: no usage on FDW RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; RESET ROLE; \des+ -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_test_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; -- ERROR RESET ROLE; GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; \des+ RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- +-- test pg_connection_fdw +-- + +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +\set VERBOSITY default + +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', port '5432'); + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password 'secret2'); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR @@ -208,7 +240,7 @@ GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; @@ -293,7 +325,7 @@ DROP SERVER s7; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; -CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; +CREATE SERVER s0 FOREIGN DATA WRAPPER regress_dummy; CREATE FOREIGN TABLE ft1 (); -- ERROR CREATE FOREIGN TABLE ft1 () SERVER no_server; -- ERROR CREATE FOREIGN TABLE ft1 ( @@ -453,20 +485,20 @@ ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT * FROM information_schema.foreign_data_wrappers WHERE authorization_identifier = 'regress_foreign_data_user' ORDER BY 1, 2; SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.user_mappings ORDER BY lower(authorization_identifier), 2, 3; SELECT * FROM information_schema.user_mapping_options ORDER BY lower(authorization_identifier), 2, 3, 4; -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; SELECT * FROM information_schema.foreign_tables ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_table_options ORDER BY 1, 2, 3, 4; SET ROLE regress_test_role; SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; DROP USER MAPPING FOR current_user SERVER t1; SET ROLE regress_test_role2; SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; @@ -475,18 +507,18 @@ RESET ROLE; -- has_foreign_data_wrapper_privilege SELECT has_foreign_data_wrapper_privilege('regress_test_role', - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); SELECT has_foreign_data_wrapper_privilege( (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'foo', 'USAGE'); -SELECT has_foreign_data_wrapper_privilege('foo', 'USAGE'); -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); + (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'regress_foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_foo', 'USAGE'); +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); -- has_server_privilege SELECT has_server_privilege('regress_test_role', @@ -508,16 +540,16 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; -- Privileges SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_unprivileged_role; -- ERROR -DROP FOREIGN DATA WRAPPER foo; -- ERROR -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_unprivileged_role; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; -- ERROR ALTER SERVER s4 VERSION '0.5'; -- ERROR ALTER SERVER s4 OWNER TO regress_unprivileged_role; -- ERROR DROP SERVER s4; -- ERROR @@ -527,15 +559,15 @@ ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (gotcha 'true'); -- E DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_unprivileged_role WITH GRANT OPTION; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_unprivileged_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_unprivileged_role WITH GRANT OPTION; SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -DROP FOREIGN DATA WRAPPER foo; -- ERROR -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_test_role; -- WARNING -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -CREATE SERVER s9 FOREIGN DATA WRAPPER postgresql; +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_test_role; -- WARNING +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_postgresql; ALTER SERVER s6 VERSION '0.5'; -- ERROR DROP SERVER s6; -- ERROR GRANT USAGE ON FOREIGN SERVER s6 TO regress_test_role; -- ERROR @@ -546,17 +578,17 @@ ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (gotcha 'true'); -- E DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR RESET ROLE; -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role; -- ERROR -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role CASCADE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role; -- ERROR +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role CASCADE; SET ROLE regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; -- ERROR ALTER SERVER s9 VERSION '1.1'; GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; CREATE USER MAPPING FOR current_user SERVER s9; DROP SERVER s9 CASCADE; RESET ROLE; -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; GRANT USAGE ON FOREIGN SERVER s9 TO regress_unprivileged_role; SET ROLE regress_unprivileged_role; ALTER SERVER s9 VERSION '1.2'; -- ERROR @@ -566,7 +598,7 @@ DROP SERVER s9 CASCADE; -- ERROR -- Check visibility of user mapping data SET ROLE regress_test_role; -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret'); CREATE USER MAPPING FOR regress_unprivileged_role SERVER s10 OPTIONS (user 'secret'); -- owner of server can see some option fields @@ -847,20 +879,20 @@ DROP SCHEMA foreign_schema CASCADE; DROP ROLE regress_test_role; -- ERROR DROP SERVER t1 CASCADE; DROP USER MAPPING FOR regress_test_role SERVER s6; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; DROP SERVER s8 CASCADE; DROP ROLE regress_test_indirect; DROP ROLE regress_test_role; DROP ROLE regress_unprivileged_role; -- ERROR -REVOKE ALL ON FOREIGN DATA WRAPPER postgresql FROM regress_unprivileged_role; +REVOKE ALL ON FOREIGN DATA WRAPPER regress_postgresql FROM regress_unprivileged_role; DROP ROLE regress_unprivileged_role; DROP ROLE regress_test_role2; -DROP FOREIGN DATA WRAPPER postgresql CASCADE; -DROP FOREIGN DATA WRAPPER dummy CASCADE; +DROP FOREIGN DATA WRAPPER regress_postgresql CASCADE; +DROP FOREIGN DATA WRAPPER regress_dummy CASCADE; \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%'; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; -- 2.34.1 [text/x-patch] v5-0003-CREATE-SUSBCRIPTION-.-SERVER.patch (42.1K, 4-v5-0003-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 805f7ab23fabc11c7dc5367412f24a88a8056cf1 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v5 3/4] CREATE SUSBCRIPTION ... SERVER. --- .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 31 ++- src/backend/commands/subscriptioncmds.c | 182 ++++++++++++++++-- src/backend/foreign/foreign.c | 25 +++ src/backend/parser/gram.y | 20 ++ src/backend/replication/logical/worker.c | 12 +- src/bin/pg_dump/pg_dump.c | 27 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.c | 2 +- src/include/catalog/pg_subscription.h | 4 +- src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/foreign_data.out | 14 ++ src/test/regress/expected/subscription.out | 40 ++++ src/test/regress/sql/foreign_data.sql | 17 ++ src/test/regress/sql/subscription.sql | 45 +++++ src/test/subscription/t/001_rep_changes.pl | 57 ++++++ 20 files changed, 497 insertions(+), 28 deletions(-) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index d83f6ae8cb..5ce83bcb91 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 90c8fa4b70..81dac4981c 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d36ff0dc9..6d219145a9 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -94,13 +95,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index f1c20b3a46..5f2c50a31e 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index c516c25ac7..b3cbc170d5 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -20,12 +20,15 @@ #include "access/tableam.h" #include "access/xact.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -75,10 +78,30 @@ GetSubscription(Oid subid, bool missing_ok) sub->runasowner = subform->subrunasowner; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL */ + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + ForeignServerName(subform->subserver)); + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver, + true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 75e6cd8ae3..60287c73e7 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -574,6 +577,8 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; + Oid umid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -666,15 +671,42 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + UserMapping *um; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + um = GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + umid = um->umid; + conninfo = ForeignServerConnectionString(owner, serverid, true); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + umid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -697,8 +729,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subdisableonerr - 1] = BoolGetDatum(opts.disableonerr); values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -719,6 +755,20 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid) && OidIsValid(umid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -835,8 +885,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1124,6 +1172,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1244,7 +1294,89 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + UserMapping *new_um; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + new_server->servername); + + new_um = GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid, + true); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, new_um->umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1455,8 +1587,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1541,9 +1671,25 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + ForeignServerName(form->subserver)); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver, true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1644,6 +1790,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ @@ -1853,6 +2000,17 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) aclcheck_error(aclresult, OBJECT_DATABASE, get_database_name(MyDatabaseId)); + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + UserMapping *new_um = GetUserMapping(newOwnerId, form->subserver); + + if (changeDependencyFor(SubscriptionRelationId, form->oid, + UserMappingRelationId, old_um->umid, new_um->umid) != 1) + elog(ERROR, "could not change user mapping dependency for subscription %u", + form->oid); + } + form->subowner = newOwnerId; CatalogTupleUpdate(rel, &tup->t_self, tup); diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index fd1b644d72..d5d78c347e 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -180,6 +180,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 6b88096e8e..0a024ab637 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -10648,6 +10648,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10677,6 +10687,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 911835c5cb..4cb94a1ee8 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -4003,7 +4003,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4639,6 +4641,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 7b9c79005e..6456416ad3 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4655,6 +4655,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4726,10 +4727,12 @@ getSubscriptions(Archive *fout) LOGICALREP_ORIGIN_ANY); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) - appendPQExpBufferStr(query, " o.remote_lsn AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" " s.subenabled\n"); else - appendPQExpBufferStr(query, " NULL AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" " false AS subenabled\n"); appendPQExpBufferStr(query, @@ -4737,6 +4740,8 @@ getSubscriptions(Archive *fout) if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4762,6 +4767,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4781,7 +4787,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -5007,9 +5016,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 9a34347cfc..d3aaa26861 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -669,6 +669,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 09914165e4..995f4f7f22 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3322,7 +3322,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index ca32625585..74e904b11d 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -93,9 +93,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subrunasowner; /* True if replication should execute as the * subscription owner */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index b5b9b97f4d..a2f04ce9af 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -65,6 +65,7 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index b3181f34ae..6d6b242cec 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4041,6 +4041,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4049,6 +4050,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4063,6 +4065,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index d51e83ff92..6685c134c6 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -432,6 +432,20 @@ SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false) DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: no permissions on FDW +ERROR: permission denied for foreign-data wrapper pg_connection_fdw +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails +ERROR: schema "bar" does not exist +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b15eddbff3..7b866a6fe6 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -144,6 +144,46 @@ ERROR: could not connect to the publisher: invalid port number: "-1" ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_testsub6; +-- test using a server object instead of connection string +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +RESET SESSION AUTHORIZATION; +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver2; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver; +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; +DROP FOREIGN DATA WRAPPER regress_fdw; +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +ERROR: user mapping not found for user "regress_subscription_user", server "regress_testserver" +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Synchronous commit | Conninfo | Skip LSN diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index 43461de7f9..337acafc2d 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -212,6 +212,23 @@ DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: no permissions on FDW +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; + +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; + +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; + +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 444e563ff3..95c826030b 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -88,6 +88,51 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +-- test using a server object instead of connection string + +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +RESET SESSION AUTHORIZATION; + +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver2; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver; + +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; +DROP FOREIGN DATA WRAPPER regress_fdw; + +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; + \dRs+ ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 9ccebd890a..4cbf2dceaa 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -27,6 +27,8 @@ $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins2 AS SELECT generate_series(1,1002) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); @@ -65,6 +67,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_notrep (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins2 (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); $node_subscriber->safe_psql('postgres', @@ -110,6 +113,22 @@ $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr' PUBLICATION tap_pub, tap_pub_ins_only" ); +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_sub2_server" +); + +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_simple_pub FOR TABLE tab_ins2"); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub2 SERVER tap_sub2_server PUBLICATION tap_simple_pub WITH (password_required=false)" +); + # Wait for initial table sync to finish $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); @@ -121,11 +140,22 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check initial data was copied to subscriber'); +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins2"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 CONNECTION '$publisher_connstr'"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_ins WHERE a > 20"); $node_publisher->safe_psql('postgres', "UPDATE tab_ins SET a = -a"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1,50)"); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 SERVER tap_sub2_server"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_rep SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep WHERE a > 20"); @@ -158,6 +188,10 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_ins"); is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), 'check replicated changes on subscriber'); @@ -449,10 +483,27 @@ $node_publisher->poll_query_until('postgres', or die "Timed out while waiting for apply to restart after changing PUBLICATION"; +# test that changes to a foreign server subscription cause the worker +# to restart +$oldpid = $node_publisher->safe_psql('postgres', + "SELECT pid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" +); +$node_subscriber->safe_psql('postgres', + "ALTER SERVER tap_sub2_server OPTIONS (sslmode 'disable')" +); +$node_publisher->poll_query_until('postgres', + "SELECT pid != $oldpid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" + ) + or die + "Timed out while waiting for apply to restart after changing PUBLICATION"; + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1001,1100)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1001,1100)"); + # Restart the publisher and check the state of the subscriber which # should be in a streaming state after catching up. $node_publisher->stop('fast'); @@ -465,6 +516,11 @@ $result = $node_subscriber->safe_psql('postgres', is($result, qq(1152|1|1100), 'check replicated inserts after subscription publication change'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1152|1|1100), + 'check replicated inserts after subscription publication change'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), @@ -533,6 +589,7 @@ $node_publisher->poll_query_until('postgres', # check all the cleanup $node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub_renamed"); +$node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub2"); $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM pg_subscription"); -- 2.34.1 [text/x-patch] v5-0004-Introduce-pg_create_connection-predefined-role.patch (8.8K, 5-v5-0004-Introduce-pg_create_connection-predefined-role.patch) download | inline diff: From 30a8482ac5a0981a6ebefe6f4a24d2e3b2a01d13 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:13:54 -0800 Subject: [PATCH v5 4/4] Introduce pg_create_connection predefined role. In addition to pg_create_subscription, membership in this role is necessary to create a subscription with a connection string. The pg_create_subscription role is a member of pg_create_connection, so by default pg_create_subscription has the same capability as before. An administrator may revoke pg_create_connection from pg_create_subscription, which will enable the privileges to be separated. That will be useful in an upcoming change to introduce CREATE SUBSCRIPTION ... SERVER, which will not use a raw connection string, and therefore not require membership in the pg_create_connection role. --- doc/src/sgml/user-manag.sgml | 12 ++++++++++-- src/backend/catalog/system_functions.sql | 2 ++ src/backend/commands/subscriptioncmds.c | 19 ++++++++++++++++--- src/include/catalog/pg_authid.dat | 5 +++++ src/test/regress/expected/subscription.out | 11 +++++++++++ src/test/regress/sql/subscription.sql | 14 ++++++++++++++ 6 files changed, 58 insertions(+), 5 deletions(-) diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 92a299d2d3..4f4c20ba3c 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -687,11 +687,19 @@ DROP ROLE doomed_role; <entry>Allow use of connection slots reserved via <xref linkend="guc-reserved-connections"/>.</entry> </row> + <row> + <entry>pg_create_connection</entry> + <entry>Allow users to specify a connection string directly in <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>.</entry> + </row> <row> <entry>pg_create_subscription</entry> <entry>Allow users with <literal>CREATE</literal> permission on the - database to issue - <link linkend="sql-createsubscription"><command>CREATE SUBSCRIPTION</command></link>.</entry> + database to issue <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>. This role is a member of + <literal>pg_create_connection</literal>.</entry> </row> </tbody> </tgroup> diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index f315fecf18..73512688de 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -781,3 +781,5 @@ GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; GRANT pg_stat_scan_tables TO pg_monitor; + +GRANT pg_create_connection TO pg_create_subscription; diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 60287c73e7..03555d5159 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -609,9 +609,9 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, PreventInTransactionBlock(isTopLevel, "CREATE SUBSCRIPTION ... WITH (create_slot = true)"); /* - * We don't want to allow unprivileged users to be able to trigger - * attempts to access arbitrary network destinations, so require the user - * to have been specifically authorized to create subscriptions. + * We don't want to allow unprivileged users to utilize the resources that + * a subscription requires (such as a background worker), so require the + * user to have been specifically authorized to create subscriptions. */ if (!has_privs_of_role(owner, ROLE_PG_CREATE_SUBSCRIPTION)) ereport(ERROR, @@ -697,6 +697,19 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, { Assert(stmt->conninfo); + /* + * We don't want to allow unprivileged users to be able to trigger + * attempts to access arbitrary network destinations, so require the user + * to have been specifically authorized to create connections. + */ + if (!has_privs_of_role(owner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create subscription with a connection string"), + errdetail("Only roles with privileges of the \"%s\" role may create subscriptions with CONNECTION specified.", + "pg_create_connection"), + errhint("Create a subscription to a foreign server by specifying SERVER instead."))); + serverid = InvalidOid; umid = InvalidOid; conninfo = stmt->conninfo; diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat index 82a2ec2862..dcfad7a0c0 100644 --- a/src/include/catalog/pg_authid.dat +++ b/src/include/catalog/pg_authid.dat @@ -94,5 +94,10 @@ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', rolpassword => '_null_', rolvaliduntil => '_null_' }, +{ oid => '6122', oid_symbol => 'ROLE_PG_CREATE_CONNECTION', + rolname => 'pg_create_connection', rolsuper => 'f', rolinherit => 't', + rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', + rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', + rolpassword => '_null_', rolvaliduntil => '_null_' }, ] diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index 7b866a6fe6..2737901751 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -157,7 +157,16 @@ CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +REVOKE pg_create_connection FROM pg_create_subscription; SET SESSION AUTHORIZATION regress_subscription_user3; +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: permission denied to create subscription with a connection string +DETAIL: Only roles with privileges of the "pg_create_connection" role may create subscriptions with CONNECTION specified. +HINT: Create a subscription to a foreign server by specifying SERVER instead. +-- succeed - subscription to foreign server CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub WITH (slot_name = NONE, connect = false); WARNING: subscription was created, but is not connected @@ -183,6 +192,8 @@ DROP SUBSCRIPTION regress_testsub6; DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; DROP SERVER regress_testserver; REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +-- re-grant pg_create_connection to pg_create_subscription +GRANT pg_create_connection TO pg_create_subscription; SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 95c826030b..b041a6d542 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -103,9 +103,19 @@ CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +REVOKE pg_create_connection FROM pg_create_subscription; + SET SESSION AUTHORIZATION regress_subscription_user3; + +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +-- succeed - subscription to foreign server CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub WITH (slot_name = NONE, connect = false); + RESET SESSION AUTHORIZATION; -- test an FDW with no validator @@ -131,6 +141,10 @@ DROP SUBSCRIPTION regress_testsub6; DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; DROP SERVER regress_testserver; REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; + +-- re-grant pg_create_connection to pg_create_subscription +GRANT pg_create_connection TO pg_create_subscription; + SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-05 07:19 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2024-01-05 07:19 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, Jan 5, 2024 at 6:26 AM Jeff Davis <[email protected]> wrote: > > > 2. Can one use {FDW, user_mapping, foreign_server} combo other than > > the built-in pg_connection_fdw? > > Yes, you can use any FDW for which you have USAGE privileges, passes > the validations, and provides enough of the expected fields to form a > connection string. > > There was some discussion on this point already. Initially, I > implemented it with more catalog and grammar support, which improved > error checking, but others objected that the grammar wasn't worth it > and that it was too inflexible. See: > > https://www.postgresql.org/message-id/172273.1693403385%40sss.pgh.pa.us > https://www.postgresql.org/message-id/CAExHW5unvpDv6yMSmqurHP7Du1PqoJFWVxeK-4YNm5EnoNJiSQ%40mail.gma... > Can you please provide an example using postgres_fdw to create a subscription using this patch. I think we should document it in postgres_fdw and add a test for the same. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-05 08:04 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-01-05 08:04 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2024-01-05 at 12:49 +0530, Ashutosh Bapat wrote: > Can you please provide an example using postgres_fdw to create a > subscription using this patch. I think we should document it in > postgres_fdw and add a test for the same. There's a basic test for postgres_fdw in patch 0003, just testing the syntax and validation. A manual end-to-end test is pretty straightforward: -- on publisher create table foo(i int primary key); create publication pub1 for table foo; insert into foo values(42); -- on subscriber create extension postgres_fdw; create table foo(i int primary key); create server server1 foreign data wrapper postgres_fdw options (host '/tmp', port '5432', dbname 'postgres'); create user mapping for u1 server server1 options (user 'u1'); select pg_conninfo_from_server('server1','u1',true); create subscription sub1 server server1 publication pub1; I don't think we need to add an end-to-end test for each FDW, because it's just using the assembled connection string. To see if it's assembling the connection string properly, we can unit test with pg_conninfo_from_server(). Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-05 10:41 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2024-01-05 10:41 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, Jan 5, 2024 at 1:34 PM Jeff Davis <[email protected]> wrote: > > On Fri, 2024-01-05 at 12:49 +0530, Ashutosh Bapat wrote: > > Can you please provide an example using postgres_fdw to create a > > subscription using this patch. I think we should document it in > > postgres_fdw and add a test for the same. > > There's a basic test for postgres_fdw in patch 0003, just testing the > syntax and validation. > > A manual end-to-end test is pretty straightforward: > > -- on publisher > create table foo(i int primary key); > create publication pub1 for table foo; > insert into foo values(42); > > -- on subscriber > create extension postgres_fdw; > create table foo(i int primary key); > create server server1 > foreign data wrapper postgres_fdw > options (host '/tmp', port '5432', dbname 'postgres'); > create user mapping for u1 server server1 > options (user 'u1'); > select pg_conninfo_from_server('server1','u1',true); > create subscription sub1 server server1 publication pub1; > > I don't think we need to add an end-to-end test for each FDW, because > it's just using the assembled connection string. To see if it's > assembling the connection string properly, we can unit test with > pg_conninfo_from_server(). Thanks for the steps. I don't think we need to add a test for every FDW. E.g. adding a test in file_fdw would be pointless. But postgres_fdw is special. The test could further create a foreign table ftab_foo on subscriber referencing foo on publisher and then compare the data from foo and ftab_foo to make sure that the replication is happening. This will serve as a good starting point for replicated tables setup in a sharded cluster. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-13 01:17 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 2 replies; 63+ messages in thread From: Jeff Davis @ 2024-01-13 01:17 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2024-01-05 at 16:11 +0530, Ashutosh Bapat wrote: > I don't think we need to add a test for every FDW. E.g. adding a test > in file_fdw would be pointless. But postgres_fdw is special. The test > could further create a foreign table ftab_foo on subscriber > referencing foo on publisher and then compare the data from foo and > ftab_foo to make sure that the replication is happening. This will > serve as a good starting point for replicated tables setup in a > sharded cluster. > Attached updated patch set with added TAP test for postgres_fdw, which uses a postgres_fdw server as the source for subscription connection information. I think 0004 needs a bit more work, so I'm leaving it off for now, but I'll bring it back in the next patch set. Regards, Jeff Davis Attachments: [text/x-patch] v6-0001-Fix-postgresql_fdw_validator-to-use-full-libpq-op.patch (8.5K, 2-v6-0001-Fix-postgresql_fdw_validator-to-use-full-libpq-op.patch) download | inline diff: From dbe3d132165ff3379572f11186d8d7b38cead675 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Thu, 4 Jan 2024 12:15:54 -0800 Subject: [PATCH v6 1/4] Fix postgresql_fdw_validator to use full libpq options list. Extend the walrcv_ API to retrieve the options list from libpq, and use that for postgresql_fdw_validator(). Un-deprecate it. --- src/backend/foreign/foreign.c | 67 +++++++------------ .../libpqwalreceiver/libpqwalreceiver.c | 47 +++++++++++++ src/include/replication/walreceiver.h | 20 ++++++ 3 files changed, 90 insertions(+), 44 deletions(-) diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 02e1898131..747cc11a60 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -23,6 +23,7 @@ #include "funcapi.h" #include "lib/stringinfo.h" #include "miscadmin.h" +#include "replication/walreceiver.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" @@ -549,40 +550,6 @@ pg_options_to_table(PG_FUNCTION_ARGS) } -/* - * Describes the valid options for postgresql FDW, server, and user mapping. - */ -struct ConnectionOption -{ - const char *optname; - Oid optcontext; /* Oid of catalog in which option may appear */ -}; - -/* - * Copied from fe-connect.c PQconninfoOptions. - * - * The list is small - don't bother with bsearch if it stays so. - */ -static const struct ConnectionOption libpq_conninfo_options[] = { - {"authtype", ForeignServerRelationId}, - {"service", ForeignServerRelationId}, - {"user", UserMappingRelationId}, - {"password", UserMappingRelationId}, - {"connect_timeout", ForeignServerRelationId}, - {"dbname", ForeignServerRelationId}, - {"host", ForeignServerRelationId}, - {"hostaddr", ForeignServerRelationId}, - {"port", ForeignServerRelationId}, - {"tty", ForeignServerRelationId}, - {"options", ForeignServerRelationId}, - {"requiressl", ForeignServerRelationId}, - {"sslmode", ForeignServerRelationId}, - {"gsslib", ForeignServerRelationId}, - {"gssdelegation", ForeignServerRelationId}, - {NULL, InvalidOid} -}; - - /* * Check if the provided option is one of libpq conninfo options. * context is the Oid of the catalog the option came from, or 0 if we @@ -593,9 +560,23 @@ is_conninfo_option(const char *option, Oid context) { const struct ConnectionOption *opt; - for (opt = libpq_conninfo_options; opt->optname; opt++) - if (context == opt->optcontext && strcmp(opt->optname, option) == 0) - return true; + /* skip options that must be overridden */ + if (strcmp(option, "client_encoding") == 0) + return false; + + for (opt = walrcv_conninfo_options(); opt->optname; opt++) + { + if (strcmp(opt->optname, option) == 0) + { + if (opt->isdebug) + return false; + + if (opt->issecret || strcmp(opt->optname, "user") == 0) + return (context == UserMappingRelationId); + + return (context == ForeignServerRelationId); + } + } return false; } @@ -606,11 +587,6 @@ is_conninfo_option(const char *option, Oid context) * * Valid server options are all libpq conninfo options except * user and password -- these may only appear in USER MAPPING options. - * - * Caution: this function is deprecated, and is now meant only for testing - * purposes, because the list of options it knows about doesn't necessarily - * square with those known to whichever libpq instance you might be using. - * Inquire of libpq itself, instead. */ Datum postgresql_fdw_validator(PG_FUNCTION_ARGS) @@ -620,6 +596,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) ListCell *cell; + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + foreach(cell, options_list) { DefElem *def = lfirst(cell); @@ -636,9 +615,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) * with a valid option that looks similar, if there is one. */ initClosestMatch(&match_state, def->defname, 4); - for (opt = libpq_conninfo_options; opt->optname; opt++) + for (opt = walrcv_conninfo_options(); opt->optname; opt++) { - if (catalog == opt->optcontext) + if (is_conninfo_option(opt->optname, catalog)) { has_valid_options = true; updateClosestMatch(&match_state, opt->optname); diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index ead30f87c9..ff7d071903 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -53,6 +53,7 @@ static WalReceiverConn *libpqrcv_connect(const char *conninfo, const char *appname, char **err); static void libpqrcv_check_conninfo(const char *conninfo, bool must_use_password); +static const struct ConnectionOption *libpqrcv_conninfo_options(void); static char *libpqrcv_get_conninfo(WalReceiverConn *conn); static void libpqrcv_get_senderinfo(WalReceiverConn *conn, char **sender_host, int *sender_port); @@ -86,6 +87,7 @@ static void libpqrcv_disconnect(WalReceiverConn *conn); static WalReceiverFunctionsType PQWalReceiverFunctions = { .walrcv_connect = libpqrcv_connect, .walrcv_check_conninfo = libpqrcv_check_conninfo, + .walrcv_conninfo_options = libpqrcv_conninfo_options, .walrcv_get_conninfo = libpqrcv_get_conninfo, .walrcv_get_senderinfo = libpqrcv_get_senderinfo, .walrcv_identify_system = libpqrcv_identify_system, @@ -293,6 +295,51 @@ libpqrcv_check_conninfo(const char *conninfo, bool must_use_password) PQconninfoFree(opts); } +static const struct ConnectionOption * +libpqrcv_conninfo_options(void) +{ + static struct ConnectionOption *connection_options = NULL; + struct ConnectionOption *popt; + PQconninfoOption *conndefaults; + PQconninfoOption *lopt; + int num_libpq_opts = 0; + + if (connection_options) + return connection_options; + + conndefaults = PQconndefaults(); + for (lopt = conndefaults; lopt->keyword; lopt++) + num_libpq_opts++; + + connection_options = MemoryContextAlloc( + TopMemoryContext, + sizeof(struct ConnectionOption) * (num_libpq_opts + 1)); + + popt = connection_options; + for (lopt = conndefaults; lopt->keyword; lopt++) + { + popt->issecret = false; + popt->isdebug = false; + + if (strchr(lopt->dispchar, '*')) + popt->issecret = true; + else if (strchr(lopt->dispchar, 'D')) + popt->isdebug = true; + + popt->optname = MemoryContextStrdup(TopMemoryContext, + lopt->keyword); + popt++; + } + + popt->optname = NULL; + popt->issecret = false; + popt->isdebug = false; + + PQconninfoFree(conndefaults); + + return connection_options; +} + /* * Return a user-displayable conninfo string. Any security-sensitive fields * are obfuscated. diff --git a/src/include/replication/walreceiver.h b/src/include/replication/walreceiver.h index 0899891cdb..541377e095 100644 --- a/src/include/replication/walreceiver.h +++ b/src/include/replication/walreceiver.h @@ -223,6 +223,16 @@ typedef struct WalRcvExecResult TupleDesc tupledesc; } WalRcvExecResult; +/* + * Describes the valid options for postgresql FDW, server, and user mapping. + */ +struct ConnectionOption +{ + const char *optname; + bool issecret; /* is option for a password? */ + bool isdebug; /* is option a debug option? */ +}; + /* WAL receiver - libpqwalreceiver hooks */ /* @@ -250,6 +260,13 @@ typedef WalReceiverConn *(*walrcv_connect_fn) (const char *conninfo, typedef void (*walrcv_check_conninfo_fn) (const char *conninfo, bool must_use_password); +/* + * walrcv_conninfo_options_fn + * + * Return a pointer to a static array of the available options from libpq. + */ +typedef const struct ConnectionOption *(*walrcv_conninfo_options_fn) (void); + /* * walrcv_get_conninfo_fn * @@ -389,6 +406,7 @@ typedef struct WalReceiverFunctionsType { walrcv_connect_fn walrcv_connect; walrcv_check_conninfo_fn walrcv_check_conninfo; + walrcv_conninfo_options_fn walrcv_conninfo_options; walrcv_get_conninfo_fn walrcv_get_conninfo; walrcv_get_senderinfo_fn walrcv_get_senderinfo; walrcv_identify_system_fn walrcv_identify_system; @@ -410,6 +428,8 @@ extern PGDLLIMPORT WalReceiverFunctionsType *WalReceiverFunctions; WalReceiverFunctions->walrcv_connect(conninfo, logical, must_use_password, appname, err) #define walrcv_check_conninfo(conninfo, must_use_password) \ WalReceiverFunctions->walrcv_check_conninfo(conninfo, must_use_password) +#define walrcv_conninfo_options() \ + WalReceiverFunctions->walrcv_conninfo_options() #define walrcv_get_conninfo(conn) \ WalReceiverFunctions->walrcv_get_conninfo(conn) #define walrcv_get_senderinfo(conn, sender_host, sender_port) \ -- 2.34.1 [text/x-patch] v6-0002-Add-built-in-foreign-data-wrapper-pg_connection_f.patch (124.9K, 3-v6-0002-Add-built-in-foreign-data-wrapper-pg_connection_f.patch) download | inline diff: From 462757fb573b1982e6ae4633e8496a44999152c3 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:33:28 -0800 Subject: [PATCH v6 2/4] Add built-in foreign data wrapper pg_connection_fdw. In preparation for CREATE SUBSCRIPTION ... SERVER. --- doc/src/sgml/func.sgml | 19 + src/backend/catalog/Makefile | 1 + src/backend/foreign/foreign.c | 145 ++++ src/bin/pg_dump/pg_dump.c | 23 +- src/include/catalog/meson.build | 1 + .../catalog/pg_foreign_data_wrapper.dat | 21 + src/include/catalog/pg_foreign_data_wrapper.h | 4 +- src/include/catalog/pg_proc.dat | 4 + src/include/foreign/foreign.h | 2 + src/test/regress/expected/foreign_data.out | 760 +++++++++--------- src/test/regress/sql/foreign_data.sql | 276 ++++--- 11 files changed, 770 insertions(+), 486 deletions(-) create mode 100644 src/include/catalog/pg_foreign_data_wrapper.dat diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 0f7d409e60..d58b499966 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -27985,6 +27985,25 @@ postgres=# SELECT '0/0'::pg_lsn + pd.segment_number * ps.setting::int + :offset </para></entry> </row> + <row> + <entry role="func_table_entry"><para role="func_signature"> + <indexterm> + <primary>pg_conninfo_from_server</primary> + </indexterm> + <function>pg_conninfo_from_server</function> ( <parameter>servername</parameter> <type>text</type>, <parameter>username</parameter> <type>text</type>, <parameter>append_overrides</parameter> <type>boolean</type> ) + <returnvalue>text</returnvalue> + </para> + <para> + Returns connection string generated from the options for the server + and user mapping associated with the given + <replaceable>servername</replaceable> and + <replaceable>username</replaceable>. If + <replaceable>append_overrides</replaceable> is + <literal>true</literal>, it appends override parameters necessary for + making connections from the server. + </para></entry> + </row> + <row> <entry id="pg-logical-emit-message" role="func_table_entry"><para role="func_signature"> <indexterm> diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile index d6b23b4bfd..756a052a70 100644 --- a/src/backend/catalog/Makefile +++ b/src/backend/catalog/Makefile @@ -136,6 +136,7 @@ POSTGRES_BKI_DATA = $(addprefix $(top_srcdir)/src/include/catalog/,\ pg_collation.dat \ pg_conversion.dat \ pg_database.dat \ + pg_foreign_data_wrapper.dat \ pg_language.dat \ pg_namespace.dat \ pg_opclass.dat \ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 747cc11a60..fd1b644d72 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -18,18 +18,22 @@ #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" #include "catalog/pg_user_mapping.h" +#include "commands/defrem.h" #include "foreign/fdwapi.h" #include "foreign/foreign.h" #include "funcapi.h" #include "lib/stringinfo.h" +#include "mb/pg_wchar.h" #include "miscadmin.h" #include "replication/walreceiver.h" +#include "utils/acl.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" #include "utils/syscache.h" #include "utils/varlena.h" +static bool is_conninfo_option(const char *option, Oid context); /* * GetForeignDataWrapper - look up the foreign-data wrapper by OID. @@ -191,6 +195,115 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + + +/* + * Helper for ForeignServerConnectionString() and pg_connection_validator(). + * + * Transform a List of DefElem into a connection string. + */ +static char * +options_to_conninfo(List *options, bool append_overrides) +{ + StringInfoData str; + ListCell *lc; + bool first = true; + + initStringInfo(&str); + foreach(lc, options) + { + DefElem *d = (DefElem *) lfirst(lc); + char *name = d->defname; + char *value; + + /* ignore unknown options */ + if (!is_conninfo_option(name, ForeignServerRelationId) && + !is_conninfo_option(name, UserMappingRelationId)) + continue; + + value = defGetString(d); + + appendStringInfo(&str, "%s%s = ", + first ? "" : " ", name); + appendEscapedValue(&str, value); + first = false; + } + + /* override client_encoding */ + if (append_overrides) + { + appendStringInfo(&str, "%sclient_encoding = ", + first ? "" : " "); + appendEscapedValue(&str, GetDatabaseEncodingName()); + } + + return str.data; +} + + +/* + * Given a user ID and server ID, return a postgres connection string suitable + * to pass to libpq. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid, bool append_overrides) +{ + static MemoryContext tmpcontext = NULL; + ForeignServer *server; + UserMapping *um; + List *options; + char *conninfo; + MemoryContext oldcontext; + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + /* + * Use a temporary context rather than trying to track individual + * allocations in GetForeignServer() and GetUserMapping(). + */ + if (tmpcontext == NULL) + tmpcontext = AllocSetContextCreate(TopMemoryContext, + "temp context for building connection string", + ALLOCSET_DEFAULT_SIZES); + + oldcontext = MemoryContextSwitchTo(tmpcontext); + + server = GetForeignServer(serverid); + um = GetUserMapping(userid, serverid); + + /* user mapping options override server options */ + options = list_concat(server->options, um->options); + + conninfo = options_to_conninfo(options, append_overrides); + + /* copy only conninfo into the current context */ + MemoryContextSwitchTo(oldcontext); + + conninfo = pstrdup(conninfo); + + MemoryContextReset(tmpcontext); + + return conninfo; +} + + /* * GetUserMapping - look up the user mapping. * @@ -580,6 +693,38 @@ is_conninfo_option(const char *option, Oid context) return false; } +/* + * pg_conninfo_from_server + * + * Extract connection string from the given foreign server. + */ +Datum +pg_conninfo_from_server(PG_FUNCTION_ARGS) +{ + char *server_name = text_to_cstring(PG_GETARG_TEXT_P(0)); + char *user_name = text_to_cstring(PG_GETARG_TEXT_P(1)); + bool append_overrides = PG_GETARG_BOOL(2); + Oid serverid = get_foreign_server_oid(server_name, false); + Oid userid = get_role_oid_or_public(user_name); + AclResult aclresult; + char *conninfo; + + /* if the specified userid is not PUBLIC, check SET ROLE privileges */ + if (userid != ACL_ID_PUBLIC) + check_can_set_role(GetUserId(), userid); + + /* ACL check on foreign server */ + aclresult = object_aclcheck(ForeignServerRelationId, serverid, + GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server_name); + + conninfo = ForeignServerConnectionString(userid, serverid, + append_overrides); + + PG_RETURN_TEXT_P(cstring_to_text(conninfo)); +} + /* * Validate the generic option given to SERVER or USER MAPPING. diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 22d1e6cf92..7b9c79005e 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -2067,6 +2067,27 @@ selectDumpableStatisticsObject(StatsExtInfo *sobj, Archive *fout) sobj->dobj.dump = DUMP_COMPONENT_NONE; } +/* + * selectDumpableFdw: policy-setting subroutine + * Mark foreign data wrapper as to be dumped or not + * + * Froeign Data Wrappers do not belong to any particular namespace. To + * identify built-in foreign data wrappers, we must resort to checking whether + * the method's OID is in the range reserved for initdb. + */ +static void +selectDumpableFdw(FdwInfo *fdwinfo, Archive *fout) +{ + if (checkExtensionMembership(&fdwinfo->dobj, fout)) + return; /* extension membership overrides all else */ + + if (fdwinfo->dobj.catId.oid <= (Oid) g_last_builtin_oid) + fdwinfo->dobj.dump = DUMP_COMPONENT_NONE; + else + fdwinfo->dobj.dump = fout->dopt->include_everything ? + DUMP_COMPONENT_ALL : DUMP_COMPONENT_NONE; +} + /* * selectDumpableObject: policy-setting subroutine * Mark a generic dumpable object as to be dumped or not @@ -9732,7 +9753,7 @@ getForeignDataWrappers(Archive *fout, int *numForeignDataWrappers) fdwinfo[i].fdwoptions = pg_strdup(PQgetvalue(res, i, i_fdwoptions)); /* Decide whether we want to dump it */ - selectDumpableObject(&(fdwinfo[i].dobj), fout); + selectDumpableFdw(&fdwinfo[i], fout); /* Mark whether FDW has an ACL */ if (!PQgetisnull(res, i, i_fdwacl)) diff --git a/src/include/catalog/meson.build b/src/include/catalog/meson.build index 2bcbe327cf..c87533c9b2 100644 --- a/src/include/catalog/meson.build +++ b/src/include/catalog/meson.build @@ -83,6 +83,7 @@ bki_data = [ 'pg_collation.dat', 'pg_conversion.dat', 'pg_database.dat', + 'pg_foreign_data_wrapper.dat', 'pg_language.dat', 'pg_namespace.dat', 'pg_opclass.dat', diff --git a/src/include/catalog/pg_foreign_data_wrapper.dat b/src/include/catalog/pg_foreign_data_wrapper.dat new file mode 100644 index 0000000000..ef68fe5966 --- /dev/null +++ b/src/include/catalog/pg_foreign_data_wrapper.dat @@ -0,0 +1,21 @@ +#---------------------------------------------------------------------- +# +# pg_foreign_data_wrapper.dat +# Initial contents of the pg_foreign_data_wrapper system catalog. +# +# Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group +# Portions Copyright (c) 1994, Regents of the University of California +# +# src/include/catalog/pg_foreign_data_wrapper.dat +# +#---------------------------------------------------------------------- + +[ + +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', + descr => 'Pseudo FDW for connections to Postgres', + fdwname => 'pg_connection_fdw', + fdwvalidator => 'postgresql_fdw_validator', + fdwacl => '_null_', fdwoptions => '_null_'}, + +] diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index 5e39e4b42f..a78707fb59 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -30,8 +30,8 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) { Oid oid; /* oid */ NameData fdwname; /* foreign-data wrapper name */ - Oid fdwowner BKI_LOOKUP(pg_authid); /* FDW owner */ - Oid fdwhandler BKI_LOOKUP_OPT(pg_proc); /* handler function, or 0 + Oid fdwowner BKI_DEFAULT(POSTGRES) BKI_LOOKUP(pg_authid); /* FDW owner */ + Oid fdwhandler BKI_DEFAULT(0) BKI_LOOKUP_OPT(pg_proc); /* handler function, or 0 * if none */ Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 58811a6530..322ce001f6 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7516,6 +7516,10 @@ proname => 'postgresql_fdw_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, +{ oid => '6123', descr => 'extract connection string from the given foreign server', + proname => 'pg_conninfo_from_server', prorettype => 'text', + proargtypes => 'text text bool', prosrc => 'pg_conninfo_from_server' }, + { oid => '2290', descr => 'I/O', proname => 'record_in', provolatile => 's', prorettype => 'record', proargtypes => 'cstring oid int4', prosrc => 'record_in' }, diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100..b5b9b97f4d 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -69,6 +69,8 @@ extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid, + bool append_overrides); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 1dfe23cc1e..d51e83ff92 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -21,15 +21,15 @@ CREATE ROLE regress_test_role2; CREATE ROLE regress_test_role_super SUPERUSER; CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER dummy; -COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER regress_dummy; +COMMENT ON FOREIGN DATA WRAPPER regress_dummy IS 'useless'; +CREATE FOREIGN DATA WRAPPER regress_postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; - fdwname | fdwhandler | fdwvalidator | fdwoptions -------------+------------+--------------------------+------------ - dummy | - | - | - postgresql | - | postgresql_fdw_validator | +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%' ORDER BY 1, 2, 3; + fdwname | fdwhandler | fdwvalidator | fdwoptions +--------------------+------------+--------------------------+------------ + regress_dummy | - | - | + regress_postgresql | - | postgresql_fdw_validator | (2 rows) SELECT srvname, srvoptions FROM pg_foreign_server; @@ -43,180 +43,180 @@ SELECT * FROM pg_user_mapping; (0 rows) -- CREATE FOREIGN DATA WRAPPER -CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist -CREATE FOREIGN DATA WRAPPER foo; -\dew - List of foreign-data wrappers - Name | Owner | Handler | Validator -------------+---------------------------+---------+-------------------------- - dummy | regress_foreign_data_user | - | - - foo | regress_foreign_data_user | - | - - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator +CREATE FOREIGN DATA WRAPPER regress_foo; +\dew regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator +--------------------+---------------------------+---------+-------------------------- + regress_dummy | regress_foreign_data_user | - | - + regress_foo | regress_foreign_data_user | - | - + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator (3 rows) -CREATE FOREIGN DATA WRAPPER foo; -- duplicate -ERROR: foreign-data wrapper "foo" already exists -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo; -- duplicate +ERROR: foreign-data wrapper "regress_foo" already exists +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (testing '1') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', testing '2'); -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', testing '2'); -- ERROR ERROR: option "testing" provided more than once -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', another '2'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; SET ROLE regress_test_role; -CREATE FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foo" +CREATE FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foo" HINT: Must be superuser to create a foreign-data wrapper. RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -- HANDLER related checks CREATE FUNCTION invalid_fdw_handler() RETURNS int LANGUAGE SQL AS 'SELECT 1;'; -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER invalid_fdw_handler; -- ERROR ERROR: function invalid_fdw_handler must return type fdw_handler -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR ERROR: conflicting or redundant options -LINE 1: ...GN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER in... +LINE 1: ...WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER in... ^ -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler; -DROP FOREIGN DATA WRAPPER test_fdw; +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler; +DROP FOREIGN DATA WRAPPER regress_test_fdw; -- ALTER FOREIGN DATA WRAPPER -ALTER FOREIGN DATA WRAPPER foo OPTIONS (nonexistent 'fdw'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (nonexistent 'fdw'); -- ERROR ERROR: invalid option "nonexistent" HINT: There are no valid options in this context. -ALTER FOREIGN DATA WRAPPER foo; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo; -- ERROR ERROR: syntax error at or near ";" -LINE 1: ALTER FOREIGN DATA WRAPPER foo; - ^ -ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR +LINE 1: ALTER FOREIGN DATA WRAPPER regress_foo; + ^ +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist -ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo NO VALIDATOR; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (SET c '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '1', b '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (SET c '4'); -- ERROR ERROR: option "c" not found -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP c); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP c); -- ERROR ERROR: option "c" not found -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (a '1', b '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD x '1', DROP x); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (a '1', b '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP a, SET b '3', ADD c '4'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (b '4'); -- ERROR ERROR: option "b" provided more than once -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) SET ROLE regress_test_role; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR -ERROR: permission denied to change owner of foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role; -- ERROR +ERROR: permission denied to change owner of foreign-data wrapper "regress_foo" HINT: The owner of a foreign-data wrapper must be a superuser. -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role_super; +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role_super; ALTER ROLE regress_test_role_super NOSUPERUSER; SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD e '6'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD e '6'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. RESET ROLE; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo RENAME TO regress_foo1; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; +ALTER FOREIGN DATA WRAPPER regress_foo1 RENAME TO regress_foo; -- HANDLER related checks -ALTER FOREIGN DATA WRAPPER foo HANDLER invalid_fdw_handler; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER invalid_fdw_handler; -- ERROR ERROR: function invalid_fdw_handler must return type fdw_handler -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER anything; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER anything; -- ERROR ERROR: conflicting or redundant options -LINE 1: ...FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER an... +LINE 1: ...DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER an... ^ -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler; +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler; WARNING: changing the foreign-data wrapper handler can change behavior of existing foreign tables DROP FUNCTION invalid_fdw_handler(); -- DROP FOREIGN DATA WRAPPER @@ -224,52 +224,52 @@ DROP FOREIGN DATA WRAPPER nonexistent; -- ERROR ERROR: foreign-data wrapper "nonexistent" does not exist DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; NOTICE: foreign-data wrapper "nonexistent" does not exist, skipping -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) DROP ROLE regress_test_role_super; -- ERROR ERROR: role "regress_test_role_super" cannot be dropped because some objects depend on it -DETAIL: owner of foreign-data wrapper foo +DETAIL: owner of foreign-data wrapper regress_foo SET ROLE regress_test_role_super; -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; RESET ROLE; DROP ROLE regress_test_role_super; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (2 rows) -CREATE FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; +CREATE FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; COMMENT ON SERVER s1 IS 'foreign server'; CREATE USER MAPPING FOR current_user SERVER s1; CREATE USER MAPPING FOR current_user SERVER s1; -- ERROR ERROR: user mapping for "regress_foreign_data_user" already exists for server "s1" CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE NOTICE: user mapping for "regress_foreign_data_user" already exists for server "s1", skipping -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+------+---------+-------------+---------------- - s1 | regress_foreign_data_user | foo | | | | | foreign server + s1 | regress_foreign_data_user | regress_foo | | | | | foreign server (1 row) \deu+ @@ -279,25 +279,25 @@ NOTICE: user mapping for "regress_foreign_data_user" already exists for server s1 | regress_foreign_data_user | (1 row) -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: cannot drop foreign-data wrapper foo because other objects depend on it -DETAIL: server s1 depends on foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: cannot drop foreign-data wrapper regress_foo because other objects depend on it +DETAIL: server s1 depends on foreign-data wrapper regress_foo user mapping for regress_foreign_data_user on server s1 depends on server s1 HINT: Use DROP ... CASCADE to drop the dependent objects too. SET ROLE regress_test_role; -DROP FOREIGN DATA WRAPPER foo CASCADE; -- ERROR -ERROR: must be owner of foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo RESET ROLE; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to server s1 drop cascades to user mapping for regress_foreign_data_user on server s1 -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (2 rows) \des+ @@ -313,87 +313,125 @@ drop cascades to user mapping for regress_foreign_data_user on server s1 (0 rows) -- exercise CREATE SERVER -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: foreign-data wrapper "foo" does not exist -CREATE FOREIGN DATA WRAPPER foo OPTIONS ("test wrapper" 'true'); -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: foreign-data wrapper "regress_foo" does not exist +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS ("test wrapper" 'true'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR ERROR: server "s1" already exists -CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER foo; -- No ERROR, just NOTICE +CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER regress_foo; -- No ERROR, just NOTICE NOTICE: server "s1" already exists, skipping -CREATE SERVER s2 FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER foo; -CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER foo; -CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (foo '1'); -- ERROR +CREATE SERVER s2 FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (foo '1'); -- ERROR ERROR: invalid option "foo" -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (host 'localhost', dbname 's8db'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (host 'localhost', dbname 's8db'); \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | (8 rows) SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; -- ERROR: no usage on FDW -ERROR: permission denied for foreign-data wrapper foo +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; -- ERROR: no usage on FDW +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; RESET ROLE; \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | (9 rows) -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_test_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- +-- test pg_connection_fdw +-- +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +ERROR: invalid option "client_encoding" +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +ERROR: invalid option "nonsense" +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +ERROR: invalid option "password" +\set VERBOSITY default +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', port '5432'); +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail +ERROR: invalid option "host" +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password 'secret2'); +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + pg_conninfo_from_server +------------------------------------------------------------------ + host = 'thehost' port = '5432' user = 'role' password = 'secret' +(1 row) + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + pg_conninfo_from_server +------------------------------------------------------------------------- + host = 'thehost' port = '5432' user = 'publicuser' password = 'secret2' +(1 row) + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" @@ -410,18 +448,18 @@ GRANT USAGE ON FOREIGN SERVER s6 TO regress_test_role2 WITH GRANT OPTION; List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 1.0 | (servername 's1') | + s1 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 1.0 | (servername 's1') | | | | regress_test_role=U/regress_foreign_data_user | | | | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) SET ROLE regress_test_role; @@ -435,7 +473,7 @@ GRANT regress_test_role2 TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 VERSION '1.1'; ALTER SERVER s1 OWNER TO regress_test_role2; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; ALTER SERVER s8 OPTIONS (foo '1'); -- ERROR option validation ERROR: invalid option "foo" @@ -448,29 +486,29 @@ GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; DROP ROLE regress_test_indirect; -- ERROR ERROR: role "regress_test_indirect" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper foo +DETAIL: privileges for foreign-data wrapper regress_foo owner of server s1 \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+--------------------------------------+------------- - s1 | regress_test_indirect | foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s1 | regress_test_indirect | regress_foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (dbname 'db1', connect_timeout '30') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (dbname 'db1', connect_timeout '30') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) ALTER SERVER s8 RENAME to s8new; @@ -478,17 +516,17 @@ ALTER SERVER s8 RENAME to s8new; List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description -------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+--------------------------------------+------------- - s1 | regress_test_indirect | foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s1 | regress_test_indirect | regress_foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8new | regress_foreign_data_user | postgresql | | | | (dbname 'db1', connect_timeout '30') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8new | regress_foreign_data_user | regress_postgresql | | | | (dbname 'db1', connect_timeout '30') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) ALTER SERVER s8new RENAME to s8; @@ -501,16 +539,16 @@ NOTICE: server "nonexistent" does not exist, skipping List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s1 | regress_test_indirect | foo - s2 | regress_foreign_data_user | foo - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s1 | regress_test_indirect | regress_foo + s2 | regress_foreign_data_user | regress_foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (10 rows) SET ROLE regress_test_role; @@ -522,15 +560,15 @@ RESET ROLE; List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s2 | regress_foreign_data_user | foo - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s2 | regress_foreign_data_user | regress_foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (9 rows) ALTER SERVER s2 OWNER TO regress_test_role; @@ -541,14 +579,14 @@ RESET ROLE; List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (8 rows) CREATE USER MAPPING FOR current_user SERVER s3; @@ -569,13 +607,13 @@ NOTICE: drop cascades to user mapping for regress_foreign_data_user on server s List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (7 rows) \deu @@ -690,7 +728,7 @@ DROP SERVER s7; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; -CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; +CREATE SERVER s0 FOREIGN DATA WRAPPER regress_dummy; CREATE FOREIGN TABLE ft1 (); -- ERROR ERROR: syntax error at or near ";" LINE 1: CREATE FOREIGN TABLE ft1 (); @@ -758,9 +796,9 @@ CREATE INDEX id_ft1_c2 ON ft1 (c2); -- ERROR ERROR: cannot create index on relation "ft1" DETAIL: This operation is not supported for foreign tables. SELECT * FROM ft1; -- ERROR -ERROR: foreign-data wrapper "dummy" has no handler +ERROR: foreign-data wrapper "regress_dummy" has no handler EXPLAIN SELECT * FROM ft1; -- ERROR -ERROR: foreign-data wrapper "dummy" has no handler +ERROR: foreign-data wrapper "regress_dummy" has no handler CREATE TABLE lt1 (a INT) PARTITION BY RANGE (a); CREATE FOREIGN TABLE ft_part1 PARTITION OF lt1 FOR VALUES FROM (0) TO (1000) SERVER s0; @@ -966,30 +1004,30 @@ NOTICE: relation "doesnt_exist_ft1" does not exist, skipping ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; NOTICE: relation "doesnt_exist_ft1" does not exist, skipping -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT * FROM information_schema.foreign_data_wrappers WHERE authorization_identifier = 'regress_foreign_data_user' ORDER BY 1, 2; foreign_data_wrapper_catalog | foreign_data_wrapper_name | authorization_identifier | library_name | foreign_data_wrapper_language ------------------------------+---------------------------+---------------------------+--------------+------------------------------- - regression | dummy | regress_foreign_data_user | | c - regression | foo | regress_foreign_data_user | | c - regression | postgresql | regress_foreign_data_user | | c + regression | regress_dummy | regress_foreign_data_user | | c + regression | regress_foo | regress_foreign_data_user | | c + regression | regress_postgresql | regress_foreign_data_user | | c (3 rows) SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; foreign_data_wrapper_catalog | foreign_data_wrapper_name | option_name | option_value ------------------------------+---------------------------+--------------+-------------- - regression | foo | test wrapper | true + regression | regress_foo | test wrapper | true (1 row) SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; foreign_server_catalog | foreign_server_name | foreign_data_wrapper_catalog | foreign_data_wrapper_name | foreign_server_type | foreign_server_version | authorization_identifier ------------------------+---------------------+------------------------------+---------------------------+---------------------+------------------------+--------------------------- - regression | s0 | regression | dummy | | | regress_foreign_data_user - regression | s4 | regression | foo | oracle | | regress_foreign_data_user - regression | s5 | regression | foo | | 15.0 | regress_test_role - regression | s6 | regression | foo | | 16.0 | regress_test_indirect - regression | s8 | regression | postgresql | | | regress_foreign_data_user - regression | t1 | regression | foo | | | regress_test_indirect - regression | t2 | regression | foo | | | regress_test_role + regression | s0 | regression | regress_dummy | | | regress_foreign_data_user + regression | s4 | regression | regress_foo | oracle | | regress_foreign_data_user + regression | s5 | regression | regress_foo | | 15.0 | regress_test_role + regression | s6 | regression | regress_foo | | 16.0 | regress_test_indirect + regression | s8 | regression | regress_postgresql | | | regress_foreign_data_user + regression | t1 | regression | regress_foo | | | regress_test_indirect + regression | t2 | regression | regress_foo | | | regress_test_role (7 rows) SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; @@ -1028,20 +1066,20 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY lower(authorizati regress_test_role | regression | t1 | username | bob (7 rows) -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+---------------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_foreign_data_user | regression | | foo | FOREIGN DATA WRAPPER | USAGE | YES - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_foreign_data_user | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | YES + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (4 rows) -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+---------------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_foreign_data_user | regression | | foo | FOREIGN DATA WRAPPER | USAGE | YES - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_foreign_data_user | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | YES + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (4 rows) @@ -1071,18 +1109,18 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; regress_test_role | regression | t1 | username | bob (5 rows) -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+-----------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (3 rows) -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+-----------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (3 rows) @@ -1098,13 +1136,13 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; RESET ROLE; -- has_foreign_data_wrapper_privilege SELECT has_foreign_data_wrapper_privilege('regress_test_role', - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t @@ -1112,34 +1150,34 @@ SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); SELECT has_foreign_data_wrapper_privilege( (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'foo', 'USAGE'); + (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -SELECT has_foreign_data_wrapper_privilege('foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t @@ -1199,25 +1237,25 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; WARNING: changing the foreign-data wrapper validator can cause the options for dependent objects to become invalid -- Privileges SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foobar" +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foobar" HINT: Must be superuser to create a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_unprivileged_role; -- ERROR -ERROR: permission denied to change owner of foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_unprivileged_role; -- ERROR +ERROR: permission denied to change owner of foreign-data wrapper "regress_foo" HINT: Must be superuser to change owner of a foreign-data wrapper. -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: must be owner of foreign-data wrapper foo -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -ERROR: permission denied for foreign-data wrapper foo -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo ALTER SERVER s4 VERSION '0.5'; -- ERROR ERROR: must be owner of foreign server s4 ALTER SERVER s4 OWNER TO regress_unprivileged_role; -- ERROR @@ -1233,21 +1271,21 @@ ERROR: must be owner of foreign server s6 DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR ERROR: must be owner of foreign server s6 RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_unprivileged_role WITH GRANT OPTION; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_unprivileged_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_unprivileged_role WITH GRANT OPTION; SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foobar" +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foobar" HINT: Must be superuser to create a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: must be owner of foreign-data wrapper foo -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_test_role; -- WARNING -WARNING: no privileges were granted for "postgresql" -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -CREATE SERVER s9 FOREIGN DATA WRAPPER postgresql; +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_test_role; -- WARNING +WARNING: no privileges were granted for "regress_postgresql" +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_postgresql; ALTER SERVER s6 VERSION '0.5'; -- ERROR ERROR: must be owner of foreign server s6 DROP SERVER s6; -- ERROR @@ -1263,15 +1301,15 @@ ERROR: must be owner of foreign server s6 DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR ERROR: must be owner of foreign server s6 RESET ROLE; -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role; -- ERROR +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role; -- ERROR ERROR: dependent privileges exist HINT: Use CASCADE to revoke them too. -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role CASCADE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role CASCADE; SET ROLE regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -ERROR: permission denied for foreign-data wrapper foo -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo ALTER SERVER s9 VERSION '1.1'; GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; CREATE USER MAPPING FOR current_user SERVER s9; @@ -1280,7 +1318,7 @@ NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to user mapping for public on server s9 drop cascades to user mapping for regress_unprivileged_role on server s9 RESET ROLE; -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; GRANT USAGE ON FOREIGN SERVER s9 TO regress_unprivileged_role; SET ROLE regress_unprivileged_role; ALTER SERVER s9 VERSION '1.2'; -- ERROR @@ -1292,7 +1330,7 @@ DROP SERVER s9 CASCADE; -- ERROR ERROR: must be owner of foreign server s9 -- Check visibility of user mapping data SET ROLE regress_test_role; -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret'); CREATE USER MAPPING FOR regress_unprivileged_role SERVER s10 OPTIONS (user 'secret'); -- owner of server can see some option fields @@ -1890,14 +1928,14 @@ DROP TABLE fd_pt1 CASCADE; NOTICE: drop cascades to foreign table ft2 -- IMPORT FOREIGN SCHEMA IMPORT FOREIGN SCHEMA s1 FROM SERVER s9 INTO public; -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 LIMIT TO (t1) FROM SERVER s9 INTO public; --ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 EXCEPT (t1) FROM SERVER s9 INTO public; -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 EXCEPT (t1, t2) FROM SERVER s9 INTO public OPTIONS (option1 'value1', option2 'value2'); -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler -- DROP FOREIGN TABLE DROP FOREIGN TABLE no_table; -- ERROR ERROR: foreign table "no_table" does not exist @@ -2155,13 +2193,13 @@ DROP TABLE temp_parted; DROP SCHEMA foreign_schema CASCADE; DROP ROLE regress_test_role; -- ERROR ERROR: role "regress_test_role" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper foo +DETAIL: privileges for foreign-data wrapper regress_foo privileges for server s4 owner of user mapping for regress_test_role on server s6 DROP SERVER t1 CASCADE; NOTICE: drop cascades to user mapping for public on server t1 DROP USER MAPPING FOR regress_test_role SERVER s6; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; NOTICE: drop cascades to 5 other objects DETAIL: drop cascades to server s4 drop cascades to user mapping for regress_foreign_data_user on server s4 @@ -2176,17 +2214,17 @@ DROP ROLE regress_test_indirect; DROP ROLE regress_test_role; DROP ROLE regress_unprivileged_role; -- ERROR ERROR: role "regress_unprivileged_role" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper postgresql -REVOKE ALL ON FOREIGN DATA WRAPPER postgresql FROM regress_unprivileged_role; +DETAIL: privileges for foreign-data wrapper regress_postgresql +REVOKE ALL ON FOREIGN DATA WRAPPER regress_postgresql FROM regress_unprivileged_role; DROP ROLE regress_unprivileged_role; DROP ROLE regress_test_role2; -DROP FOREIGN DATA WRAPPER postgresql CASCADE; -DROP FOREIGN DATA WRAPPER dummy CASCADE; +DROP FOREIGN DATA WRAPPER regress_postgresql CASCADE; +DROP FOREIGN DATA WRAPPER regress_dummy CASCADE; NOTICE: drop cascades to server s0 \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%'; fdwname | fdwhandler | fdwvalidator | fdwoptions ---------+------------+--------------+------------ (0 rows) diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index eefb860adc..43461de7f9 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -31,155 +31,187 @@ CREATE ROLE regress_test_role_super SUPERUSER; CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER dummy; -COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER regress_dummy; +COMMENT ON FOREIGN DATA WRAPPER regress_dummy IS 'useless'; +CREATE FOREIGN DATA WRAPPER regress_postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%' ORDER BY 1, 2, 3; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; -- CREATE FOREIGN DATA WRAPPER -CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR -CREATE FOREIGN DATA WRAPPER foo; -\dew +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo; +\dew regress_* -CREATE FOREIGN DATA WRAPPER foo; -- duplicate -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); -\dew+ +CREATE FOREIGN DATA WRAPPER regress_foo; -- duplicate +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1'); +\dew+ regress_* -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', testing '2'); -- ERROR -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); -\dew+ +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', testing '2'); -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', another '2'); +\dew+ regress_* -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; SET ROLE regress_test_role; -CREATE FOREIGN DATA WRAPPER foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo; -- ERROR RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; -\dew+ +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; +\dew+ regress_* -- HANDLER related checks CREATE FUNCTION invalid_fdw_handler() RETURNS int LANGUAGE SQL AS 'SELECT 1;'; -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER invalid_fdw_handler; -- ERROR -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler; -DROP FOREIGN DATA WRAPPER test_fdw; +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler; +DROP FOREIGN DATA WRAPPER regress_test_fdw; -- ALTER FOREIGN DATA WRAPPER -ALTER FOREIGN DATA WRAPPER foo OPTIONS (nonexistent 'fdw'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (nonexistent 'fdw'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo; -- ERROR -ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo NO VALIDATOR; +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (SET c '4'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP c); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '1', b '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (SET c '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP c); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD x '1', DROP x); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP a, SET b '3', ADD c '4'); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (b '4'); -- ERROR +\dew+ regress_* SET ROLE regress_test_role; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); -- ERROR SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role_super; +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role_super; ALTER ROLE regress_test_role_super NOSUPERUSER; SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD e '6'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD e '6'); -- ERROR RESET ROLE; -\dew+ +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; -\dew+ -ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; +ALTER FOREIGN DATA WRAPPER regress_foo RENAME TO regress_foo1; +\dew+ regress_* +ALTER FOREIGN DATA WRAPPER regress_foo1 RENAME TO regress_foo; -- HANDLER related checks -ALTER FOREIGN DATA WRAPPER foo HANDLER invalid_fdw_handler; -- ERROR -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER anything; -- ERROR -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler; +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER invalid_fdw_handler; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER anything; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler; DROP FUNCTION invalid_fdw_handler(); -- DROP FOREIGN DATA WRAPPER DROP FOREIGN DATA WRAPPER nonexistent; -- ERROR DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; -\dew+ +\dew+ regress_* DROP ROLE regress_test_role_super; -- ERROR SET ROLE regress_test_role_super; -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; RESET ROLE; DROP ROLE regress_test_role_super; -\dew+ +\dew+ regress_* -CREATE FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; +CREATE FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; COMMENT ON SERVER s1 IS 'foreign server'; CREATE USER MAPPING FOR current_user SERVER s1; CREATE USER MAPPING FOR current_user SERVER s1; -- ERROR CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE -\dew+ +\dew+ regress_* \des+ \deu+ -DROP FOREIGN DATA WRAPPER foo; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR SET ROLE regress_test_role; -DROP FOREIGN DATA WRAPPER foo CASCADE; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; -- ERROR RESET ROLE; -DROP FOREIGN DATA WRAPPER foo CASCADE; -\dew+ +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; +\dew+ regress_* \des+ \deu+ -- exercise CREATE SERVER -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -CREATE FOREIGN DATA WRAPPER foo OPTIONS ("test wrapper" 'true'); -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER foo; -- No ERROR, just NOTICE -CREATE SERVER s2 FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER foo; -CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER foo; -CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (foo '1'); -- ERROR -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (host 'localhost', dbname 's8db'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS ("test wrapper" 'true'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER regress_foo; -- No ERROR, just NOTICE +CREATE SERVER s2 FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (foo '1'); -- ERROR +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (host 'localhost', dbname 's8db'); \des+ SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; -- ERROR: no usage on FDW +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; -- ERROR: no usage on FDW RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; RESET ROLE; \des+ -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_test_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; -- ERROR RESET ROLE; GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; \des+ RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- +-- test pg_connection_fdw +-- + +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +\set VERBOSITY default + +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', port '5432'); + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password 'secret2'); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR @@ -208,7 +240,7 @@ GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; @@ -293,7 +325,7 @@ DROP SERVER s7; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; -CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; +CREATE SERVER s0 FOREIGN DATA WRAPPER regress_dummy; CREATE FOREIGN TABLE ft1 (); -- ERROR CREATE FOREIGN TABLE ft1 () SERVER no_server; -- ERROR CREATE FOREIGN TABLE ft1 ( @@ -453,20 +485,20 @@ ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT * FROM information_schema.foreign_data_wrappers WHERE authorization_identifier = 'regress_foreign_data_user' ORDER BY 1, 2; SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.user_mappings ORDER BY lower(authorization_identifier), 2, 3; SELECT * FROM information_schema.user_mapping_options ORDER BY lower(authorization_identifier), 2, 3, 4; -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; SELECT * FROM information_schema.foreign_tables ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_table_options ORDER BY 1, 2, 3, 4; SET ROLE regress_test_role; SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; DROP USER MAPPING FOR current_user SERVER t1; SET ROLE regress_test_role2; SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; @@ -475,18 +507,18 @@ RESET ROLE; -- has_foreign_data_wrapper_privilege SELECT has_foreign_data_wrapper_privilege('regress_test_role', - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); SELECT has_foreign_data_wrapper_privilege( (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'foo', 'USAGE'); -SELECT has_foreign_data_wrapper_privilege('foo', 'USAGE'); -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); + (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'regress_foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_foo', 'USAGE'); +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); -- has_server_privilege SELECT has_server_privilege('regress_test_role', @@ -508,16 +540,16 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; -- Privileges SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_unprivileged_role; -- ERROR -DROP FOREIGN DATA WRAPPER foo; -- ERROR -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_unprivileged_role; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; -- ERROR ALTER SERVER s4 VERSION '0.5'; -- ERROR ALTER SERVER s4 OWNER TO regress_unprivileged_role; -- ERROR DROP SERVER s4; -- ERROR @@ -527,15 +559,15 @@ ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (gotcha 'true'); -- E DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_unprivileged_role WITH GRANT OPTION; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_unprivileged_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_unprivileged_role WITH GRANT OPTION; SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -DROP FOREIGN DATA WRAPPER foo; -- ERROR -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_test_role; -- WARNING -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -CREATE SERVER s9 FOREIGN DATA WRAPPER postgresql; +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_test_role; -- WARNING +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_postgresql; ALTER SERVER s6 VERSION '0.5'; -- ERROR DROP SERVER s6; -- ERROR GRANT USAGE ON FOREIGN SERVER s6 TO regress_test_role; -- ERROR @@ -546,17 +578,17 @@ ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (gotcha 'true'); -- E DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR RESET ROLE; -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role; -- ERROR -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role CASCADE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role; -- ERROR +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role CASCADE; SET ROLE regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; -- ERROR ALTER SERVER s9 VERSION '1.1'; GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; CREATE USER MAPPING FOR current_user SERVER s9; DROP SERVER s9 CASCADE; RESET ROLE; -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; GRANT USAGE ON FOREIGN SERVER s9 TO regress_unprivileged_role; SET ROLE regress_unprivileged_role; ALTER SERVER s9 VERSION '1.2'; -- ERROR @@ -566,7 +598,7 @@ DROP SERVER s9 CASCADE; -- ERROR -- Check visibility of user mapping data SET ROLE regress_test_role; -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret'); CREATE USER MAPPING FOR regress_unprivileged_role SERVER s10 OPTIONS (user 'secret'); -- owner of server can see some option fields @@ -847,20 +879,20 @@ DROP SCHEMA foreign_schema CASCADE; DROP ROLE regress_test_role; -- ERROR DROP SERVER t1 CASCADE; DROP USER MAPPING FOR regress_test_role SERVER s6; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; DROP SERVER s8 CASCADE; DROP ROLE regress_test_indirect; DROP ROLE regress_test_role; DROP ROLE regress_unprivileged_role; -- ERROR -REVOKE ALL ON FOREIGN DATA WRAPPER postgresql FROM regress_unprivileged_role; +REVOKE ALL ON FOREIGN DATA WRAPPER regress_postgresql FROM regress_unprivileged_role; DROP ROLE regress_unprivileged_role; DROP ROLE regress_test_role2; -DROP FOREIGN DATA WRAPPER postgresql CASCADE; -DROP FOREIGN DATA WRAPPER dummy CASCADE; +DROP FOREIGN DATA WRAPPER regress_postgresql CASCADE; +DROP FOREIGN DATA WRAPPER regress_dummy CASCADE; \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%'; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; -- 2.34.1 [text/x-patch] v6-0003-CREATE-SUSBCRIPTION-.-SERVER.patch (47.2K, 4-v6-0003-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 4663f28197b2fda75bb3f99c8447853cd1af159f Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v6 3/4] CREATE SUSBCRIPTION ... SERVER. --- contrib/postgres_fdw/Makefile | 2 + .../postgres_fdw/expected/postgres_fdw.out | 14 ++ contrib/postgres_fdw/meson.build | 5 + contrib/postgres_fdw/sql/postgres_fdw.sql | 8 + contrib/postgres_fdw/t/010_subscription.pl | 68 +++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 31 ++- src/backend/commands/subscriptioncmds.c | 182 ++++++++++++++++-- src/backend/foreign/foreign.c | 25 +++ src/backend/parser/gram.y | 20 ++ src/backend/replication/logical/worker.c | 12 +- src/bin/pg_dump/pg_dump.c | 27 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.c | 2 +- src/include/catalog/pg_subscription.h | 4 +- src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/foreign_data.out | 14 ++ src/test/regress/expected/subscription.out | 40 ++++ src/test/regress/sql/foreign_data.sql | 17 ++ src/test/regress/sql/subscription.sql | 45 +++++ src/test/subscription/t/001_rep_changes.pl | 57 ++++++ 23 files changed, 579 insertions(+), 28 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index c1b0cad453..c3498ea6b4 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -18,6 +18,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql REGRESS = postgres_fdw +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index d83f6ae8cb..0aa751e099 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,20 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + pg_conninfo_from_server +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + service = 'value' connect_timeout = 'value' dbname = 'value' host = 'value' hostaddr = 'value' port = 'value' application_name = 'value' keepalives = 'value' keepalives_idle = 'value' keepalives_interval = 'value' tcp_user_timeout = 'value' sslcompression = 'value' sslmode = 'value' sslcert = 'value' sslkey = 'value' sslrootcert = 'value' sslcrl = 'value' krbsrvname = 'value' gsslib = 'value' gssdelegation = 'value' sslpassword = 'dummy' sslkey = 'value' sslcert = 'value' +(1 row) + +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 2b86d8a6ee..cf7071dbf8 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -39,4 +39,9 @@ tests += { ], 'regress_args': ['--dlpath', meson.build_root() / 'src/test/regress'], }, + 'tap': { + 'tests': [ + 't/010_subscription.pl', + ], + }, } diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 90c8fa4b70..3b2716b82e 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 0000000000..daa0b9edd2 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,68 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT generate_series(1,50)"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); +is($result, qq(1052), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d36ff0dc9..6d219145a9 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -94,13 +95,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index c7ace922f9..24538baf98 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index c516c25ac7..b3cbc170d5 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -20,12 +20,15 @@ #include "access/tableam.h" #include "access/xact.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -75,10 +78,30 @@ GetSubscription(Oid subid, bool missing_ok) sub->runasowner = subform->subrunasowner; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL */ + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + ForeignServerName(subform->subserver)); + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver, + true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 75e6cd8ae3..60287c73e7 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -574,6 +577,8 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; + Oid umid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -666,15 +671,42 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + UserMapping *um; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + um = GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + umid = um->umid; + conninfo = ForeignServerConnectionString(owner, serverid, true); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + umid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -697,8 +729,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subdisableonerr - 1] = BoolGetDatum(opts.disableonerr); values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -719,6 +755,20 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid) && OidIsValid(umid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -835,8 +885,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1124,6 +1172,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1244,7 +1294,89 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + UserMapping *new_um; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + new_server->servername); + + new_um = GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid, + true); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, new_um->umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1455,8 +1587,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1541,9 +1671,25 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, + ForeignServerName(form->subserver)); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver, true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1644,6 +1790,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ @@ -1853,6 +2000,17 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) aclcheck_error(aclresult, OBJECT_DATABASE, get_database_name(MyDatabaseId)); + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + UserMapping *new_um = GetUserMapping(newOwnerId, form->subserver); + + if (changeDependencyFor(SubscriptionRelationId, form->oid, + UserMappingRelationId, old_um->umid, new_um->umid) != 1) + elog(ERROR, "could not change user mapping dependency for subscription %u", + form->oid); + } + form->subowner = newOwnerId; CatalogTupleUpdate(rel, &tup->t_self, tup); diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index fd1b644d72..d5d78c347e 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -180,6 +180,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 6b88096e8e..0a024ab637 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -10648,6 +10648,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10677,6 +10687,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 911835c5cb..4cb94a1ee8 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -4003,7 +4003,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4639,6 +4641,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 7b9c79005e..6456416ad3 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4655,6 +4655,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4726,10 +4727,12 @@ getSubscriptions(Archive *fout) LOGICALREP_ORIGIN_ANY); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) - appendPQExpBufferStr(query, " o.remote_lsn AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" " s.subenabled\n"); else - appendPQExpBufferStr(query, " NULL AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" " false AS subenabled\n"); appendPQExpBufferStr(query, @@ -4737,6 +4740,8 @@ getSubscriptions(Archive *fout) if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4762,6 +4767,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4781,7 +4787,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -5007,9 +5016,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 9a34347cfc..d3aaa26861 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -669,6 +669,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 09914165e4..995f4f7f22 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3322,7 +3322,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index ca32625585..74e904b11d 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -93,9 +93,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subrunasowner; /* True if replication should execute as the * subscription owner */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index b5b9b97f4d..a2f04ce9af 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -65,6 +65,7 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index b3181f34ae..6d6b242cec 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4041,6 +4041,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4049,6 +4050,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4063,6 +4065,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index d51e83ff92..6685c134c6 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -432,6 +432,20 @@ SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false) DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: no permissions on FDW +ERROR: permission denied for foreign-data wrapper pg_connection_fdw +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails +ERROR: schema "bar" does not exist +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b15eddbff3..7b866a6fe6 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -144,6 +144,46 @@ ERROR: could not connect to the publisher: invalid port number: "-1" ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_testsub6; +-- test using a server object instead of connection string +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +RESET SESSION AUTHORIZATION; +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver2; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver; +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; +DROP FOREIGN DATA WRAPPER regress_fdw; +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +ERROR: user mapping not found for user "regress_subscription_user", server "regress_testserver" +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Synchronous commit | Conninfo | Skip LSN diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index 43461de7f9..337acafc2d 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -212,6 +212,23 @@ DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: no permissions on FDW +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; + +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; + +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; + +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 444e563ff3..95c826030b 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -88,6 +88,51 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +-- test using a server object instead of connection string + +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +RESET SESSION AUTHORIZATION; + +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver2; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver; + +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; +DROP FOREIGN DATA WRAPPER regress_fdw; + +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver; +DROP SERVER regress_testserver; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; + \dRs+ ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 9ccebd890a..4cbf2dceaa 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -27,6 +27,8 @@ $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins2 AS SELECT generate_series(1,1002) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); @@ -65,6 +67,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_notrep (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins2 (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); $node_subscriber->safe_psql('postgres', @@ -110,6 +113,22 @@ $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr' PUBLICATION tap_pub, tap_pub_ins_only" ); +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_sub2_server" +); + +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_simple_pub FOR TABLE tab_ins2"); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub2 SERVER tap_sub2_server PUBLICATION tap_simple_pub WITH (password_required=false)" +); + # Wait for initial table sync to finish $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); @@ -121,11 +140,22 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check initial data was copied to subscriber'); +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins2"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 CONNECTION '$publisher_connstr'"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_ins WHERE a > 20"); $node_publisher->safe_psql('postgres', "UPDATE tab_ins SET a = -a"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1,50)"); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 SERVER tap_sub2_server"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_rep SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep WHERE a > 20"); @@ -158,6 +188,10 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_ins"); is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), 'check replicated changes on subscriber'); @@ -449,10 +483,27 @@ $node_publisher->poll_query_until('postgres', or die "Timed out while waiting for apply to restart after changing PUBLICATION"; +# test that changes to a foreign server subscription cause the worker +# to restart +$oldpid = $node_publisher->safe_psql('postgres', + "SELECT pid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" +); +$node_subscriber->safe_psql('postgres', + "ALTER SERVER tap_sub2_server OPTIONS (sslmode 'disable')" +); +$node_publisher->poll_query_until('postgres', + "SELECT pid != $oldpid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" + ) + or die + "Timed out while waiting for apply to restart after changing PUBLICATION"; + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1001,1100)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1001,1100)"); + # Restart the publisher and check the state of the subscriber which # should be in a streaming state after catching up. $node_publisher->stop('fast'); @@ -465,6 +516,11 @@ $result = $node_subscriber->safe_psql('postgres', is($result, qq(1152|1|1100), 'check replicated inserts after subscription publication change'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1152|1|1100), + 'check replicated inserts after subscription publication change'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), @@ -533,6 +589,7 @@ $node_publisher->poll_query_until('postgres', # check all the cleanup $node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub_renamed"); +$node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub2"); $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM pg_subscription"); -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-15 20:53 Joe Conway <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Joe Conway @ 2024-01-15 20:53 UTC (permalink / raw) To: Jeff Davis <[email protected]>; Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; pgsql-hackers On 1/12/24 20:17, Jeff Davis wrote: > On Fri, 2024-01-05 at 16:11 +0530, Ashutosh Bapat wrote: >> I don't think we need to add a test for every FDW. E.g. adding a test >> in file_fdw would be pointless. But postgres_fdw is special. The test >> could further create a foreign table ftab_foo on subscriber >> referencing foo on publisher and then compare the data from foo and >> ftab_foo to make sure that the replication is happening. This will >> serve as a good starting point for replicated tables setup in a >> sharded cluster. >> > > Attached updated patch set with added TAP test for postgres_fdw, which > uses a postgres_fdw server as the source for subscription connection > information. > > I think 0004 needs a bit more work, so I'm leaving it off for now, but > I'll bring it back in the next patch set. I took a quick scan through the patch. The only thing that jumped out at me was that it seems like it might make sense to use quote_literal_cstr() rather than defining your own appendEscapedValue() function? -- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-15 21:34 Jeff Davis <[email protected]> parent: Joe Conway <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Jeff Davis @ 2024-01-15 21:34 UTC (permalink / raw) To: Joe Conway <[email protected]>; Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; pgsql-hackers On Mon, 2024-01-15 at 15:53 -0500, Joe Conway wrote: > I took a quick scan through the patch. The only thing that jumped out > at > me was that it seems like it might make sense to use > quote_literal_cstr() rather than defining your own > appendEscapedValue() > function? The rules are slightly different. Libpq expects a connection string to escape only single-quote and backslash, and the escape character is always backslash: https://www.postgresql.org/docs/16/libpq-connect.html#LIBPQ-CONNSTRING-KEYWORD-VALUE quote_literal_cstr() has more complicated rules. If there's a backslash anywhere in the string, it uses the E'' form. If it encounters a backslash it escapes it with backslash, but if it encounters a single- quote it escapes it with single-quote. See: https://www.postgresql.org/docs/16/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS https://www.postgresql.org/docs/16/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS-ESCAPE I'll include some tests and a better comment for it in the next patch set. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-16 01:55 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 2 replies; 63+ messages in thread From: Jeff Davis @ 2024-01-16 01:55 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2024-01-12 at 17:17 -0800, Jeff Davis wrote: > I think 0004 needs a bit more work, so I'm leaving it off for now, > but > I'll bring it back in the next patch set. Here's the next patch set. 0001 - 0003 are mostly the same with some improved error messages and some code fixes. I am looking to start committing 0001 - 0003 soon, as they have received some feedback already and 0004 isn't required for the earlier patches to be useful. 0004 could use more discussion. The purpose is to split the privileges of pg_create_subscription into two: pg_create_subscription, and pg_create_connection. By separating the privileges, it's possible to allow someone to create/manage subscriptions to a predefined set of foreign servers (on which they have USAGE privileges) without allowing them to write an arbitrary connection string. The reasoning behind the separation is that creating a connection string has different and more nuanced security implications than creating a subscription (cf. extensive discussion[1] related to the password_required setting on a subscription). By default, pg_create_subscription is a member of pg_create_connection, so there's no change/break of the default behavior. But administrators who want the privileges to be separated can simply "REVOKE pg_create_connection FROM pg_create_subscription". Given that CREATE SUBSCRIPTION ... SERVER works on a server of any FDW, we would also need to protect against someone making using an unexpected FDW (with no validation or different validation) to construct a foreign server with malicious connection settings. To do so, I added to the grammar "CREATE SERVER ... FOR SUBSCRIPTION" (and a boolean catalog entry in pg_foreign_server) that can only be set by a member of pg_create_connection. There was some resistance[2] to adding more grammar/catalog impact than necessary, so I'm not sure if others think this is the right approach. The earlier patches are still worth it without 0004, but I do think the idea of separating the privileges is useful and it would be nice to find an agreeable solution to do so. At least with the 0004, the approach is a bit more direct. Regards, Jeff Davis [1] https://www.postgresql.org/message-id/9DFC88D3-1300-4DE8-ACBC-4CEF84399A53%40enterprisedb.com [2] https://www.postgresql.org/message-id/172273.1693403385%40sss.pgh.pa.us Attachments: [text/x-patch] v7-0001-Un-deprecate-postgresql_fdw_validator.patch (8.8K, 2-v7-0001-Un-deprecate-postgresql_fdw_validator.patch) download | inline diff: From 07b7baf50df3ecaf527530ea47435edfc588714f Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Thu, 4 Jan 2024 12:15:54 -0800 Subject: [PATCH v7 1/4] Un-deprecate postgresql_fdw_validator(). Extend the walrcv_ API to retrieve the options list from libpq, and use that for postgresql_fdw_validator(). By using the correct libpq options, it no longer needs to be deprecated, and can be used by the upcoming pg_connection_fdw. Discussion: https://postgr.es/m/[email protected] --- src/backend/foreign/foreign.c | 67 +++++++------------ .../libpqwalreceiver/libpqwalreceiver.c | 48 +++++++++++++ src/include/replication/walreceiver.h | 20 ++++++ 3 files changed, 91 insertions(+), 44 deletions(-) diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 02e1898131..747cc11a60 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -23,6 +23,7 @@ #include "funcapi.h" #include "lib/stringinfo.h" #include "miscadmin.h" +#include "replication/walreceiver.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" @@ -549,40 +550,6 @@ pg_options_to_table(PG_FUNCTION_ARGS) } -/* - * Describes the valid options for postgresql FDW, server, and user mapping. - */ -struct ConnectionOption -{ - const char *optname; - Oid optcontext; /* Oid of catalog in which option may appear */ -}; - -/* - * Copied from fe-connect.c PQconninfoOptions. - * - * The list is small - don't bother with bsearch if it stays so. - */ -static const struct ConnectionOption libpq_conninfo_options[] = { - {"authtype", ForeignServerRelationId}, - {"service", ForeignServerRelationId}, - {"user", UserMappingRelationId}, - {"password", UserMappingRelationId}, - {"connect_timeout", ForeignServerRelationId}, - {"dbname", ForeignServerRelationId}, - {"host", ForeignServerRelationId}, - {"hostaddr", ForeignServerRelationId}, - {"port", ForeignServerRelationId}, - {"tty", ForeignServerRelationId}, - {"options", ForeignServerRelationId}, - {"requiressl", ForeignServerRelationId}, - {"sslmode", ForeignServerRelationId}, - {"gsslib", ForeignServerRelationId}, - {"gssdelegation", ForeignServerRelationId}, - {NULL, InvalidOid} -}; - - /* * Check if the provided option is one of libpq conninfo options. * context is the Oid of the catalog the option came from, or 0 if we @@ -593,9 +560,23 @@ is_conninfo_option(const char *option, Oid context) { const struct ConnectionOption *opt; - for (opt = libpq_conninfo_options; opt->optname; opt++) - if (context == opt->optcontext && strcmp(opt->optname, option) == 0) - return true; + /* skip options that must be overridden */ + if (strcmp(option, "client_encoding") == 0) + return false; + + for (opt = walrcv_conninfo_options(); opt->optname; opt++) + { + if (strcmp(opt->optname, option) == 0) + { + if (opt->isdebug) + return false; + + if (opt->issecret || strcmp(opt->optname, "user") == 0) + return (context == UserMappingRelationId); + + return (context == ForeignServerRelationId); + } + } return false; } @@ -606,11 +587,6 @@ is_conninfo_option(const char *option, Oid context) * * Valid server options are all libpq conninfo options except * user and password -- these may only appear in USER MAPPING options. - * - * Caution: this function is deprecated, and is now meant only for testing - * purposes, because the list of options it knows about doesn't necessarily - * square with those known to whichever libpq instance you might be using. - * Inquire of libpq itself, instead. */ Datum postgresql_fdw_validator(PG_FUNCTION_ARGS) @@ -620,6 +596,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) ListCell *cell; + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + foreach(cell, options_list) { DefElem *def = lfirst(cell); @@ -636,9 +615,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) * with a valid option that looks similar, if there is one. */ initClosestMatch(&match_state, def->defname, 4); - for (opt = libpq_conninfo_options; opt->optname; opt++) + for (opt = walrcv_conninfo_options(); opt->optname; opt++) { - if (catalog == opt->optcontext) + if (is_conninfo_option(opt->optname, catalog)) { has_valid_options = true; updateClosestMatch(&match_state, opt->optname); diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index 201c36cb22..58f8267fce 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -53,6 +53,7 @@ static WalReceiverConn *libpqrcv_connect(const char *conninfo, const char *appname, char **err); static void libpqrcv_check_conninfo(const char *conninfo, bool must_use_password); +static const struct ConnectionOption *libpqrcv_conninfo_options(void); static char *libpqrcv_get_conninfo(WalReceiverConn *conn); static void libpqrcv_get_senderinfo(WalReceiverConn *conn, char **sender_host, int *sender_port); @@ -86,6 +87,7 @@ static void libpqrcv_disconnect(WalReceiverConn *conn); static WalReceiverFunctionsType PQWalReceiverFunctions = { .walrcv_connect = libpqrcv_connect, .walrcv_check_conninfo = libpqrcv_check_conninfo, + .walrcv_conninfo_options = libpqrcv_conninfo_options, .walrcv_get_conninfo = libpqrcv_get_conninfo, .walrcv_get_senderinfo = libpqrcv_get_senderinfo, .walrcv_identify_system = libpqrcv_identify_system, @@ -298,6 +300,52 @@ libpqrcv_check_conninfo(const char *conninfo, bool must_use_password) PQconninfoFree(opts); } +static const struct ConnectionOption * +libpqrcv_conninfo_options(void) +{ + static struct ConnectionOption *connection_options = NULL; + + if (connection_options == NULL) + { + PQconninfoOption *conndefaults = PQconndefaults(); + PQconninfoOption *lopt; + struct ConnectionOption *tmp_options = NULL; + struct ConnectionOption *popt; + size_t options_size = 0; + int num_libpq_opts = 0; + + for (lopt = conndefaults; lopt->keyword; lopt++) + num_libpq_opts++; + + /* leave room for all-zero entry at the end */ + options_size = sizeof(struct ConnectionOption) * (num_libpq_opts + 1); + tmp_options = MemoryContextAllocZero(TopMemoryContext, options_size); + + popt = tmp_options; + for (lopt = conndefaults; lopt->keyword; lopt++) + { + if (strchr(lopt->dispchar, '*')) + popt->issecret = true; + else if (strchr(lopt->dispchar, 'D')) + popt->isdebug = true; + + popt->optname = MemoryContextStrdup(TopMemoryContext, + lopt->keyword); + popt++; + } + + /* last entry is all zero */ + Assert(popt->optname == NULL); + + PQconninfoFree(conndefaults); + + /* if everything succeeded, set static variable */ + connection_options = tmp_options; + } + + return connection_options; +} + /* * Return a user-displayable conninfo string. Any security-sensitive fields * are obfuscated. diff --git a/src/include/replication/walreceiver.h b/src/include/replication/walreceiver.h index 0899891cdb..541377e095 100644 --- a/src/include/replication/walreceiver.h +++ b/src/include/replication/walreceiver.h @@ -223,6 +223,16 @@ typedef struct WalRcvExecResult TupleDesc tupledesc; } WalRcvExecResult; +/* + * Describes the valid options for postgresql FDW, server, and user mapping. + */ +struct ConnectionOption +{ + const char *optname; + bool issecret; /* is option for a password? */ + bool isdebug; /* is option a debug option? */ +}; + /* WAL receiver - libpqwalreceiver hooks */ /* @@ -250,6 +260,13 @@ typedef WalReceiverConn *(*walrcv_connect_fn) (const char *conninfo, typedef void (*walrcv_check_conninfo_fn) (const char *conninfo, bool must_use_password); +/* + * walrcv_conninfo_options_fn + * + * Return a pointer to a static array of the available options from libpq. + */ +typedef const struct ConnectionOption *(*walrcv_conninfo_options_fn) (void); + /* * walrcv_get_conninfo_fn * @@ -389,6 +406,7 @@ typedef struct WalReceiverFunctionsType { walrcv_connect_fn walrcv_connect; walrcv_check_conninfo_fn walrcv_check_conninfo; + walrcv_conninfo_options_fn walrcv_conninfo_options; walrcv_get_conninfo_fn walrcv_get_conninfo; walrcv_get_senderinfo_fn walrcv_get_senderinfo; walrcv_identify_system_fn walrcv_identify_system; @@ -410,6 +428,8 @@ extern PGDLLIMPORT WalReceiverFunctionsType *WalReceiverFunctions; WalReceiverFunctions->walrcv_connect(conninfo, logical, must_use_password, appname, err) #define walrcv_check_conninfo(conninfo, must_use_password) \ WalReceiverFunctions->walrcv_check_conninfo(conninfo, must_use_password) +#define walrcv_conninfo_options() \ + WalReceiverFunctions->walrcv_conninfo_options() #define walrcv_get_conninfo(conn) \ WalReceiverFunctions->walrcv_get_conninfo(conn) #define walrcv_get_senderinfo(conn, sender_host, sender_port) \ -- 2.34.1 [text/x-patch] v7-0002-Add-built-in-foreign-data-wrapper-pg_connection_f.patch (125.1K, 3-v7-0002-Add-built-in-foreign-data-wrapper-pg_connection_f.patch) download | inline diff: From 9671d034d5e5d73c28b2445492127d1417444c6d Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:33:28 -0800 Subject: [PATCH v7 2/4] Add built-in foreign data wrapper pg_connection_fdw. In preparation for CREATE SUBSCRIPTION ... SERVER. Discussion: https://postgr.es/m/[email protected] --- doc/src/sgml/func.sgml | 19 + src/backend/catalog/Makefile | 1 + src/backend/foreign/foreign.c | 145 ++++ src/bin/pg_dump/pg_dump.c | 23 +- src/include/catalog/meson.build | 1 + .../catalog/pg_foreign_data_wrapper.dat | 21 + src/include/catalog/pg_foreign_data_wrapper.h | 4 +- src/include/catalog/pg_proc.dat | 4 + src/include/foreign/foreign.h | 2 + src/test/regress/expected/foreign_data.out | 760 +++++++++--------- src/test/regress/sql/foreign_data.sql | 276 ++++--- 11 files changed, 770 insertions(+), 486 deletions(-) create mode 100644 src/include/catalog/pg_foreign_data_wrapper.dat diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 210c7c0b02..79e1792eae 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -27985,6 +27985,25 @@ postgres=# SELECT '0/0'::pg_lsn + pd.segment_number * ps.setting::int + :offset </para></entry> </row> + <row> + <entry role="func_table_entry"><para role="func_signature"> + <indexterm> + <primary>pg_conninfo_from_server</primary> + </indexterm> + <function>pg_conninfo_from_server</function> ( <parameter>servername</parameter> <type>text</type>, <parameter>username</parameter> <type>text</type>, <parameter>append_overrides</parameter> <type>boolean</type> ) + <returnvalue>text</returnvalue> + </para> + <para> + Returns connection string generated from the foreign server and user + mapping associated with the given + <replaceable>servername</replaceable> and + <replaceable>username</replaceable>. If + <replaceable>append_overrides</replaceable> is + <literal>true</literal>, it appends override parameters necessary for + making outbound connections. + </para></entry> + </row> + <row> <entry id="pg-logical-emit-message" role="func_table_entry"><para role="func_signature"> <indexterm> diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile index d6b23b4bfd..756a052a70 100644 --- a/src/backend/catalog/Makefile +++ b/src/backend/catalog/Makefile @@ -136,6 +136,7 @@ POSTGRES_BKI_DATA = $(addprefix $(top_srcdir)/src/include/catalog/,\ pg_collation.dat \ pg_conversion.dat \ pg_database.dat \ + pg_foreign_data_wrapper.dat \ pg_language.dat \ pg_namespace.dat \ pg_opclass.dat \ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 747cc11a60..ead4a2cd2c 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -18,18 +18,22 @@ #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" #include "catalog/pg_user_mapping.h" +#include "commands/defrem.h" #include "foreign/fdwapi.h" #include "foreign/foreign.h" #include "funcapi.h" #include "lib/stringinfo.h" +#include "mb/pg_wchar.h" #include "miscadmin.h" #include "replication/walreceiver.h" +#include "utils/acl.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" #include "utils/syscache.h" #include "utils/varlena.h" +static bool is_conninfo_option(const char *option, Oid context); /* * GetForeignDataWrapper - look up the foreign-data wrapper by OID. @@ -191,6 +195,115 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + + +/* + * Helper for ForeignServerConnectionString() and pg_connection_validator(). + * + * Transform a List of DefElem into a connection string. + */ +static char * +options_to_conninfo(List *options, bool append_overrides) +{ + StringInfoData str; + ListCell *lc; + char *sep = ""; + + initStringInfo(&str); + foreach(lc, options) + { + DefElem *d = (DefElem *) lfirst(lc); + char *name = d->defname; + char *value; + + /* ignore unknown options */ + if (!is_conninfo_option(name, ForeignServerRelationId) && + !is_conninfo_option(name, UserMappingRelationId)) + continue; + + value = defGetString(d); + + appendStringInfo(&str, "%s%s = ", sep, name); + appendEscapedValue(&str, value); + sep = " "; + } + + /* override client_encoding */ + if (append_overrides) + { + appendStringInfo(&str, "%sclient_encoding = ", sep); + appendEscapedValue(&str, GetDatabaseEncodingName()); + sep = " "; + } + + return str.data; +} + + +/* + * Given a user ID and server ID, return a postgres connection string suitable + * to pass to libpq. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid, bool append_overrides) +{ + static MemoryContext tmpcontext = NULL; + ForeignServer *server; + UserMapping *um; + List *options; + char *conninfo; + MemoryContext oldcontext; + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + /* + * Use a temporary context rather than trying to track individual + * allocations in GetForeignServer() and GetUserMapping(). + */ + if (tmpcontext == NULL) + tmpcontext = AllocSetContextCreate(TopMemoryContext, + "temp context for building connection string", + ALLOCSET_DEFAULT_SIZES); + + oldcontext = MemoryContextSwitchTo(tmpcontext); + + server = GetForeignServer(serverid); + um = GetUserMapping(userid, serverid); + + /* user mapping options override server options */ + options = list_concat(server->options, um->options); + + conninfo = options_to_conninfo(options, append_overrides); + + MemoryContextSwitchTo(oldcontext); + + /* copy only conninfo into the current context */ + conninfo = pstrdup(conninfo); + + MemoryContextReset(tmpcontext); + + return conninfo; +} + + /* * GetUserMapping - look up the user mapping. * @@ -580,6 +693,38 @@ is_conninfo_option(const char *option, Oid context) return false; } +/* + * pg_conninfo_from_server + * + * Extract connection string from the given foreign server. + */ +Datum +pg_conninfo_from_server(PG_FUNCTION_ARGS) +{ + char *server_name = text_to_cstring(PG_GETARG_TEXT_P(0)); + char *user_name = text_to_cstring(PG_GETARG_TEXT_P(1)); + bool append_overrides = PG_GETARG_BOOL(2); + Oid serverid = get_foreign_server_oid(server_name, false); + Oid userid = get_role_oid_or_public(user_name); + AclResult aclresult; + char *conninfo; + + /* if the specified userid is not PUBLIC, check SET ROLE privileges */ + if (userid != ACL_ID_PUBLIC) + check_can_set_role(GetUserId(), userid); + + /* ACL check on foreign server */ + aclresult = object_aclcheck(ForeignServerRelationId, serverid, + GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server_name); + + conninfo = ForeignServerConnectionString(userid, serverid, + append_overrides); + + PG_RETURN_TEXT_P(cstring_to_text(conninfo)); +} + /* * Validate the generic option given to SERVER or USER MAPPING. diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index bc20a025ce..5b7a18dbb1 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -2067,6 +2067,27 @@ selectDumpableStatisticsObject(StatsExtInfo *sobj, Archive *fout) sobj->dobj.dump = DUMP_COMPONENT_NONE; } +/* + * selectDumpableFdw: policy-setting subroutine + * Mark foreign data wrapper as to be dumped or not + * + * Froeign Data Wrappers do not belong to any particular namespace. To + * identify built-in foreign data wrappers, we must resort to checking whether + * the method's OID is in the range reserved for initdb. + */ +static void +selectDumpableFdw(FdwInfo *fdwinfo, Archive *fout) +{ + if (checkExtensionMembership(&fdwinfo->dobj, fout)) + return; /* extension membership overrides all else */ + + if (fdwinfo->dobj.catId.oid <= (Oid) g_last_builtin_oid) + fdwinfo->dobj.dump = DUMP_COMPONENT_NONE; + else + fdwinfo->dobj.dump = fout->dopt->include_everything ? + DUMP_COMPONENT_ALL : DUMP_COMPONENT_NONE; +} + /* * selectDumpableObject: policy-setting subroutine * Mark a generic dumpable object as to be dumped or not @@ -9661,7 +9682,7 @@ getForeignDataWrappers(Archive *fout, int *numForeignDataWrappers) fdwinfo[i].fdwoptions = pg_strdup(PQgetvalue(res, i, i_fdwoptions)); /* Decide whether we want to dump it */ - selectDumpableObject(&(fdwinfo[i].dobj), fout); + selectDumpableFdw(&fdwinfo[i], fout); /* Mark whether FDW has an ACL */ if (!PQgetisnull(res, i, i_fdwacl)) diff --git a/src/include/catalog/meson.build b/src/include/catalog/meson.build index 2bcbe327cf..c87533c9b2 100644 --- a/src/include/catalog/meson.build +++ b/src/include/catalog/meson.build @@ -83,6 +83,7 @@ bki_data = [ 'pg_collation.dat', 'pg_conversion.dat', 'pg_database.dat', + 'pg_foreign_data_wrapper.dat', 'pg_language.dat', 'pg_namespace.dat', 'pg_opclass.dat', diff --git a/src/include/catalog/pg_foreign_data_wrapper.dat b/src/include/catalog/pg_foreign_data_wrapper.dat new file mode 100644 index 0000000000..ef68fe5966 --- /dev/null +++ b/src/include/catalog/pg_foreign_data_wrapper.dat @@ -0,0 +1,21 @@ +#---------------------------------------------------------------------- +# +# pg_foreign_data_wrapper.dat +# Initial contents of the pg_foreign_data_wrapper system catalog. +# +# Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group +# Portions Copyright (c) 1994, Regents of the University of California +# +# src/include/catalog/pg_foreign_data_wrapper.dat +# +#---------------------------------------------------------------------- + +[ + +{ oid => '6015', oid_symbol => 'PG_CONNECTION_FDW', + descr => 'Pseudo FDW for connections to Postgres', + fdwname => 'pg_connection_fdw', + fdwvalidator => 'postgresql_fdw_validator', + fdwacl => '_null_', fdwoptions => '_null_'}, + +] diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index 5e39e4b42f..a78707fb59 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -30,8 +30,8 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) { Oid oid; /* oid */ NameData fdwname; /* foreign-data wrapper name */ - Oid fdwowner BKI_LOOKUP(pg_authid); /* FDW owner */ - Oid fdwhandler BKI_LOOKUP_OPT(pg_proc); /* handler function, or 0 + Oid fdwowner BKI_DEFAULT(POSTGRES) BKI_LOOKUP(pg_authid); /* FDW owner */ + Oid fdwhandler BKI_DEFAULT(0) BKI_LOOKUP_OPT(pg_proc); /* handler function, or 0 * if none */ Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 58811a6530..322ce001f6 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7516,6 +7516,10 @@ proname => 'postgresql_fdw_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, +{ oid => '6123', descr => 'extract connection string from the given foreign server', + proname => 'pg_conninfo_from_server', prorettype => 'text', + proargtypes => 'text text bool', prosrc => 'pg_conninfo_from_server' }, + { oid => '2290', descr => 'I/O', proname => 'record_in', provolatile => 's', prorettype => 'record', proargtypes => 'cstring oid int4', prosrc => 'record_in' }, diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100..b5b9b97f4d 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -69,6 +69,8 @@ extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid, + bool append_overrides); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 1dfe23cc1e..6ae93c41f6 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -21,15 +21,15 @@ CREATE ROLE regress_test_role2; CREATE ROLE regress_test_role_super SUPERUSER; CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER dummy; -COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER regress_dummy; +COMMENT ON FOREIGN DATA WRAPPER regress_dummy IS 'useless'; +CREATE FOREIGN DATA WRAPPER regress_postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; - fdwname | fdwhandler | fdwvalidator | fdwoptions -------------+------------+--------------------------+------------ - dummy | - | - | - postgresql | - | postgresql_fdw_validator | +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%' ORDER BY 1, 2, 3; + fdwname | fdwhandler | fdwvalidator | fdwoptions +--------------------+------------+--------------------------+------------ + regress_dummy | - | - | + regress_postgresql | - | postgresql_fdw_validator | (2 rows) SELECT srvname, srvoptions FROM pg_foreign_server; @@ -43,180 +43,180 @@ SELECT * FROM pg_user_mapping; (0 rows) -- CREATE FOREIGN DATA WRAPPER -CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist -CREATE FOREIGN DATA WRAPPER foo; -\dew - List of foreign-data wrappers - Name | Owner | Handler | Validator -------------+---------------------------+---------+-------------------------- - dummy | regress_foreign_data_user | - | - - foo | regress_foreign_data_user | - | - - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator +CREATE FOREIGN DATA WRAPPER regress_foo; +\dew regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator +--------------------+---------------------------+---------+-------------------------- + regress_dummy | regress_foreign_data_user | - | - + regress_foo | regress_foreign_data_user | - | - + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator (3 rows) -CREATE FOREIGN DATA WRAPPER foo; -- duplicate -ERROR: foreign-data wrapper "foo" already exists -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo; -- duplicate +ERROR: foreign-data wrapper "regress_foo" already exists +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (testing '1') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', testing '2'); -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', testing '2'); -- ERROR ERROR: option "testing" provided more than once -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', another '2'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; SET ROLE regress_test_role; -CREATE FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foo" +CREATE FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foo" HINT: Must be superuser to create a foreign-data wrapper. RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -- HANDLER related checks CREATE FUNCTION invalid_fdw_handler() RETURNS int LANGUAGE SQL AS 'SELECT 1;'; -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER invalid_fdw_handler; -- ERROR ERROR: function invalid_fdw_handler must return type fdw_handler -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR ERROR: conflicting or redundant options -LINE 1: ...GN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER in... +LINE 1: ...WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER in... ^ -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler; -DROP FOREIGN DATA WRAPPER test_fdw; +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler; +DROP FOREIGN DATA WRAPPER regress_test_fdw; -- ALTER FOREIGN DATA WRAPPER -ALTER FOREIGN DATA WRAPPER foo OPTIONS (nonexistent 'fdw'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (nonexistent 'fdw'); -- ERROR ERROR: invalid option "nonexistent" HINT: There are no valid options in this context. -ALTER FOREIGN DATA WRAPPER foo; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo; -- ERROR ERROR: syntax error at or near ";" -LINE 1: ALTER FOREIGN DATA WRAPPER foo; - ^ -ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR +LINE 1: ALTER FOREIGN DATA WRAPPER regress_foo; + ^ +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist -ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo NO VALIDATOR; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (SET c '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '1', b '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (SET c '4'); -- ERROR ERROR: option "c" not found -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP c); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP c); -- ERROR ERROR: option "c" not found -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (a '1', b '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD x '1', DROP x); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (a '1', b '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP a, SET b '3', ADD c '4'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (b '4'); -- ERROR ERROR: option "b" provided more than once -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) SET ROLE regress_test_role; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR -ERROR: permission denied to change owner of foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role; -- ERROR +ERROR: permission denied to change owner of foreign-data wrapper "regress_foo" HINT: The owner of a foreign-data wrapper must be a superuser. -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role_super; +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role_super; ALTER ROLE regress_test_role_super NOSUPERUSER; SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD e '6'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD e '6'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. RESET ROLE; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +ALTER FOREIGN DATA WRAPPER regress_foo RENAME TO regress_foo1; +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) -ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; +ALTER FOREIGN DATA WRAPPER regress_foo1 RENAME TO regress_foo; -- HANDLER related checks -ALTER FOREIGN DATA WRAPPER foo HANDLER invalid_fdw_handler; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER invalid_fdw_handler; -- ERROR ERROR: function invalid_fdw_handler must return type fdw_handler -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER anything; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER anything; -- ERROR ERROR: conflicting or redundant options -LINE 1: ...FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER an... +LINE 1: ...DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER an... ^ -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler; +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler; WARNING: changing the foreign-data wrapper handler can change behavior of existing foreign tables DROP FUNCTION invalid_fdw_handler(); -- DROP FOREIGN DATA WRAPPER @@ -224,52 +224,52 @@ DROP FOREIGN DATA WRAPPER nonexistent; -- ERROR ERROR: foreign-data wrapper "nonexistent" does not exist DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; NOTICE: foreign-data wrapper "nonexistent" does not exist, skipping -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) DROP ROLE regress_test_role_super; -- ERROR ERROR: role "regress_test_role_super" cannot be dropped because some objects depend on it -DETAIL: owner of foreign-data wrapper foo +DETAIL: owner of foreign-data wrapper regress_foo SET ROLE regress_test_role_super; -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; RESET ROLE; DROP ROLE regress_test_role_super; -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (2 rows) -CREATE FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; +CREATE FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; COMMENT ON SERVER s1 IS 'foreign server'; CREATE USER MAPPING FOR current_user SERVER s1; CREATE USER MAPPING FOR current_user SERVER s1; -- ERROR ERROR: user mapping for "regress_foreign_data_user" already exists for server "s1" CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE NOTICE: user mapping for "regress_foreign_data_user" already exists for server "s1", skipping -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_foo | regress_foreign_data_user | - | - | | | + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (3 rows) \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+------+---------+-------------+---------------- - s1 | regress_foreign_data_user | foo | | | | | foreign server + s1 | regress_foreign_data_user | regress_foo | | | | | foreign server (1 row) \deu+ @@ -279,25 +279,25 @@ NOTICE: user mapping for "regress_foreign_data_user" already exists for server s1 | regress_foreign_data_user | (1 row) -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: cannot drop foreign-data wrapper foo because other objects depend on it -DETAIL: server s1 depends on foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: cannot drop foreign-data wrapper regress_foo because other objects depend on it +DETAIL: server s1 depends on foreign-data wrapper regress_foo user mapping for regress_foreign_data_user on server s1 depends on server s1 HINT: Use DROP ... CASCADE to drop the dependent objects too. SET ROLE regress_test_role; -DROP FOREIGN DATA WRAPPER foo CASCADE; -- ERROR -ERROR: must be owner of foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo RESET ROLE; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to server s1 drop cascades to user mapping for regress_foreign_data_user on server s1 -\dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | +\dew+ regress_* + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +--------------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- + regress_dummy | regress_foreign_data_user | - | - | | | useless + regress_postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | (2 rows) \des+ @@ -313,87 +313,125 @@ drop cascades to user mapping for regress_foreign_data_user on server s1 (0 rows) -- exercise CREATE SERVER -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: foreign-data wrapper "foo" does not exist -CREATE FOREIGN DATA WRAPPER foo OPTIONS ("test wrapper" 'true'); -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: foreign-data wrapper "regress_foo" does not exist +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS ("test wrapper" 'true'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR ERROR: server "s1" already exists -CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER foo; -- No ERROR, just NOTICE +CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER regress_foo; -- No ERROR, just NOTICE NOTICE: server "s1" already exists, skipping -CREATE SERVER s2 FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER foo; -CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER foo; -CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (foo '1'); -- ERROR +CREATE SERVER s2 FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (foo '1'); -- ERROR ERROR: invalid option "foo" -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (host 'localhost', dbname 's8db'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (host 'localhost', dbname 's8db'); \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | (8 rows) SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; -- ERROR: no usage on FDW -ERROR: permission denied for foreign-data wrapper foo +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; -- ERROR: no usage on FDW +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; RESET ROLE; \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | (9 rows) -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_test_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | | | | | - s2 | regress_foreign_data_user | foo | | | | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | | | 16.0 | (host 'a', dbname 'b') | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s1 | regress_foreign_data_user | regress_foo | | | | | + s2 | regress_foreign_data_user | regress_foo | | | | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | | | 16.0 | (host 'a', dbname 'b') | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- +-- test pg_connection_fdw +-- +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +ERROR: invalid option "client_encoding" +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +ERROR: invalid option "nonsense" +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +ERROR: invalid option "password" +\set VERBOSITY default +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', port '5432'); +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail +ERROR: invalid option "host" +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password $pwd$'\"$# secret'$pwd$); +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + pg_conninfo_from_server +------------------------------------------------------------------ + host = 'thehost' port = '5432' user = 'role' password = 'secret' +(1 row) + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + pg_conninfo_from_server +---------------------------------------------------------------------------------- + host = 'thehost' port = '5432' user = 'publicuser' password = '\'\\"$# secret\'' +(1 row) + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" @@ -410,18 +448,18 @@ GRANT USAGE ON FOREIGN SERVER s6 TO regress_test_role2 WITH GRANT OPTION; List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+-----------------------------------+------------- - s1 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 1.0 | (servername 's1') | + s1 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 1.0 | (servername 's1') | | | | regress_test_role=U/regress_foreign_data_user | | | | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (host 'localhost', dbname 's8db') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (host 'localhost', dbname 's8db') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) SET ROLE regress_test_role; @@ -435,7 +473,7 @@ GRANT regress_test_role2 TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 VERSION '1.1'; ALTER SERVER s1 OWNER TO regress_test_role2; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +ERROR: permission denied for foreign-data wrapper regress_foo RESET ROLE; ALTER SERVER s8 OPTIONS (foo '1'); -- ERROR option validation ERROR: invalid option "foo" @@ -448,29 +486,29 @@ GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; DROP ROLE regress_test_indirect; -- ERROR ERROR: role "regress_test_indirect" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper foo +DETAIL: privileges for foreign-data wrapper regress_foo owner of server s1 \des+ List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description ------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+--------------------------------------+------------- - s1 | regress_test_indirect | foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s1 | regress_test_indirect | regress_foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8 | regress_foreign_data_user | postgresql | | | | (dbname 'db1', connect_timeout '30') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8 | regress_foreign_data_user | regress_postgresql | | | | (dbname 'db1', connect_timeout '30') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) ALTER SERVER s8 RENAME to s8new; @@ -478,17 +516,17 @@ ALTER SERVER s8 RENAME to s8new; List of foreign servers Name | Owner | Foreign-data wrapper | Access privileges | Type | Version | FDW options | Description -------+---------------------------+----------------------+-------------------------------------------------------+--------+---------+--------------------------------------+------------- - s1 | regress_test_indirect | foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | - s2 | regress_foreign_data_user | foo | | | 1.1 | (host 'a', dbname 'b') | - s3 | regress_foreign_data_user | foo | | oracle | | ("tns name" 'orcl', port '1521') | - s4 | regress_foreign_data_user | foo | | oracle | | (host 'a', dbname 'b') | - s5 | regress_foreign_data_user | foo | | | 15.0 | | - s6 | regress_foreign_data_user | foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | + s1 | regress_test_indirect | regress_foo | regress_test_indirect=U/regress_test_indirect | | 1.1 | (servername 's1') | + s2 | regress_foreign_data_user | regress_foo | | | 1.1 | (host 'a', dbname 'b') | + s3 | regress_foreign_data_user | regress_foo | | oracle | | ("tns name" 'orcl', port '1521') | + s4 | regress_foreign_data_user | regress_foo | | oracle | | (host 'a', dbname 'b') | + s5 | regress_foreign_data_user | regress_foo | | | 15.0 | | + s6 | regress_foreign_data_user | regress_foo | regress_foreign_data_user=U/regress_foreign_data_user+| | 16.0 | (host 'a', dbname 'b') | | | | regress_test_role2=U*/regress_foreign_data_user | | | | - s7 | regress_foreign_data_user | foo | | oracle | 17.0 | (host 'a', dbname 'b') | - s8new | regress_foreign_data_user | postgresql | | | | (dbname 'db1', connect_timeout '30') | - t1 | regress_test_role | foo | | | | | - t2 | regress_test_role | foo | | | | | + s7 | regress_foreign_data_user | regress_foo | | oracle | 17.0 | (host 'a', dbname 'b') | + s8new | regress_foreign_data_user | regress_postgresql | | | | (dbname 'db1', connect_timeout '30') | + t1 | regress_test_role | regress_foo | | | | | + t2 | regress_test_role | regress_foo | | | | | (10 rows) ALTER SERVER s8new RENAME to s8; @@ -501,16 +539,16 @@ NOTICE: server "nonexistent" does not exist, skipping List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s1 | regress_test_indirect | foo - s2 | regress_foreign_data_user | foo - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s1 | regress_test_indirect | regress_foo + s2 | regress_foreign_data_user | regress_foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (10 rows) SET ROLE regress_test_role; @@ -522,15 +560,15 @@ RESET ROLE; List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s2 | regress_foreign_data_user | foo - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s2 | regress_foreign_data_user | regress_foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (9 rows) ALTER SERVER s2 OWNER TO regress_test_role; @@ -541,14 +579,14 @@ RESET ROLE; List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s3 | regress_foreign_data_user | foo - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s3 | regress_foreign_data_user | regress_foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (8 rows) CREATE USER MAPPING FOR current_user SERVER s3; @@ -569,13 +607,13 @@ NOTICE: drop cascades to user mapping for regress_foreign_data_user on server s List of foreign servers Name | Owner | Foreign-data wrapper ------+---------------------------+---------------------- - s4 | regress_foreign_data_user | foo - s5 | regress_foreign_data_user | foo - s6 | regress_foreign_data_user | foo - s7 | regress_foreign_data_user | foo - s8 | regress_foreign_data_user | postgresql - t1 | regress_test_role | foo - t2 | regress_test_role | foo + s4 | regress_foreign_data_user | regress_foo + s5 | regress_foreign_data_user | regress_foo + s6 | regress_foreign_data_user | regress_foo + s7 | regress_foreign_data_user | regress_foo + s8 | regress_foreign_data_user | regress_postgresql + t1 | regress_test_role | regress_foo + t2 | regress_test_role | regress_foo (7 rows) \deu @@ -690,7 +728,7 @@ DROP SERVER s7; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; -CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; +CREATE SERVER s0 FOREIGN DATA WRAPPER regress_dummy; CREATE FOREIGN TABLE ft1 (); -- ERROR ERROR: syntax error at or near ";" LINE 1: CREATE FOREIGN TABLE ft1 (); @@ -758,9 +796,9 @@ CREATE INDEX id_ft1_c2 ON ft1 (c2); -- ERROR ERROR: cannot create index on relation "ft1" DETAIL: This operation is not supported for foreign tables. SELECT * FROM ft1; -- ERROR -ERROR: foreign-data wrapper "dummy" has no handler +ERROR: foreign-data wrapper "regress_dummy" has no handler EXPLAIN SELECT * FROM ft1; -- ERROR -ERROR: foreign-data wrapper "dummy" has no handler +ERROR: foreign-data wrapper "regress_dummy" has no handler CREATE TABLE lt1 (a INT) PARTITION BY RANGE (a); CREATE FOREIGN TABLE ft_part1 PARTITION OF lt1 FOR VALUES FROM (0) TO (1000) SERVER s0; @@ -966,30 +1004,30 @@ NOTICE: relation "doesnt_exist_ft1" does not exist, skipping ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; NOTICE: relation "doesnt_exist_ft1" does not exist, skipping -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT * FROM information_schema.foreign_data_wrappers WHERE authorization_identifier = 'regress_foreign_data_user' ORDER BY 1, 2; foreign_data_wrapper_catalog | foreign_data_wrapper_name | authorization_identifier | library_name | foreign_data_wrapper_language ------------------------------+---------------------------+---------------------------+--------------+------------------------------- - regression | dummy | regress_foreign_data_user | | c - regression | foo | regress_foreign_data_user | | c - regression | postgresql | regress_foreign_data_user | | c + regression | regress_dummy | regress_foreign_data_user | | c + regression | regress_foo | regress_foreign_data_user | | c + regression | regress_postgresql | regress_foreign_data_user | | c (3 rows) SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; foreign_data_wrapper_catalog | foreign_data_wrapper_name | option_name | option_value ------------------------------+---------------------------+--------------+-------------- - regression | foo | test wrapper | true + regression | regress_foo | test wrapper | true (1 row) SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; foreign_server_catalog | foreign_server_name | foreign_data_wrapper_catalog | foreign_data_wrapper_name | foreign_server_type | foreign_server_version | authorization_identifier ------------------------+---------------------+------------------------------+---------------------------+---------------------+------------------------+--------------------------- - regression | s0 | regression | dummy | | | regress_foreign_data_user - regression | s4 | regression | foo | oracle | | regress_foreign_data_user - regression | s5 | regression | foo | | 15.0 | regress_test_role - regression | s6 | regression | foo | | 16.0 | regress_test_indirect - regression | s8 | regression | postgresql | | | regress_foreign_data_user - regression | t1 | regression | foo | | | regress_test_indirect - regression | t2 | regression | foo | | | regress_test_role + regression | s0 | regression | regress_dummy | | | regress_foreign_data_user + regression | s4 | regression | regress_foo | oracle | | regress_foreign_data_user + regression | s5 | regression | regress_foo | | 15.0 | regress_test_role + regression | s6 | regression | regress_foo | | 16.0 | regress_test_indirect + regression | s8 | regression | regress_postgresql | | | regress_foreign_data_user + regression | t1 | regression | regress_foo | | | regress_test_indirect + regression | t2 | regression | regress_foo | | | regress_test_role (7 rows) SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; @@ -1028,20 +1066,20 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY lower(authorizati regress_test_role | regression | t1 | username | bob (7 rows) -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+---------------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_foreign_data_user | regression | | foo | FOREIGN DATA WRAPPER | USAGE | YES - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_foreign_data_user | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | YES + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (4 rows) -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+---------------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_foreign_data_user | regression | | foo | FOREIGN DATA WRAPPER | USAGE | YES - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_foreign_data_user | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | YES + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (4 rows) @@ -1071,18 +1109,18 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; regress_test_role | regression | t1 | username | bob (5 rows) -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+-----------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (3 rows) -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; grantor | grantee | object_catalog | object_schema | object_name | object_type | privilege_type | is_grantable ---------------------------+-----------------------+----------------+---------------+-------------+----------------------+----------------+-------------- - regress_foreign_data_user | regress_test_indirect | regression | | foo | FOREIGN DATA WRAPPER | USAGE | NO + regress_foreign_data_user | regress_test_indirect | regression | | regress_foo | FOREIGN DATA WRAPPER | USAGE | NO regress_test_indirect | regress_test_indirect | regression | | s6 | FOREIGN SERVER | USAGE | YES regress_test_indirect | regress_test_role2 | regression | | s6 | FOREIGN SERVER | USAGE | YES (3 rows) @@ -1098,13 +1136,13 @@ SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; RESET ROLE; -- has_foreign_data_wrapper_privilege SELECT has_foreign_data_wrapper_privilege('regress_test_role', - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t @@ -1112,34 +1150,34 @@ SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); SELECT has_foreign_data_wrapper_privilege( (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'foo', 'USAGE'); + (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -SELECT has_foreign_data_wrapper_privilege('foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t (1 row) -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); has_foreign_data_wrapper_privilege ------------------------------------ t @@ -1199,25 +1237,25 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; WARNING: changing the foreign-data wrapper validator can cause the options for dependent objects to become invalid -- Privileges SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foobar" +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foobar" HINT: Must be superuser to create a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_unprivileged_role; -- ERROR -ERROR: permission denied to change owner of foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_unprivileged_role; -- ERROR +ERROR: permission denied to change owner of foreign-data wrapper "regress_foo" HINT: Must be superuser to change owner of a foreign-data wrapper. -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: must be owner of foreign-data wrapper foo -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -ERROR: permission denied for foreign-data wrapper foo -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo ALTER SERVER s4 VERSION '0.5'; -- ERROR ERROR: must be owner of foreign server s4 ALTER SERVER s4 OWNER TO regress_unprivileged_role; -- ERROR @@ -1233,21 +1271,21 @@ ERROR: must be owner of foreign server s6 DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR ERROR: must be owner of foreign server s6 RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_unprivileged_role WITH GRANT OPTION; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_unprivileged_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_unprivileged_role WITH GRANT OPTION; SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ERROR: permission denied to create foreign-data wrapper "foobar" +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ERROR: permission denied to create foreign-data wrapper "regress_foobar" HINT: Must be superuser to create a foreign-data wrapper. -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ERROR: permission denied to alter foreign-data wrapper "foo" +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ERROR: permission denied to alter foreign-data wrapper "regress_foo" HINT: Must be superuser to alter a foreign-data wrapper. -DROP FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: must be owner of foreign-data wrapper foo -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_test_role; -- WARNING -WARNING: no privileges were granted for "postgresql" -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -CREATE SERVER s9 FOREIGN DATA WRAPPER postgresql; +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: must be owner of foreign-data wrapper regress_foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_test_role; -- WARNING +WARNING: no privileges were granted for "regress_postgresql" +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_postgresql; ALTER SERVER s6 VERSION '0.5'; -- ERROR ERROR: must be owner of foreign server s6 DROP SERVER s6; -- ERROR @@ -1263,15 +1301,15 @@ ERROR: must be owner of foreign server s6 DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR ERROR: must be owner of foreign server s6 RESET ROLE; -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role; -- ERROR +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role; -- ERROR ERROR: dependent privileges exist HINT: Use CASCADE to revoke them too. -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role CASCADE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role CASCADE; SET ROLE regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -ERROR: permission denied for foreign-data wrapper foo -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; -- ERROR -ERROR: permission denied for foreign-data wrapper foo +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; -- ERROR +ERROR: permission denied for foreign-data wrapper regress_foo ALTER SERVER s9 VERSION '1.1'; GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; CREATE USER MAPPING FOR current_user SERVER s9; @@ -1280,7 +1318,7 @@ NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to user mapping for public on server s9 drop cascades to user mapping for regress_unprivileged_role on server s9 RESET ROLE; -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; GRANT USAGE ON FOREIGN SERVER s9 TO regress_unprivileged_role; SET ROLE regress_unprivileged_role; ALTER SERVER s9 VERSION '1.2'; -- ERROR @@ -1292,7 +1330,7 @@ DROP SERVER s9 CASCADE; -- ERROR ERROR: must be owner of foreign server s9 -- Check visibility of user mapping data SET ROLE regress_test_role; -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret'); CREATE USER MAPPING FOR regress_unprivileged_role SERVER s10 OPTIONS (user 'secret'); -- owner of server can see some option fields @@ -1890,14 +1928,14 @@ DROP TABLE fd_pt1 CASCADE; NOTICE: drop cascades to foreign table ft2 -- IMPORT FOREIGN SCHEMA IMPORT FOREIGN SCHEMA s1 FROM SERVER s9 INTO public; -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 LIMIT TO (t1) FROM SERVER s9 INTO public; --ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 EXCEPT (t1) FROM SERVER s9 INTO public; -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler IMPORT FOREIGN SCHEMA s1 EXCEPT (t1, t2) FROM SERVER s9 INTO public OPTIONS (option1 'value1', option2 'value2'); -- ERROR -ERROR: foreign-data wrapper "foo" has no handler +ERROR: foreign-data wrapper "regress_foo" has no handler -- DROP FOREIGN TABLE DROP FOREIGN TABLE no_table; -- ERROR ERROR: foreign table "no_table" does not exist @@ -2155,13 +2193,13 @@ DROP TABLE temp_parted; DROP SCHEMA foreign_schema CASCADE; DROP ROLE regress_test_role; -- ERROR ERROR: role "regress_test_role" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper foo +DETAIL: privileges for foreign-data wrapper regress_foo privileges for server s4 owner of user mapping for regress_test_role on server s6 DROP SERVER t1 CASCADE; NOTICE: drop cascades to user mapping for public on server t1 DROP USER MAPPING FOR regress_test_role SERVER s6; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; NOTICE: drop cascades to 5 other objects DETAIL: drop cascades to server s4 drop cascades to user mapping for regress_foreign_data_user on server s4 @@ -2176,17 +2214,17 @@ DROP ROLE regress_test_indirect; DROP ROLE regress_test_role; DROP ROLE regress_unprivileged_role; -- ERROR ERROR: role "regress_unprivileged_role" cannot be dropped because some objects depend on it -DETAIL: privileges for foreign-data wrapper postgresql -REVOKE ALL ON FOREIGN DATA WRAPPER postgresql FROM regress_unprivileged_role; +DETAIL: privileges for foreign-data wrapper regress_postgresql +REVOKE ALL ON FOREIGN DATA WRAPPER regress_postgresql FROM regress_unprivileged_role; DROP ROLE regress_unprivileged_role; DROP ROLE regress_test_role2; -DROP FOREIGN DATA WRAPPER postgresql CASCADE; -DROP FOREIGN DATA WRAPPER dummy CASCADE; +DROP FOREIGN DATA WRAPPER regress_postgresql CASCADE; +DROP FOREIGN DATA WRAPPER regress_dummy CASCADE; NOTICE: drop cascades to server s0 \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%'; fdwname | fdwhandler | fdwvalidator | fdwoptions ---------+------------+--------------+------------ (0 rows) diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index eefb860adc..b125dff9fb 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -31,155 +31,187 @@ CREATE ROLE regress_test_role_super SUPERUSER; CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER dummy; -COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER regress_dummy; +COMMENT ON FOREIGN DATA WRAPPER regress_dummy IS 'useless'; +CREATE FOREIGN DATA WRAPPER regress_postgresql VALIDATOR postgresql_fdw_validator; -- At this point we should have 2 built-in wrappers and no servers. -SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; +SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%' ORDER BY 1, 2, 3; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; -- CREATE FOREIGN DATA WRAPPER -CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR -CREATE FOREIGN DATA WRAPPER foo; -\dew +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo; +\dew regress_* -CREATE FOREIGN DATA WRAPPER foo; -- duplicate -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); -\dew+ +CREATE FOREIGN DATA WRAPPER regress_foo; -- duplicate +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1'); +\dew+ regress_* -DROP FOREIGN DATA WRAPPER foo; -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', testing '2'); -- ERROR -CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); -\dew+ +DROP FOREIGN DATA WRAPPER regress_foo; +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', testing '2'); -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS (testing '1', another '2'); +\dew+ regress_* -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; SET ROLE regress_test_role; -CREATE FOREIGN DATA WRAPPER foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo; -- ERROR RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; -\dew+ +CREATE FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; +\dew+ regress_* -- HANDLER related checks CREATE FUNCTION invalid_fdw_handler() RETURNS int LANGUAGE SQL AS 'SELECT 1;'; -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER invalid_fdw_handler; -- ERROR -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR -CREATE FOREIGN DATA WRAPPER test_fdw HANDLER test_fdw_handler; -DROP FOREIGN DATA WRAPPER test_fdw; +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler HANDLER invalid_fdw_handler; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_test_fdw HANDLER test_fdw_handler; +DROP FOREIGN DATA WRAPPER regress_test_fdw; -- ALTER FOREIGN DATA WRAPPER -ALTER FOREIGN DATA WRAPPER foo OPTIONS (nonexistent 'fdw'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (nonexistent 'fdw'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo; -- ERROR -ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR bar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo NO VALIDATOR; +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (SET c '4'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP c); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '1', b '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (SET c '4'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP c); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD x '1', DROP x); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (DROP a, SET b '3', ADD c '4'); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); -ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (a '2'); +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (b '4'); -- ERROR +\dew+ regress_* SET ROLE regress_test_role; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); -- ERROR SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); -\dew+ +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD d '5'); +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role_super; +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_test_role_super; ALTER ROLE regress_test_role_super NOSUPERUSER; SET ROLE regress_test_role_super; -ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD e '6'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (ADD e '6'); -- ERROR RESET ROLE; -\dew+ +\dew+ regress_* -ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; -\dew+ -ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; +ALTER FOREIGN DATA WRAPPER regress_foo RENAME TO regress_foo1; +\dew+ regress_* +ALTER FOREIGN DATA WRAPPER regress_foo1 RENAME TO regress_foo; -- HANDLER related checks -ALTER FOREIGN DATA WRAPPER foo HANDLER invalid_fdw_handler; -- ERROR -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler HANDLER anything; -- ERROR -ALTER FOREIGN DATA WRAPPER foo HANDLER test_fdw_handler; +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER invalid_fdw_handler; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler HANDLER anything; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo HANDLER test_fdw_handler; DROP FUNCTION invalid_fdw_handler(); -- DROP FOREIGN DATA WRAPPER DROP FOREIGN DATA WRAPPER nonexistent; -- ERROR DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; -\dew+ +\dew+ regress_* DROP ROLE regress_test_role_super; -- ERROR SET ROLE regress_test_role_super; -DROP FOREIGN DATA WRAPPER foo; +DROP FOREIGN DATA WRAPPER regress_foo; RESET ROLE; DROP ROLE regress_test_role_super; -\dew+ +\dew+ regress_* -CREATE FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; +CREATE FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; COMMENT ON SERVER s1 IS 'foreign server'; CREATE USER MAPPING FOR current_user SERVER s1; CREATE USER MAPPING FOR current_user SERVER s1; -- ERROR CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE -\dew+ +\dew+ regress_* \des+ \deu+ -DROP FOREIGN DATA WRAPPER foo; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR SET ROLE regress_test_role; -DROP FOREIGN DATA WRAPPER foo CASCADE; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; -- ERROR RESET ROLE; -DROP FOREIGN DATA WRAPPER foo CASCADE; -\dew+ +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; +\dew+ regress_* \des+ \deu+ -- exercise CREATE SERVER -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -CREATE FOREIGN DATA WRAPPER foo OPTIONS ("test wrapper" 'true'); -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -CREATE SERVER s1 FOREIGN DATA WRAPPER foo; -- ERROR -CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER foo; -- No ERROR, just NOTICE -CREATE SERVER s2 FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER foo; -CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER foo; -CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER foo OPTIONS (host 'a', dbname 'b'); -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (foo '1'); -- ERROR -CREATE SERVER s8 FOREIGN DATA WRAPPER postgresql OPTIONS (host 'localhost', dbname 's8db'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foo OPTIONS ("test wrapper" 'true'); +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s1 FOREIGN DATA WRAPPER regress_foo; -- ERROR +CREATE SERVER IF NOT EXISTS s1 FOREIGN DATA WRAPPER regress_foo; -- No ERROR, just NOTICE +CREATE SERVER s2 FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s3 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s4 TYPE 'oracle' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s5 VERSION '15.0' FOREIGN DATA WRAPPER regress_foo; +CREATE SERVER s6 VERSION '16.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s7 TYPE 'oracle' VERSION '17.0' FOREIGN DATA WRAPPER regress_foo OPTIONS (host 'a', dbname 'b'); +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (foo '1'); -- ERROR +CREATE SERVER s8 FOREIGN DATA WRAPPER regress_postgresql OPTIONS (host 'localhost', dbname 's8db'); \des+ SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; -- ERROR: no usage on FDW +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; -- ERROR: no usage on FDW RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t1 FOREIGN DATA WRAPPER foo; +CREATE SERVER t1 FOREIGN DATA WRAPPER regress_foo; RESET ROLE; \des+ -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_test_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_test_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; -- ERROR RESET ROLE; GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; -CREATE SERVER t2 FOREIGN DATA WRAPPER foo; +CREATE SERVER t2 FOREIGN DATA WRAPPER regress_foo; \des+ RESET ROLE; REVOKE regress_test_indirect FROM regress_test_role; +-- +-- test pg_connection_fdw +-- + +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +\set VERBOSITY default + +CREATE SERVER connection_server FOREIGN DATA WRAPPER pg_connection_fdw + OPTIONS (host 'thehost', port '5432'); + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password $pwd$'\"$# secret'$pwd$); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR @@ -208,7 +240,7 @@ GRANT regress_test_indirect TO regress_test_role; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_indirect; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_indirect; SET ROLE regress_test_role; ALTER SERVER s1 OWNER TO regress_test_indirect; RESET ROLE; @@ -293,7 +325,7 @@ DROP SERVER s7; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; -CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; +CREATE SERVER s0 FOREIGN DATA WRAPPER regress_dummy; CREATE FOREIGN TABLE ft1 (); -- ERROR CREATE FOREIGN TABLE ft1 () SERVER no_server; -- ERROR CREATE FOREIGN TABLE ft1 ( @@ -453,20 +485,20 @@ ALTER FOREIGN TABLE IF EXISTS doesnt_exist_ft1 RENAME TO foreign_table_1; -- Information schema -SELECT * FROM information_schema.foreign_data_wrappers ORDER BY 1, 2; +SELECT * FROM information_schema.foreign_data_wrappers WHERE authorization_identifier = 'regress_foreign_data_user' ORDER BY 1, 2; SELECT * FROM information_schema.foreign_data_wrapper_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_servers ORDER BY 1, 2; SELECT * FROM information_schema.foreign_server_options ORDER BY 1, 2, 3; SELECT * FROM information_schema.user_mappings ORDER BY lower(authorization_identifier), 2, 3; SELECT * FROM information_schema.user_mapping_options ORDER BY lower(authorization_identifier), 2, 3, 4; -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; SELECT * FROM information_schema.foreign_tables ORDER BY 1, 2, 3; SELECT * FROM information_schema.foreign_table_options ORDER BY 1, 2, 3, 4; SET ROLE regress_test_role; SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; -SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; -SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.usage_privileges WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; +SELECT * FROM information_schema.role_usage_grants WHERE object_type LIKE 'FOREIGN%' AND object_name IN ('s6', 'regress_foo') ORDER BY 1, 2, 3, 4, 5; DROP USER MAPPING FOR current_user SERVER t1; SET ROLE regress_test_role2; SELECT * FROM information_schema.user_mapping_options ORDER BY 1, 2, 3, 4; @@ -475,18 +507,18 @@ RESET ROLE; -- has_foreign_data_wrapper_privilege SELECT has_foreign_data_wrapper_privilege('regress_test_role', - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); SELECT has_foreign_data_wrapper_privilege( (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='foo'), 'USAGE'); + (SELECT oid FROM pg_foreign_data_wrapper WHERE fdwname='regress_foo'), 'USAGE'); SELECT has_foreign_data_wrapper_privilege( - (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'foo', 'USAGE'); -SELECT has_foreign_data_wrapper_privilege('foo', 'USAGE'); -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'foo', 'USAGE'); + (SELECT oid FROM pg_roles WHERE rolname='regress_test_role'), 'regress_foo', 'USAGE'); +SELECT has_foreign_data_wrapper_privilege('regress_foo', 'USAGE'); +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +SELECT has_foreign_data_wrapper_privilege('regress_test_role', 'regress_foo', 'USAGE'); -- has_server_privilege SELECT has_server_privilege('regress_test_role', @@ -508,16 +540,16 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER regress_foo VALIDATOR postgresql_fdw_validator; -- Privileges SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_unprivileged_role; -- ERROR -DROP FOREIGN DATA WRAPPER foo; -- ERROR -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; -- ERROR +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OWNER TO regress_unprivileged_role; -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; -- ERROR ALTER SERVER s4 VERSION '0.5'; -- ERROR ALTER SERVER s4 OWNER TO regress_unprivileged_role; -- ERROR DROP SERVER s4; -- ERROR @@ -527,15 +559,15 @@ ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (gotcha 'true'); -- E DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR RESET ROLE; -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_unprivileged_role WITH GRANT OPTION; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_unprivileged_role; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_unprivileged_role WITH GRANT OPTION; SET ROLE regress_unprivileged_role; -CREATE FOREIGN DATA WRAPPER foobar; -- ERROR -ALTER FOREIGN DATA WRAPPER foo OPTIONS (gotcha 'true'); -- ERROR -DROP FOREIGN DATA WRAPPER foo; -- ERROR -GRANT USAGE ON FOREIGN DATA WRAPPER postgresql TO regress_test_role; -- WARNING -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -CREATE SERVER s9 FOREIGN DATA WRAPPER postgresql; +CREATE FOREIGN DATA WRAPPER regress_foobar; -- ERROR +ALTER FOREIGN DATA WRAPPER regress_foo OPTIONS (gotcha 'true'); -- ERROR +DROP FOREIGN DATA WRAPPER regress_foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_postgresql TO regress_test_role; -- WARNING +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_postgresql; ALTER SERVER s6 VERSION '0.5'; -- ERROR DROP SERVER s6; -- ERROR GRANT USAGE ON FOREIGN SERVER s6 TO regress_test_role; -- ERROR @@ -546,17 +578,17 @@ ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (gotcha 'true'); -- E DROP USER MAPPING FOR regress_test_role SERVER s6; -- ERROR RESET ROLE; -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role; -- ERROR -REVOKE USAGE ON FOREIGN DATA WRAPPER foo FROM regress_unprivileged_role CASCADE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role; -- ERROR +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_foo FROM regress_unprivileged_role CASCADE; SET ROLE regress_unprivileged_role; -GRANT USAGE ON FOREIGN DATA WRAPPER foo TO regress_test_role; -- ERROR -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; -- ERROR +GRANT USAGE ON FOREIGN DATA WRAPPER regress_foo TO regress_test_role; -- ERROR +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; -- ERROR ALTER SERVER s9 VERSION '1.1'; GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; CREATE USER MAPPING FOR current_user SERVER s9; DROP SERVER s9 CASCADE; RESET ROLE; -CREATE SERVER s9 FOREIGN DATA WRAPPER foo; +CREATE SERVER s9 FOREIGN DATA WRAPPER regress_foo; GRANT USAGE ON FOREIGN SERVER s9 TO regress_unprivileged_role; SET ROLE regress_unprivileged_role; ALTER SERVER s9 VERSION '1.2'; -- ERROR @@ -566,7 +598,7 @@ DROP SERVER s9 CASCADE; -- ERROR -- Check visibility of user mapping data SET ROLE regress_test_role; -CREATE SERVER s10 FOREIGN DATA WRAPPER foo; +CREATE SERVER s10 FOREIGN DATA WRAPPER regress_foo; CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret'); CREATE USER MAPPING FOR regress_unprivileged_role SERVER s10 OPTIONS (user 'secret'); -- owner of server can see some option fields @@ -847,20 +879,20 @@ DROP SCHEMA foreign_schema CASCADE; DROP ROLE regress_test_role; -- ERROR DROP SERVER t1 CASCADE; DROP USER MAPPING FOR regress_test_role SERVER s6; -DROP FOREIGN DATA WRAPPER foo CASCADE; +DROP FOREIGN DATA WRAPPER regress_foo CASCADE; DROP SERVER s8 CASCADE; DROP ROLE regress_test_indirect; DROP ROLE regress_test_role; DROP ROLE regress_unprivileged_role; -- ERROR -REVOKE ALL ON FOREIGN DATA WRAPPER postgresql FROM regress_unprivileged_role; +REVOKE ALL ON FOREIGN DATA WRAPPER regress_postgresql FROM regress_unprivileged_role; DROP ROLE regress_unprivileged_role; DROP ROLE regress_test_role2; -DROP FOREIGN DATA WRAPPER postgresql CASCADE; -DROP FOREIGN DATA WRAPPER dummy CASCADE; +DROP FOREIGN DATA WRAPPER regress_postgresql CASCADE; +DROP FOREIGN DATA WRAPPER regress_dummy CASCADE; \c DROP ROLE regress_foreign_data_user; -- At this point we should have no wrappers, no servers, and no mappings. -SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper; +SELECT fdwname, fdwhandler, fdwvalidator, fdwoptions FROM pg_foreign_data_wrapper WHERE fdwname LIKE 'regress_%'; SELECT srvname, srvoptions FROM pg_foreign_server; SELECT * FROM pg_user_mapping; -- 2.34.1 [text/x-patch] v7-0003-CREATE-SUSBCRIPTION-.-SERVER.patch (51.2K, 4-v7-0003-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 1fc2121b5ae96152df23a32fa9612f3a45851890 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v7 3/4] CREATE SUSBCRIPTION ... SERVER. --- contrib/postgres_fdw/Makefile | 2 + .../postgres_fdw/expected/postgres_fdw.out | 14 ++ contrib/postgres_fdw/meson.build | 5 + contrib/postgres_fdw/sql/postgres_fdw.sql | 8 + contrib/postgres_fdw/t/010_subscription.pl | 68 ++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 39 +++- src/backend/commands/subscriptioncmds.c | 197 ++++++++++++++++-- src/backend/foreign/foreign.c | 25 +++ src/backend/parser/gram.y | 20 ++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 27 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.c | 2 +- src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/foreign_data.out | 14 ++ src/test/regress/expected/subscription.out | 52 +++++ src/test/regress/sql/foreign_data.sql | 17 ++ src/test/regress/sql/subscription.sql | 56 +++++ src/test/subscription/t/001_rep_changes.pl | 57 +++++ 23 files changed, 627 insertions(+), 33 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index c1b0cad453..c3498ea6b4 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -18,6 +18,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql REGRESS = postgres_fdw +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index d83f6ae8cb..0aa751e099 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,20 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + pg_conninfo_from_server +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + service = 'value' connect_timeout = 'value' dbname = 'value' host = 'value' hostaddr = 'value' port = 'value' application_name = 'value' keepalives = 'value' keepalives_idle = 'value' keepalives_interval = 'value' tcp_user_timeout = 'value' sslcompression = 'value' sslmode = 'value' sslcert = 'value' sslkey = 'value' sslrootcert = 'value' sslcrl = 'value' krbsrvname = 'value' gsslib = 'value' gssdelegation = 'value' sslpassword = 'dummy' sslkey = 'value' sslcert = 'value' +(1 row) + +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 2b86d8a6ee..cf7071dbf8 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -39,4 +39,9 @@ tests += { ], 'regress_args': ['--dlpath', meson.build_root() / 'src/test/regress'], }, + 'tap': { + 'tests': [ + 't/010_subscription.pl', + ], + }, } diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 90c8fa4b70..3b2716b82e 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 0000000000..daa0b9edd2 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,68 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT generate_series(1,50)"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); +is($result, qq(1052), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d36ff0dc9..6d219145a9 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -94,13 +95,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index c7ace922f9..24538baf98 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index c516c25ac7..5a2eaa803d 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -20,12 +20,15 @@ #include "access/tableam.h" #include "access/xact.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -40,7 +43,7 @@ static List *textarray_to_stringlist(ArrayType *textarray); * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -75,10 +78,36 @@ GetSubscription(Oid subid, bool missing_ok) sub->runasowner = subform->subrunasowner; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver, + true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 75e6cd8ae3..bec665fd29 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -574,6 +577,8 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; + Oid umid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -666,15 +671,42 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + UserMapping *um; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + um = GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + umid = um->umid; + conninfo = ForeignServerConnectionString(owner, serverid, true); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + umid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -697,8 +729,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subdisableonerr - 1] = BoolGetDatum(opts.disableonerr); values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -719,6 +755,20 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid) && OidIsValid(umid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -835,8 +885,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1104,7 +1152,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); /* * Don't allow non-superuser modification of a subscription with @@ -1124,6 +1179,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1244,7 +1301,92 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + UserMapping *new_um; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + new_um = GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid, + true); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + ObjectAddressSet(referenced, UserMappingRelationId, new_um->umid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + UserMappingRelationId, old_um->umid); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1455,8 +1597,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1541,9 +1681,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver, true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1644,6 +1803,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ @@ -1853,6 +2013,17 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) aclcheck_error(aclresult, OBJECT_DATABASE, get_database_name(MyDatabaseId)); + if (form->subserver) + { + UserMapping *old_um = GetUserMapping(form->subowner, form->subserver); + UserMapping *new_um = GetUserMapping(newOwnerId, form->subserver); + + if (changeDependencyFor(SubscriptionRelationId, form->oid, + UserMappingRelationId, old_um->umid, new_um->umid) != 1) + elog(ERROR, "could not change user mapping dependency for subscription %u", + form->oid); + } + form->subowner = newOwnerId; CatalogTupleUpdate(rel, &tup->t_self, tup); diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index ead4a2cd2c..ba2dea88a9 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -180,6 +180,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 3460fea56b..c27e0b8b5d 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -10654,6 +10654,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10683,6 +10693,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 911835c5cb..73cc7fc2c6 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -3897,7 +3897,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -4003,7 +4003,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4602,7 +4604,7 @@ InitializeLogRepWorker(void) StartTransactionCommand(); oldctx = MemoryContextSwitchTo(ApplyContext); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -4639,6 +4641,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 5b7a18dbb1..36d06fb02b 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4655,6 +4655,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4726,10 +4727,12 @@ getSubscriptions(Archive *fout) LOGICALREP_ORIGIN_ANY); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) - appendPQExpBufferStr(query, " o.remote_lsn AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" " s.subenabled\n"); else - appendPQExpBufferStr(query, " NULL AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" " false AS subenabled\n"); appendPQExpBufferStr(query, @@ -4737,6 +4740,8 @@ getSubscriptions(Archive *fout) if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4762,6 +4767,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4781,7 +4787,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -5007,9 +5016,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index f0772d2157..849950e470 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -659,6 +659,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 09914165e4..995f4f7f22 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3322,7 +3322,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index ca32625585..e2321cd3a4 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -93,9 +93,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subrunasowner; /* True if replication should execute as the * subscription owner */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -162,7 +164,8 @@ typedef struct Subscription */ #define LOGICALREP_STREAM_PARALLEL 'p' -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index b5b9b97f4d..a2f04ce9af 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -65,6 +65,7 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index b3181f34ae..6d6b242cec 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4041,6 +4041,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4049,6 +4050,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4063,6 +4065,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 6ae93c41f6..83d02af343 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -432,6 +432,20 @@ SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false) DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: no permissions on FDW +ERROR: permission denied for foreign-data wrapper pg_connection_fdw +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails +ERROR: schema "bar" does not exist +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; -- ALTER SERVER ALTER SERVER s0; -- ERROR ERROR: syntax error at or near ";" diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b15eddbff3..11edae46b1 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -144,6 +144,58 @@ ERROR: could not connect to the publisher: invalid port number: "-1" ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_testsub6; +-- test using a server object instead of connection string +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 + OPTIONS (password 'secret'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fails +ERROR: permission denied for foreign server regress_testserver1 +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +RESET SESSION AUTHORIZATION; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; -- fails +ERROR: subscription owner "regress_subscription_user3" does not have permission on foreign server "regress_testserver1" +GRANT USAGE ON FOREIGN SERVER regress_testserver1 TO regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver3 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver3 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3; +DROP SERVER regress_testserver3; +DROP FOREIGN DATA WRAPPER regress_fdw; +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +ERROR: user mapping not found for user "regress_subscription_user", server "regress_testserver1" +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; +DROP SERVER regress_testserver1; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Synchronous commit | Conninfo | Skip LSN diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index b125dff9fb..163ec62e78 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -212,6 +212,23 @@ DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; -- ERROR: no permissions on FDW +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; + +CREATE SERVER t3 FOREIGN DATA WRAPPER pg_connection_fdw; + +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; + +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER pg_connection_fdw FROM regress_test_role; + -- ALTER SERVER ALTER SERVER s0; -- ERROR ALTER SERVER s0 OPTIONS (a '1'); -- ERROR diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 444e563ff3..bf8421fb50 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -88,6 +88,62 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +-- test using a server object instead of connection string + +RESET SESSION AUTHORIZATION; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 + OPTIONS (password 'secret'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fails +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +RESET SESSION AUTHORIZATION; + +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; -- fails +GRANT USAGE ON FOREIGN SERVER regress_testserver1 TO regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; + +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver3 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver3 TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; + +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3; +DROP SERVER regress_testserver3; +DROP FOREIGN DATA WRAPPER regress_fdw; + +ALTER SUBSCRIPTION regress_testsub6 OWNER TO regress_subscription_user; -- fail, no user mapping +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; +DROP SERVER regress_testserver1; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; + \dRs+ ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 9ccebd890a..4cbf2dceaa 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -27,6 +27,8 @@ $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins2 AS SELECT generate_series(1,1002) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); @@ -65,6 +67,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_notrep (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins2 (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); $node_subscriber->safe_psql('postgres', @@ -110,6 +113,22 @@ $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr' PUBLICATION tap_pub, tap_pub_ins_only" ); +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_sub2_server" +); + +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_simple_pub FOR TABLE tab_ins2"); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub2 SERVER tap_sub2_server PUBLICATION tap_simple_pub WITH (password_required=false)" +); + # Wait for initial table sync to finish $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); @@ -121,11 +140,22 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check initial data was copied to subscriber'); +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins2"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 CONNECTION '$publisher_connstr'"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_ins WHERE a > 20"); $node_publisher->safe_psql('postgres', "UPDATE tab_ins SET a = -a"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1,50)"); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 SERVER tap_sub2_server"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_rep SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep WHERE a > 20"); @@ -158,6 +188,10 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_ins"); is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), 'check replicated changes on subscriber'); @@ -449,10 +483,27 @@ $node_publisher->poll_query_until('postgres', or die "Timed out while waiting for apply to restart after changing PUBLICATION"; +# test that changes to a foreign server subscription cause the worker +# to restart +$oldpid = $node_publisher->safe_psql('postgres', + "SELECT pid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" +); +$node_subscriber->safe_psql('postgres', + "ALTER SERVER tap_sub2_server OPTIONS (sslmode 'disable')" +); +$node_publisher->poll_query_until('postgres', + "SELECT pid != $oldpid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" + ) + or die + "Timed out while waiting for apply to restart after changing PUBLICATION"; + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1001,1100)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1001,1100)"); + # Restart the publisher and check the state of the subscriber which # should be in a streaming state after catching up. $node_publisher->stop('fast'); @@ -465,6 +516,11 @@ $result = $node_subscriber->safe_psql('postgres', is($result, qq(1152|1|1100), 'check replicated inserts after subscription publication change'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1152|1|1100), + 'check replicated inserts after subscription publication change'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), @@ -533,6 +589,7 @@ $node_publisher->poll_query_until('postgres', # check all the cleanup $node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub_renamed"); +$node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub2"); $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM pg_subscription"); -- 2.34.1 [text/x-patch] v7-0004-Introduce-pg_create_connection-predefined-role.patch (26.3K, 5-v7-0004-Introduce-pg_create_connection-predefined-role.patch) download | inline diff: From e72601fcf4e71ef358bbadf9d87741cd5aa63df9 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:13:54 -0800 Subject: [PATCH v7 4/4] Introduce pg_create_connection predefined role. In addition to pg_create_subscription, membership in this role is necessary to create a subscription with a connection string. The pg_create_subscription role is a member of pg_create_connection, so by default pg_create_subscription has the same capability as before. An administrator may revoke pg_create_connection from pg_create_subscription, which will enable the privileges to be separated. That will be useful in an upcoming change to introduce CREATE SUBSCRIPTION ... SERVER, which will not use a raw connection string, and therefore not require membership in the pg_create_connection role. --- .../postgres_fdw/expected/postgres_fdw.out | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 2 +- contrib/postgres_fdw/t/010_subscription.pl | 2 +- doc/src/sgml/ref/alter_server.sgml | 14 ++++++++ doc/src/sgml/ref/create_server.sgml | 14 ++++++++ doc/src/sgml/user-manag.sgml | 12 +++++-- src/backend/catalog/system_functions.sql | 2 ++ src/backend/commands/foreigncmds.c | 27 ++++++++++++++++ src/backend/commands/subscriptioncmds.c | 25 +++++++++++++-- src/backend/foreign/foreign.c | 1 + src/backend/parser/gram.y | 30 ++++++++++++++--- src/include/catalog/pg_authid.dat | 5 +++ src/include/catalog/pg_foreign_server.h | 1 + src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 ++ src/test/regress/expected/subscription.out | 31 ++++++++++++++++-- src/test/regress/sql/subscription.sql | 32 +++++++++++++++++-- src/test/subscription/t/001_rep_changes.pl | 2 +- 18 files changed, 189 insertions(+), 17 deletions(-) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 0aa751e099..dce87919af 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -2,7 +2,7 @@ -- create FDW objects -- =================================================================== CREATE EXTENSION postgres_fdw; -CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw; +CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw FOR SUBSCRIPTION; DO $d$ BEGIN EXECUTE $$CREATE SERVER loopback FOREIGN DATA WRAPPER postgres_fdw diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 3b2716b82e..a34aca2956 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -4,7 +4,7 @@ CREATE EXTENSION postgres_fdw; -CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw; +CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw FOR SUBSCRIPTION; DO $d$ BEGIN EXECUTE $$CREATE SERVER loopback FOREIGN DATA WRAPPER postgres_fdw diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl index daa0b9edd2..d1d80d0679 100644 --- a/contrib/postgres_fdw/t/010_subscription.pl +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -38,7 +38,7 @@ $node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab my $publisher_host = $node_publisher->host; my $publisher_port = $node_publisher->port; $node_subscriber->safe_psql('postgres', - "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw FOR SUBSCRIPTION OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" ); $node_subscriber->safe_psql('postgres', diff --git a/doc/src/sgml/ref/alter_server.sgml b/doc/src/sgml/ref/alter_server.sgml index 467bf85589..1a4227e548 100644 --- a/doc/src/sgml/ref/alter_server.sgml +++ b/doc/src/sgml/ref/alter_server.sgml @@ -22,6 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> ALTER SERVER <replaceable class="parameter">name</replaceable> [ VERSION '<replaceable class="parameter">new_version</replaceable>' ] + [ { FOR | NO } SUBSCRIPTION ] [ OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ] ) ] ALTER SERVER <replaceable class="parameter">name</replaceable> OWNER TO { <replaceable>new_owner</replaceable> | CURRENT_ROLE | CURRENT_USER | SESSION_USER } ALTER SERVER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable> @@ -70,6 +71,19 @@ ALTER SERVER <replaceable class="parameter">name</replaceable> RENAME TO <replac </listitem> </varlistentry> + <varlistentry> + <term><literal>{ FOR | NO } SUBSCRIPTION</literal></term> + <listitem> + <para> + This clause specifies whether the foreign server may be used for a + subscription (see <xref linkend="sql-createsubscription"/>). The default + is <literal>NO SUBSCRIPTION</literal>. Only members of the role + <literal>pg_create_connection</literal> may specify <literal>FOR + SUBSCRIPTION</literal>. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/create_server.sgml b/doc/src/sgml/ref/create_server.sgml index 05f4019453..913cebabf2 100644 --- a/doc/src/sgml/ref/create_server.sgml +++ b/doc/src/sgml/ref/create_server.sgml @@ -23,6 +23,7 @@ PostgreSQL documentation <synopsis> CREATE SERVER [ IF NOT EXISTS ] <replaceable class="parameter">server_name</replaceable> [ TYPE '<replaceable class="parameter">server_type</replaceable>' ] [ VERSION '<replaceable class="parameter">server_version</replaceable>' ] FOREIGN DATA WRAPPER <replaceable class="parameter">fdw_name</replaceable> + [ { FOR | NO } SUBSCRIPTION ] [ OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] ) ] </synopsis> </refsynopsisdiv> @@ -104,6 +105,19 @@ CREATE SERVER [ IF NOT EXISTS ] <replaceable class="parameter">server_name</repl </listitem> </varlistentry> + <varlistentry> + <term><literal>{ FOR | NO } SUBSCRIPTION</literal></term> + <listitem> + <para> + This clause specifies whether the foreign server may be used for a + subscription (see <xref linkend="sql-createsubscription"/>). The default + is <literal>NO SUBSCRIPTION</literal>. Only members of the role + <literal>pg_create_connection</literal> may specify <literal>FOR + SUBSCRIPTION</literal>. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 92a299d2d3..4f4c20ba3c 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -687,11 +687,19 @@ DROP ROLE doomed_role; <entry>Allow use of connection slots reserved via <xref linkend="guc-reserved-connections"/>.</entry> </row> + <row> + <entry>pg_create_connection</entry> + <entry>Allow users to specify a connection string directly in <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>.</entry> + </row> <row> <entry>pg_create_subscription</entry> <entry>Allow users with <literal>CREATE</literal> permission on the - database to issue - <link linkend="sql-createsubscription"><command>CREATE SUBSCRIPTION</command></link>.</entry> + database to issue <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>. This role is a member of + <literal>pg_create_connection</literal>.</entry> </row> </tbody> </tgroup> diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index f315fecf18..73512688de 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -781,3 +781,5 @@ GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; GRANT pg_stat_scan_tables TO pg_monitor; + +GRANT pg_create_connection TO pg_create_subscription; diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index cf61bbac1f..2f83555370 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -21,6 +21,7 @@ #include "catalog/dependency.h" #include "catalog/indexing.h" #include "catalog/objectaccess.h" +#include "catalog/pg_authid_d.h" #include "catalog/pg_foreign_data_wrapper.h" #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" @@ -923,6 +924,18 @@ CreateForeignServer(CreateForeignServerStmt *stmt) else nulls[Anum_pg_foreign_server_srvversion - 1] = true; + if (stmt->forsubscription) + { + if (!has_privs_of_role(ownerId, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create server for subscription"), + errdetail("Only roles with privileges of the \"%s\" role may create foreign servers with FOR SUBSCRIPTION specified.", + "pg_create_subscription"))); + + values[Anum_pg_foreign_server_srvforsubscription - 1] = true; + } + /* Start with a blank acl */ nulls[Anum_pg_foreign_server_srvacl - 1] = true; @@ -1020,6 +1033,20 @@ AlterForeignServer(AlterForeignServerStmt *stmt) repl_repl[Anum_pg_foreign_server_srvversion - 1] = true; } + if ((srvForm->srvforsubscription || stmt->forsubscription) && + !has_privs_of_role(srvForm->srvowner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to alter server for subscription"), + errdetail("Only roles with privileges of the \"%s\" role may alter foreign servers with FOR SUBSCRIPTION specified.", + "pg_create_connection"))); + + if (stmt->has_forsubscription) + { + repl_val[Anum_pg_foreign_server_srvforsubscription - 1] = stmt->forsubscription; + repl_repl[Anum_pg_foreign_server_srvforsubscription - 1] = true; + } + if (stmt->options) { ForeignDataWrapper *fdw = GetForeignDataWrapper(srvForm->srvfdw); diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index bec665fd29..084928a212 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -609,9 +609,9 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, PreventInTransactionBlock(isTopLevel, "CREATE SUBSCRIPTION ... WITH (create_slot = true)"); /* - * We don't want to allow unprivileged users to be able to trigger - * attempts to access arbitrary network destinations, so require the user - * to have been specifically authorized to create subscriptions. + * We don't want to allow unprivileged users to utilize the resources that + * a subscription requires (such as a background worker), so require the + * user to have been specifically authorized to create subscriptions. */ if (!has_privs_of_role(owner, ROLE_PG_CREATE_SUBSCRIPTION)) ereport(ERROR, @@ -687,6 +687,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (aclresult != ACLCHECK_OK) aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + if (!server->forsubscription) + ereport(ERROR, + (errmsg("foreign server \"%s\" not usable for subscription", + server->servername), + errhint("Specify FOR SUBSCRIPTION when creating the foreign server."))); + um = GetUserMapping(owner, server->serverid); serverid = server->serverid; @@ -697,6 +703,19 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, { Assert(stmt->conninfo); + /* + * We don't want to allow unprivileged users to be able to trigger + * attempts to access arbitrary network destinations, so require the user + * to have been specifically authorized to create connections. + */ + if (!has_privs_of_role(owner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create subscription with a connection string"), + errdetail("Only roles with privileges of the \"%s\" role may create subscriptions with CONNECTION specified.", + "pg_create_connection"), + errhint("Create a subscription to a foreign server by specifying SERVER instead."))); + serverid = InvalidOid; umid = InvalidOid; conninfo = stmt->conninfo; diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index ba2dea88a9..fc01a4f9c9 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -149,6 +149,7 @@ GetForeignServerExtended(Oid serverid, bits16 flags) server->servername = pstrdup(NameStr(serverform->srvname)); server->owner = serverform->srvowner; server->fdwid = serverform->srvfdw; + server->forsubscription = serverform->srvforsubscription; /* Extract server type */ datum = SysCacheGetAttr(FOREIGNSERVEROID, diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index c27e0b8b5d..3abcebd8b3 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -366,6 +366,7 @@ static Node *makeRecursiveViewSelect(char *relname, List *aliases, Node *query); %type <str> opt_type %type <str> foreign_server_version opt_foreign_server_version +%type <boolean> for_subscription opt_for_subscription %type <str> opt_in_database %type <str> parameter_name @@ -5397,7 +5398,7 @@ generic_option_arg: *****************************************************************************/ CreateForeignServerStmt: CREATE SERVER name opt_type opt_foreign_server_version - FOREIGN DATA_P WRAPPER name create_generic_options + FOREIGN DATA_P WRAPPER name opt_for_subscription create_generic_options { CreateForeignServerStmt *n = makeNode(CreateForeignServerStmt); @@ -5405,12 +5406,13 @@ CreateForeignServerStmt: CREATE SERVER name opt_type opt_foreign_server_version n->servertype = $4; n->version = $5; n->fdwname = $9; - n->options = $10; + n->forsubscription = $10; + n->options = $11; n->if_not_exists = false; $$ = (Node *) n; } | CREATE SERVER IF_P NOT EXISTS name opt_type opt_foreign_server_version - FOREIGN DATA_P WRAPPER name create_generic_options + FOREIGN DATA_P WRAPPER name opt_for_subscription create_generic_options { CreateForeignServerStmt *n = makeNode(CreateForeignServerStmt); @@ -5418,7 +5420,8 @@ CreateForeignServerStmt: CREATE SERVER name opt_type opt_foreign_server_version n->servertype = $7; n->version = $8; n->fdwname = $12; - n->options = $13; + n->forsubscription = $13; + n->options = $14; n->if_not_exists = true; $$ = (Node *) n; } @@ -5440,6 +5443,16 @@ opt_foreign_server_version: | /*EMPTY*/ { $$ = NULL; } ; +for_subscription: + FOR SUBSCRIPTION { $$ = true; } + | NO SUBSCRIPTION { $$ = false; } + ; + +opt_for_subscription: + for_subscription { $$ = $1; } + | /*EMPTY*/ { $$ = false; } + ; + /***************************************************************************** * * QUERY : @@ -5457,6 +5470,15 @@ AlterForeignServerStmt: ALTER SERVER name foreign_server_version alter_generic_o n->has_version = true; $$ = (Node *) n; } + | ALTER SERVER name for_subscription + { + AlterForeignServerStmt *n = makeNode(AlterForeignServerStmt); + + n->servername = $3; + n->forsubscription = $4; + n->has_forsubscription = true; + $$ = (Node *) n; + } | ALTER SERVER name foreign_server_version { AlterForeignServerStmt *n = makeNode(AlterForeignServerStmt); diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat index 82a2ec2862..dcfad7a0c0 100644 --- a/src/include/catalog/pg_authid.dat +++ b/src/include/catalog/pg_authid.dat @@ -94,5 +94,10 @@ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', rolpassword => '_null_', rolvaliduntil => '_null_' }, +{ oid => '6122', oid_symbol => 'ROLE_PG_CREATE_CONNECTION', + rolname => 'pg_create_connection', rolsuper => 'f', rolinherit => 't', + rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', + rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', + rolpassword => '_null_', rolvaliduntil => '_null_' }, ] diff --git a/src/include/catalog/pg_foreign_server.h b/src/include/catalog/pg_foreign_server.h index 995f140bf3..fa1e8fad56 100644 --- a/src/include/catalog/pg_foreign_server.h +++ b/src/include/catalog/pg_foreign_server.h @@ -31,6 +31,7 @@ CATALOG(pg_foreign_server,1417,ForeignServerRelationId) NameData srvname; /* foreign server name */ Oid srvowner BKI_LOOKUP(pg_authid); /* server owner */ Oid srvfdw BKI_LOOKUP(pg_foreign_data_wrapper); /* server FDW */ + bool srvforsubscription BKI_DEFAULT(f); /* usable for subscription */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ text srvtype; diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index a2f04ce9af..e1d93c26ba 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -36,6 +36,7 @@ typedef struct ForeignServer Oid serverid; /* server Oid */ Oid fdwid; /* foreign-data wrapper */ Oid owner; /* server owner user Oid */ + bool forsubscription; /* usable for a subscription */ char *servername; /* name of the server */ char *servertype; /* server type, optional */ char *serverversion; /* server version, optional */ diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 6d6b242cec..00547bbd88 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -2726,6 +2726,7 @@ typedef struct CreateForeignServerStmt char *version; /* optional server version */ char *fdwname; /* FDW name */ bool if_not_exists; /* just do nothing if it already exists? */ + bool forsubscription; /* usable for subscription */ List *options; /* generic options to server */ } CreateForeignServerStmt; @@ -2734,8 +2735,10 @@ typedef struct AlterForeignServerStmt NodeTag type; char *servername; /* server name */ char *version; /* optional server version */ + bool forsubscription; /* usable for subscription */ List *options; /* generic options to server */ bool has_version; /* version specified */ + bool has_forsubscription; /* [FOR|NO] SUBSCRIPTION specified */ } AlterForeignServerStmt; /* ---------------------- diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index 11edae46b1..64e35eaa39 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -153,17 +153,42 @@ HINT: To initiate replication, you must manually create the replication slot, e DROP SUBSCRIPTION regress_testsub6; -- test using a server object instead of connection string RESET SESSION AUTHORIZATION; -CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE ROLE regress_connection_role; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER pg_connection_fdw + FOR SUBSCRIPTION; CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER pg_connection_fdw; +ALTER SERVER regress_testserver1 OWNER TO regress_connection_role; +ALTER SERVER regress_testserver2 OWNER TO regress_connection_role; CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 OPTIONS (password 'secret'); CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +REVOKE pg_create_connection FROM pg_create_subscription; SET SESSION AUTHORIZATION regress_subscription_user3; +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: permission denied to create subscription with a connection string +DETAIL: Only roles with privileges of the "pg_create_connection" role may create subscriptions with CONNECTION specified. +HINT: Create a subscription to a foreign server by specifying SERVER instead. CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub - WITH (slot_name = NONE, connect = false); -- fails + WITH (slot_name = NONE, connect = false); -- fail - no USAGE ERROR: permission denied for foreign server regress_testserver1 +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fail - not FOR SUBSCRIPTION +ERROR: foreign server "regress_testserver2" not usable for subscription +HINT: Specify FOR SUBSCRIPTION when creating the foreign server. +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; -- fails - need pg_create_connection +ERROR: permission denied to alter server for subscription +DETAIL: Only roles with privileges of the "pg_create_connection" role may alter foreign servers with FOR SUBSCRIPTION specified. +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO regress_connection_role; +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; +SET SESSION AUTHORIZATION regress_subscription_user3; CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub WITH (slot_name = NONE, connect = false); WARNING: subscription was created, but is not connected @@ -195,6 +220,8 @@ DROP SUBSCRIPTION regress_testsub6; DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; DROP SERVER regress_testserver1; REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +-- re-grant pg_create_connection to pg_create_subscription +GRANT pg_create_connection TO pg_create_subscription; SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index bf8421fb50..0439b5a2fe 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -98,17 +98,41 @@ DROP SUBSCRIPTION regress_testsub6; -- test using a server object instead of connection string RESET SESSION AUTHORIZATION; -CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER pg_connection_fdw; +CREATE ROLE regress_connection_role; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER pg_connection_fdw + FOR SUBSCRIPTION; CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER pg_connection_fdw; +ALTER SERVER regress_testserver1 OWNER TO regress_connection_role; +ALTER SERVER regress_testserver2 OWNER TO regress_connection_role; CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 OPTIONS (password 'secret'); CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +REVOKE pg_create_connection FROM pg_create_subscription; + SET SESSION AUTHORIZATION regress_subscription_user3; + +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); + CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub - WITH (slot_name = NONE, connect = false); -- fails + WITH (slot_name = NONE, connect = false); -- fail - no USAGE +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fail - not FOR SUBSCRIPTION + +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; -- fails - need pg_create_connection +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO regress_connection_role; +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; + +SET SESSION AUTHORIZATION regress_subscription_user3; + CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub WITH (slot_name = NONE, connect = false); RESET SESSION AUTHORIZATION; @@ -142,6 +166,10 @@ DROP SUBSCRIPTION regress_testsub6; DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; DROP SERVER regress_testserver1; REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; + +-- re-grant pg_create_connection to pg_create_subscription +GRANT pg_create_connection TO pg_create_subscription; + SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 4cbf2dceaa..91a7f9695b 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -116,7 +116,7 @@ $node_subscriber->safe_psql('postgres', my $publisher_host = $node_publisher->host; my $publisher_port = $node_publisher->port; $node_subscriber->safe_psql('postgres', - "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER pg_connection_fdw FOR SUBSCRIPTION OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" ); $node_subscriber->safe_psql('postgres', -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-16 03:53 Bharath Rupireddy <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Bharath Rupireddy @ 2024-01-16 03:53 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, Jan 16, 2024 at 7:25 AM Jeff Davis <[email protected]> wrote: > > On Fri, 2024-01-12 at 17:17 -0800, Jeff Davis wrote: > > I think 0004 needs a bit more work, so I'm leaving it off for now, > > but > > I'll bring it back in the next patch set. > > Here's the next patch set. 0001 - 0003 are mostly the same with some > improved error messages and some code fixes. I am looking to start > committing 0001 - 0003 soon, as they have received some feedback > already and 0004 isn't required for the earlier patches to be useful. Thanks. Here are some comments on 0001. I'll look at other patches very soon. 1. + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); At first glance, it looks odd that libpqwalreceiver library is being linked to every backend that uses postgresql_fdw_validator. After a bit of grokking, this feels/is a better and easiest way to not link libpq to the main postgresql executable as specified at the beginning of libpqwalreceiver.c file comments. May be a more descriptive note is worth here instead of just saying "Load the library providing us libpq calls."? 2. Why not typedef keyword before the ConnectionOption structure? This way all the "struct ConnectionOption" can be remvoed, no? I know the previously there is no typedef, but we can add it now so that the code looks cleaner. typedef struct ConnectionOption { const char *optname; bool issecret; /* is option for a password? */ bool isdebug; /* is option a debug option? */ } ConnectionOption; FWIW, with the above change and removal of struct before every use of ConnectionOption, the code compiles cleanly for me. 3. +static const struct ConnectionOption * +libpqrcv_conninfo_options(void) Why is libpqrcv_conninfo_options returning the const ConnectionOption? Is it that we don't expect callers to modify the result? I think it's not needed given the fact that PQconndefaults doesn't constify the return value. 4. + /* skip options that must be overridden */ + if (strcmp(option, "client_encoding") == 0) + return false; + Options that must be overriden or disallow specifiing "client_encoding" in the SERVER/USER MAPPING definition (just like the dblink)? /* Disallow "client_encoding" */ if (strcmp(opt->keyword, "client_encoding") == 0) return false; 5. "By using the correct libpq options, it no longer needs to be deprecated, and can be used by the upcoming pg_connection_fdw." Use of postgresql_fdw_validator for pg_connection_fdw seems a bit odd to me. I don't mind pg_connection_fdw having its own validator pg_connection_fdw_validator even if it duplicates the code. To avoid code duplication we can move the guts to an internal function in foreign.c so that both postgresql_fdw_validator and pg_connection_fdw_validator can use it. This way the code is cleaner and we can just leave postgresql_fdw_validator as deprecated. -- Bharath Rupireddy PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-18 07:17 Jeff Davis <[email protected]> parent: Bharath Rupireddy <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Jeff Davis @ 2024-01-18 07:17 UTC (permalink / raw) To: Bharath Rupireddy <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, 2024-01-16 at 09:23 +0530, Bharath Rupireddy wrote: > 1. > May be a more descriptive note is > worth here instead of just saying "Load the library providing us > libpq calls."? OK, will be in the next patch set. > 2. Why not typedef keyword before the ConnectionOption structure? Agreed. An earlier unpublished iteration had the struct more localized, but here it makes more sense to be typedef'd. > 3. > +static const struct ConnectionOption * > +libpqrcv_conninfo_options(void) > > Why is libpqrcv_conninfo_options returning the const > ConnectionOption? I did that so I could save the result, and each subsequent call would be free (just returning the same pointer). That also means that the caller doesn't need to free the result, which would require another entry point in the API. > Is it that we don't expect callers to modify the result? I think it's > not needed given the fact that PQconndefaults doesn't constify the > return value. The result of PQconndefaults() can change from call to call when the defaults change. libpqrcv_conninfo_options() only depends on the available option names (and dispchar), which should be a static list. > 4. > + /* skip options that must be overridden */ > + if (strcmp(option, "client_encoding") == 0) > + return false; > + > > Options that must be overriden or disallow specifiing > "client_encoding" in the SERVER/USER MAPPING definition (just like > the > dblink)? I'm not quite sure of your question, but I'll try to improve the comment. > 5. > "By using the correct libpq options, it no longer needs to be > deprecated, and can be used by the upcoming pg_connection_fdw." > > Use of postgresql_fdw_validator for pg_connection_fdw seems a bit odd > to me. I don't mind pg_connection_fdw having its own validator > pg_connection_fdw_validator even if it duplicates the code. To avoid > code duplication we can move the guts to an internal function in > foreign.c so that both postgresql_fdw_validator and > pg_connection_fdw_validator can use it. This way the code is cleaner > and we can just leave postgresql_fdw_validator as deprecated. Will do so in the next patch set. Thank you for taking a look. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-22 13:11 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2024-01-22 13:11 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers Hi Jeff, On Tue, Jan 16, 2024 at 7:25 AM Jeff Davis <[email protected]> wrote: > > On Fri, 2024-01-12 at 17:17 -0800, Jeff Davis wrote: > > I think 0004 needs a bit more work, so I'm leaving it off for now, > > but > > I'll bring it back in the next patch set. > > Here's the next patch set. 0001 - 0003 are mostly the same with some > improved error messages and some code fixes. I am looking to start > committing 0001 - 0003 soon, as they have received some feedback > already and 0004 isn't required for the earlier patches to be useful. > I am reviewing the patches. Here are some random comments. 0002 adds a prefix "regress_" to almost every object that is created in foreign_data.sql. The commit message doesn't say why it's doing so. But more importantly, the new tests added are lost in all the other changes. It will be good to have prefix adding changes into its own patch explaining the reason. The new tests may stay in 0002. Interestingly the foreign server created in the new tests doesn't have "regress_" prefix. Why? Dummy FDW makes me nervous. The way it's written, it may grow into a full-fledged postgres_fdw and in the process might acquire the same concerns that postgres_fdw has today. But I will study the patches and discussion around it more carefully. I enhanced the postgres_fdw TAP test to use foreign table. Please see the attached patch. It works as expected. Of course a follow-on work will require linking the local table and its replica on the publisher table so that push down will work on replicated tables. But the concept at least works with your changes. Thanks for that. I am not sure we need a full-fledged TAP test for testing subscription. I wouldn't object to it, but TAP tests are heavy. It should be possible to write the same test as a SQL test by creating two databases and switching between them. Do you think it's worth trying that way? > 0004 could use more discussion. The purpose is to split the privileges > of pg_create_subscription into two: pg_create_subscription, and > pg_create_connection. By separating the privileges, it's possible to > allow someone to create/manage subscriptions to a predefined set of > foreign servers (on which they have USAGE privileges) without allowing > them to write an arbitrary connection string. Haven't studied this patch yet. Will continue reviewing the patches. -- Best Wishes, Ashutosh Bapat diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl index d1d80d0679..3ae2b6da4a 100644 --- a/contrib/postgres_fdw/t/010_subscription.pl +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -20,7 +20,7 @@ $node_subscriber->start; # Create some preexisting content on publisher $node_publisher->safe_psql('postgres', - "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); # Replicate the changes without columns $node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); @@ -29,7 +29,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); -$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); # Setup logical replication my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; @@ -45,6 +45,9 @@ $node_subscriber->safe_psql('postgres', "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" ); +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" ); @@ -53,16 +56,16 @@ $node_subscriber->safe_psql('postgres', $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); my $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); is($result, qq(1002), 'check initial data was copied to subscriber'); $node_publisher->safe_psql('postgres', - "INSERT INTO tab_ins SELECT generate_series(1,50)"); + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); $node_publisher->wait_for_catchup('tap_sub'); $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); -is($result, qq(1052), 'check initial data was copied to subscriber'); + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); done_testing(); Attachments: [text/plain] repl_table_test.txt (2.5K, 2-repl_table_test.txt) download | inline diff: diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl index d1d80d0679..3ae2b6da4a 100644 --- a/contrib/postgres_fdw/t/010_subscription.pl +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -20,7 +20,7 @@ $node_subscriber->start; # Create some preexisting content on publisher $node_publisher->safe_psql('postgres', - "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); # Replicate the changes without columns $node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); @@ -29,7 +29,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); -$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); # Setup logical replication my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; @@ -45,6 +45,9 @@ $node_subscriber->safe_psql('postgres', "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" ); +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" ); @@ -53,16 +56,16 @@ $node_subscriber->safe_psql('postgres', $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); my $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); is($result, qq(1002), 'check initial data was copied to subscriber'); $node_publisher->safe_psql('postgres', - "INSERT INTO tab_ins SELECT generate_series(1,50)"); + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); $node_publisher->wait_for_catchup('tap_sub'); $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); -is($result, qq(1052), 'check initial data was copied to subscriber'); + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); done_testing(); ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-22 19:03 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-01-22 19:03 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, 2024-01-22 at 18:41 +0530, Ashutosh Bapat wrote: > 0002 adds a prefix "regress_" to almost every object that is created > in foreign_data.sql. psql \dew outputs the owner, which in the case of a built-in FDW is the bootstrap superuser, which is not a stable name. I used the prefix to exclude the built-in FDW -- if you have a better suggestion, please let me know. (Though reading below, we might not even want a built-in FDW.) > Dummy FDW makes me nervous. The way it's written, it may grow into a > full-fledged postgres_fdw and in the process might acquire the same > concerns that postgres_fdw has today. But I will study the patches > and > discussion around it more carefully. I introduced that based on this comment[1]. I also thought it fit with your previous suggestion to make it work with postgres_fdw, but I suppose it's not required. We could just not offer the built-in FDW, and expect users to either use postgres_fdw or create their own dummy FDW. > I enhanced the postgres_fdw TAP test to use foreign table. Please see > the attached patch. It works as expected. Of course a follow-on work > will require linking the local table and its replica on the publisher > table so that push down will work on replicated tables. But the > concept at least works with your changes. Thanks for that. Thank you, I'll include it in the next patch set. > I am not sure we need a full-fledged TAP test for testing > subscription. I wouldn't object to it, but TAP tests are heavy. It > should be possible to write the same test as a SQL test by creating > two databases and switching between them. Do you think it's worth > trying that way? I'm not entirely sure what you mean here, but I am open to test simplifications if you see an opportunity. Regards, Jeff Davis > [1] https://www.postgresql.org/message-id/172273.1693403385%40sss.pgh.pa.us ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-23 09:51 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2024-01-23 09:51 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, Jan 23, 2024 at 12:33 AM Jeff Davis <[email protected]> wrote: > > On Mon, 2024-01-22 at 18:41 +0530, Ashutosh Bapat wrote: > > 0002 adds a prefix "regress_" to almost every object that is created > > in foreign_data.sql. > > psql \dew outputs the owner, which in the case of a built-in FDW is the > bootstrap superuser, which is not a stable name. I used the prefix to > exclude the built-in FDW -- if you have a better suggestion, please let > me know. (Though reading below, we might not even want a built-in FDW.) I am with the prefix. The changes it causes make review difficult. If you can separate those changes into a patch that will help. > > > Dummy FDW makes me nervous. The way it's written, it may grow into a > > full-fledged postgres_fdw and in the process might acquire the same > > concerns that postgres_fdw has today. But I will study the patches > > and > > discussion around it more carefully. > > I introduced that based on this comment[1]. > > I also thought it fit with your previous suggestion to make it work > with postgres_fdw, but I suppose it's not required. We could just not > offer the built-in FDW, and expect users to either use postgres_fdw or > create their own dummy FDW. I am fine with this. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-24 01:45 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 2 replies; 63+ messages in thread From: Jeff Davis @ 2024-01-24 01:45 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, 2024-01-23 at 15:21 +0530, Ashutosh Bapat wrote: > I am with the prefix. The changes it causes make review difficult. If > you can separate those changes into a patch that will help. I ended up just removing the dummy FDW. Real users are likely to want to use postgres_fdw, and if not, it's easy enough to issue a CREATE FOREIGN DATA WRAPPER. Or I can bring it back if desired. Updated patch set (patches are renumbered): * removed dummy FDW and test churn * made a new pg_connection_validator function which leaves postgresql_fdw_validator in place. (I didn't document the new function -- should I?) * included your tests improvements * removed dependency from the subscription to the user mapping -- we don't depend on the user mapping for foreign tables, so we shouldn't depend on them here. Of course a change to a user mapping still invalidates the subscription worker and it will restart. * general cleanup Overall it's simpler and hopefully easier to review. The patch to introduce the pg_create_connection role could use some more discussion, but I believe 0001 and 0002 are nearly ready. Regards, Jeff Davis Attachments: [text/x-patch] v9-0001-Add-SQL-function-pg_conninfo_from_server.patch (26.2K, 2-v9-0001-Add-SQL-function-pg_conninfo_from_server.patch) download | inline diff: From ba021281fe7910fa197888b299281acbfda30c36 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 23 Jan 2024 11:11:21 -0800 Subject: [PATCH v9 1/3] Add SQL function pg_conninfo_from_server(). Retrieves valid Postgres connection string from a foreign server. Any foreign server may be used, though it's expected to provide valid libpq connection options. Invalid or unrecognized options will be ignored. Extends walreceiver API to return available libpq options. In preparation for CREATE SUBSCRIPTION ... SERVER. Discussion: https://postgr.es/m/[email protected] --- .../postgres_fdw/expected/postgres_fdw.out | 14 + contrib/postgres_fdw/sql/postgres_fdw.sql | 6 + doc/src/sgml/func.sgml | 19 ++ src/backend/foreign/foreign.c | 255 +++++++++++++++++- .../libpqwalreceiver/libpqwalreceiver.c | 48 ++++ src/include/catalog/pg_proc.dat | 8 + src/include/foreign/foreign.h | 2 + src/include/replication/walreceiver.h | 20 ++ src/test/regress/expected/foreign_data.out | 46 ++++ src/test/regress/sql/foreign_data.sql | 40 +++ 10 files changed, 449 insertions(+), 9 deletions(-) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index b5a38aeb21..8a7a15cc51 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -24,6 +24,13 @@ CREATE USER MAPPING FOR public SERVER testserver1 CREATE USER MAPPING FOR CURRENT_USER SERVER loopback; CREATE USER MAPPING FOR CURRENT_USER SERVER loopback2; CREATE USER MAPPING FOR public SERVER loopback3; +-- test pg_conninfo_from_server() +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + pg_conninfo_from_server +----------------------------------- + user = 'value' password = 'value' +(1 row) + -- =================================================================== -- create objects used through FDW loopback server -- =================================================================== @@ -196,6 +203,13 @@ ALTER USER MAPPING FOR public SERVER testserver1 -- permitted to check validation. ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslkey 'value', ADD sslcert 'value'); +-- check pg_conninfo_from_server() after ALTERs +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + pg_conninfo_from_server +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + service = 'value' connect_timeout = 'value' dbname = 'value' host = 'value' hostaddr = 'value' port = 'value' application_name = 'value' keepalives = 'value' keepalives_idle = 'value' keepalives_interval = 'value' tcp_user_timeout = 'value' sslcompression = 'value' sslmode = 'value' sslcert = 'value' sslkey = 'value' sslrootcert = 'value' sslcrl = 'value' krbsrvname = 'value' gsslib = 'value' gssdelegation = 'value' sslpassword = 'dummy' sslkey = 'value' sslcert = 'value' +(1 row) + ALTER FOREIGN TABLE ft1 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft2 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name 'C 1'); diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index f410c3db4e..0d8478120d 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -28,6 +28,9 @@ CREATE USER MAPPING FOR CURRENT_USER SERVER loopback; CREATE USER MAPPING FOR CURRENT_USER SERVER loopback2; CREATE USER MAPPING FOR public SERVER loopback3; +-- test pg_conninfo_from_server() +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + -- =================================================================== -- create objects used through FDW loopback server -- =================================================================== @@ -213,6 +216,9 @@ ALTER USER MAPPING FOR public SERVER testserver1 ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslkey 'value', ADD sslcert 'value'); +-- check pg_conninfo_from_server() after ALTERs +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + ALTER FOREIGN TABLE ft1 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft2 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name 'C 1'); diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 210c7c0b02..79e1792eae 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -27985,6 +27985,25 @@ postgres=# SELECT '0/0'::pg_lsn + pd.segment_number * ps.setting::int + :offset </para></entry> </row> + <row> + <entry role="func_table_entry"><para role="func_signature"> + <indexterm> + <primary>pg_conninfo_from_server</primary> + </indexterm> + <function>pg_conninfo_from_server</function> ( <parameter>servername</parameter> <type>text</type>, <parameter>username</parameter> <type>text</type>, <parameter>append_overrides</parameter> <type>boolean</type> ) + <returnvalue>text</returnvalue> + </para> + <para> + Returns connection string generated from the foreign server and user + mapping associated with the given + <replaceable>servername</replaceable> and + <replaceable>username</replaceable>. If + <replaceable>append_overrides</replaceable> is + <literal>true</literal>, it appends override parameters necessary for + making outbound connections. + </para></entry> + </row> + <row> <entry id="pg-logical-emit-message" role="func_table_entry"><para role="func_signature"> <indexterm> diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 02e1898131..b4635d6eba 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -18,11 +18,15 @@ #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" #include "catalog/pg_user_mapping.h" +#include "commands/defrem.h" #include "foreign/fdwapi.h" #include "foreign/foreign.h" #include "funcapi.h" #include "lib/stringinfo.h" +#include "mb/pg_wchar.h" #include "miscadmin.h" +#include "replication/walreceiver.h" +#include "utils/acl.h" #include "utils/builtins.h" #include "utils/memutils.h" #include "utils/rel.h" @@ -190,6 +194,146 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + + +/* + * Check if the provided option is one of libpq conninfo options. + * context is the Oid of the catalog the option came from, or 0 if we + * don't care. + */ +static bool +is_libpq_conninfo_option(const char *option, Oid context) +{ + const ConnectionOption *opt; + + /* skip options that must be overridden */ + if (strcmp(option, "client_encoding") == 0) + return false; + + for (opt = walrcv_conninfo_options(); opt->optname; opt++) + { + if (strcmp(opt->optname, option) == 0) + { + if (opt->isdebug) + return false; + + if (opt->issecret || strcmp(opt->optname, "user") == 0) + return (context == UserMappingRelationId); + + return (context == ForeignServerRelationId); + } + } + return false; +} + + +/* + * Helper for ForeignServerConnectionString(). + * + * Transform a List of DefElem into a connection string. + */ +static char * +options_to_conninfo(List *options, bool append_overrides) +{ + StringInfoData str; + ListCell *lc; + char *sep = ""; + + initStringInfo(&str); + foreach(lc, options) + { + DefElem *d = (DefElem *) lfirst(lc); + char *name = d->defname; + char *value; + + /* ignore unknown options */ + if (!is_libpq_conninfo_option(name, ForeignServerRelationId) && + !is_libpq_conninfo_option(name, UserMappingRelationId)) + continue; + + value = defGetString(d); + + appendStringInfo(&str, "%s%s = ", sep, name); + appendEscapedValue(&str, value); + sep = " "; + } + + /* override client_encoding */ + if (append_overrides) + { + appendStringInfo(&str, "%sclient_encoding = ", sep); + appendEscapedValue(&str, GetDatabaseEncodingName()); + sep = " "; + } + + return str.data; +} + + +/* + * Given a user ID and server ID, return a postgres connection string suitable + * to pass to libpq. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid, bool append_overrides) +{ + static MemoryContext tmpcontext = NULL; + ForeignServer *server; + UserMapping *um; + List *options; + char *conninfo; + MemoryContext oldcontext; + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + /* + * Use a temporary context rather than trying to track individual + * allocations in GetForeignServer() and GetUserMapping(). + */ + if (tmpcontext == NULL) + tmpcontext = AllocSetContextCreate(TopMemoryContext, + "temp context for building connection string", + ALLOCSET_DEFAULT_SIZES); + + oldcontext = MemoryContextSwitchTo(tmpcontext); + + server = GetForeignServer(serverid); + um = GetUserMapping(userid, serverid); + + /* user mapping options override server options */ + options = list_concat(server->options, um->options); + + conninfo = options_to_conninfo(options, append_overrides); + + MemoryContextSwitchTo(oldcontext); + + /* copy only conninfo into the current context */ + conninfo = pstrdup(conninfo); + + MemoryContextReset(tmpcontext); + + return conninfo; +} + + /* * GetUserMapping - look up the user mapping. * @@ -549,10 +693,103 @@ pg_options_to_table(PG_FUNCTION_ARGS) } +/* + * pg_conninfo_from_server + * + * Extract connection string from the given foreign server. + */ +Datum +pg_conninfo_from_server(PG_FUNCTION_ARGS) +{ + char *server_name = text_to_cstring(PG_GETARG_TEXT_P(0)); + char *user_name = text_to_cstring(PG_GETARG_TEXT_P(1)); + bool append_overrides = PG_GETARG_BOOL(2); + Oid serverid = get_foreign_server_oid(server_name, false); + Oid userid = get_role_oid_or_public(user_name); + AclResult aclresult; + char *conninfo; + + /* if the specified userid is not PUBLIC, check SET ROLE privileges */ + if (userid != ACL_ID_PUBLIC) + check_can_set_role(GetUserId(), userid); + + /* ACL check on foreign server */ + aclresult = object_aclcheck(ForeignServerRelationId, serverid, + GetUserId(), ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server_name); + + conninfo = ForeignServerConnectionString(userid, serverid, + append_overrides); + + PG_RETURN_TEXT_P(cstring_to_text(conninfo)); +} + + +/* + * Validate the generic option given to SERVER or USER MAPPING. + * Raise an ERROR if the option or its value is considered invalid. + * + * Valid server options are all libpq conninfo options except + * user and password -- these may only appear in USER MAPPING options. + */ +Datum +pg_connection_validator(PG_FUNCTION_ARGS) +{ + List *options_list = untransformRelOptions(PG_GETARG_DATUM(0)); + Oid catalog = PG_GETARG_OID(1); + + ListCell *cell; + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + + foreach(cell, options_list) + { + DefElem *def = lfirst(cell); + + if (!is_libpq_conninfo_option(def->defname, catalog)) + { + const ConnectionOption *opt; + const char *closest_match; + ClosestMatchState match_state; + bool has_valid_options = false; + + /* + * Unknown option specified, complain about it. Provide a hint + * with a valid option that looks similar, if there is one. + */ + initClosestMatch(&match_state, def->defname, 4); + for (opt = walrcv_conninfo_options(); opt->optname; opt++) + { + if (is_libpq_conninfo_option(opt->optname, catalog)) + { + has_valid_options = true; + updateClosestMatch(&match_state, opt->optname); + } + } + + closest_match = getClosestMatch(&match_state); + ereport(ERROR, + (errcode(ERRCODE_SYNTAX_ERROR), + errmsg("invalid option \"%s\"", def->defname), + has_valid_options ? closest_match ? + errhint("Perhaps you meant the option \"%s\".", + closest_match) : 0 : + errhint("There are no valid options in this context."))); + + PG_RETURN_BOOL(false); + } + } + + PG_RETURN_BOOL(true); +} + + /* * Describes the valid options for postgresql FDW, server, and user mapping. */ -struct ConnectionOption +struct TestConnectionOption { const char *optname; Oid optcontext; /* Oid of catalog in which option may appear */ @@ -563,7 +800,7 @@ struct ConnectionOption * * The list is small - don't bother with bsearch if it stays so. */ -static const struct ConnectionOption libpq_conninfo_options[] = { +static const struct TestConnectionOption test_conninfo_options[] = { {"authtype", ForeignServerRelationId}, {"service", ForeignServerRelationId}, {"user", UserMappingRelationId}, @@ -584,16 +821,16 @@ static const struct ConnectionOption libpq_conninfo_options[] = { /* - * Check if the provided option is one of libpq conninfo options. + * Check if the provided option is one of the test conninfo options. * context is the Oid of the catalog the option came from, or 0 if we * don't care. */ static bool -is_conninfo_option(const char *option, Oid context) +is_test_conninfo_option(const char *option, Oid context) { - const struct ConnectionOption *opt; + const struct TestConnectionOption *opt; - for (opt = libpq_conninfo_options; opt->optname; opt++) + for (opt = test_conninfo_options; opt->optname; opt++) if (context == opt->optcontext && strcmp(opt->optname, option) == 0) return true; return false; @@ -624,9 +861,9 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) { DefElem *def = lfirst(cell); - if (!is_conninfo_option(def->defname, catalog)) + if (!is_test_conninfo_option(def->defname, catalog)) { - const struct ConnectionOption *opt; + const struct TestConnectionOption *opt; const char *closest_match; ClosestMatchState match_state; bool has_valid_options = false; @@ -636,7 +873,7 @@ postgresql_fdw_validator(PG_FUNCTION_ARGS) * with a valid option that looks similar, if there is one. */ initClosestMatch(&match_state, def->defname, 4); - for (opt = libpq_conninfo_options; opt->optname; opt++) + for (opt = test_conninfo_options; opt->optname; opt++) { if (catalog == opt->optcontext) { diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index 77669074e8..a1845e6dfa 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -52,6 +52,7 @@ static WalReceiverConn *libpqrcv_connect(const char *conninfo, const char *appname, char **err); static void libpqrcv_check_conninfo(const char *conninfo, bool must_use_password); +static const ConnectionOption *libpqrcv_conninfo_options(void); static char *libpqrcv_get_conninfo(WalReceiverConn *conn); static void libpqrcv_get_senderinfo(WalReceiverConn *conn, char **sender_host, int *sender_port); @@ -85,6 +86,7 @@ static void libpqrcv_disconnect(WalReceiverConn *conn); static WalReceiverFunctionsType PQWalReceiverFunctions = { .walrcv_connect = libpqrcv_connect, .walrcv_check_conninfo = libpqrcv_check_conninfo, + .walrcv_conninfo_options = libpqrcv_conninfo_options, .walrcv_get_conninfo = libpqrcv_get_conninfo, .walrcv_get_senderinfo = libpqrcv_get_senderinfo, .walrcv_identify_system = libpqrcv_identify_system, @@ -337,6 +339,52 @@ libpqrcv_check_conninfo(const char *conninfo, bool must_use_password) PQconninfoFree(opts); } +static const ConnectionOption * +libpqrcv_conninfo_options(void) +{ + static ConnectionOption *connection_options = NULL; + + if (connection_options == NULL) + { + PQconninfoOption *conndefaults = PQconndefaults(); + PQconninfoOption *lopt; + ConnectionOption *tmp_options = NULL; + ConnectionOption *popt; + size_t options_size = 0; + int num_libpq_opts = 0; + + for (lopt = conndefaults; lopt->keyword; lopt++) + num_libpq_opts++; + + /* leave room for all-zero entry at the end */ + options_size = sizeof(ConnectionOption) * (num_libpq_opts + 1); + tmp_options = MemoryContextAllocZero(TopMemoryContext, options_size); + + popt = tmp_options; + for (lopt = conndefaults; lopt->keyword; lopt++) + { + if (strchr(lopt->dispchar, '*')) + popt->issecret = true; + else if (strchr(lopt->dispchar, 'D')) + popt->isdebug = true; + + popt->optname = MemoryContextStrdup(TopMemoryContext, + lopt->keyword); + popt++; + } + + /* last entry is all zero */ + Assert(popt->optname == NULL); + + PQconninfoFree(conndefaults); + + /* if everything succeeded, set static variable */ + connection_options = tmp_options; + } + + return connection_options; +} + /* * Return a user-displayable conninfo string. Any security-sensitive fields * are obfuscated. diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index ad74e07dbb..5890d22dd9 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7516,6 +7516,14 @@ proname => 'postgresql_fdw_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, +{ oid => '6015', descr => '(internal)', + proname => 'pg_connection_validator', prorettype => 'bool', + proargtypes => '_text oid', prosrc => 'pg_connection_validator' }, + +{ oid => '6123', descr => 'extract connection string from the given foreign server', + proname => 'pg_conninfo_from_server', prorettype => 'text', + proargtypes => 'text text bool', prosrc => 'pg_conninfo_from_server' }, + { oid => '2290', descr => 'I/O', proname => 'record_in', provolatile => 's', prorettype => 'record', proargtypes => 'cstring oid int4', prosrc => 'record_in' }, diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100..b5b9b97f4d 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -69,6 +69,8 @@ extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid, + bool append_overrides); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/replication/walreceiver.h b/src/include/replication/walreceiver.h index 0899891cdb..a2ecbf825a 100644 --- a/src/include/replication/walreceiver.h +++ b/src/include/replication/walreceiver.h @@ -223,6 +223,16 @@ typedef struct WalRcvExecResult TupleDesc tupledesc; } WalRcvExecResult; +/* + * Describes the valid options for postgresql FDW, server, and user mapping. + */ +typedef struct ConnectionOption +{ + const char *optname; + bool issecret; /* is option for a password? */ + bool isdebug; /* is option a debug option? */ +} ConnectionOption; + /* WAL receiver - libpqwalreceiver hooks */ /* @@ -250,6 +260,13 @@ typedef WalReceiverConn *(*walrcv_connect_fn) (const char *conninfo, typedef void (*walrcv_check_conninfo_fn) (const char *conninfo, bool must_use_password); +/* + * walrcv_conninfo_options_fn + * + * Return a pointer to a static array of the available options from libpq. + */ +typedef const struct ConnectionOption *(*walrcv_conninfo_options_fn) (void); + /* * walrcv_get_conninfo_fn * @@ -389,6 +406,7 @@ typedef struct WalReceiverFunctionsType { walrcv_connect_fn walrcv_connect; walrcv_check_conninfo_fn walrcv_check_conninfo; + walrcv_conninfo_options_fn walrcv_conninfo_options; walrcv_get_conninfo_fn walrcv_get_conninfo; walrcv_get_senderinfo_fn walrcv_get_senderinfo; walrcv_identify_system_fn walrcv_identify_system; @@ -410,6 +428,8 @@ extern PGDLLIMPORT WalReceiverFunctionsType *WalReceiverFunctions; WalReceiverFunctions->walrcv_connect(conninfo, logical, must_use_password, appname, err) #define walrcv_check_conninfo(conninfo, must_use_password) \ WalReceiverFunctions->walrcv_check_conninfo(conninfo, must_use_password) +#define walrcv_conninfo_options() \ + WalReceiverFunctions->walrcv_conninfo_options() #define walrcv_get_conninfo(conn) \ WalReceiverFunctions->walrcv_get_conninfo(conn) #define walrcv_get_senderinfo(conn, sender_host, sender_port) \ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 1dfe23cc1e..0211531f32 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -688,6 +688,52 @@ DROP SERVER s7; t1 | regress_test_role (8 rows) +-- +-- test pg_conninfo_from_server(). +-- +-- use test validator function (not all libpq options supported) +CREATE FOREIGN DATA WRAPPER regress_connection_fdw + VALIDATOR pg_connection_validator; +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +ERROR: invalid option "client_encoding" +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +ERROR: invalid option "nonsense" +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +ERROR: invalid option "password" +\set VERBOSITY default +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (hsot 'thehost'); -- fail - misspelling +ERROR: invalid option "hsot" +HINT: Perhaps you meant the option "host". +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', port '5432'); +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail +ERROR: invalid option "host" +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password $pwd$'\"$# secret'$pwd$); +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + pg_conninfo_from_server +------------------------------------------------------------------ + host = 'thehost' port = '5432' user = 'role' password = 'secret' +(1 row) + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + pg_conninfo_from_server +---------------------------------------------------------------------------------- + host = 'thehost' port = '5432' user = 'publicuser' password = '\'\\"$# secret\'' +(1 row) + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; +DROP FOREIGN DATA WRAPPER regress_connection_fdw; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index eefb860adc..a8e2edfeee 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -291,6 +291,46 @@ RESET ROLE; DROP SERVER s7; \deu +-- +-- test pg_conninfo_from_server(). +-- + +-- use test validator function (not all libpq options supported) +CREATE FOREIGN DATA WRAPPER regress_connection_fdw + VALIDATOR pg_connection_validator; + +\set VERBOSITY terse +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', client_encoding 'LATIN1'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', nonsense 'asdf'); -- fail +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', password 'secret'); -- fail +\set VERBOSITY default + +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (hsot 'thehost'); -- fail - misspelling + +CREATE SERVER connection_server FOREIGN DATA WRAPPER regress_connection_fdw + OPTIONS (host 'thehost', port '5432'); + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret', host 'otherhost'); -- fail + +CREATE USER MAPPING FOR regress_test_role SERVER connection_server + OPTIONS (user 'role', password 'secret'); +CREATE USER MAPPING FOR PUBLIC SERVER connection_server + OPTIONS (user 'publicuser', password $pwd$'\"$# secret'$pwd$); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role', false); + +SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false); + +DROP USER MAPPING FOR regress_test_role SERVER connection_server; +DROP USER MAPPING FOR PUBLIC SERVER connection_server; +DROP SERVER connection_server; +DROP FOREIGN DATA WRAPPER regress_connection_fdw; + -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; CREATE SERVER s0 FOREIGN DATA WRAPPER dummy; -- 2.34.1 [text/x-patch] v9-0002-CREATE-SUSBCRIPTION-.-SERVER.patch (49.1K, 3-v9-0002-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 5d677ca7654f083280b2634d941e09258fa99c78 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v9 2/3] CREATE SUSBCRIPTION ... SERVER. Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Discussion: https://postgr.es/m/[email protected] Reviewed-by: Ashutosh Bapat --- contrib/postgres_fdw/Makefile | 2 + .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 5 + contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 ++++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 39 +++- src/backend/commands/subscriptioncmds.c | 168 ++++++++++++++++-- src/backend/foreign/foreign.c | 25 +++ src/backend/parser/gram.y | 20 +++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 27 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.c | 2 +- src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/foreign_data.out | 14 ++ src/test/regress/expected/subscription.out | 53 ++++++ src/test/regress/sql/foreign_data.sql | 18 ++ src/test/regress/sql/subscription.sql | 58 ++++++ src/test/subscription/t/001_rep_changes.pl | 60 +++++++ 23 files changed, 601 insertions(+), 33 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index c1b0cad453..c3498ea6b4 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -18,6 +18,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql REGRESS = postgres_fdw +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 8a7a15cc51..ecd0230738 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -270,6 +270,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 2b86d8a6ee..cf7071dbf8 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -39,4 +39,9 @@ tests += { ], 'regress_args': ['--dlpath', meson.build_root() / 'src/test/regress'], }, + 'tap': { + 'tests': [ + 't/010_subscription.pl', + ], + }, } diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 0d8478120d..1c9c12703f 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -254,6 +254,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 0000000000..a39e8fdbba --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d36ff0dc9..6d219145a9 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -94,13 +95,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index c7ace922f9..24538baf98 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index c516c25ac7..5a2eaa803d 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -20,12 +20,15 @@ #include "access/tableam.h" #include "access/xact.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -40,7 +43,7 @@ static List *textarray_to_stringlist(ArrayType *textarray); * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -75,10 +78,36 @@ GetSubscription(Oid subid, bool missing_ok) sub->runasowner = subform->subrunasowner; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver, + true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 75e6cd8ae3..983b5d17fe 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -574,6 +577,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -666,15 +670,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid, true); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -697,8 +726,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subdisableonerr - 1] = BoolGetDatum(opts.disableonerr); values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -719,6 +752,17 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -835,8 +879,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1104,7 +1146,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); /* * Don't allow non-superuser modification of a subscription with @@ -1124,6 +1173,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1244,7 +1295,80 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid, + true); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1455,8 +1579,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1541,9 +1663,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver, true); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1644,6 +1785,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index b4635d6eba..db2cf6780d 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -179,6 +179,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 3460fea56b..c27e0b8b5d 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -10654,6 +10654,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10683,6 +10693,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 9b598caf3c..0ade3150bf 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -3897,7 +3897,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -4003,7 +4003,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4602,7 +4604,7 @@ InitializeLogRepWorker(void) StartTransactionCommand(); oldctx = MemoryContextSwitchTo(ApplyContext); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -4639,6 +4641,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index bc20a025ce..5312008a82 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4634,6 +4634,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4705,10 +4706,12 @@ getSubscriptions(Archive *fout) LOGICALREP_ORIGIN_ANY); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) - appendPQExpBufferStr(query, " o.remote_lsn AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" " s.subenabled\n"); else - appendPQExpBufferStr(query, " NULL AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" " false AS subenabled\n"); appendPQExpBufferStr(query, @@ -4716,6 +4719,8 @@ getSubscriptions(Archive *fout) if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4741,6 +4746,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4760,7 +4766,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -4986,9 +4995,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index f0772d2157..849950e470 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -659,6 +659,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index ada711d02f..616c90c48b 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3327,7 +3327,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index ab206bad7d..01141febb5 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -93,9 +93,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW bool subrunasowner; /* True if replication should execute as the * subscription owner */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -165,7 +167,8 @@ typedef struct Subscription */ #define LOGICALREP_STREAM_PARALLEL 'p' -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index b5b9b97f4d..a2f04ce9af 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -65,6 +65,7 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index b3181f34ae..6d6b242cec 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4041,6 +4041,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4049,6 +4050,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4063,6 +4065,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 0211531f32..30aa23a8ff 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -733,6 +733,20 @@ SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false) DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER regress_connection_fdw; -- ERROR: no permissions on FDW +ERROR: permission denied for foreign-data wrapper regress_connection_fdw +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER regress_connection_fdw; +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails +ERROR: schema "bar" does not exist +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_connection_fdw FROM regress_test_role; DROP FOREIGN DATA WRAPPER regress_connection_fdw; -- CREATE FOREIGN TABLE CREATE SCHEMA foreign_schema; diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b15eddbff3..b0a1a3cc26 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -144,6 +144,59 @@ ERROR: could not connect to the publisher: invalid port number: "-1" ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_testsub6; +-- test using a server object instead of connection string +RESET SESSION AUTHORIZATION; +CREATE FOREIGN DATA WRAPPER regress_connection_fdw + VALIDATOR pg_connection_validator; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER regress_connection_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 + OPTIONS (password 'secret'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fails +ERROR: permission denied for foreign server regress_testserver1 +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +RESET SESSION AUTHORIZATION; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; -- fails +ERROR: subscription owner "regress_subscription_user3" does not have permission on foreign server "regress_testserver1" +GRANT USAGE ON FOREIGN SERVER regress_testserver1 TO regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver3 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver3 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3; +DROP SERVER regress_testserver3; +DROP FOREIGN DATA WRAPPER regress_fdw; +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; +DROP SERVER regress_testserver1; +DROP FOREIGN DATA WRAPPER regress_connection_fdw; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Synchronous commit | Conninfo | Skip LSN diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index a8e2edfeee..7956705217 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -329,6 +329,24 @@ SELECT pg_conninfo_from_server('connection_server', 'regress_test_role2', false) DROP USER MAPPING FOR regress_test_role SERVER connection_server; DROP USER MAPPING FOR PUBLIC SERVER connection_server; DROP SERVER connection_server; + +SET ROLE regress_test_role; +CREATE SERVER t3 FOREIGN DATA WRAPPER regress_connection_fdw; -- ERROR: no permissions on FDW +RESET ROLE; +GRANT USAGE ON FOREIGN DATA WRAPPER regress_connection_fdw TO regress_test_role; +SET ROLE regress_test_role; + +CREATE SERVER t3 FOREIGN DATA WRAPPER regress_connection_fdw; + +IMPORT FOREIGN SCHEMA foo FROM SERVER t3 INTO bar; -- fails + +CREATE USER MAPPING FOR PUBLIC SERVER t3 OPTIONS (user 'x', password 'secret'); +DROP USER MAPPING FOR PUBLIC SERVER t3; +DROP SERVER t3; + +RESET ROLE; +REVOKE USAGE ON FOREIGN DATA WRAPPER regress_connection_fdw FROM regress_test_role; + DROP FOREIGN DATA WRAPPER regress_connection_fdw; -- CREATE FOREIGN TABLE diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 444e563ff3..4d44f141b7 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -88,6 +88,64 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; +RESET SESSION AUTHORIZATION; +GRANT CREATE ON DATABASE REGRESSION TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +-- test using a server object instead of connection string + +RESET SESSION AUTHORIZATION; +CREATE FOREIGN DATA WRAPPER regress_connection_fdw + VALIDATOR pg_connection_validator; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER regress_connection_fdw; +CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_connection_fdw; +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 + OPTIONS (password 'secret'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fails +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +RESET SESSION AUTHORIZATION; + +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; -- fails +GRANT USAGE ON FOREIGN SERVER regress_testserver1 TO regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2; +DROP SERVER regress_testserver2; + +-- test an FDW with no validator +CREATE FOREIGN DATA WRAPPER regress_fdw; +CREATE SERVER regress_testserver3 FOREIGN DATA WRAPPER regress_fdw + OPTIONS (abc 'xyz'); +CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3 + OPTIONS (password 'secret'); +GRANT USAGE ON FOREIGN SERVER regress_testserver3 TO regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_subscription_user3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver3; +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver1; + +RESET SESSION AUTHORIZATION; +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3; +DROP SERVER regress_testserver3; +DROP FOREIGN DATA WRAPPER regress_fdw; + +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; +DROP SERVER regress_testserver1; +DROP FOREIGN DATA WRAPPER regress_connection_fdw; +REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user; + \dRs+ ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 9ccebd890a..8653423d08 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -27,6 +27,8 @@ $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT generate_series(1,1002) AS a"); +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins2 AS SELECT generate_series(1,1002) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); @@ -65,6 +67,7 @@ $node_publisher->safe_psql('postgres', # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_notrep (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int)"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins2 (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full (a int)"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_full2 (x text)"); $node_subscriber->safe_psql('postgres', @@ -110,6 +113,25 @@ $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr' PUBLICATION tap_pub, tap_pub_ins_only" ); +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN DATA WRAPPER test_connection_fdw VALIDATOR pg_connection_validator" +); +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER test_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_sub2_server" +); + +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_simple_pub FOR TABLE tab_ins2"); + +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub2 SERVER tap_sub2_server PUBLICATION tap_simple_pub WITH (password_required=false)" +); + # Wait for initial table sync to finish $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); @@ -121,11 +143,22 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check initial data was copied to subscriber'); +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins2"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 CONNECTION '$publisher_connstr'"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_ins WHERE a > 20"); $node_publisher->safe_psql('postgres', "UPDATE tab_ins SET a = -a"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1,50)"); + +$node_subscriber->safe_psql('postgres', "ALTER SUBSCRIPTION tap_sub2 SERVER tap_sub2_server"); + $node_publisher->safe_psql('postgres', "INSERT INTO tab_rep SELECT generate_series(1,50)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep WHERE a > 20"); @@ -158,6 +191,10 @@ $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_ins"); is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1052|1|1002), 'check replicated inserts on subscriber'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), 'check replicated changes on subscriber'); @@ -449,10 +486,27 @@ $node_publisher->poll_query_until('postgres', or die "Timed out while waiting for apply to restart after changing PUBLICATION"; +# test that changes to a foreign server subscription cause the worker +# to restart +$oldpid = $node_publisher->safe_psql('postgres', + "SELECT pid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" +); +$node_subscriber->safe_psql('postgres', + "ALTER SERVER tap_sub2_server OPTIONS (sslmode 'disable')" +); +$node_publisher->poll_query_until('postgres', + "SELECT pid != $oldpid FROM pg_stat_replication WHERE application_name = 'tap_sub2' AND state = 'streaming';" + ) + or die + "Timed out while waiting for apply to restart after changing PUBLICATION"; + $node_publisher->safe_psql('postgres', "INSERT INTO tab_ins SELECT generate_series(1001,1100)"); $node_publisher->safe_psql('postgres', "DELETE FROM tab_rep"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins2 SELECT generate_series(1001,1100)"); + # Restart the publisher and check the state of the subscriber which # should be in a streaming state after catching up. $node_publisher->stop('fast'); @@ -465,6 +519,11 @@ $result = $node_subscriber->safe_psql('postgres', is($result, qq(1152|1|1100), 'check replicated inserts after subscription publication change'); +$result = $node_subscriber->safe_psql('postgres', + "SELECT count(*), min(a), max(a) FROM tab_ins2"); +is($result, qq(1152|1|1100), + 'check replicated inserts after subscription publication change'); + $result = $node_subscriber->safe_psql('postgres', "SELECT count(*), min(a), max(a) FROM tab_rep"); is($result, qq(20|-20|-1), @@ -533,6 +592,7 @@ $node_publisher->poll_query_until('postgres', # check all the cleanup $node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub_renamed"); +$node_subscriber->safe_psql('postgres', "DROP SUBSCRIPTION tap_sub2"); $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM pg_subscription"); -- 2.34.1 [text/x-patch] v9-0003-Introduce-pg_create_connection-predefined-role.patch (31.4K, 4-v9-0003-Introduce-pg_create_connection-predefined-role.patch) download | inline diff: From bc3cbaac821d10dc33f2b64843a83c1af13ecbe2 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:13:54 -0800 Subject: [PATCH v9 3/3] Introduce pg_create_connection predefined role. In addition to pg_create_subscription, membership in this role is necessary to create a subscription with a connection string (CREATE SUBSCRIPTION ... CONNECTION '...'). The pg_create_subscription role is a member of pg_create_connection, so by default pg_create_subscription has the same capability as before. An administrator may revoke pg_create_connection from pg_create_subscription, which will enable the privileges to be separated. That is, permit CREATE SUBSCRIPTION ... SERVER, but not permit CREATE SUBSCRIPTION ... CONNECTION. Discussion: https://postgr.es/m/[email protected] --- .../postgres_fdw/expected/postgres_fdw.out | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 2 +- contrib/postgres_fdw/t/010_subscription.pl | 2 +- doc/src/sgml/ref/alter_server.sgml | 14 ++++++ doc/src/sgml/ref/alter_subscription.sgml | 4 +- doc/src/sgml/ref/create_server.sgml | 14 ++++++ doc/src/sgml/ref/create_subscription.sgml | 4 +- doc/src/sgml/user-manag.sgml | 12 ++++- src/backend/catalog/system_functions.sql | 2 + src/backend/commands/foreigncmds.c | 31 ++++++++++++ src/backend/commands/subscriptioncmds.c | 31 ++++++++++-- src/backend/foreign/foreign.c | 1 + src/backend/parser/gram.y | 30 ++++++++++-- src/include/catalog/pg_authid.dat | 5 ++ src/include/catalog/pg_foreign_server.h | 1 + src/include/foreign/foreign.h | 1 + src/include/nodes/parsenodes.h | 3 ++ src/test/regress/expected/subscription.out | 47 +++++++++++++++++-- src/test/regress/sql/subscription.sql | 47 +++++++++++++++++-- src/test/subscription/t/001_rep_changes.pl | 2 +- 20 files changed, 234 insertions(+), 21 deletions(-) diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index ecd0230738..eec57c0aa6 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -2,7 +2,7 @@ -- create FDW objects -- =================================================================== CREATE EXTENSION postgres_fdw; -CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw; +CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw FOR SUBSCRIPTION; DO $d$ BEGIN EXECUTE $$CREATE SERVER loopback FOREIGN DATA WRAPPER postgres_fdw diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 1c9c12703f..c35e974a94 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -4,7 +4,7 @@ CREATE EXTENSION postgres_fdw; -CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw; +CREATE SERVER testserver1 FOREIGN DATA WRAPPER postgres_fdw FOR SUBSCRIPTION; DO $d$ BEGIN EXECUTE $$CREATE SERVER loopback FOREIGN DATA WRAPPER postgres_fdw diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl index a39e8fdbba..3ae2b6da4a 100644 --- a/contrib/postgres_fdw/t/010_subscription.pl +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -38,7 +38,7 @@ $node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab my $publisher_host = $node_publisher->host; my $publisher_port = $node_publisher->port; $node_subscriber->safe_psql('postgres', - "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw FOR SUBSCRIPTION OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" ); $node_subscriber->safe_psql('postgres', diff --git a/doc/src/sgml/ref/alter_server.sgml b/doc/src/sgml/ref/alter_server.sgml index 467bf85589..1a4227e548 100644 --- a/doc/src/sgml/ref/alter_server.sgml +++ b/doc/src/sgml/ref/alter_server.sgml @@ -22,6 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> ALTER SERVER <replaceable class="parameter">name</replaceable> [ VERSION '<replaceable class="parameter">new_version</replaceable>' ] + [ { FOR | NO } SUBSCRIPTION ] [ OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ] ) ] ALTER SERVER <replaceable class="parameter">name</replaceable> OWNER TO { <replaceable>new_owner</replaceable> | CURRENT_ROLE | CURRENT_USER | SESSION_USER } ALTER SERVER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable> @@ -70,6 +71,19 @@ ALTER SERVER <replaceable class="parameter">name</replaceable> RENAME TO <replac </listitem> </varlistentry> + <varlistentry> + <term><literal>{ FOR | NO } SUBSCRIPTION</literal></term> + <listitem> + <para> + This clause specifies whether the foreign server may be used for a + subscription (see <xref linkend="sql-createsubscription"/>). The default + is <literal>NO SUBSCRIPTION</literal>. Only members of the role + <literal>pg_create_connection</literal> may specify <literal>FOR + SUBSCRIPTION</literal>. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 6d219145a9..513f54c4b4 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -101,7 +101,9 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < <para> This clause replaces the foreign server or connection string originally set by <xref linkend="sql-createsubscription"/> with the foreign server - <replaceable>servername</replaceable>. + <replaceable>servername</replaceable>. The foreign server must have been + created with <literal>FOR SUBSCRIPTION</literal> (see <xref + linkend="sql-createserver"/>). </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_server.sgml b/doc/src/sgml/ref/create_server.sgml index 05f4019453..913cebabf2 100644 --- a/doc/src/sgml/ref/create_server.sgml +++ b/doc/src/sgml/ref/create_server.sgml @@ -23,6 +23,7 @@ PostgreSQL documentation <synopsis> CREATE SERVER [ IF NOT EXISTS ] <replaceable class="parameter">server_name</replaceable> [ TYPE '<replaceable class="parameter">server_type</replaceable>' ] [ VERSION '<replaceable class="parameter">server_version</replaceable>' ] FOREIGN DATA WRAPPER <replaceable class="parameter">fdw_name</replaceable> + [ { FOR | NO } SUBSCRIPTION ] [ OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] ) ] </synopsis> </refsynopsisdiv> @@ -104,6 +105,19 @@ CREATE SERVER [ IF NOT EXISTS ] <replaceable class="parameter">server_name</repl </listitem> </varlistentry> + <varlistentry> + <term><literal>{ FOR | NO } SUBSCRIPTION</literal></term> + <listitem> + <para> + This clause specifies whether the foreign server may be used for a + subscription (see <xref linkend="sql-createsubscription"/>). The default + is <literal>NO SUBSCRIPTION</literal>. Only members of the role + <literal>pg_create_connection</literal> may specify <literal>FOR + SUBSCRIPTION</literal>. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 24538baf98..f80a027ddc 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -81,7 +81,9 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> <listitem> <para> - A foreign server to use for the connection. + A foreign server to use for the connection. The foreign server must have + been created with <literal>FOR SUBSCRIPTION</literal> (see <xref + linkend="sql-createserver"/>). </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 1c011ac62b..da1a37e60b 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -687,11 +687,19 @@ DROP ROLE doomed_role; <entry>Allow use of connection slots reserved via <xref linkend="guc-reserved-connections"/>.</entry> </row> + <row> + <entry>pg_create_connection</entry> + <entry>Allow users to specify a connection string directly in <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>.</entry> + </row> <row> <entry>pg_create_subscription</entry> <entry>Allow users with <literal>CREATE</literal> permission on the - database to issue - <link linkend="sql-createsubscription"><command>CREATE SUBSCRIPTION</command></link>.</entry> + database to issue <link + linkend="sql-createsubscription"><command>CREATE + SUBSCRIPTION</command></link>. This role is a member of + <literal>pg_create_connection</literal>.</entry> </row> </tbody> </tgroup> diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index f315fecf18..73512688de 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -781,3 +781,5 @@ GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; GRANT pg_stat_scan_tables TO pg_monitor; + +GRANT pg_create_connection TO pg_create_subscription; diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index cf61bbac1f..f76689b8a7 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -21,6 +21,7 @@ #include "catalog/dependency.h" #include "catalog/indexing.h" #include "catalog/objectaccess.h" +#include "catalog/pg_authid_d.h" #include "catalog/pg_foreign_data_wrapper.h" #include "catalog/pg_foreign_server.h" #include "catalog/pg_foreign_table.h" @@ -923,6 +924,18 @@ CreateForeignServer(CreateForeignServerStmt *stmt) else nulls[Anum_pg_foreign_server_srvversion - 1] = true; + if (stmt->forsubscription) + { + if (!has_privs_of_role(ownerId, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create server for subscription"), + errdetail("Only roles with privileges of the \"%s\" role may create foreign servers with FOR SUBSCRIPTION specified.", + "pg_create_subscription"))); + + values[Anum_pg_foreign_server_srvforsubscription - 1] = true; + } + /* Start with a blank acl */ nulls[Anum_pg_foreign_server_srvacl - 1] = true; @@ -979,6 +992,7 @@ AlterForeignServer(AlterForeignServerStmt *stmt) bool repl_null[Natts_pg_foreign_server]; bool repl_repl[Natts_pg_foreign_server]; Oid srvId; + bool forsubscription; Form_pg_foreign_server srvForm; ObjectAddress address; @@ -1020,6 +1034,23 @@ AlterForeignServer(AlterForeignServerStmt *stmt) repl_repl[Anum_pg_foreign_server_srvversion - 1] = true; } + if (stmt->has_forsubscription) + { + repl_val[Anum_pg_foreign_server_srvforsubscription - 1] = stmt->forsubscription; + repl_repl[Anum_pg_foreign_server_srvforsubscription - 1] = true; + forsubscription = stmt->forsubscription; + } + else + forsubscription = srvForm->srvforsubscription; + + if (forsubscription && + !has_privs_of_role(srvForm->srvowner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to alter server for subscription"), + errdetail("Only roles with privileges of the \"%s\" role may alter foreign servers with FOR SUBSCRIPTION specified.", + "pg_create_connection"))); + if (stmt->options) { ForeignDataWrapper *fdw = GetForeignDataWrapper(srvForm->srvfdw); diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 983b5d17fe..1e0c2e5b99 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -608,9 +608,9 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, PreventInTransactionBlock(isTopLevel, "CREATE SUBSCRIPTION ... WITH (create_slot = true)"); /* - * We don't want to allow unprivileged users to be able to trigger - * attempts to access arbitrary network destinations, so require the user - * to have been specifically authorized to create subscriptions. + * We don't want to allow unprivileged users to utilize the resources that + * a subscription requires (such as a background worker), so require the + * user to have been specifically authorized to create subscriptions. */ if (!has_privs_of_role(owner, ROLE_PG_CREATE_SUBSCRIPTION)) ereport(ERROR, @@ -685,6 +685,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (aclresult != ACLCHECK_OK) aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + if (!server->forsubscription) + ereport(ERROR, + (errmsg("foreign server \"%s\" not usable for subscription", + server->servername), + errhint("Specify FOR SUBSCRIPTION when creating the foreign server."))); + /* make sure a user mapping exists */ GetUserMapping(owner, server->serverid); @@ -695,6 +701,19 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, { Assert(stmt->conninfo); + /* + * We don't want to allow unprivileged users to be able to trigger + * attempts to access arbitrary network destinations, so require the user + * to have been specifically authorized to create connections. + */ + if (!has_privs_of_role(owner, ROLE_PG_CREATE_CONNECTION)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("permission denied to create subscription with a connection string"), + errdetail("Only roles with privileges of the \"%s\" role may create subscriptions with CONNECTION specified.", + "pg_create_connection"), + errhint("Create a subscription to a foreign server by specifying SERVER instead."))); + serverid = InvalidOid; conninfo = stmt->conninfo; } @@ -1334,6 +1353,12 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, GetUserNameFromId(form->subowner, false), ForeignServerName(new_server->serverid)))); + if (!new_server->forsubscription) + ereport(ERROR, + (errmsg("foreign server \"%s\" not usable for subscription", + new_server->servername), + errhint("Specify FOR SUBSCRIPTION when creating the foreign server."))); + /* make sure a user mapping exists */ GetUserMapping(form->subowner, new_server->serverid); diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index db2cf6780d..8606d57b39 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -148,6 +148,7 @@ GetForeignServerExtended(Oid serverid, bits16 flags) server->servername = pstrdup(NameStr(serverform->srvname)); server->owner = serverform->srvowner; server->fdwid = serverform->srvfdw; + server->forsubscription = serverform->srvforsubscription; /* Extract server type */ datum = SysCacheGetAttr(FOREIGNSERVEROID, diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index c27e0b8b5d..3abcebd8b3 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -366,6 +366,7 @@ static Node *makeRecursiveViewSelect(char *relname, List *aliases, Node *query); %type <str> opt_type %type <str> foreign_server_version opt_foreign_server_version +%type <boolean> for_subscription opt_for_subscription %type <str> opt_in_database %type <str> parameter_name @@ -5397,7 +5398,7 @@ generic_option_arg: *****************************************************************************/ CreateForeignServerStmt: CREATE SERVER name opt_type opt_foreign_server_version - FOREIGN DATA_P WRAPPER name create_generic_options + FOREIGN DATA_P WRAPPER name opt_for_subscription create_generic_options { CreateForeignServerStmt *n = makeNode(CreateForeignServerStmt); @@ -5405,12 +5406,13 @@ CreateForeignServerStmt: CREATE SERVER name opt_type opt_foreign_server_version n->servertype = $4; n->version = $5; n->fdwname = $9; - n->options = $10; + n->forsubscription = $10; + n->options = $11; n->if_not_exists = false; $$ = (Node *) n; } | CREATE SERVER IF_P NOT EXISTS name opt_type opt_foreign_server_version - FOREIGN DATA_P WRAPPER name create_generic_options + FOREIGN DATA_P WRAPPER name opt_for_subscription create_generic_options { CreateForeignServerStmt *n = makeNode(CreateForeignServerStmt); @@ -5418,7 +5420,8 @@ CreateForeignServerStmt: CREATE SERVER name opt_type opt_foreign_server_version n->servertype = $7; n->version = $8; n->fdwname = $12; - n->options = $13; + n->forsubscription = $13; + n->options = $14; n->if_not_exists = true; $$ = (Node *) n; } @@ -5440,6 +5443,16 @@ opt_foreign_server_version: | /*EMPTY*/ { $$ = NULL; } ; +for_subscription: + FOR SUBSCRIPTION { $$ = true; } + | NO SUBSCRIPTION { $$ = false; } + ; + +opt_for_subscription: + for_subscription { $$ = $1; } + | /*EMPTY*/ { $$ = false; } + ; + /***************************************************************************** * * QUERY : @@ -5457,6 +5470,15 @@ AlterForeignServerStmt: ALTER SERVER name foreign_server_version alter_generic_o n->has_version = true; $$ = (Node *) n; } + | ALTER SERVER name for_subscription + { + AlterForeignServerStmt *n = makeNode(AlterForeignServerStmt); + + n->servername = $3; + n->forsubscription = $4; + n->has_forsubscription = true; + $$ = (Node *) n; + } | ALTER SERVER name foreign_server_version { AlterForeignServerStmt *n = makeNode(AlterForeignServerStmt); diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat index 82a2ec2862..dcfad7a0c0 100644 --- a/src/include/catalog/pg_authid.dat +++ b/src/include/catalog/pg_authid.dat @@ -94,5 +94,10 @@ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', rolpassword => '_null_', rolvaliduntil => '_null_' }, +{ oid => '6122', oid_symbol => 'ROLE_PG_CREATE_CONNECTION', + rolname => 'pg_create_connection', rolsuper => 'f', rolinherit => 't', + rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', + rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', + rolpassword => '_null_', rolvaliduntil => '_null_' }, ] diff --git a/src/include/catalog/pg_foreign_server.h b/src/include/catalog/pg_foreign_server.h index a4b81936b0..6736af24f5 100644 --- a/src/include/catalog/pg_foreign_server.h +++ b/src/include/catalog/pg_foreign_server.h @@ -31,6 +31,7 @@ CATALOG(pg_foreign_server,1417,ForeignServerRelationId) NameData srvname; /* foreign server name */ Oid srvowner BKI_LOOKUP(pg_authid); /* server owner */ Oid srvfdw BKI_LOOKUP(pg_foreign_data_wrapper); /* server FDW */ + bool srvforsubscription BKI_DEFAULT(f); /* usable for subscription */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ text srvtype; diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index a2f04ce9af..e1d93c26ba 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -36,6 +36,7 @@ typedef struct ForeignServer Oid serverid; /* server Oid */ Oid fdwid; /* foreign-data wrapper */ Oid owner; /* server owner user Oid */ + bool forsubscription; /* usable for a subscription */ char *servername; /* name of the server */ char *servertype; /* server type, optional */ char *serverversion; /* server version, optional */ diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 6d6b242cec..00547bbd88 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -2726,6 +2726,7 @@ typedef struct CreateForeignServerStmt char *version; /* optional server version */ char *fdwname; /* FDW name */ bool if_not_exists; /* just do nothing if it already exists? */ + bool forsubscription; /* usable for subscription */ List *options; /* generic options to server */ } CreateForeignServerStmt; @@ -2734,8 +2735,10 @@ typedef struct AlterForeignServerStmt NodeTag type; char *servername; /* server name */ char *version; /* optional server version */ + bool forsubscription; /* usable for subscription */ List *options; /* generic options to server */ bool has_version; /* version specified */ + bool has_forsubscription; /* [FOR|NO] SUBSCRIPTION specified */ } AlterForeignServerStmt; /* ---------------------- diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b0a1a3cc26..5bd812b393 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -153,19 +153,58 @@ HINT: To initiate replication, you must manually create the replication slot, e DROP SUBSCRIPTION regress_testsub6; -- test using a server object instead of connection string RESET SESSION AUTHORIZATION; +CREATE ROLE regress_connection_role; CREATE FOREIGN DATA WRAPPER regress_connection_fdw VALIDATOR pg_connection_validator; -CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER regress_connection_fdw; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER regress_connection_fdw + FOR SUBSCRIPTION; CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_connection_fdw; +ALTER SERVER regress_testserver1 OWNER TO regress_connection_role; +ALTER SERVER regress_testserver2 OWNER TO regress_connection_role; CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 OPTIONS (password 'secret'); CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +REVOKE pg_create_connection FROM pg_create_subscription; SET SESSION AUTHORIZATION regress_subscription_user3; +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: permission denied to create subscription with a connection string +DETAIL: Only roles with privileges of the "pg_create_connection" role may create subscriptions with CONNECTION specified. +HINT: Create a subscription to a foreign server by specifying SERVER instead. CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub - WITH (slot_name = NONE, connect = false); -- fails + WITH (slot_name = NONE, connect = false); -- fail - no USAGE ERROR: permission denied for foreign server regress_testserver1 +RESET SESSION AUTHORIZATION; +GRANT USAGE ON FOREIGN SERVER regress_testserver1 TO regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver2; -- fail - not FOR SUBSCRIPTION +ERROR: foreign server "regress_testserver2" not usable for subscription +HINT: Specify FOR SUBSCRIPTION when creating the foreign server. +DROP SUBSCRIPTION regress_testsub6; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fail - not FOR SUBSCRIPTION +ERROR: foreign server "regress_testserver2" not usable for subscription +HINT: Specify FOR SUBSCRIPTION when creating the foreign server. +RESET SESSION AUTHORIZATION; +REVOKE USAGE ON FOREIGN SERVER regress_testserver1 FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; -- fails - need pg_create_connection +ERROR: permission denied to alter server for subscription +DETAIL: Only roles with privileges of the "pg_create_connection" role may alter foreign servers with FOR SUBSCRIPTION specified. +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO regress_connection_role; +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; +SET SESSION AUTHORIZATION regress_subscription_user3; CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub WITH (slot_name = NONE, connect = false); WARNING: subscription was created, but is not connected @@ -180,7 +219,7 @@ DROP SERVER regress_testserver2; -- test an FDW with no validator CREATE FOREIGN DATA WRAPPER regress_fdw; CREATE SERVER regress_testserver3 FOREIGN DATA WRAPPER regress_fdw - OPTIONS (abc 'xyz'); + FOR SUBSCRIPTION OPTIONS (abc 'xyz'); CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3 OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver3 TO regress_subscription_user3; @@ -196,6 +235,8 @@ DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; DROP SERVER regress_testserver1; DROP FOREIGN DATA WRAPPER regress_connection_fdw; REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; +-- re-grant pg_create_connection to pg_create_subscription +GRANT pg_create_connection TO pg_create_subscription; SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ List of subscriptions diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index 4d44f141b7..068a8f8c47 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -98,19 +98,56 @@ DROP SUBSCRIPTION regress_testsub6; -- test using a server object instead of connection string RESET SESSION AUTHORIZATION; +CREATE ROLE regress_connection_role; CREATE FOREIGN DATA WRAPPER regress_connection_fdw VALIDATOR pg_connection_validator; -CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER regress_connection_fdw; +CREATE SERVER regress_testserver1 FOREIGN DATA WRAPPER regress_connection_fdw + FOR SUBSCRIPTION; CREATE SERVER regress_testserver2 FOREIGN DATA WRAPPER regress_connection_fdw; +ALTER SERVER regress_testserver1 OWNER TO regress_connection_role; +ALTER SERVER regress_testserver2 OWNER TO regress_connection_role; CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1 OPTIONS (password 'secret'); CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver2 OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver2 TO regress_subscription_user3; +-- temporarily revoke pg_create_connection from pg_create_subscription +-- to test that CREATE SUBSCRIPTION ... CONNECTION fails +REVOKE pg_create_connection FROM pg_create_subscription; + +SET SESSION AUTHORIZATION regress_subscription_user3; + +-- fail - not a member of pg_create_connection, cannot use CONNECTION +CREATE SUBSCRIPTION regress_testsub6 CONNECTION 'dbname=regress_doesnotexist password=regress_fakepassword' PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fail - no USAGE + +RESET SESSION AUTHORIZATION; +GRANT USAGE ON FOREIGN SERVER regress_testserver1 TO regress_subscription_user3; SET SESSION AUTHORIZATION regress_subscription_user3; + CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver1 PUBLICATION testpub - WITH (slot_name = NONE, connect = false); -- fails + WITH (slot_name = NONE, connect = false); +ALTER SUBSCRIPTION regress_testsub6 SERVER regress_testserver2; -- fail - not FOR SUBSCRIPTION +DROP SUBSCRIPTION regress_testsub6; +CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub + WITH (slot_name = NONE, connect = false); -- fail - not FOR SUBSCRIPTION + +RESET SESSION AUTHORIZATION; +REVOKE USAGE ON FOREIGN SERVER regress_testserver1 FROM regress_subscription_user3; +SET SESSION AUTHORIZATION regress_subscription_user3; + +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; -- fails - need pg_create_connection +RESET SESSION AUTHORIZATION; +GRANT pg_create_connection TO regress_connection_role; +SET SESSION AUTHORIZATION regress_connection_role; +ALTER SERVER regress_testserver2 FOR SUBSCRIPTION; + +SET SESSION AUTHORIZATION regress_subscription_user3; + CREATE SUBSCRIPTION regress_testsub6 SERVER regress_testserver2 PUBLICATION testpub WITH (slot_name = NONE, connect = false); RESET SESSION AUTHORIZATION; @@ -124,7 +161,7 @@ DROP SERVER regress_testserver2; -- test an FDW with no validator CREATE FOREIGN DATA WRAPPER regress_fdw; CREATE SERVER regress_testserver3 FOREIGN DATA WRAPPER regress_fdw - OPTIONS (abc 'xyz'); + FOR SUBSCRIPTION OPTIONS (abc 'xyz'); CREATE USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver3 OPTIONS (password 'secret'); GRANT USAGE ON FOREIGN SERVER regress_testserver3 TO regress_subscription_user3; @@ -144,6 +181,10 @@ DROP USER MAPPING FOR regress_subscription_user3 SERVER regress_testserver1; DROP SERVER regress_testserver1; DROP FOREIGN DATA WRAPPER regress_connection_fdw; REVOKE CREATE ON DATABASE regression FROM regress_subscription_user3; + +-- re-grant pg_create_connection to pg_create_subscription +GRANT pg_create_connection TO pg_create_subscription; + SET SESSION AUTHORIZATION regress_subscription_user; \dRs+ diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 8653423d08..81861f77e1 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -119,7 +119,7 @@ $node_subscriber->safe_psql('postgres', "CREATE FOREIGN DATA WRAPPER test_connection_fdw VALIDATOR pg_connection_validator" ); $node_subscriber->safe_psql('postgres', - "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER test_connection_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" + "CREATE SERVER tap_sub2_server FOREIGN DATA WRAPPER test_connection_fdw FOR SUBSCRIPTION OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" ); $node_subscriber->safe_psql('postgres', -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-29 17:41 Bharath Rupireddy <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Bharath Rupireddy @ 2024-01-29 17:41 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, Jan 24, 2024 at 7:15 AM Jeff Davis <[email protected]> wrote: > > On Tue, 2024-01-23 at 15:21 +0530, Ashutosh Bapat wrote: > > I am with the prefix. The changes it causes make review difficult. If > > you can separate those changes into a patch that will help. > > I ended up just removing the dummy FDW. Real users are likely to want > to use postgres_fdw, and if not, it's easy enough to issue a CREATE > FOREIGN DATA WRAPPER. Or I can bring it back if desired. > > Updated patch set (patches are renumbered): > > * removed dummy FDW and test churn > * made a new pg_connection_validator function which leaves > postgresql_fdw_validator in place. (I didn't document the new function > -- should I?) > * included your tests improvements > * removed dependency from the subscription to the user mapping -- we > don't depend on the user mapping for foreign tables, so we shouldn't > depend on them here. Of course a change to a user mapping still > invalidates the subscription worker and it will restart. > * general cleanup > > Overall it's simpler and hopefully easier to review. The patch to > introduce the pg_create_connection role could use some more discussion, > but I believe 0001 and 0002 are nearly ready. Thanks for the patches. I have some comments on v9-0001: 1. +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); + pg_conninfo_from_server +----------------------------------- + user = 'value' password = 'value' Isn't this function an unsafe one as it shows the password? I don't see its access being revoked from the public. If it seems important for one to understand how the server forms a connection string by gathering bits and pieces from foreign server and user mapping, why can't it look for the password in the result string and mask it before returning it as output? 2. + */ +typedef const struct ConnectionOption *(*walrcv_conninfo_options_fn) (void); + struct here is unnecessary as the structure definition of ConnectionOption is typedef-ed already. 3. + OPTIONS (user 'publicuser', password $pwd$'\"$# secret'$pwd$); Is pwd here present working directory name? If yes, isn't it going to be different on BF animals making test output unstable? 4. -struct ConnectionOption +struct TestConnectionOption { How about say PgFdwConnectionOption instead of TestConnectionOption? 5. Comment #4 makes me think - why not get rid of postgresql_fdw_validator altogether and use pg_connection_validator instead for testing purposes? The tests don't complain much, see the patch Remove-deprecated-postgresql_fdw_validator.diff created on top of v9-0001. I'll continue to review the other patches. -- Bharath Rupireddy PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-29 17:47 Bharath Rupireddy <[email protected]> parent: Bharath Rupireddy <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Bharath Rupireddy @ 2024-01-29 17:47 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, Jan 29, 2024 at 11:11 PM Bharath Rupireddy <[email protected]> wrote: > > On Wed, Jan 24, 2024 at 7:15 AM Jeff Davis <[email protected]> wrote: > > > > On Tue, 2024-01-23 at 15:21 +0530, Ashutosh Bapat wrote: > > > I am with the prefix. The changes it causes make review difficult. If > > > you can separate those changes into a patch that will help. > > > > I ended up just removing the dummy FDW. Real users are likely to want > > to use postgres_fdw, and if not, it's easy enough to issue a CREATE > > FOREIGN DATA WRAPPER. Or I can bring it back if desired. > > > > Updated patch set (patches are renumbered): > > > > * removed dummy FDW and test churn > > * made a new pg_connection_validator function which leaves > > postgresql_fdw_validator in place. (I didn't document the new function > > -- should I?) > > * included your tests improvements > > * removed dependency from the subscription to the user mapping -- we > > don't depend on the user mapping for foreign tables, so we shouldn't > > depend on them here. Of course a change to a user mapping still > > invalidates the subscription worker and it will restart. > > * general cleanup > > > > Overall it's simpler and hopefully easier to review. The patch to > > introduce the pg_create_connection role could use some more discussion, > > but I believe 0001 and 0002 are nearly ready. > > Thanks for the patches. I have some comments on v9-0001: > > 1. > +SELECT pg_conninfo_from_server('testserver1', CURRENT_USER, false); > + pg_conninfo_from_server > +----------------------------------- > + user = 'value' password = 'value' > > Isn't this function an unsafe one as it shows the password? I don't > see its access being revoked from the public. If it seems important > for one to understand how the server forms a connection string by > gathering bits and pieces from foreign server and user mapping, why > can't it look for the password in the result string and mask it before > returning it as output? > > 2. > + */ > +typedef const struct ConnectionOption *(*walrcv_conninfo_options_fn) (void); > + > > struct here is unnecessary as the structure definition of > ConnectionOption is typedef-ed already. > > 3. > + OPTIONS (user 'publicuser', password $pwd$'\"$# secret'$pwd$); > > Is pwd here present working directory name? If yes, isn't it going to > be different on BF animals making test output unstable? > > 4. > -struct ConnectionOption > +struct TestConnectionOption > { > > How about say PgFdwConnectionOption instead of TestConnectionOption? > > 5. Comment #4 makes me think - why not get rid of > postgresql_fdw_validator altogether and use pg_connection_validator > instead for testing purposes? The tests don't complain much, see the > patch Remove-deprecated-postgresql_fdw_validator.diff created on top > of v9-0001. > > I'll continue to review the other patches. I forgot to attach the diff patch as specified in comment #5, please find the attached. Sorry for the noise. -- Bharath Rupireddy PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com Attachments: [application/octet-stream] Remove-deprecated-postgresql_fdw_validator.diff (32.2K, 2-Remove-deprecated-postgresql_fdw_validator.diff) download | inline diff: From fc2079981862b0b45259d5c9e27547f571af4762 Mon Sep 17 00:00:00 2001 From: Bharath Rupireddy <[email protected]> Date: Mon, 29 Jan 2024 17:34:35 +0000 Subject: [PATCH] Remove deprecated postgresql_fdw_validator --- src/backend/foreign/foreign.c | 113 ------------- src/include/catalog/pg_proc.dat | 4 - src/test/regress/expected/create_am.out | 2 +- src/test/regress/expected/foreign_data.out | 174 ++++++++++----------- src/test/regress/sql/create_am.sql | 2 +- src/test/regress/sql/foreign_data.sql | 6 +- 6 files changed, 92 insertions(+), 209 deletions(-) diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index b4635d6eba..d83e84c070 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -786,119 +786,6 @@ pg_connection_validator(PG_FUNCTION_ARGS) } -/* - * Describes the valid options for postgresql FDW, server, and user mapping. - */ -struct TestConnectionOption -{ - const char *optname; - Oid optcontext; /* Oid of catalog in which option may appear */ -}; - -/* - * Copied from fe-connect.c PQconninfoOptions. - * - * The list is small - don't bother with bsearch if it stays so. - */ -static const struct TestConnectionOption test_conninfo_options[] = { - {"authtype", ForeignServerRelationId}, - {"service", ForeignServerRelationId}, - {"user", UserMappingRelationId}, - {"password", UserMappingRelationId}, - {"connect_timeout", ForeignServerRelationId}, - {"dbname", ForeignServerRelationId}, - {"host", ForeignServerRelationId}, - {"hostaddr", ForeignServerRelationId}, - {"port", ForeignServerRelationId}, - {"tty", ForeignServerRelationId}, - {"options", ForeignServerRelationId}, - {"requiressl", ForeignServerRelationId}, - {"sslmode", ForeignServerRelationId}, - {"gsslib", ForeignServerRelationId}, - {"gssdelegation", ForeignServerRelationId}, - {NULL, InvalidOid} -}; - - -/* - * Check if the provided option is one of the test conninfo options. - * context is the Oid of the catalog the option came from, or 0 if we - * don't care. - */ -static bool -is_test_conninfo_option(const char *option, Oid context) -{ - const struct TestConnectionOption *opt; - - for (opt = test_conninfo_options; opt->optname; opt++) - if (context == opt->optcontext && strcmp(opt->optname, option) == 0) - return true; - return false; -} - - -/* - * Validate the generic option given to SERVER or USER MAPPING. - * Raise an ERROR if the option or its value is considered invalid. - * - * Valid server options are all libpq conninfo options except - * user and password -- these may only appear in USER MAPPING options. - * - * Caution: this function is deprecated, and is now meant only for testing - * purposes, because the list of options it knows about doesn't necessarily - * square with those known to whichever libpq instance you might be using. - * Inquire of libpq itself, instead. - */ -Datum -postgresql_fdw_validator(PG_FUNCTION_ARGS) -{ - List *options_list = untransformRelOptions(PG_GETARG_DATUM(0)); - Oid catalog = PG_GETARG_OID(1); - - ListCell *cell; - - foreach(cell, options_list) - { - DefElem *def = lfirst(cell); - - if (!is_test_conninfo_option(def->defname, catalog)) - { - const struct TestConnectionOption *opt; - const char *closest_match; - ClosestMatchState match_state; - bool has_valid_options = false; - - /* - * Unknown option specified, complain about it. Provide a hint - * with a valid option that looks similar, if there is one. - */ - initClosestMatch(&match_state, def->defname, 4); - for (opt = test_conninfo_options; opt->optname; opt++) - { - if (catalog == opt->optcontext) - { - has_valid_options = true; - updateClosestMatch(&match_state, opt->optname); - } - } - - closest_match = getClosestMatch(&match_state); - ereport(ERROR, - (errcode(ERRCODE_SYNTAX_ERROR), - errmsg("invalid option \"%s\"", def->defname), - has_valid_options ? closest_match ? - errhint("Perhaps you meant the option \"%s\".", - closest_match) : 0 : - errhint("There are no valid options in this context."))); - - PG_RETURN_BOOL(false); - } - } - - PG_RETURN_BOOL(true); -} - - /* * get_foreign_data_wrapper_oid - given a FDW name, look up the OID * diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 1ea5e03b6c..8a988b5efa 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -7513,10 +7513,6 @@ proargtypes => 'regclass', prosrc => 'pg_relation_filepath' }, { oid => '2316', descr => '(internal)', - proname => 'postgresql_fdw_validator', prorettype => 'bool', - proargtypes => '_text oid', prosrc => 'postgresql_fdw_validator' }, - -{ oid => '6015', descr => '(internal)', proname => 'pg_connection_validator', prorettype => 'bool', proargtypes => '_text oid', prosrc => 'pg_connection_validator' }, diff --git a/src/test/regress/expected/create_am.out b/src/test/regress/expected/create_am.out index b50293d514..f212122c3c 100644 --- a/src/test/regress/expected/create_am.out +++ b/src/test/regress/expected/create_am.out @@ -334,7 +334,7 @@ CREATE TABLE tableam_parted_2_heapx PARTITION OF tableam_parted_heapx FOR VALUES -- sequences, views and foreign servers shouldn't have an AM CREATE VIEW tableam_view_heapx AS SELECT * FROM tableam_tbl_heapx; CREATE SEQUENCE tableam_seq_heapx; -CREATE FOREIGN DATA WRAPPER fdw_heap2 VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER fdw_heap2 VALIDATOR pg_connection_validator; CREATE SERVER fs_heap2 FOREIGN DATA WRAPPER fdw_heap2 ; CREATE FOREIGN table tableam_fdw_heapx () SERVER fs_heap2; -- Verify that new AM was used for tables, matviews, but not for sequences, views and fdws diff --git a/src/test/regress/expected/foreign_data.out b/src/test/regress/expected/foreign_data.out index 0211531f32..169bf5cb99 100644 --- a/src/test/regress/expected/foreign_data.out +++ b/src/test/regress/expected/foreign_data.out @@ -23,13 +23,13 @@ CREATE ROLE regress_test_indirect; CREATE ROLE regress_unprivileged_role; CREATE FOREIGN DATA WRAPPER dummy; COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR pg_connection_validator; -- At this point we should have 2 built-in wrappers and no servers. SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; - fdwname | fdwhandler | fdwvalidator | fdwoptions -------------+------------+--------------------------+------------ - dummy | - | - | - postgresql | - | postgresql_fdw_validator | + fdwname | fdwhandler | fdwvalidator | fdwoptions +------------+------------+-------------------------+------------ + dummy | - | - | + postgresql | - | pg_connection_validator | (2 rows) SELECT srvname, srvoptions FROM pg_foreign_server; @@ -47,12 +47,12 @@ CREATE FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist CREATE FOREIGN DATA WRAPPER foo; \dew - List of foreign-data wrappers - Name | Owner | Handler | Validator -------------+---------------------------+---------+-------------------------- + List of foreign-data wrappers + Name | Owner | Handler | Validator +------------+---------------------------+---------+------------------------- dummy | regress_foreign_data_user | - | - foo | regress_foreign_data_user | - | - - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator + postgresql | regress_foreign_data_user | - | pg_connection_validator (3 rows) CREATE FOREIGN DATA WRAPPER foo; -- duplicate @@ -60,12 +60,12 @@ ERROR: foreign-data wrapper "foo" already exists DROP FOREIGN DATA WRAPPER foo; CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1'); \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+---------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+---------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | (testing '1') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) DROP FOREIGN DATA WRAPPER foo; @@ -74,11 +74,11 @@ ERROR: option "testing" provided more than once CREATE FOREIGN DATA WRAPPER foo OPTIONS (testing '1', another '2'); \dew+ List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+----------------------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | (testing '1', another '2') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) DROP FOREIGN DATA WRAPPER foo; @@ -87,14 +87,14 @@ CREATE FOREIGN DATA WRAPPER foo; -- ERROR ERROR: permission denied to create foreign-data wrapper "foo" HINT: Must be superuser to create a foreign-data wrapper. RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER foo VALIDATOR pg_connection_validator; \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | postgresql_fdw_validator | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+-------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | pg_connection_validator | | | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) -- HANDLER related checks @@ -119,12 +119,12 @@ ALTER FOREIGN DATA WRAPPER foo VALIDATOR bar; -- ERROR ERROR: function bar(text[], oid) does not exist ALTER FOREIGN DATA WRAPPER foo NO VALIDATOR; \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+-------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '1', b '2'); @@ -135,33 +135,33 @@ ERROR: option "c" not found ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD x '1', DROP x); \dew+ List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (a '1', b '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+----------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | (a '1', b '2') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) ALTER FOREIGN DATA WRAPPER foo OPTIONS (DROP a, SET b '3', ADD c '4'); \dew+ List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+----------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+----------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | (b '3', c '4') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) ALTER FOREIGN DATA WRAPPER foo OPTIONS (a '2'); ALTER FOREIGN DATA WRAPPER foo OPTIONS (b '4'); -- ERROR ERROR: option "b" provided more than once \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-----------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+-----------------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) SET ROLE regress_test_role; @@ -172,11 +172,11 @@ SET ROLE regress_test_role_super; ALTER FOREIGN DATA WRAPPER foo OPTIONS (ADD d '5'); \dew+ List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+------------------------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | (b '3', c '4', a '2', d '5') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) ALTER FOREIGN DATA WRAPPER foo OWNER TO regress_test_role; -- ERROR @@ -191,21 +191,21 @@ HINT: Must be superuser to alter a foreign-data wrapper. RESET ROLE; \dew+ List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+------------------------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) ALTER FOREIGN DATA WRAPPER foo RENAME TO foo1; \dew+ List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+------------------------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo1 | regress_test_role_super | - | - | | (b '3', c '4', a '2', d '5') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) ALTER FOREIGN DATA WRAPPER foo1 RENAME TO foo; @@ -225,12 +225,12 @@ ERROR: foreign-data wrapper "nonexistent" does not exist DROP FOREIGN DATA WRAPPER IF EXISTS nonexistent; NOTICE: foreign-data wrapper "nonexistent" does not exist, skipping \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+------------------+--------------------------+-------------------+------------------------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+------------------+-------------------------+-------------------+------------------------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_test_role_super | test_fdw_handler | - | | (b '3', c '4', a '2', d '5') | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) DROP ROLE regress_test_role_super; -- ERROR @@ -241,11 +241,11 @@ DROP FOREIGN DATA WRAPPER foo; RESET ROLE; DROP ROLE regress_test_role_super; \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+-------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (2 rows) CREATE FOREIGN DATA WRAPPER foo; @@ -257,12 +257,12 @@ ERROR: user mapping for "regress_foreign_data_user" already exists for server " CREATE USER MAPPING IF NOT EXISTS FOR current_user SERVER s1; -- NOTICE NOTICE: user mapping for "regress_foreign_data_user" already exists for server "s1", skipping \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - foo | regress_foreign_data_user | - | - | | | - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+-------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + foo | regress_foreign_data_user | - | - | | | + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (3 rows) \des+ @@ -293,11 +293,11 @@ NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to server s1 drop cascades to user mapping for regress_foreign_data_user on server s1 \dew+ - List of foreign-data wrappers - Name | Owner | Handler | Validator | Access privileges | FDW options | Description -------------+---------------------------+---------+--------------------------+-------------------+-------------+------------- - dummy | regress_foreign_data_user | - | - | | | useless - postgresql | regress_foreign_data_user | - | postgresql_fdw_validator | | | + List of foreign-data wrappers + Name | Owner | Handler | Validator | Access privileges | FDW options | Description +------------+---------------------------+---------+-------------------------+-------------------+-------------+------------- + dummy | regress_foreign_data_user | - | - | | | useless + postgresql | regress_foreign_data_user | - | pg_connection_validator | | | (2 rows) \des+ @@ -1245,7 +1245,7 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER foo VALIDATOR pg_connection_validator; WARNING: changing the foreign-data wrapper validator can cause the options for dependent objects to become invalid -- Privileges SET ROLE regress_unprivileged_role; diff --git a/src/test/regress/sql/create_am.sql b/src/test/regress/sql/create_am.sql index 2785ffd8bb..41c9667fb0 100644 --- a/src/test/regress/sql/create_am.sql +++ b/src/test/regress/sql/create_am.sql @@ -225,7 +225,7 @@ CREATE TABLE tableam_parted_2_heapx PARTITION OF tableam_parted_heapx FOR VALUES -- sequences, views and foreign servers shouldn't have an AM CREATE VIEW tableam_view_heapx AS SELECT * FROM tableam_tbl_heapx; CREATE SEQUENCE tableam_seq_heapx; -CREATE FOREIGN DATA WRAPPER fdw_heap2 VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER fdw_heap2 VALIDATOR pg_connection_validator; CREATE SERVER fs_heap2 FOREIGN DATA WRAPPER fdw_heap2 ; CREATE FOREIGN table tableam_fdw_heapx () SERVER fs_heap2; diff --git a/src/test/regress/sql/foreign_data.sql b/src/test/regress/sql/foreign_data.sql index a8e2edfeee..e1f79d4fee 100644 --- a/src/test/regress/sql/foreign_data.sql +++ b/src/test/regress/sql/foreign_data.sql @@ -33,7 +33,7 @@ CREATE ROLE regress_unprivileged_role; CREATE FOREIGN DATA WRAPPER dummy; COMMENT ON FOREIGN DATA WRAPPER dummy IS 'useless'; -CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER postgresql VALIDATOR pg_connection_validator; -- At this point we should have 2 built-in wrappers and no servers. SELECT fdwname, fdwhandler::regproc, fdwvalidator::regproc, fdwoptions FROM pg_foreign_data_wrapper ORDER BY 1, 2, 3; @@ -59,7 +59,7 @@ DROP FOREIGN DATA WRAPPER foo; SET ROLE regress_test_role; CREATE FOREIGN DATA WRAPPER foo; -- ERROR RESET ROLE; -CREATE FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +CREATE FOREIGN DATA WRAPPER foo VALIDATOR pg_connection_validator; \dew+ -- HANDLER related checks @@ -548,7 +548,7 @@ GRANT USAGE ON FOREIGN SERVER s4 TO regress_test_role; DROP USER MAPPING FOR public SERVER s4; ALTER SERVER s6 OPTIONS (DROP host, DROP dbname); ALTER USER MAPPING FOR regress_test_role SERVER s6 OPTIONS (DROP username); -ALTER FOREIGN DATA WRAPPER foo VALIDATOR postgresql_fdw_validator; +ALTER FOREIGN DATA WRAPPER foo VALIDATOR pg_connection_validator; -- Privileges SET ROLE regress_unprivileged_role; -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-30 10:47 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2024-01-30 10:47 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, Jan 24, 2024 at 7:15 AM Jeff Davis <[email protected]> wrote: > > On Tue, 2024-01-23 at 15:21 +0530, Ashutosh Bapat wrote: > > I am with the prefix. The changes it causes make review difficult. If > > you can separate those changes into a patch that will help. > > I ended up just removing the dummy FDW. Real users are likely to want > to use postgres_fdw, and if not, it's easy enough to issue a CREATE > FOREIGN DATA WRAPPER. Or I can bring it back if desired. > > Updated patch set (patches are renumbered): > > * removed dummy FDW and test churn > * made a new pg_connection_validator function which leaves > postgresql_fdw_validator in place. (I didn't document the new function > -- should I?) > * included your tests improvements > * removed dependency from the subscription to the user mapping -- we > don't depend on the user mapping for foreign tables, so we shouldn't > depend on them here. Of course a change to a user mapping still > invalidates the subscription worker and it will restart. > * general cleanup > Thanks. > Overall it's simpler and hopefully easier to review. The patch to > introduce the pg_create_connection role could use some more discussion, > but I believe 0001 and 0002 are nearly ready. 0001 commit message says "in preparation of CREATE SUBSCRIPTION" but I do not see the function being used anywhere except in testcases. Am I missing something? Is this function necessary for this feature? But more importantly this function and its minions are closely tied with libpq and not an FDW. Converting a server and user mapping to conninfo should be delegated to the FDW being used since that FDW knows best how to use those options. Similarly options_to_conninfo() should be delegated to the FDW. I imagine that the FDWs which want to support subscriptions will need to implement hooks in WalReceiverFunctionsType which seems to be designed to be pluggable. --- quote This API should be considered internal at the moment, but we could open it up for 3rd party replacements of libpqwalreceiver in the future, allowing pluggable methods for receiving WAL. --- unquote Not all of those hooks are applicable to every FDW since the publisher may be different and may not provide all the functionality. So we might need to rethink WalReceiverFunctionsType interface eventually. But for now, we will need to change postgres_fdw to implement it. We should mention something about the user mapping that will be used to connect to SERVER when subscription specifies SERVER. I am not sure where to mention this. May be we can get some clue from foreign server documentation. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-30 20:45 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-01-30 20:45 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, 2024-01-30 at 16:17 +0530, Ashutosh Bapat wrote: > Converting a server and user mapping to > conninfo should be delegated to the FDW being used since that FDW > knows best how to use those options. If I understand you correctly, you mean that there would be a new optional function associated with an FDW (in addition to the HANDLER and VALIDATOR) like "CONNECTION", which would be able to return the conninfo from a server using that FDW. Is that right? I like the idea -- it further decouples the logic from the core server. I suspect it will make postgres_fdw the primary way (though not the only possible way) to use this feature. There would be little need to create a new builtin FDW to make this work. To get the subscription invalidation right, we'd need to make the (reasonable) assumption that the connection information is based only on the FDW, server, and user mapping. A FDW wouldn't be able to use, for example, some kind of configuration table or GUC to control how the connection string gets created. That's easy enough to solve with documentation. I'll work up a new patch for this. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-01-31 05:40 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Ashutosh Bapat @ 2024-01-31 05:40 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, Jan 31, 2024 at 2:16 AM Jeff Davis <[email protected]> wrote: > > On Tue, 2024-01-30 at 16:17 +0530, Ashutosh Bapat wrote: > > Converting a server and user mapping to > > conninfo should be delegated to the FDW being used since that FDW > > knows best how to use those options. > > If I understand you correctly, you mean that there would be a new > optional function associated with an FDW (in addition to the HANDLER > and VALIDATOR) like "CONNECTION", which would be able to return the > conninfo from a server using that FDW. Is that right? I am not sure whether it fits {HANDLER,VALIDATOR} set or should be part of FdwRoutine or a new set of hooks similar to FdwRoutine. But something like that. Since the hooks for query planning and execution have different characteristics from the ones used for replication, it might make sense to create a new set of hooks similar to FdwRoutine, say FdwReplicationRoutines and rename FdwRoutines to FdwQueryRoutines. This way, we know whether an FDW can handle subscription connections or not. A SERVER whose FDW does not support replication routines should not be used with a subscription. > > I like the idea -- it further decouples the logic from the core server. > I suspect it will make postgres_fdw the primary way (though not the > only possible way) to use this feature. There would be little need to > create a new builtin FDW to make this work. That's what I see as well. I am glad that we are on the same page. > > To get the subscription invalidation right, we'd need to make the > (reasonable) assumption that the connection information is based only > on the FDW, server, and user mapping. A FDW wouldn't be able to use, > for example, some kind of configuration table or GUC to control how the > connection string gets created. That's easy enough to solve with > documentation. > I think that's true for postgres_fdw as well right? But I think it's more important for a subscription since it's expected to live very long almost as long as the server itself does. So I agree. But that's FDW's responsibility. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-03-08 08:20 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-03-08 08:20 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, 2024-01-31 at 11:10 +0530, Ashutosh Bapat wrote: > > I like the idea -- it further decouples the logic from the core > > server. > > I suspect it will make postgres_fdw the primary way (though not the > > only possible way) to use this feature. There would be little need > > to > > create a new builtin FDW to make this work. > > That's what I see as well. I am glad that we are on the same page. Implemented in v11, attached. Is this what you had in mind? It leaves a lot of the work to postgres_fdw and it's almost unusable without postgres_fdw. That's not a bad thing, but it makes the core functionality a bit harder to test standalone. I can work on the core tests some more. The postgres_fdw tests passed without modification, though, and offer a simple example of how to use it. Regards, Jeff Davis Attachments: [text/x-patch] v11-0001-CREATE-SUSBCRIPTION-.-SERVER.patch (45.5K, 2-v11-0001-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 88fa1333ace4d15d72534d20d2cccb37748277f2 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v11] CREATE SUSBCRIPTION ... SERVER. Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Discussion: https://postgr.es/m/[email protected] Reviewed-by: Ashutosh Bapat --- contrib/postgres_fdw/Makefile | 4 +- contrib/postgres_fdw/connection.c | 74 ++++++++ .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 6 + .../postgres_fdw/postgres_fdw--1.1--1.2.sql | 11 ++ contrib/postgres_fdw/postgres_fdw.control | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 ++++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 +++- src/backend/commands/foreigncmds.c | 57 +++++- src/backend/commands/subscriptioncmds.c | 167 ++++++++++++++++-- src/backend/foreign/foreign.c | 42 +++++ src/backend/parser/gram.y | 22 +++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 27 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.c | 2 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + 24 files changed, 563 insertions(+), 38 deletions(-) create mode 100644 contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index c1b0cad453..995a30c297 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -14,10 +14,12 @@ PG_CPPFLAGS = -I$(libpq_srcdir) SHLIB_LINK_INTERNAL = $(libpq) EXTENSION = postgres_fdw -DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql +DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql REGRESS = postgres_fdw +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 4931ebf591..a011e6df5f 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -113,6 +113,7 @@ static uint32 pgfdw_we_get_result = 0; PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -1972,6 +1973,79 @@ pgfdw_finish_abort_cleanup(List *pending_entries, List *cancel_requested, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + /* TODO: consider memory usage */ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + int n; + + /* + * Construct connection params from generic options of ForeignServer + * and UserMapping. (Some of them might not be libpq options, in + * which case we'll just waste a few array slots.) Add 4 extra slots + * for application_name, fallback_application_name, client_encoding, + * end marker. + */ + n = list_length(server->options) + list_length(user->options) + 4; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); + + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + keywords[n] = values[n] = NULL; + + /* verify the set of connection parameters */ + check_conn_params(keywords, values, user); + + initStringInfo(&str); + for (int i = 0; i < n; i++) + { + char *sep = ""; + + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index c355e8f3f7..617e2cf5dc 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 2b86d8a6ee..92cb3c5556 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -26,6 +26,7 @@ install_data( 'postgres_fdw.control', 'postgres_fdw--1.0.sql', 'postgres_fdw--1.0--1.1.sql', + 'postgres_fdw--1.1--1.2.sql', kwargs: contrib_data_args, ) @@ -39,4 +40,9 @@ tests += { ], 'regress_args': ['--dlpath', meson.build_root() / 'src/test/regress'], }, + 'tap': { + 'tests': [ + 't/010_subscription.pl', + ], + }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql new file mode 100644 index 0000000000..468d8f0d7d --- /dev/null +++ b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql @@ -0,0 +1,11 @@ +/* contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION postgres_fdw UPDATE TO '1.2'" to load this file. \quit + +CREATE FUNCTION postgres_fdw_connection(oid, oid) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/postgres_fdw.control b/contrib/postgres_fdw/postgres_fdw.control index d489382064..a4b800be4f 100644 --- a/contrib/postgres_fdw/postgres_fdw.control +++ b/contrib/postgres_fdw/postgres_fdw.control @@ -1,5 +1,5 @@ # postgres_fdw extension comment = 'foreign-data wrapper for remote PostgreSQL servers' -default_version = '1.1' +default_version = '1.2' module_pathname = '$libdir/postgres_fdw' relocatable = true diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 812e7646e1..8520094fc9 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 0000000000..a39e8fdbba --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index e9e6d9d74a..12d8855aef 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -94,13 +95,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 15794731bb..233e87d5ea 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 9efc9159f2..b5ba0aa953 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -38,7 +41,7 @@ static List *textarray_to_stringlist(ArrayType *textarray); * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -74,10 +77,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->failover = subform->subfailover; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index cf61bbac1f..357918be11 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -511,21 +511,52 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[2]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + + connectionOid = LookupFuncName((List *) connection->arg, 2, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -545,6 +576,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -564,8 +602,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -609,10 +649,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -684,8 +726,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -715,7 +759,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -753,6 +798,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index a05d69922d..304a46efec 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -25,14 +25,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -594,6 +597,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -686,15 +690,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -718,8 +747,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); values[Anum_pg_subscription_subfailover - 1] = BoolGetDatum(opts.failover); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -740,6 +773,17 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -871,8 +915,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1140,7 +1182,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); /* * Don't allow non-superuser modification of a subscription with @@ -1160,6 +1209,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1306,7 +1357,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1553,8 +1676,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1639,9 +1760,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1742,6 +1882,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index f4f35728b4..fdd7ee3ad9 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -70,6 +70,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -174,6 +175,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -189,6 +215,22 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + /* TODO: clean up memory */ + ForeignServer *server = GetForeignServer(serverid); + ForeignDataWrapper *fdw = GetForeignDataWrapper(server->fdwid); + Datum connection_text = OidFunctionCall2(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid)); + return text_to_cstring(DatumGetTextPP(connection_text)); +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index c6e2f679fd..04aabf08d1 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5293,6 +5293,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -10667,6 +10669,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10696,6 +10708,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index b5a80fe3e8..3725c53d8b 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -3879,7 +3879,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -3985,7 +3985,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4584,7 +4586,7 @@ InitializeLogRepWorker(void) StartTransactionCommand(); oldctx = MemoryContextSwitchTo(ApplyContext); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -4621,6 +4623,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 10cbf02beb..ac0e9f98df 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4636,6 +4636,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4708,11 +4709,13 @@ getSubscriptions(Archive *fout) LOGICALREP_ORIGIN_ANY); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) - appendPQExpBufferStr(query, " o.remote_lsn AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" " s.subenabled,\n" " s.subfailover\n"); else - appendPQExpBufferStr(query, " NULL AS suboriginremotelsn,\n" + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" " false AS subenabled,\n" " false AS subfailover\n"); @@ -4721,6 +4724,8 @@ getSubscriptions(Archive *fout) if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4746,6 +4751,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4766,7 +4772,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -4994,9 +5003,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 9bc93520b4..6fdf63688c 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -660,6 +660,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 73133ce735..b3ac86890a 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3329,7 +3329,7 @@ psql_completion(const char *text, int start, int end) /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index 0d8759d3fd..700d6eed65 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -36,6 +36,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index 0aa14ec4a2..b84c25d55e 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -98,9 +98,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * slots) in the upstream database are enabled * to be synchronized to the standbys. */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -174,7 +176,8 @@ typedef struct Subscription */ #define LOGICALREP_STREAM_PARALLEL 'p' -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100..b4025e7f1e 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 2380821600..90b203dc60 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4042,6 +4042,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4050,6 +4051,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4064,6 +4066,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 215eb899be..59c64126bd 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-10-30 15:08 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-10-30 15:08 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2024-03-08 at 00:20 -0800, Jeff Davis wrote: > Implemented in v11, attached. Rebased, v12 attached. Regards, Jeff Davis Attachments: [text/x-patch] v12-0001-CREATE-SUSBCRIPTION-.-SERVER.patch (45.2K, 2-v12-0001-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 5c2a8f5cb865becd70b08379d9fc72946be9a32a Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v12] CREATE SUSBCRIPTION ... SERVER. Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Discussion: https://postgr.es/m/[email protected] Reviewed-by: Ashutosh Bapat --- contrib/postgres_fdw/Makefile | 2 + contrib/postgres_fdw/connection.c | 73 ++++++++ .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 5 + .../postgres_fdw/postgres_fdw--1.1--1.2.sql | 8 + contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 ++++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 +++- src/backend/commands/foreigncmds.c | 58 +++++- src/backend/commands/subscriptioncmds.c | 168 ++++++++++++++++-- src/backend/foreign/foreign.c | 66 +++++++ src/backend/parser/gram.y | 22 +++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 36 +++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.in.c | 2 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + 23 files changed, 591 insertions(+), 36 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index 88fdce40d6..a101418d6e 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -18,6 +18,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.s REGRESS = postgres_fdw query_cancel +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 2326f391d3..48c77a8de3 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -123,6 +123,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -2161,6 +2162,78 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + int n; + + /* + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case + * we'll just waste a few array slots.) Add 4 extra slots for + * application_name, fallback_application_name, client_encoding, end + * marker. + */ + n = list_length(server->options) + list_length(user->options) + 4; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); + + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + keywords[n] = values[n] = NULL; + + /* verify the set of connection parameters */ + check_conn_params(keywords, values, user); + + initStringInfo(&str); + for (int i = 0; i < n; i++) + { + char *sep = ""; + + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index f2bcd6aa98..dd560892da 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 3014086ba6..e19d8e4e31 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -41,4 +41,9 @@ tests += { ], 'regress_args': ['--dlpath', meson.build_root() / 'src/test/regress'], }, + 'tap': { + 'tests': [ + 't/010_subscription.pl', + ], + }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql index 81aad4fcda..8981787d16 100644 --- a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql +++ b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql @@ -16,3 +16,11 @@ CREATE FUNCTION postgres_fdw_get_connections ( RETURNS SETOF record AS 'MODULE_PATHNAME', 'postgres_fdw_get_connections_1_2' LANGUAGE C STRICT PARALLEL RESTRICTED; + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 372fe6dad1..0ab28ea3d5 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 0000000000..a39e8fdbba --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index fdc648d007..35a8101796 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -101,13 +102,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 6cf7d4f9a1..f787a27bc9 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 89bf5ec933..66cae8ece0 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -105,10 +108,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->failover = subform->subfailover; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index cf61bbac1f..c97450bfae 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -511,21 +511,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -545,6 +577,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -564,8 +603,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -609,10 +650,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -684,8 +727,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -715,7 +760,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -753,6 +799,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 03e97730e7..ed5404cb0e 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -26,14 +26,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -546,6 +549,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -638,15 +642,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -670,8 +699,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); values[Anum_pg_subscription_subfailover - 1] = BoolGetDatum(opts.failover); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -692,6 +725,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -809,8 +854,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1135,7 +1178,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); /* * Don't allow non-superuser modification of a subscription with @@ -1155,6 +1205,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1358,7 +1410,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1609,8 +1733,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1695,9 +1817,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1796,6 +1937,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 4c06e1ff1c..958e41f87a 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -71,6 +71,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -175,6 +176,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -190,6 +216,46 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + static MemoryContext tempContext = NULL; + MemoryContext oldcxt; + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + text *connection_text; + char *result; + + if (tempContext == NULL) + { + tempContext = AllocSetContextCreate(CurrentMemoryContext, + "temp context", + ALLOCSET_DEFAULT_SIZES); + } + + oldcxt = MemoryContextSwitchTo(tempContext); + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + connection_datum = OidFunctionCall2(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid)); + connection_text = DatumGetTextPP(connection_datum); + + MemoryContextSwitchTo(oldcxt); + + result = text_to_cstring(connection_text); + + MemoryContextReset(tempContext); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index dd458182f0..a7c759fb3f 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5379,6 +5379,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -10735,6 +10737,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10764,6 +10776,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 925dff9cc4..4055ea9f13 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -3971,7 +3971,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -4077,7 +4077,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4659,7 +4661,7 @@ InitializeLogRepWorker(void) StartTransactionCommand(); oldctx = MemoryContextSwitchTo(ApplyContext); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -4696,6 +4698,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index d8c6330732..0efb4a554d 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4842,6 +4842,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4922,16 +4923,29 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 170000) appendPQExpBufferStr(query, - " s.subfailover\n"); + " s.subfailover,\n"); else appendPQExpBuffer(query, - " false AS subfailover\n"); + " false AS subfailover,\n"); + + if (dopt->binary_upgrade && fout->remoteVersion >= 180000) + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" + " s.subenabled,\n" + " s.subfailover\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" + " false AS subenabled,\n" + " false AS subfailover\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4957,6 +4971,7 @@ getSubscriptions(Archive *fout) i_subdisableonerr = PQfnumber(res, "subdisableonerr"); i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4977,7 +4992,10 @@ getSubscriptions(Archive *fout) AssignDumpId(&subinfo[i].dobj); subinfo[i].dobj.name = pg_strdup(PQgetvalue(res, i, i_subname)); subinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_subowner)); - + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = pg_strdup(PQgetvalue(res, i, i_subbinary)); subinfo[i].substream = @@ -5205,9 +5223,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 9f907ed5ad..5f2aab297c 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -666,6 +666,7 @@ typedef struct _SubscriptionInfo char *subdisableonerr; char *subpasswordrequired; char *subrunasowner; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index 1be0056af7..6e5459d200 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -3660,7 +3660,7 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index 0d8759d3fd..700d6eed65 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -36,6 +36,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index b25f3fea56..38d1c783a5 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -98,9 +98,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * slots) in the upstream database are enabled * to be synchronized to the standbys. */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -174,7 +176,8 @@ typedef struct Subscription */ #define LOGICALREP_STREAM_PARALLEL 'p' -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100..b4025e7f1e 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index b40b661ec8..30a7bde863 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4222,6 +4222,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4230,6 +4231,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4244,6 +4246,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 215eb899be..59c64126bd 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [17] CREATE SUBSCRIPTION ... SERVER @ 2024-12-17 04:05 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2024-12-17 04:05 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, 2024-10-30 at 08:08 -0700, Jeff Davis wrote: > Rebased, v12 attached. Rebased v13 attached. Regards, Jeff Davis Attachments: [text/x-patch] v13-0001-CREATE-SUSBCRIPTION-.-SERVER.patch (45.2K, 2-v13-0001-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 8def5ca25901e005c616d9b6989ba5986b7c2c68 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v13] CREATE SUSBCRIPTION ... SERVER. Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Discussion: https://postgr.es/m/[email protected] Reviewed-by: Ashutosh Bapat --- contrib/postgres_fdw/Makefile | 2 + contrib/postgres_fdw/connection.c | 73 ++++++++ .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 5 + .../postgres_fdw/postgres_fdw--1.1--1.2.sql | 8 + contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 ++++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 +++- src/backend/commands/foreigncmds.c | 58 +++++- src/backend/commands/subscriptioncmds.c | 168 ++++++++++++++++-- src/backend/foreign/foreign.c | 66 +++++++ src/backend/parser/gram.y | 22 +++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 35 +++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.in.c | 2 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + 23 files changed, 591 insertions(+), 35 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index 88fdce40d6a..a101418d6ef 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -18,6 +18,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.s REGRESS = postgres_fdw query_cancel +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 2326f391d34..48c77a8de3d 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -123,6 +123,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -2161,6 +2162,78 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + int n; + + /* + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case + * we'll just waste a few array slots.) Add 4 extra slots for + * application_name, fallback_application_name, client_encoding, end + * marker. + */ + n = list_length(server->options) + list_length(user->options) + 4; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); + + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + keywords[n] = values[n] = NULL; + + /* verify the set of connection parameters */ + check_conn_params(keywords, values, user); + + initStringInfo(&str); + for (int i = 0; i < n; i++) + { + char *sep = ""; + + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index bf322198a20..609e66a9fc3 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 3014086ba64..e19d8e4e313 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -41,4 +41,9 @@ tests += { ], 'regress_args': ['--dlpath', meson.build_root() / 'src/test/regress'], }, + 'tap': { + 'tests': [ + 't/010_subscription.pl', + ], + }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql index 81aad4fcdaa..8981787d165 100644 --- a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql +++ b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql @@ -16,3 +16,11 @@ CREATE FUNCTION postgres_fdw_get_connections ( RETURNS SETOF record AS 'MODULE_PATHNAME', 'postgres_fdw_get_connections_1_2' LANGUAGE C STRICT PARALLEL RESTRICTED; + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 3900522ccb5..5203f5f066e 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..a39e8fdbba4 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index fdc648d007f..35a8101796b 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -101,13 +102,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 6cf7d4f9a1a..f787a27bc9c 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 89bf5ec9337..66cae8ece0b 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -105,10 +108,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->failover = subform->subfailover; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index dd1489518c3..658c57fbff1 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -511,21 +511,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -545,6 +577,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -564,8 +603,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -609,10 +650,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -684,8 +727,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -715,7 +760,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -753,6 +799,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 03e97730e73..ed5404cb0ec 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -26,14 +26,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -546,6 +549,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -638,15 +642,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -670,8 +699,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); values[Anum_pg_subscription_subfailover - 1] = BoolGetDatum(opts.failover); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -692,6 +725,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -809,8 +854,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1135,7 +1178,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); /* * Don't allow non-superuser modification of a subscription with @@ -1155,6 +1205,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1358,7 +1410,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1609,8 +1733,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1695,9 +1817,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1796,6 +1937,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 4c06e1ff1c4..958e41f87a4 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -71,6 +71,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -175,6 +176,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -190,6 +216,46 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + static MemoryContext tempContext = NULL; + MemoryContext oldcxt; + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + text *connection_text; + char *result; + + if (tempContext == NULL) + { + tempContext = AllocSetContextCreate(CurrentMemoryContext, + "temp context", + ALLOCSET_DEFAULT_SIZES); + } + + oldcxt = MemoryContextSwitchTo(tempContext); + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + connection_datum = OidFunctionCall2(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid)); + connection_text = DatumGetTextPP(connection_datum); + + MemoryContextSwitchTo(oldcxt); + + result = text_to_cstring(connection_text); + + MemoryContextReset(tempContext); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 67eb96396af..cdd8efdf959 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5402,6 +5402,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -10766,6 +10768,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10795,6 +10807,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 9e50c880f81..ac11ff3b840 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -3974,7 +3974,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -4080,7 +4080,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4662,7 +4664,7 @@ InitializeLogRepWorker(void) StartTransactionCommand(); oldctx = MemoryContextSwitchTo(ApplyContext); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -4699,6 +4701,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 19969e400fc..7f508e78689 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4859,6 +4859,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4939,16 +4940,29 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 170000) appendPQExpBufferStr(query, - " s.subfailover\n"); + " s.subfailover,\n"); else appendPQExpBuffer(query, - " false AS subfailover\n"); + " false AS subfailover,\n"); + + if (dopt->binary_upgrade && fout->remoteVersion >= 180000) + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" + " s.subenabled,\n" + " s.subfailover\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" + " false AS subenabled,\n" + " false AS subfailover\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -4976,6 +4990,7 @@ getSubscriptions(Archive *fout) i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); i_subfailover = PQfnumber(res, "subfailover"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -4997,6 +5012,10 @@ getSubscriptions(Archive *fout) subinfo[i].subenabled = (strcmp(PQgetvalue(res, i, i_subenabled), "t") == 0); + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = (strcmp(PQgetvalue(res, i, i_subbinary), "t") == 0); subinfo[i].substream = *(PQgetvalue(res, i, i_substream)); @@ -5219,9 +5238,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 9c5ddd20cf7..8cac4287580 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -680,6 +680,7 @@ typedef struct _SubscriptionInfo bool subpasswordrequired; bool subrunasowner; bool subfailover; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index 31c77214b4f..dda58180842 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -3675,7 +3675,7 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index 0d8759d3fd3..700d6eed65e 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -36,6 +36,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index beaff6578a6..9f8ae8026ed 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -78,9 +78,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * slots) in the upstream database are enabled * to be synchronized to the standbys. */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -178,7 +180,8 @@ typedef struct Subscription #endif /* EXPOSE_TO_CLIENT_CODE */ -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 82b8153100f..b4025e7f1e6 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 0f9462493e3..f9cd0b2fd2d 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4223,6 +4223,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4231,6 +4232,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4245,6 +4247,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 215eb899be3..59c64126bdc 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [18] CREATE SUBSCRIPTION ... SERVER @ 2025-02-28 23:05 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 3 replies; 63+ messages in thread From: Jeff Davis @ 2025-02-28 23:05 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, 2024-12-16 at 20:05 -0800, Jeff Davis wrote: > On Wed, 2024-10-30 at 08:08 -0700, Jeff Davis wrote: > Rebased v14. The approach has changed multiple times. It starte off with more in- core code, but in response to review feedback, has become more decoupled from core and more coupled to postgres_fdw. But the patch has been about the same (just rebases) since March of last year, and hasn't gotten feedback since. I still think it's a nice feature, but I'd like some feedback on the externals of the feature. As a note, this will require a version bump for postgres_fdw for the new connection method. Regards, Jeff Davis Attachments: [text/x-patch] v14-0001-CREATE-SUSBCRIPTION-.-SERVER.patch (45.2K, 2-v14-0001-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From e63b42acfb4d4d8241b4453520a7fe52195c0f99 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v14] CREATE SUSBCRIPTION ... SERVER. Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Discussion: https://postgr.es/m/[email protected] Reviewed-by: Ashutosh Bapat --- contrib/postgres_fdw/Makefile | 2 + contrib/postgres_fdw/connection.c | 73 ++++++++ .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 1 + .../postgres_fdw/postgres_fdw--1.1--1.2.sql | 8 + contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 ++++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 +++- src/backend/commands/foreigncmds.c | 58 +++++- src/backend/commands/subscriptioncmds.c | 168 ++++++++++++++++-- src/backend/foreign/foreign.c | 66 +++++++ src/backend/parser/gram.y | 22 +++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 35 +++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.in.c | 2 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + 23 files changed, 587 insertions(+), 35 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index adfbd2ef758..59b805656c1 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -19,6 +19,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.s REGRESS = postgres_fdw query_cancel TAP_TESTS = 1 +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 8a8d3b4481f..961368a919a 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -131,6 +131,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -2279,6 +2280,78 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + int n; + + /* + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case + * we'll just waste a few array slots.) Add 4 extra slots for + * application_name, fallback_application_name, client_encoding, end + * marker. + */ + n = list_length(server->options) + list_length(user->options) + 4; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); + + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + keywords[n] = values[n] = NULL; + + /* verify the set of connection parameters */ + check_conn_params(keywords, values, user); + + initStringInfo(&str); + for (int i = 0; i < n; i++) + { + char *sep = ""; + + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 8447b289cb7..61a7e3455a8 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -256,6 +256,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and refresh the subscription. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index 8b29be24dee..33f98ab86f2 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -44,6 +44,7 @@ tests += { 'tap': { 'tests': [ 't/001_auth_scram.pl', + 't/010_subscription.pl', ], }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql index 81aad4fcdaa..8981787d165 100644 --- a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql +++ b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql @@ -16,3 +16,11 @@ CREATE FUNCTION postgres_fdw_get_connections ( RETURNS SETOF record AS 'MODULE_PATHNAME', 'postgres_fdw_get_connections_1_2' LANGUAGE C STRICT PARALLEL RESTRICTED; + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 1598d9e0862..f733b580859 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -248,6 +248,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..a39e8fdbba4 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index fdc648d007f..35a8101796b 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -101,13 +102,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 57dec28a5df..966efae16a3 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 1395032413e..490cb965965 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -105,10 +108,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->failover = subform->subfailover; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index c14e038d54f..5913678c5b1 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -511,21 +511,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -545,6 +577,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -564,8 +603,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -609,10 +650,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -684,8 +727,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -715,7 +760,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -753,6 +799,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 4aec73bcc6b..9b9ab6657aa 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -26,14 +26,17 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/dbcommands.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -546,6 +549,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -638,15 +642,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -670,8 +699,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, values[Anum_pg_subscription_subpasswordrequired - 1] = BoolGetDatum(opts.passwordrequired); values[Anum_pg_subscription_subrunasowner - 1] = BoolGetDatum(opts.runasowner); values[Anum_pg_subscription_subfailover - 1] = BoolGetDatum(opts.failover); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -692,6 +725,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + ReplicationOriginNameForLogicalRep(subid, InvalidOid, originname, sizeof(originname)); replorigin_create(originname); @@ -809,8 +854,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1135,7 +1178,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); /* * Don't allow non-superuser modification of a subscription with @@ -1155,6 +1205,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1358,7 +1410,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1609,8 +1733,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -1695,9 +1817,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -1796,6 +1937,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index f0835fc3070..24ce097d683 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -71,6 +71,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -175,6 +176,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -190,6 +216,46 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + static MemoryContext tempContext = NULL; + MemoryContext oldcxt; + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + text *connection_text; + char *result; + + if (tempContext == NULL) + { + tempContext = AllocSetContextCreate(CurrentMemoryContext, + "temp context", + ALLOCSET_DEFAULT_SIZES); + } + + oldcxt = MemoryContextSwitchTo(tempContext); + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + connection_datum = OidFunctionCall2(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid)); + connection_text = DatumGetTextPP(connection_datum); + + MemoryContextSwitchTo(oldcxt); + + result = text_to_cstring(connection_text); + + MemoryContextReset(tempContext); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 7d99c9355c6..fafe351ca5c 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5437,6 +5437,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -10804,6 +10806,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -10833,6 +10845,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 31ab69ea13a..99eae2dde24 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -3987,7 +3987,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -4093,7 +4093,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -4675,7 +4677,7 @@ InitializeLogRepWorker(void) StartTransactionCommand(); oldctx = MemoryContextSwitchTo(ApplyContext); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -4712,6 +4714,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 4f4ad2ee150..a7a70535fa0 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -4894,6 +4894,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -4974,16 +4975,29 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 170000) appendPQExpBufferStr(query, - " s.subfailover\n"); + " s.subfailover,\n"); else appendPQExpBuffer(query, - " false AS subfailover\n"); + " false AS subfailover,\n"); + + if (dopt->binary_upgrade && fout->remoteVersion >= 180000) + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" + " s.subenabled,\n" + " s.subfailover\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" + " false AS subenabled,\n" + " false AS subfailover\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -5011,6 +5025,7 @@ getSubscriptions(Archive *fout) i_subpasswordrequired = PQfnumber(res, "subpasswordrequired"); i_subrunasowner = PQfnumber(res, "subrunasowner"); i_subfailover = PQfnumber(res, "subfailover"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -5032,6 +5047,10 @@ getSubscriptions(Archive *fout) subinfo[i].subenabled = (strcmp(PQgetvalue(res, i, i_subenabled), "t") == 0); + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = (strcmp(PQgetvalue(res, i, i_subbinary), "t") == 0); subinfo[i].substream = *(PQgetvalue(res, i, i_substream)); @@ -5254,9 +5273,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index ca32f167878..6c553765ea1 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -703,6 +703,7 @@ typedef struct _SubscriptionInfo bool subpasswordrequired; bool subrunasowner; bool subfailover; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index 8432be641ac..b78680994a0 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -3704,7 +3704,7 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index d03ab5a4f28..29eaba467b6 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -36,6 +36,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index 20fc329992d..93067ea9182 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -78,9 +78,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * slots) in the upstream database are enabled * to be synchronized to the standbys. */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -178,7 +180,8 @@ typedef struct Subscription #endif /* EXPOSE_TO_CLIENT_CODE */ -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 7e9decd2537..a7e6cf0226a 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 0b208f51bdd..8291d958da5 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4282,6 +4282,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4290,6 +4291,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4304,6 +4306,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 215eb899be3..59c64126bdc 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} -- 2.34.1 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [18] CREATE SUBSCRIPTION ... SERVER @ 2025-03-24 12:56 vignesh C <[email protected]> parent: Jeff Davis <[email protected]> 2 siblings, 0 replies; 63+ messages in thread From: vignesh C @ 2025-03-24 12:56 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sat, 1 Mar 2025 at 04:35, Jeff Davis <[email protected]> wrote: > > On Mon, 2024-12-16 at 20:05 -0800, Jeff Davis wrote: > > On Wed, 2024-10-30 at 08:08 -0700, Jeff Davis wrote: > > > > Rebased v14. > > The approach has changed multiple times. It starte off with more in- > core code, but in response to review feedback, has become more > decoupled from core and more coupled to postgres_fdw. > > But the patch has been about the same (just rebases) since March of > last year, and hasn't gotten feedback since. I still think it's a nice > feature, but I'd like some feedback on the externals of the feature. +1 for this feature. I started having a look at the patch, here are some initial comments: 1) The hint given here does not help anymore as subscription is global object: postgres=# drop server myserver ; ERROR: cannot drop server myserver because other objects depend on it DETAIL: user mapping for vignesh on server myserver depends on server myserver subscription tap_sub depends on server myserver HINT: Use DROP ... CASCADE to drop the dependent objects too. postgres=# drop server myserver cascade; NOTICE: drop cascades to 2 other objects DETAIL: drop cascades to user mapping for vignesh on server myserver drop cascades to subscription tap_sub ERROR: global objects cannot be deleted by doDeletion Should we do anything about this? 2) I felt this change is not required as TAP_TESTS is already defined: diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index adfbd2ef758..59b805656c1 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -19,6 +19,8 @@ DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.s REGRESS = postgres_fdw query_cancel TAP_TESTS = 1 +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) 3) Copyright year to be updated: diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..a39e8fdbba4 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test 4) I'm not sure if so many records are required, may be 10 records is enough: +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + 5) Should subscription be server and user mapping here in the comments? + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); 6) Should "initial data" be "incremental data" here: +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); Regards, Vignesh ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [18] CREATE SUBSCRIPTION ... SERVER @ 2025-03-25 02:29 vignesh C <[email protected]> parent: Jeff Davis <[email protected]> 2 siblings, 0 replies; 63+ messages in thread From: vignesh C @ 2025-03-25 02:29 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sat, 1 Mar 2025 at 04:35, Jeff Davis <[email protected]> wrote: > > On Mon, 2024-12-16 at 20:05 -0800, Jeff Davis wrote: > > On Wed, 2024-10-30 at 08:08 -0700, Jeff Davis wrote: > > > > Rebased v14. > > The approach has changed multiple times. It starte off with more in- > core code, but in response to review feedback, has become more > decoupled from core and more coupled to postgres_fdw. > > But the patch has been about the same (just rebases) since March of > last year, and hasn't gotten feedback since. I still think it's a nice > feature, but I'd like some feedback on the externals of the feature. Few comments: 1) \dRs+ sub does not include the server info: postgres=# \dRs+ sub* List of subscriptions Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Synchronous commit | Conninfo | Skip LSN ------+---------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------- -----------------------------+---------- sub | vignesh | t | {pub1} | f | parallel | d | f | any | t | f | f | off | | 0/0 2) Tab completion for alter subscription also should include server: +++ b/src/bin/psql/tab-complete.in.c @@ -3704,7 +3704,7 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); postgres=# alter subscription sub3 ADD PUBLICATION DISABLE ENABLE REFRESH PUBLICATION SET CONNECTION DROP PUBLICATION OWNER TO RENAME TO SKIP ( 3) In case of binary mode, pg_dump creates subscription using server option, but not in normal mode: + if (dopt->binary_upgrade && fout->remoteVersion >= 180000) + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" + " s.subenabled,\n" + " s.subfailover\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" + " false AS subenabled,\n" + " false AS subfailover\n"); If there is some specific reason, we should at least add some comments. Regards, Vignesh ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [18] CREATE SUBSCRIPTION ... SERVER @ 2025-04-02 12:28 Shlok Kyal <[email protected]> parent: Jeff Davis <[email protected]> 2 siblings, 2 replies; 63+ messages in thread From: Shlok Kyal @ 2025-04-02 12:28 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sat, 1 Mar 2025 at 04:35, Jeff Davis <[email protected]> wrote: > > On Mon, 2024-12-16 at 20:05 -0800, Jeff Davis wrote: > > On Wed, 2024-10-30 at 08:08 -0700, Jeff Davis wrote: > > > > Rebased v14. > > The approach has changed multiple times. It starte off with more in- > core code, but in response to review feedback, has become more > decoupled from core and more coupled to postgres_fdw. > > But the patch has been about the same (just rebases) since March of > last year, and hasn't gotten feedback since. I still think it's a nice > feature, but I'd like some feedback on the externals of the feature. > > As a note, this will require a version bump for postgres_fdw for the > new connection method. > Hi Jeff, I reviewed the patch and I have a comment: If version is >=18, the query will have 'suboriginremotelsn', 'subenabled', 'subfailover' twice. if (fout->remoteVersion >= 170000) appendPQExpBufferStr(query, - " s.subfailover\n"); + " s.subfailover,\n"); else appendPQExpBuffer(query, - " false AS subfailover\n"); + " false AS subfailover,\n"); + + if (dopt->binary_upgrade && fout->remoteVersion >= 180000) + appendPQExpBufferStr(query, " fs.srvname AS subservername,\n" + " o.remote_lsn AS suboriginremotelsn,\n" + " s.subenabled,\n" + " s.subfailover\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername,\n" + " NULL AS suboriginremotelsn,\n" + " false AS subenabled,\n" + " false AS subfailover\n"); query formed is something like: "SELECT s.tableoid, s.oid, s.subname,\n s.subowner,\n s.subconninfo, s.subslotname, s.subsynccommit,\n s.subpublications,\n s.subbinary,\n s.substream,\n s.subtwophasestate,\n s.subdisableonerr,\n s.subpasswordrequired,\n s.subrunasowner,\n s.suborigin,\n NULL AS suboriginremotelsn,\n false AS subenabled,\n s.subfailover,\n NULL AS subservername,\n NULL AS suboriginremotelsn,\n false AS subenabled,\n false AS subfailover\nFROM pg_subscription s\nWHERE s.subdbid = (SELECT oid FROM pg_database\n.." is it expected? Thanks and Regards, Shlok Kyal ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [18] CREATE SUBSCRIPTION ... SERVER @ 2025-04-08 20:19 Jeff Davis <[email protected]> parent: Shlok Kyal <[email protected]> 1 sibling, 0 replies; 63+ messages in thread From: Jeff Davis @ 2025-04-08 20:19 UTC (permalink / raw) To: Shlok Kyal <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers; vignesh C <[email protected]> On Wed, 2025-04-02 at 17:58 +0530, Shlok Kyal wrote: > I reviewed the patch and I have a comment: Thank you and vignesh for the feedback. This patch didn't quite make it for v18, but I will address it for the next CF. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [18] CREATE SUBSCRIPTION ... SERVER @ 2025-12-26 21:52 Jeff Davis <[email protected]> parent: Shlok Kyal <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Jeff Davis @ 2025-12-26 21:52 UTC (permalink / raw) To: Shlok Kyal <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, 2025-04-02 at 17:58 +0530, Shlok Kyal wrote: > I reviewed the patch and I have a comment: > > If version is >=18, the query will have 'suboriginremotelsn', > 'subenabled', 'subfailover' twice. Thank you. Fixed and rebased. Note that this patch will require a postgres_fdw version bump. Regards, Jeff Davis Attachments: [text/x-patch] v15-0001-CREATE-SUSBCRIPTION-.-SERVER.patch (44.9K, 2-v15-0001-CREATE-SUSBCRIPTION-.-SERVER.patch) download | inline diff: From 9edd16c86177cfc100c65e64ac5b7796873e3436 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v15] CREATE SUSBCRIPTION ... SERVER. Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Reviewed-by: Ashutosh Bapat <[email protected]> Reviewed-by: Shlok Kyal <[email protected]> Discussion: https://postgr.es/m/[email protected] --- contrib/postgres_fdw/Makefile | 2 + contrib/postgres_fdw/connection.c | 73 ++++++++ .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 1 + .../postgres_fdw/postgres_fdw--1.1--1.2.sql | 8 + contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 ++++++++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 +++- src/backend/commands/foreigncmds.c | 58 +++++- src/backend/commands/subscriptioncmds.c | 166 ++++++++++++++++-- src/backend/foreign/foreign.c | 66 +++++++ src/backend/parser/gram.y | 22 +++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 29 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.in.c | 2 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + 23 files changed, 581 insertions(+), 33 deletions(-) create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index 8eaf4d263b6..caf50c44af1 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -21,6 +21,8 @@ ISOLATION = eval_plan_qual ISOLATION_OPTS = --load-extension=postgres_fdw TAP_TESTS = 1 +TAP_TESTS = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 953c2e0ab82..da7cc6e4659 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -132,6 +132,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -2308,6 +2309,78 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + int n; + + /* + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case + * we'll just waste a few array slots.) Add 4 extra slots for + * application_name, fallback_application_name, client_encoding, end + * marker. + */ + n = list_length(server->options) + list_length(user->options) + 4; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); + + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + keywords[n] = values[n] = NULL; + + /* verify the set of connection parameters */ + check_conn_params(keywords, values, user); + + initStringInfo(&str); + for (int i = 0; i < n; i++) + { + char *sep = ""; + + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 48e3185b227..028fe80c8a7 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -255,6 +255,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index aac89ffdde8..29153eeaf9f 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -50,6 +50,7 @@ tests += { 'tap': { 'tests': [ 't/001_auth_scram.pl', + 't/010_subscription.pl', ], }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql index 511a3e5c2ef..2ddab9efe0d 100644 --- a/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql +++ b/contrib/postgres_fdw/postgres_fdw--1.1--1.2.sql @@ -16,3 +16,11 @@ CREATE FUNCTION postgres_fdw_get_connections ( RETURNS SETOF record AS 'MODULE_PATHNAME', 'postgres_fdw_get_connections_1_2' LANGUAGE C STRICT PARALLEL RESTRICTED; + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 9a8f9e28135..60440b337d6 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -244,6 +244,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..a39e8fdbba4 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 27c06439f4f..636307605e1 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -102,13 +103,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 197be0c6f6b..0b7772a294f 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index ad6fbd77ffd..21275f5029b 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -108,10 +111,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->retentionactive = subform->subretentionactive; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index 536065dc515..e38120613ac 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -522,21 +522,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -556,6 +588,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -575,8 +614,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -620,10 +661,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -695,8 +738,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -726,7 +771,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -764,6 +810,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 4efd4685abc..5395c158ea5 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -27,13 +27,16 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -593,6 +596,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -695,15 +699,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -735,6 +764,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Int32GetDatum(opts.retaindeadtuples); values[Anum_pg_subscription_subconninfo - 1] = CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -755,6 +790,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + /* * A replication origin is currently created for all subscriptions, * including those that only contain sequences or are otherwise empty. @@ -908,8 +955,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled || opts.retaindeadtuples) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1373,7 +1418,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); retain_dead_tuples = sub->retaindeadtuples; origin = sub->origin; @@ -1398,6 +1450,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1708,7 +1762,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1993,8 +2119,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -2081,9 +2205,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -2182,6 +2325,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index fa3f4c75247..a2bfbb56b1d 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -72,6 +72,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -176,6 +177,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -191,6 +217,46 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + static MemoryContext tempContext = NULL; + MemoryContext oldcxt; + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + text *connection_text; + char *result; + + if (tempContext == NULL) + { + tempContext = AllocSetContextCreate(CurrentMemoryContext, + "temp context", + ALLOCSET_DEFAULT_SIZES); + } + + oldcxt = MemoryContextSwitchTo(tempContext); + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + connection_datum = OidFunctionCall2(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid)); + connection_text = DatumGetTextPP(connection_datum); + + MemoryContextSwitchTo(oldcxt); + + result = text_to_cstring(connection_text); + + MemoryContextReset(tempContext); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 28f4e11e30f..ac13a084cce 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5580,6 +5580,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -11025,6 +11027,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -11054,6 +11066,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 718408bb599..75d4c94be86 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -5055,7 +5055,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -5161,7 +5161,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -5767,7 +5769,7 @@ InitializeLogRepWorker(void) */ LockSharedObject(SubscriptionRelationId, MyLogicalRepWorker->subid, 0, AccessShareLock); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -5829,6 +5831,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 27f6be3f0f8..3fa4194a004 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -5120,6 +5120,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -5216,16 +5217,23 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 190000) appendPQExpBufferStr(query, - " s.submaxretention\n"); + " s.submaxretention,\n"); else appendPQExpBuffer(query, - " 0 AS submaxretention\n"); + " 0 AS submaxretention,\n"); + + if (dopt->binary_upgrade && fout->remoteVersion >= 180000) + appendPQExpBufferStr(query, " fs.srvname AS subservername\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n" "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" " ON o.external_id = 'pg_' || s.oid::text \n"); @@ -5255,6 +5263,7 @@ getSubscriptions(Archive *fout) i_subfailover = PQfnumber(res, "subfailover"); i_subretaindeadtuples = PQfnumber(res, "subretaindeadtuples"); i_submaxretention = PQfnumber(res, "submaxretention"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -5276,6 +5285,10 @@ getSubscriptions(Archive *fout) subinfo[i].subenabled = (strcmp(PQgetvalue(res, i, i_subenabled), "t") == 0); + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = (strcmp(PQgetvalue(res, i, i_subbinary), "t") == 0); subinfo[i].substream = *(PQgetvalue(res, i, i_substream)); @@ -5502,9 +5515,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 72a00e1bc20..c720a9697a3 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -719,6 +719,7 @@ typedef struct _SubscriptionInfo bool subfailover; bool subretaindeadtuples; int submaxretention; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index 75a101c6ab5..abb6124abba 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -3839,7 +3839,7 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index d03ab5a4f28..29eaba467b6 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -36,6 +36,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index 55cb9b1eefa..d237a932ebc 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -90,9 +90,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * exceeded max_retention_duration, when * defined */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -199,7 +201,8 @@ typedef struct Subscription #endif /* EXPOSE_TO_CLIENT_CODE */ -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 7e9decd2537..a7e6cf0226a 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index bc7adba4a0f..9729f5b3f68 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4377,6 +4377,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4385,6 +4386,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4400,6 +4402,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 215eb899be3..59c64126bdc 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} -- 2.43.0 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-01-11 04:55 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2026-01-11 04:55 UTC (permalink / raw) To: Shlok Kyal <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2025-12-26 at 13:52 -0800, Jeff Davis wrote: > On Wed, 2025-04-02 at 17:58 +0530, Shlok Kyal wrote: > > I reviewed the patch and I have a comment: > > > > If version is >=18, the query will have 'suboriginremotelsn', > > 'subenabled', 'subfailover' twice. > > Thank you. Fixed and rebased. Attached new version with significant changes: - fixed several issues (including some improper merges in the last rebase) - refactored to share code between postgres_fdw_connection() and connect_pg_server() - added docs in postgres_fdw - added tests in core - bumped postgres_fdw version to 1.3 Regards, Jeff Davis Attachments: [text/x-patch] v16-0001-CREATE-SUBSCRIPTION-.-SERVER.patch (62.0K, 2-v16-0001-CREATE-SUBSCRIPTION-.-SERVER.patch) download | inline diff: From 4d3b9eeef28284a41d96e41e84af25c10e79ba20 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v16] CREATE SUBSCRIPTION ... SERVER. --- CATVERSION BUMP --- Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Reviewed-by: Ashutosh Bapat <[email protected]> Reviewed-by: Shlok Kyal <[email protected]> Discussion: https://postgr.es/m/[email protected] --- contrib/postgres_fdw/Makefile | 2 +- contrib/postgres_fdw/connection.c | 299 +++++++++++------- .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 2 + .../postgres_fdw/postgres_fdw--1.2--1.3.sql | 12 + contrib/postgres_fdw/postgres_fdw.control | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 +++++ doc/src/sgml/postgres-fdw.sgml | 26 ++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 ++- src/backend/commands/foreigncmds.c | 58 +++- src/backend/commands/subscriptioncmds.c | 168 +++++++++- src/backend/foreign/foreign.c | 81 +++++ src/backend/parser/gram.y | 22 ++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 39 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/tab-complete.in.c | 11 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + src/test/regress/expected/subscription.out | 23 ++ src/test/regress/regress.c | 7 + src/test/regress/sql/subscription.sql | 26 ++ 28 files changed, 810 insertions(+), 155 deletions(-) create mode 100644 contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index 8eaf4d263b6..b8c78b58804 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -14,7 +14,7 @@ PG_CPPFLAGS = -I$(libpq_srcdir) SHLIB_LINK_INTERNAL = $(libpq) EXTENSION = postgres_fdw -DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql +DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql postgres_fdw--1.2--1.3.sql REGRESS = postgres_fdw query_cancel ISOLATION = eval_plan_qual diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 487a1a23170..0d2debbead0 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -132,6 +132,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -476,141 +477,159 @@ pgfdw_security_check(const char **keywords, const char **values, UserMapping *us } /* - * Connect to remote server using specified server and user mapping properties. + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case we'll + * just waste a few array slots.) */ -static PGconn * -connect_pg_server(ForeignServer *server, UserMapping *user) +static void +construct_connection_params(ForeignServer *server, UserMapping *user, + const char ***p_keywords, const char ***p_values, + char **p_appname) { - PGconn *volatile conn = NULL; + const char **keywords; + const char **values; + char *appname = NULL; + int n; /* - * Use PG_TRY block to ensure closing connection on error. + * Add 4 extra slots for application_name, fallback_application_name, + * client_encoding, end marker, and 3 extra slots for scram keys and + * required scram pass-through options. */ - PG_TRY(); - { - const char **keywords; - const char **values; - char *appname = NULL; - int n; + n = list_length(server->options) + list_length(user->options) + 4 + 3; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); - /* - * Construct connection params from generic options of ForeignServer - * and UserMapping. (Some of them might not be libpq options, in - * which case we'll just waste a few array slots.) Add 4 extra slots - * for application_name, fallback_application_name, client_encoding, - * end marker, and 3 extra slots for scram keys and required scram - * pass-through options. - */ - n = list_length(server->options) + list_length(user->options) + 4 + 3; - keywords = (const char **) palloc(n * sizeof(char *)); - values = (const char **) palloc(n * sizeof(char *)); + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); - n = 0; - n += ExtractConnectionOptions(server->options, - keywords + n, values + n); - n += ExtractConnectionOptions(user->options, - keywords + n, values + n); - - /* - * Use pgfdw_application_name as application_name if set. - * - * PQconnectdbParams() processes the parameter arrays from start to - * end. If any key word is repeated, the last value is used. Therefore - * note that pgfdw_application_name must be added to the arrays after - * options of ForeignServer are, so that it can override - * application_name set in ForeignServer. - */ - if (pgfdw_application_name && *pgfdw_application_name != '\0') - { - keywords[n] = "application_name"; - values[n] = pgfdw_application_name; - n++; - } + /* + * Use pgfdw_application_name as application_name if set. + * + * PQconnectdbParams() processes the parameter arrays from start to end. + * If any key word is repeated, the last value is used. Therefore note + * that pgfdw_application_name must be added to the arrays after options + * of ForeignServer are, so that it can override application_name set in + * ForeignServer. + */ + if (pgfdw_application_name && *pgfdw_application_name != '\0') + { + keywords[n] = "application_name"; + values[n] = pgfdw_application_name; + n++; + } - /* - * Search the parameter arrays to find application_name setting, and - * replace escape sequences in it with status information if found. - * The arrays are searched backwards because the last value is used if - * application_name is repeatedly set. - */ - for (int i = n - 1; i >= 0; i--) + /* + * Search the parameter arrays to find application_name setting, and + * replace escape sequences in it with status information if found. The + * arrays are searched backwards because the last value is used if + * application_name is repeatedly set. + */ + for (int i = n - 1; i >= 0; i--) + { + if (strcmp(keywords[i], "application_name") == 0 && + *(values[i]) != '\0') { - if (strcmp(keywords[i], "application_name") == 0 && - *(values[i]) != '\0') + /* + * Use this application_name setting if it's not empty string even + * after any escape sequences in it are replaced. + */ + appname = process_pgfdw_appname(values[i]); + if (appname[0] != '\0') { - /* - * Use this application_name setting if it's not empty string - * even after any escape sequences in it are replaced. - */ - appname = process_pgfdw_appname(values[i]); - if (appname[0] != '\0') - { - values[i] = appname; - break; - } - - /* - * This empty application_name is not used, so we set - * values[i] to NULL and keep searching the array to find the - * next one. - */ - values[i] = NULL; - pfree(appname); - appname = NULL; + values[i] = appname; + break; } + + /* + * This empty application_name is not used, so we set values[i] to + * NULL and keep searching the array to find the next one. + */ + values[i] = NULL; + pfree(appname); + appname = NULL; } + } + + *p_appname = appname; - /* Use "postgres_fdw" as fallback_application_name */ - keywords[n] = "fallback_application_name"; - values[n] = "postgres_fdw"; + /* Use "postgres_fdw" as fallback_application_name */ + keywords[n] = "fallback_application_name"; + values[n] = "postgres_fdw"; + n++; + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + /* Add required SCRAM pass-through connection options if it's enabled. */ + if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user)) + { + int len; + int encoded_len; + + keywords[n] = "scram_client_key"; + len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey)); + /* don't forget the zero-terminator */ + values[n] = palloc0(len + 1); + encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey, + sizeof(MyProcPort->scram_ClientKey), + (char *) values[n], len); + if (encoded_len < 0) + elog(ERROR, "could not encode SCRAM client key"); n++; - /* Set client_encoding so that libpq can convert encoding properly. */ - keywords[n] = "client_encoding"; - values[n] = GetDatabaseEncodingName(); + keywords[n] = "scram_server_key"; + len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey)); + /* don't forget the zero-terminator */ + values[n] = palloc0(len + 1); + encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey, + sizeof(MyProcPort->scram_ServerKey), + (char *) values[n], len); + if (encoded_len < 0) + elog(ERROR, "could not encode SCRAM server key"); n++; - /* Add required SCRAM pass-through connection options if it's enabled. */ - if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user)) - { - int len; - int encoded_len; - - keywords[n] = "scram_client_key"; - len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey)); - /* don't forget the zero-terminator */ - values[n] = palloc0(len + 1); - encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey, - sizeof(MyProcPort->scram_ClientKey), - (char *) values[n], len); - if (encoded_len < 0) - elog(ERROR, "could not encode SCRAM client key"); - n++; - - keywords[n] = "scram_server_key"; - len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey)); - /* don't forget the zero-terminator */ - values[n] = palloc0(len + 1); - encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey, - sizeof(MyProcPort->scram_ServerKey), - (char *) values[n], len); - if (encoded_len < 0) - elog(ERROR, "could not encode SCRAM server key"); - n++; + /* + * Require scram-sha-256 to ensure that no other auth method is used + * when connecting with foreign server. + */ + keywords[n] = "require_auth"; + values[n] = "scram-sha-256"; + n++; + } - /* - * Require scram-sha-256 to ensure that no other auth method is - * used when connecting with foreign server. - */ - keywords[n] = "require_auth"; - values[n] = "scram-sha-256"; - n++; - } + keywords[n] = values[n] = NULL; + + /* Verify the set of connection parameters. */ + check_conn_params(keywords, values, user); - keywords[n] = values[n] = NULL; + *p_keywords = keywords; + *p_values = values; +} + +/* + * Connect to remote server using specified server and user mapping properties. + */ +static PGconn * +connect_pg_server(ForeignServer *server, UserMapping *user) +{ + PGconn *volatile conn = NULL; + + /* + * Use PG_TRY block to ensure closing connection on error. + */ + PG_TRY(); + { + const char **keywords; + const char **values; + char *appname; - /* Verify the set of connection parameters. */ - check_conn_params(keywords, values, user); + construct_connection_params(server, user, &keywords, &values, &appname); /* first time, allocate or get the custom wait event */ if (pgfdw_we_connect == 0) @@ -2308,6 +2327,56 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + char *appname; + char *sep = ""; + + construct_connection_params(server, user, &keywords, &values, &appname); + + initStringInfo(&str); + for (int i = 0; keywords[i] != NULL; i++) + { + if (values[i] == NULL) + continue; + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + if (appname != NULL) + pfree(appname); + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 6066510c7c0..ddfd238c50a 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -255,6 +255,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index ea4cd9fcd46..3e2ed06b766 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -27,6 +27,7 @@ install_data( 'postgres_fdw--1.0.sql', 'postgres_fdw--1.0--1.1.sql', 'postgres_fdw--1.1--1.2.sql', + 'postgres_fdw--1.2--1.3.sql', kwargs: contrib_data_args, ) @@ -50,6 +51,7 @@ tests += { 'tap': { 'tests': [ 't/001_auth_scram.pl', + 't/010_subscription.pl', ], }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql b/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql new file mode 100644 index 00000000000..5bcf0ba2e09 --- /dev/null +++ b/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql @@ -0,0 +1,12 @@ +/* contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION postgres_fdw UPDATE TO '1.3'" to load this file. \quit + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT PARALLEL RESTRICTED; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/postgres_fdw.control b/contrib/postgres_fdw/postgres_fdw.control index a4b800be4fc..ae2963d480d 100644 --- a/contrib/postgres_fdw/postgres_fdw.control +++ b/contrib/postgres_fdw/postgres_fdw.control @@ -1,5 +1,5 @@ # postgres_fdw extension comment = 'foreign-data wrapper for remote PostgreSQL servers' -default_version = '1.2' +default_version = '1.3' module_pathname = '$libdir/postgres_fdw' relocatable = true diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 4f7ab2ed0ac..0c7bf1144f8 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -244,6 +244,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..a39e8fdbba4 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml index 9b032fbf675..da716bd70b9 100644 --- a/doc/src/sgml/postgres-fdw.sgml +++ b/doc/src/sgml/postgres-fdw.sgml @@ -1049,6 +1049,32 @@ postgres=# SELECT postgres_fdw_disconnect_all(); </para> </sect2> + <sect2 id="postgres-fdw-server-subscription"> + <title>Subscription Management</title> + + <para> + <filename>postgres_fdw</filename> supports subscription connections using + the same options described in <xref + linkend="postgres-fdw-options-connection"/>. + </para> + + <para> + For example, assuming the remote server <literal>foreign-host</literal> has + a publication <literal>testpub</literal>: +<programlisting> +CREATE SERVER subscription_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'foreign-host', dbname 'foreign_db'); +CREATE USER MAPPING FOR local_user SERVER subscription_server OPTIONS (user 'foreign_user', password 'password'); +CREATE SUBSCRIPTION my_subscription SERVER subscription_server PUBLICATION testpub; +</programlisting> + </para> + + <para> + To create a subscription, the user must be a member of the <xref + linkend="predefined-role-pg-create-subscription"/> role and have + <literal>USAGE</literal> privileges on the server. + </para> + </sect2> + <sect2 id="postgres-fdw-transaction-management"> <title>Transaction Management</title> diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 27c06439f4f..636307605e1 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -102,13 +103,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index b7dd361294b..e9a60e70718 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 2b103245290..7fe83bd4436 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -108,10 +111,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->retentionactive = subform->subretentionactive; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index b56d1ad6785..45681235782 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -522,21 +522,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -556,6 +588,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -575,8 +614,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -620,10 +661,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -695,8 +738,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -726,7 +771,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -764,6 +810,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index d6674f20fc2..0ae766e57e0 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -27,13 +27,16 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -593,6 +596,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -695,15 +699,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.synchronous_commit == NULL) opts.synchronous_commit = "off"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -733,8 +762,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Int32GetDatum(opts.maxretention); values[Anum_pg_subscription_subretentionactive - 1] = Int32GetDatum(opts.retaindeadtuples); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -755,6 +788,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + /* * A replication origin is currently created for all subscriptions, * including those that only contain sequences or are otherwise empty. @@ -908,8 +953,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled || opts.retaindeadtuples) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1373,7 +1416,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); retain_dead_tuples = sub->retaindeadtuples; origin = sub->origin; @@ -1398,6 +1448,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1708,7 +1760,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -1993,8 +2117,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -2081,9 +2203,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -2182,6 +2323,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index b912a06dd15..4e18bade409 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -72,6 +72,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -176,6 +177,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -191,6 +217,61 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + static MemoryContext tempContext = NULL; + MemoryContext oldcxt; + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + text *connection_text; + char *result; + + /* + * GetForeignServer, GetForeignDataWrapper, and the connection function + * itself all leak memory into CurrentMemoryContext. Switch to a temporary + * context for easy cleanup. + */ + if (tempContext == NULL) + { + tempContext = AllocSetContextCreate(TopMemoryContext, + "FDWConnectionContext", + ALLOCSET_DEFAULT_SIZES); + } + + oldcxt = MemoryContextSwitchTo(tempContext); + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + + if (!OidIsValid(fdw->fdwconnection)) + ereport(ERROR, + (errmsg("foreign data wrapper \"%s\" does not support subscription connections", + fdw->fdwname), + errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); + + + connection_datum = OidFunctionCall3(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid), + PointerGetDatum(NULL)); + + connection_text = DatumGetTextPP(connection_datum); + + MemoryContextSwitchTo(oldcxt); + + result = text_to_cstring(connection_text); + + MemoryContextReset(tempContext); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 713ee5c10a2..f90fad2fd4d 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5580,6 +5580,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -11030,6 +11032,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -11059,6 +11071,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index ad281e7069b..07612525f30 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -5055,7 +5055,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -5161,7 +5161,9 @@ maybe_reread_subscription(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, int cacheid, uint32 hashvalue) @@ -5767,7 +5769,7 @@ InitializeLogRepWorker(void) */ LockSharedObject(SubscriptionRelationId, MyLogicalRepWorker->subid, 0, AccessShareLock); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -5829,6 +5831,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index b9e0edf8755..153f04ac403 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -5121,6 +5121,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -5217,14 +5218,24 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 190000) appendPQExpBufferStr(query, - " s.submaxretention\n"); + " s.submaxretention,\n"); else appendPQExpBuffer(query, - " 0 AS submaxretention\n"); + " 0 AS submaxretention,\n"); + + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, " fs.srvname AS subservername\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n"); + if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" @@ -5256,6 +5267,7 @@ getSubscriptions(Archive *fout) i_subfailover = PQfnumber(res, "subfailover"); i_subretaindeadtuples = PQfnumber(res, "subretaindeadtuples"); i_submaxretention = PQfnumber(res, "submaxretention"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -5277,6 +5289,10 @@ getSubscriptions(Archive *fout) subinfo[i].subenabled = (strcmp(PQgetvalue(res, i, i_subenabled), "t") == 0); + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = (strcmp(PQgetvalue(res, i, i_subbinary), "t") == 0); subinfo[i].substream = *(PQgetvalue(res, i, i_substream)); @@ -5293,8 +5309,11 @@ getSubscriptions(Archive *fout) (strcmp(PQgetvalue(res, i, i_subretaindeadtuples), "t") == 0); subinfo[i].submaxretention = atoi(PQgetvalue(res, i, i_submaxretention)); - subinfo[i].subconninfo = - pg_strdup(PQgetvalue(res, i, i_subconninfo)); + if (PQgetisnull(res, i, i_subconninfo)) + subinfo[i].subconninfo = NULL; + else + subinfo[i].subconninfo = + pg_strdup(PQgetvalue(res, i, i_subconninfo)); if (PQgetisnull(res, i, i_subslotname)) subinfo[i].subslotname = NULL; else @@ -5503,9 +5522,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 4c4b14e5fc7..c546651dacc 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -719,6 +719,7 @@ typedef struct _SubscriptionInfo bool subfailover; bool subretaindeadtuples; int submaxretention; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index 8b91bc00062..c587e9ba948 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -2332,7 +2332,7 @@ match_previous_words(int pattern_id, else if (Matches("ALTER", "SUBSCRIPTION", MatchAny)) COMPLETE_WITH("CONNECTION", "ENABLE", "DISABLE", "OWNER TO", "RENAME TO", "REFRESH PUBLICATION", "REFRESH SEQUENCES", - "SET", "SKIP (", "ADD PUBLICATION", "DROP PUBLICATION"); + "SERVER", "SET", "SKIP (", "ADD PUBLICATION", "DROP PUBLICATION"); /* ALTER SUBSCRIPTION <name> REFRESH */ else if (Matches("ALTER", "SUBSCRIPTION", MatchAny, MatchAnyN, "REFRESH")) COMPLETE_WITH("PUBLICATION", "SEQUENCES"); @@ -3848,9 +3848,16 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); + else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "SERVER", MatchAny)) + COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); + else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "SERVER", + MatchAny, "PUBLICATION")) + { + /* complete with nothing here as this refers to remote publications */ + } else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny, "PUBLICATION")) { diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index d47bf467810..ad0569b0680 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -36,6 +36,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index f3571d2bfcf..332e7becffa 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -90,9 +90,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * exceeded max_retention_duration, when * defined */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -199,7 +201,8 @@ typedef struct Subscription #endif /* EXPOSE_TO_CLIENT_CODE */ -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index c185d1458a2..65ed9a7f987 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index aac4bfc70d9..a81877bbf11 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4378,6 +4378,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4386,6 +4387,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4401,6 +4403,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 215eb899be3..59c64126bdc 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index b3eccd8afe3..18a146ec8a0 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -1,6 +1,14 @@ -- -- SUBSCRIPTION -- +-- directory paths and dlsuffix are passed to us in environment variables +\getenv libdir PG_LIBDIR +\getenv dlsuffix PG_DLSUFFIX +\set regresslib :libdir '/regress' :dlsuffix +CREATE FUNCTION test_fdw_connection(oid, oid, internal) + RETURNS text + AS :'regresslib', 'test_fdw_connection' + LANGUAGE C; CREATE ROLE regress_subscription_user LOGIN SUPERUSER; CREATE ROLE regress_subscription_user2; CREATE ROLE regress_subscription_user3 IN ROLE pg_create_subscription; @@ -140,6 +148,21 @@ ERROR: invalid connection string syntax: invalid connection option "i_dont_exis -- connecting, so this is reliable and safe) CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; ERROR: subscription "regress_testsub5" could not connect to the publisher: invalid port number: "-1" +CREATE FOREIGN DATA WRAPPER test_fdw; +CREATE SERVER test_server FOREIGN DATA WRAPPER test_fdw; +CREATE USER MAPPING FOR regress_subscription_user SERVER test_server; +-- fail, need CONNECTION clause +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: foreign data wrapper "test_fdw" does not support subscription connections +DETAIL: Foreign data wrapper must be defined with CONNECTION specified. +ALTER FOREIGN DATA WRAPPER test_fdw CONNECTION test_fdw_connection; +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user SERVER test_server; +DROP SERVER test_server; +DROP FOREIGN DATA WRAPPER test_fdw; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string diff --git a/src/test/regress/regress.c b/src/test/regress/regress.c index ce5f5f9eb19..f67075cae32 100644 --- a/src/test/regress/regress.c +++ b/src/test/regress/regress.c @@ -729,6 +729,13 @@ test_fdw_handler(PG_FUNCTION_ARGS) PG_RETURN_NULL(); } +PG_FUNCTION_INFO_V1(test_fdw_connection); +Datum +test_fdw_connection(PG_FUNCTION_ARGS) +{ + PG_RETURN_TEXT_P(cstring_to_text("dbname=regress_doesnotexist")); +} + PG_FUNCTION_INFO_V1(is_catalog_text_unique_index_oid); Datum is_catalog_text_unique_index_oid(PG_FUNCTION_ARGS) diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index ef0c298d2df..044809f667b 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -2,6 +2,17 @@ -- SUBSCRIPTION -- +-- directory paths and dlsuffix are passed to us in environment variables +\getenv libdir PG_LIBDIR +\getenv dlsuffix PG_DLSUFFIX + +\set regresslib :libdir '/regress' :dlsuffix + +CREATE FUNCTION test_fdw_connection(oid, oid, internal) + RETURNS text + AS :'regresslib', 'test_fdw_connection' + LANGUAGE C; + CREATE ROLE regress_subscription_user LOGIN SUPERUSER; CREATE ROLE regress_subscription_user2; CREATE ROLE regress_subscription_user3 IN ROLE pg_create_subscription; @@ -85,6 +96,21 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'i_dont_exist=param' PUBLICATION -- connecting, so this is reliable and safe) CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; +CREATE FOREIGN DATA WRAPPER test_fdw; +CREATE SERVER test_server FOREIGN DATA WRAPPER test_fdw; +CREATE USER MAPPING FOR regress_subscription_user SERVER test_server; + +-- fail, need CONNECTION clause +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +ALTER FOREIGN DATA WRAPPER test_fdw CONNECTION test_fdw_connection; +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user SERVER test_server; +DROP SERVER test_server; +DROP FOREIGN DATA WRAPPER test_fdw; + -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; -- 2.43.0 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-02 21:34 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 2 replies; 63+ messages in thread From: Jeff Davis @ 2026-03-02 21:34 UTC (permalink / raw) To: Masahiko Sawada <[email protected]>; +Cc: Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Thu, 2026-02-26 at 11:12 -0800, Jeff Davis wrote: > On Wed, 2026-02-04 at 13:53 +0900, Masahiko Sawada wrote: > > I've reviewed the latest patch set. I understand the motivation > > behind > > this proposal and find it useful. > > Thank you, that's important feedback. Attached v18: * rebase * Changed ForeignServerConnectionString() to use a local variable rather than a static. It's not very performance-sensitive, so it's OK to create a memory context for each invocation, which will be deleted. I'm not aware of an actual problem in the previous code, but it seemed a bit less safe. I plan to commit the main patch (v18-0001) soon, after rechecking some details (like the postgres_fdw upgrade). v18-0002 could use some review first. Regards, Jeff Davis Attachments: [text/x-patch] v18-0001-CREATE-SUBSCRIPTION-.-SERVER.patch (128.1K, 2-v18-0001-CREATE-SUBSCRIPTION-.-SERVER.patch) download | inline diff: From c94f3e31aeb2663349a1a5ab1136410d38e3131c Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v18 1/2] CREATE SUBSCRIPTION ... SERVER. --- CATVERSION BUMP --- Allow specifying a foreign server for CREATE SUBSCRIPTION, rather than a raw connection string with CONNECTION. Using a foreign server as a layer of indirection improves management of multiple subscriptions to the same server. It also provides integration with user mappings in case different subscriptions have different owners or a subscription changes owners. Reviewed-by: Ashutosh Bapat <[email protected]> Reviewed-by: Shlok Kyal <[email protected]> Reviewed-by: Masahiko Sawada <[email protected]> Discussion: https://postgr.es/m/[email protected] --- contrib/postgres_fdw/Makefile | 2 +- contrib/postgres_fdw/connection.c | 299 +++++++++++------- .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 2 + .../postgres_fdw/postgres_fdw--1.2--1.3.sql | 12 + contrib/postgres_fdw/postgres_fdw.control | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 +++++ doc/src/sgml/logical-replication.sgml | 4 +- doc/src/sgml/postgres-fdw.sgml | 26 ++ .../sgml/ref/alter_foreign_data_wrapper.sgml | 20 ++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- .../sgml/ref/create_foreign_data_wrapper.sgml | 20 ++ doc/src/sgml/ref/create_server.sgml | 7 + doc/src/sgml/ref/create_subscription.sgml | 11 +- src/backend/catalog/pg_subscription.c | 38 ++- src/backend/commands/foreigncmds.c | 58 +++- src/backend/commands/subscriptioncmds.c | 168 +++++++++- src/backend/foreign/foreign.c | 86 +++++ src/backend/parser/gram.y | 22 ++ src/backend/replication/logical/worker.c | 16 +- src/bin/pg_dump/pg_dump.c | 39 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/describe.c | 6 +- src/bin/psql/tab-complete.in.c | 11 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 7 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 1 + src/test/regress/expected/subscription.out | 199 ++++++------ src/test/regress/regress.c | 7 + src/test/regress/sql/subscription.sql | 26 ++ 33 files changed, 958 insertions(+), 245 deletions(-) create mode 100644 contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index 8eaf4d263b6..b8c78b58804 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -14,7 +14,7 @@ PG_CPPFLAGS = -I$(libpq_srcdir) SHLIB_LINK_INTERNAL = $(libpq) EXTENSION = postgres_fdw -DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql +DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql postgres_fdw--1.2--1.3.sql REGRESS = postgres_fdw query_cancel ISOLATION = eval_plan_qual diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 311936406f2..7e2b822d161 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -132,6 +132,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -477,141 +478,159 @@ pgfdw_security_check(const char **keywords, const char **values, UserMapping *us } /* - * Connect to remote server using specified server and user mapping properties. + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case we'll + * just waste a few array slots.) */ -static PGconn * -connect_pg_server(ForeignServer *server, UserMapping *user) +static void +construct_connection_params(ForeignServer *server, UserMapping *user, + const char ***p_keywords, const char ***p_values, + char **p_appname) { - PGconn *volatile conn = NULL; + const char **keywords; + const char **values; + char *appname = NULL; + int n; /* - * Use PG_TRY block to ensure closing connection on error. + * Add 4 extra slots for application_name, fallback_application_name, + * client_encoding, end marker, and 3 extra slots for scram keys and + * required scram pass-through options. */ - PG_TRY(); - { - const char **keywords; - const char **values; - char *appname = NULL; - int n; + n = list_length(server->options) + list_length(user->options) + 4 + 3; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); - /* - * Construct connection params from generic options of ForeignServer - * and UserMapping. (Some of them might not be libpq options, in - * which case we'll just waste a few array slots.) Add 4 extra slots - * for application_name, fallback_application_name, client_encoding, - * end marker, and 3 extra slots for scram keys and required scram - * pass-through options. - */ - n = list_length(server->options) + list_length(user->options) + 4 + 3; - keywords = (const char **) palloc(n * sizeof(char *)); - values = (const char **) palloc(n * sizeof(char *)); + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); - n = 0; - n += ExtractConnectionOptions(server->options, - keywords + n, values + n); - n += ExtractConnectionOptions(user->options, - keywords + n, values + n); - - /* - * Use pgfdw_application_name as application_name if set. - * - * PQconnectdbParams() processes the parameter arrays from start to - * end. If any key word is repeated, the last value is used. Therefore - * note that pgfdw_application_name must be added to the arrays after - * options of ForeignServer are, so that it can override - * application_name set in ForeignServer. - */ - if (pgfdw_application_name && *pgfdw_application_name != '\0') - { - keywords[n] = "application_name"; - values[n] = pgfdw_application_name; - n++; - } + /* + * Use pgfdw_application_name as application_name if set. + * + * PQconnectdbParams() processes the parameter arrays from start to end. + * If any key word is repeated, the last value is used. Therefore note + * that pgfdw_application_name must be added to the arrays after options + * of ForeignServer are, so that it can override application_name set in + * ForeignServer. + */ + if (pgfdw_application_name && *pgfdw_application_name != '\0') + { + keywords[n] = "application_name"; + values[n] = pgfdw_application_name; + n++; + } - /* - * Search the parameter arrays to find application_name setting, and - * replace escape sequences in it with status information if found. - * The arrays are searched backwards because the last value is used if - * application_name is repeatedly set. - */ - for (int i = n - 1; i >= 0; i--) + /* + * Search the parameter arrays to find application_name setting, and + * replace escape sequences in it with status information if found. The + * arrays are searched backwards because the last value is used if + * application_name is repeatedly set. + */ + for (int i = n - 1; i >= 0; i--) + { + if (strcmp(keywords[i], "application_name") == 0 && + *(values[i]) != '\0') { - if (strcmp(keywords[i], "application_name") == 0 && - *(values[i]) != '\0') + /* + * Use this application_name setting if it's not empty string even + * after any escape sequences in it are replaced. + */ + appname = process_pgfdw_appname(values[i]); + if (appname[0] != '\0') { - /* - * Use this application_name setting if it's not empty string - * even after any escape sequences in it are replaced. - */ - appname = process_pgfdw_appname(values[i]); - if (appname[0] != '\0') - { - values[i] = appname; - break; - } - - /* - * This empty application_name is not used, so we set - * values[i] to NULL and keep searching the array to find the - * next one. - */ - values[i] = NULL; - pfree(appname); - appname = NULL; + values[i] = appname; + break; } + + /* + * This empty application_name is not used, so we set values[i] to + * NULL and keep searching the array to find the next one. + */ + values[i] = NULL; + pfree(appname); + appname = NULL; } + } + + *p_appname = appname; - /* Use "postgres_fdw" as fallback_application_name */ - keywords[n] = "fallback_application_name"; - values[n] = "postgres_fdw"; + /* Use "postgres_fdw" as fallback_application_name */ + keywords[n] = "fallback_application_name"; + values[n] = "postgres_fdw"; + n++; + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + /* Add required SCRAM pass-through connection options if it's enabled. */ + if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user)) + { + int len; + int encoded_len; + + keywords[n] = "scram_client_key"; + len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey)); + /* don't forget the zero-terminator */ + values[n] = palloc0(len + 1); + encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey, + sizeof(MyProcPort->scram_ClientKey), + (char *) values[n], len); + if (encoded_len < 0) + elog(ERROR, "could not encode SCRAM client key"); n++; - /* Set client_encoding so that libpq can convert encoding properly. */ - keywords[n] = "client_encoding"; - values[n] = GetDatabaseEncodingName(); + keywords[n] = "scram_server_key"; + len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey)); + /* don't forget the zero-terminator */ + values[n] = palloc0(len + 1); + encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey, + sizeof(MyProcPort->scram_ServerKey), + (char *) values[n], len); + if (encoded_len < 0) + elog(ERROR, "could not encode SCRAM server key"); n++; - /* Add required SCRAM pass-through connection options if it's enabled. */ - if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user)) - { - int len; - int encoded_len; - - keywords[n] = "scram_client_key"; - len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey)); - /* don't forget the zero-terminator */ - values[n] = palloc0(len + 1); - encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey, - sizeof(MyProcPort->scram_ClientKey), - (char *) values[n], len); - if (encoded_len < 0) - elog(ERROR, "could not encode SCRAM client key"); - n++; - - keywords[n] = "scram_server_key"; - len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey)); - /* don't forget the zero-terminator */ - values[n] = palloc0(len + 1); - encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey, - sizeof(MyProcPort->scram_ServerKey), - (char *) values[n], len); - if (encoded_len < 0) - elog(ERROR, "could not encode SCRAM server key"); - n++; + /* + * Require scram-sha-256 to ensure that no other auth method is used + * when connecting with foreign server. + */ + keywords[n] = "require_auth"; + values[n] = "scram-sha-256"; + n++; + } - /* - * Require scram-sha-256 to ensure that no other auth method is - * used when connecting with foreign server. - */ - keywords[n] = "require_auth"; - values[n] = "scram-sha-256"; - n++; - } + keywords[n] = values[n] = NULL; + + /* Verify the set of connection parameters. */ + check_conn_params(keywords, values, user); - keywords[n] = values[n] = NULL; + *p_keywords = keywords; + *p_values = values; +} + +/* + * Connect to remote server using specified server and user mapping properties. + */ +static PGconn * +connect_pg_server(ForeignServer *server, UserMapping *user) +{ + PGconn *volatile conn = NULL; + + /* + * Use PG_TRY block to ensure closing connection on error. + */ + PG_TRY(); + { + const char **keywords; + const char **values; + char *appname; - /* Verify the set of connection parameters. */ - check_conn_params(keywords, values, user); + construct_connection_params(server, user, &keywords, &values, &appname); /* first time, allocate or get the custom wait event */ if (pgfdw_we_connect == 0) @@ -2310,6 +2329,56 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + char *appname; + char *sep = ""; + + construct_connection_params(server, user, &keywords, &values, &appname); + + initStringInfo(&str); + for (int i = 0; keywords[i] != NULL; i++) + { + if (values[i] == NULL) + continue; + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + if (appname != NULL) + pfree(appname); + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 2ccb72c539a..0f5271d476e 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -255,6 +255,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index ea4cd9fcd46..3e2ed06b766 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -27,6 +27,7 @@ install_data( 'postgres_fdw--1.0.sql', 'postgres_fdw--1.0--1.1.sql', 'postgres_fdw--1.1--1.2.sql', + 'postgres_fdw--1.2--1.3.sql', kwargs: contrib_data_args, ) @@ -50,6 +51,7 @@ tests += { 'tap': { 'tests': [ 't/001_auth_scram.pl', + 't/010_subscription.pl', ], }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql b/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql new file mode 100644 index 00000000000..5bcf0ba2e09 --- /dev/null +++ b/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql @@ -0,0 +1,12 @@ +/* contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION postgres_fdw UPDATE TO '1.3'" to load this file. \quit + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT PARALLEL RESTRICTED; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/postgres_fdw.control b/contrib/postgres_fdw/postgres_fdw.control index a4b800be4fc..ae2963d480d 100644 --- a/contrib/postgres_fdw/postgres_fdw.control +++ b/contrib/postgres_fdw/postgres_fdw.control @@ -1,5 +1,5 @@ # postgres_fdw extension comment = 'foreign-data wrapper for remote PostgreSQL servers' -default_version = '1.2' +default_version = '1.3' module_pathname = '$libdir/postgres_fdw' relocatable = true diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 72d2d9c311b..49ed797e8ef 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -244,6 +244,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..a39e8fdbba4 --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check initial data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/logical-replication.sgml b/doc/src/sgml/logical-replication.sgml index 5028fe9af09..b4e6d5ae3f9 100644 --- a/doc/src/sgml/logical-replication.sgml +++ b/doc/src/sgml/logical-replication.sgml @@ -2573,7 +2573,9 @@ CONTEXT: processing remote data for replication origin "pg_16395" during "INSER <para> To create a subscription, the user must have the privileges of the <literal>pg_create_subscription</literal> role, as well as - <literal>CREATE</literal> privileges on the database. + <literal>CREATE</literal> privileges on the database. If + <literal>SERVER</literal> is specified, the user also must have + <literal>USAGE</literal> privileges on the server. </para> <para> diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml index fcf10e4317e..de69ddcdebc 100644 --- a/doc/src/sgml/postgres-fdw.sgml +++ b/doc/src/sgml/postgres-fdw.sgml @@ -1049,6 +1049,32 @@ postgres=# SELECT postgres_fdw_disconnect_all(); </para> </sect2> + <sect2 id="postgres-fdw-server-subscription"> + <title>Subscription Management</title> + + <para> + <filename>postgres_fdw</filename> supports subscription connections using + the same options described in <xref + linkend="postgres-fdw-options-connection"/>. + </para> + + <para> + For example, assuming the remote server <literal>foreign-host</literal> has + a publication <literal>testpub</literal>: +<programlisting> +CREATE SERVER subscription_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'foreign-host', dbname 'foreign_db'); +CREATE USER MAPPING FOR local_user SERVER subscription_server OPTIONS (user 'foreign_user', password 'password'); +CREATE SUBSCRIPTION my_subscription SERVER subscription_server PUBLICATION testpub; +</programlisting> + </para> + + <para> + To create a subscription, the user must be a member of the <xref + linkend="predefined-role-pg-create-subscription"/> role and have + <literal>USAGE</literal> privileges on the server. + </para> + </sect2> + <sect2 id="postgres-fdw-transaction-management"> <title>Transaction Management</title> diff --git a/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml b/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml index dc0957d965a..640c02893cf 100644 --- a/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml +++ b/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml @@ -24,6 +24,7 @@ PostgreSQL documentation ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> [ HANDLER <replaceable class="parameter">handler_function</replaceable> | NO HANDLER ] [ VALIDATOR <replaceable class="parameter">validator_function</replaceable> | NO VALIDATOR ] + [ CONNECTION <replaceable class="parameter">connection_function</replaceable> | NO CONNECTION ] [ OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ]) ] ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> OWNER TO { <replaceable>new_owner</replaceable> | CURRENT_ROLE | CURRENT_USER | SESSION_USER } ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable> @@ -112,6 +113,25 @@ ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> REN </listitem> </varlistentry> + <varlistentry> + <term><literal>CONNECTION <replaceable class="parameter">connection_function</replaceable></literal></term> + <listitem> + <para> + Specifies a new connection function for the foreign-data wrapper. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>NO CONNECTION</literal></term> + <listitem> + <para> + This is used to specify that the foreign-data wrapper should no + longer have a connection function. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 5318998e80c..f215fb0e5a2 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -102,13 +103,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_foreign_data_wrapper.sgml b/doc/src/sgml/ref/create_foreign_data_wrapper.sgml index 0fcba18a347..7b83f500b25 100644 --- a/doc/src/sgml/ref/create_foreign_data_wrapper.sgml +++ b/doc/src/sgml/ref/create_foreign_data_wrapper.sgml @@ -24,6 +24,7 @@ PostgreSQL documentation CREATE FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> [ HANDLER <replaceable class="parameter">handler_function</replaceable> | NO HANDLER ] [ VALIDATOR <replaceable class="parameter">validator_function</replaceable> | NO VALIDATOR ] + [ CONNECTION <replaceable class="parameter">connection_function</replaceable> | NO CONNECTION ] [ OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] ) ] </synopsis> </refsynopsisdiv> @@ -99,6 +100,25 @@ CREATE FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> </listitem> </varlistentry> + <varlistentry> + <term><literal>CONNECTION <replaceable class="parameter">connection_function</replaceable></literal></term> + <listitem> + <para> + <replaceable class="parameter">connection_function</replaceable> is the + name of a previously registered function that will be called to generate + the postgres connection string when a foreign server is used as part of + <xref linkend="sql-createsubscription"/>. If no connection function or + <literal>NO CONNECTION</literal> is specified, then servers using this + foreign data wrapper cannot be used for <literal>CREATE + SUBSCRIPTION</literal>. The connection function must take three + arguments: one of type <type>oid</type> for the user, one of type + <type>oid</type> for the server, and an unused third argument of type + <type>internal</type> (which prevents calling the function in other + contexts). + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/create_server.sgml b/doc/src/sgml/ref/create_server.sgml index 05f4019453b..ce4a064eabb 100644 --- a/doc/src/sgml/ref/create_server.sgml +++ b/doc/src/sgml/ref/create_server.sgml @@ -42,6 +42,13 @@ CREATE SERVER [ IF NOT EXISTS ] <replaceable class="parameter">server_name</repl means of user mappings. </para> + <para> + If the foreign data wrapper <replaceable>fdw_name</replaceable> is + specified with a <literal>CONNECTION</literal> clause, then <xref + linkend="sql-createsubscription"/> may use this foreign server for + connection information. + </para> + <para> The server name must be unique within the database. </para> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index eb0cc645d8f..2ca7e0e6826 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,15 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index acf42b853ed..3673d4f0bc1 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -108,10 +111,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->retentionactive = subform->subretentionactive; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index b56d1ad6785..45681235782 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -522,21 +522,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -556,6 +588,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -575,8 +614,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -620,10 +661,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -695,8 +738,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -726,7 +771,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -764,6 +810,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 5e3c0964d38..091e7b7372d 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -27,13 +27,16 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -619,6 +622,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -730,15 +734,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.wal_receiver_timeout == NULL) opts.wal_receiver_timeout = "-1"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -768,8 +797,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Int32GetDatum(opts.maxretention); values[Anum_pg_subscription_subretentionactive - 1] = Int32GetDatum(opts.retaindeadtuples); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -792,6 +825,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + /* * A replication origin is currently created for all subscriptions, * including those that only contain sequences or are otherwise empty. @@ -945,8 +990,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled || opts.retaindeadtuples) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1410,7 +1453,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); retain_dead_tuples = sub->retaindeadtuples; origin = sub->origin; @@ -1435,6 +1485,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1753,7 +1805,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -2038,8 +2162,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -2126,9 +2248,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -2227,6 +2368,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index b912a06dd15..c53699959ea 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -72,6 +72,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -176,6 +177,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -191,6 +217,66 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + MemoryContext tempContext; + MemoryContext oldcxt; + volatile text *connection_text = NULL; + char *result = NULL; + + /* + * GetForeignServer, GetForeignDataWrapper, and the connection function + * itself all leak memory into CurrentMemoryContext. Switch to a temporary + * context for easy cleanup. + */ + tempContext = AllocSetContextCreate(CurrentMemoryContext, + "FDWConnectionContext", + ALLOCSET_SMALL_SIZES); + + oldcxt = MemoryContextSwitchTo(tempContext); + + PG_TRY(); + { + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + + if (!OidIsValid(fdw->fdwconnection)) + ereport(ERROR, + (errmsg("foreign data wrapper \"%s\" does not support subscription connections", + fdw->fdwname), + errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); + + + connection_datum = OidFunctionCall3(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid), + PointerGetDatum(NULL)); + + connection_text = DatumGetTextPP(connection_datum); + } + PG_FINALLY(); + { + MemoryContextSwitchTo(oldcxt); + + if (connection_text) + result = text_to_cstring((text *) connection_text); + + MemoryContextDelete(tempContext); + } + PG_END_TRY(); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index c567252acc4..014a3ec3783 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5580,6 +5580,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -11030,6 +11032,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -11059,6 +11071,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index f9c4b484754..7ac986eb07a 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -5058,7 +5058,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -5200,7 +5200,9 @@ set_wal_receiver_timeout(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue) @@ -5805,7 +5807,7 @@ InitializeLogRepWorker(void) */ LockSharedObject(SubscriptionRelationId, MyLogicalRepWorker->subid, 0, AccessShareLock); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -5870,6 +5872,14 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Keep us informed about subscription changes. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index dd8adef0a3e..0e94edeec20 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -5109,6 +5109,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -5213,14 +5214,24 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 190000) appendPQExpBufferStr(query, - " s.subwalrcvtimeout\n"); + " s.subwalrcvtimeout,\n"); else appendPQExpBufferStr(query, - " '-1' AS subwalrcvtimeout\n"); + " '-1' AS subwalrcvtimeout,\n"); + + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, " fs.srvname AS subservername\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n"); + if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" @@ -5252,6 +5263,7 @@ getSubscriptions(Archive *fout) i_subfailover = PQfnumber(res, "subfailover"); i_subretaindeadtuples = PQfnumber(res, "subretaindeadtuples"); i_submaxretention = PQfnumber(res, "submaxretention"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -5274,6 +5286,10 @@ getSubscriptions(Archive *fout) subinfo[i].subenabled = (strcmp(PQgetvalue(res, i, i_subenabled), "t") == 0); + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = (strcmp(PQgetvalue(res, i, i_subbinary), "t") == 0); subinfo[i].substream = *(PQgetvalue(res, i, i_substream)); @@ -5290,8 +5306,11 @@ getSubscriptions(Archive *fout) (strcmp(PQgetvalue(res, i, i_subretaindeadtuples), "t") == 0); subinfo[i].submaxretention = atoi(PQgetvalue(res, i, i_submaxretention)); - subinfo[i].subconninfo = - pg_strdup(PQgetvalue(res, i, i_subconninfo)); + if (PQgetisnull(res, i, i_subconninfo)) + subinfo[i].subconninfo = NULL; + else + subinfo[i].subconninfo = + pg_strdup(PQgetvalue(res, i, i_subconninfo)); if (PQgetisnull(res, i, i_subslotname)) subinfo[i].subslotname = NULL; else @@ -5502,9 +5521,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 6deceef23f3..41ed470969c 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -719,6 +719,7 @@ typedef struct _SubscriptionInfo bool subfailover; bool subretaindeadtuples; int submaxretention; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c index ab13c90ed33..cada709b995 100644 --- a/src/bin/psql/describe.c +++ b/src/bin/psql/describe.c @@ -6816,7 +6816,7 @@ describeSubscriptions(const char *pattern, bool verbose) printQueryOpt myopt = pset.popt; static const bool translate_columns[] = {false, false, false, false, false, false, false, false, false, false, false, false, false, false, - false, false, false, false, false, false}; + false, false, false, false, false, false, false}; if (pset.sversion < 100000) { @@ -6886,6 +6886,10 @@ describeSubscriptions(const char *pattern, bool verbose) gettext_noop("Failover")); if (pset.sversion >= 190000) { + appendPQExpBuffer(&buf, + ", (select srvname from pg_foreign_server where oid=subserver) AS \"%s\"\n", + gettext_noop("Server")); + appendPQExpBuffer(&buf, ", subretaindeadtuples AS \"%s\"\n", gettext_noop("Retain dead tuples")); diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index 987cce820b9..e3697c17502 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -2332,7 +2332,7 @@ match_previous_words(int pattern_id, else if (Matches("ALTER", "SUBSCRIPTION", MatchAny)) COMPLETE_WITH("CONNECTION", "ENABLE", "DISABLE", "OWNER TO", "RENAME TO", "REFRESH PUBLICATION", "REFRESH SEQUENCES", - "SET", "SKIP (", "ADD PUBLICATION", "DROP PUBLICATION"); + "SERVER", "SET", "SKIP (", "ADD PUBLICATION", "DROP PUBLICATION"); /* ALTER SUBSCRIPTION <name> REFRESH */ else if (Matches("ALTER", "SUBSCRIPTION", MatchAny, MatchAnyN, "REFRESH")) COMPLETE_WITH("PUBLICATION", "SEQUENCES"); @@ -3860,9 +3860,16 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); + else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "SERVER", MatchAny)) + COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); + else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "SERVER", + MatchAny, "PUBLICATION")) + { + /* complete with nothing here as this refers to remote publications */ + } else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny, "PUBLICATION")) { diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index e6009069e82..3d8389de65e 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -38,6 +38,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index c369b5abfb3..bba7a0b68a6 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -92,9 +92,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * exceeded max_retention_duration, when * defined */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -207,7 +209,8 @@ typedef struct Subscription #endif /* EXPOSE_TO_CLIENT_CODE */ -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index c185d1458a2..65ed9a7f987 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index f37131835be..12e357e8316 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4380,6 +4380,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4388,6 +4389,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4403,6 +4405,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 25aaae8d05a..8768ce30b6a 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index a5fdfe68a0e..3fd8a18b73a 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -1,6 +1,14 @@ -- -- SUBSCRIPTION -- +-- directory paths and dlsuffix are passed to us in environment variables +\getenv libdir PG_LIBDIR +\getenv dlsuffix PG_DLSUFFIX +\set regresslib :libdir '/regress' :dlsuffix +CREATE FUNCTION test_fdw_connection(oid, oid, internal) + RETURNS text + AS :'regresslib', 'test_fdw_connection' + LANGUAGE C; CREATE ROLE regress_subscription_user LOGIN SUPERUSER; CREATE ROLE regress_subscription_user2; CREATE ROLE regress_subscription_user3 IN ROLE pg_create_subscription; @@ -116,18 +124,18 @@ CREATE SUBSCRIPTION regress_testsub4 CONNECTION 'dbname=regress_doesnotexist' PU WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ regress_testsub4 - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description -------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | none | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | none | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub4 SET (origin = any); \dRs+ regress_testsub4 - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description -------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) DROP SUBSCRIPTION regress_testsub3; @@ -140,15 +148,30 @@ ERROR: invalid connection string syntax: invalid connection option "i_dont_exis -- connecting, so this is reliable and safe) CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; ERROR: subscription "regress_testsub5" could not connect to the publisher: invalid port number: "-1" +CREATE FOREIGN DATA WRAPPER test_fdw; +CREATE SERVER test_server FOREIGN DATA WRAPPER test_fdw; +CREATE USER MAPPING FOR regress_subscription_user SERVER test_server; +-- fail, need CONNECTION clause +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: foreign data wrapper "test_fdw" does not support subscription connections +DETAIL: Foreign data wrapper must be defined with CONNECTION specified. +ALTER FOREIGN DATA WRAPPER test_fdw CONNECTION test_fdw_connection; +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user SERVER test_server; +DROP SERVER test_server; +DROP FOREIGN DATA WRAPPER test_fdw; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | test subscription (1 row) ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); @@ -157,10 +180,10 @@ ALTER SUBSCRIPTION regress_testsub SET (slot_name = 'newname'); ALTER SUBSCRIPTION regress_testsub SET (password_required = false); ALTER SUBSCRIPTION regress_testsub SET (run_as_owner = true); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | f | t | f | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | f | t | f | | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription (1 row) ALTER SUBSCRIPTION regress_testsub SET (password_required = true); @@ -176,10 +199,10 @@ ERROR: unrecognized subscription parameter: "create_slot" -- ok ALTER SUBSCRIPTION regress_testsub SKIP (lsn = '0/12345'); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00012345 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00012345 | test subscription (1 row) -- ok - with lsn = NONE @@ -188,10 +211,10 @@ ALTER SUBSCRIPTION regress_testsub SKIP (lsn = NONE); ALTER SUBSCRIPTION regress_testsub SKIP (lsn = '0/0'); ERROR: invalid WAL location (LSN): 0/0 \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription (1 row) BEGIN; @@ -227,10 +250,10 @@ ALTER SUBSCRIPTION regress_testsub_foo SET (wal_receiver_timeout = '80s'); ALTER SUBSCRIPTION regress_testsub_foo SET (wal_receiver_timeout = 'foobar'); ERROR: invalid value for parameter "wal_receiver_timeout": "foobar" \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ----------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub_foo | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | f | 0 | f | local | dbname=regress_doesnotexist2 | 80s | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +---------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub_foo | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | | f | 0 | f | local | dbname=regress_doesnotexist2 | 80s | 0/00000000 | test subscription (1 row) -- rename back to keep the rest simple @@ -259,19 +282,19 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | t | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | t | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (binary = false); ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) DROP SUBSCRIPTION regress_testsub; @@ -283,27 +306,27 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | on | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | on | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (streaming = parallel); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (streaming = false); ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- fail - publication already exists @@ -318,10 +341,10 @@ ALTER SUBSCRIPTION regress_testsub ADD PUBLICATION testpub1, testpub2 WITH (refr ALTER SUBSCRIPTION regress_testsub ADD PUBLICATION testpub1, testpub2 WITH (refresh = false); ERROR: publication "testpub1" is already in subscription "regress_testsub" \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-----------------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub,testpub1,testpub2} | f | off | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-----------------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub,testpub1,testpub2} | f | off | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- fail - publication used more than once @@ -336,10 +359,10 @@ ERROR: publication "testpub3" is not in subscription "regress_testsub" -- ok - delete publications ALTER SUBSCRIPTION regress_testsub DROP PUBLICATION testpub1, testpub2 WITH (refresh = false); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) DROP SUBSCRIPTION regress_testsub; @@ -375,19 +398,19 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | p | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | p | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- we can alter streaming when two_phase enabled ALTER SUBSCRIPTION regress_testsub SET (streaming = true); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -397,10 +420,10 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -413,18 +436,18 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (disable_on_error = true); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | t | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | t | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -437,10 +460,10 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -454,19 +477,19 @@ NOTICE: max_retention_duration is ineffective when retain_dead_tuples is disabl WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 1000 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 1000 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- ok ALTER SUBSCRIPTION regress_testsub SET (max_retention_duration = 0); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); diff --git a/src/test/regress/regress.c b/src/test/regress/regress.c index a02f41c9727..158c7b7a4c0 100644 --- a/src/test/regress/regress.c +++ b/src/test/regress/regress.c @@ -729,6 +729,13 @@ test_fdw_handler(PG_FUNCTION_ARGS) PG_RETURN_NULL(); } +PG_FUNCTION_INFO_V1(test_fdw_connection); +Datum +test_fdw_connection(PG_FUNCTION_ARGS) +{ + PG_RETURN_TEXT_P(cstring_to_text("dbname=regress_doesnotexist")); +} + PG_FUNCTION_INFO_V1(is_catalog_text_unique_index_oid); Datum is_catalog_text_unique_index_oid(PG_FUNCTION_ARGS) diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index d93cbc279d9..990d75f1749 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -2,6 +2,17 @@ -- SUBSCRIPTION -- +-- directory paths and dlsuffix are passed to us in environment variables +\getenv libdir PG_LIBDIR +\getenv dlsuffix PG_DLSUFFIX + +\set regresslib :libdir '/regress' :dlsuffix + +CREATE FUNCTION test_fdw_connection(oid, oid, internal) + RETURNS text + AS :'regresslib', 'test_fdw_connection' + LANGUAGE C; + CREATE ROLE regress_subscription_user LOGIN SUPERUSER; CREATE ROLE regress_subscription_user2; CREATE ROLE regress_subscription_user3 IN ROLE pg_create_subscription; @@ -85,6 +96,21 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'i_dont_exist=param' PUBLICATION -- connecting, so this is reliable and safe) CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; +CREATE FOREIGN DATA WRAPPER test_fdw; +CREATE SERVER test_server FOREIGN DATA WRAPPER test_fdw; +CREATE USER MAPPING FOR regress_subscription_user SERVER test_server; + +-- fail, need CONNECTION clause +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +ALTER FOREIGN DATA WRAPPER test_fdw CONNECTION test_fdw_connection; +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user SERVER test_server; +DROP SERVER test_server; +DROP FOREIGN DATA WRAPPER test_fdw; + -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; -- 2.43.0 [text/x-patch] v18-0002-dblink-support-foreign-data-wrapper-CONNECTION-c.patch (9.3K, 3-v18-0002-dblink-support-foreign-data-wrapper-CONNECTION-c.patch) download | inline diff: From f49c1d57dd26f0c7c76b794df14963aae5226181 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Thu, 26 Feb 2026 10:42:08 -0800 Subject: [PATCH v18 2/2] dblink: support foreign data wrapper CONNECTION clause. --- contrib/dblink/Makefile | 2 +- contrib/dblink/dblink--1.2--1.3.sql | 12 ++ .../{dblink--1.2.sql => dblink--1.3.sql} | 11 +- contrib/dblink/dblink.c | 163 +++++++++--------- contrib/dblink/dblink.control | 2 +- contrib/dblink/meson.build | 3 +- 6 files changed, 109 insertions(+), 84 deletions(-) create mode 100644 contrib/dblink/dblink--1.2--1.3.sql rename contrib/dblink/{dblink--1.2.sql => dblink--1.3.sql} (96%) diff --git a/contrib/dblink/Makefile b/contrib/dblink/Makefile index fde0b49ddbb..caa76c9cb27 100644 --- a/contrib/dblink/Makefile +++ b/contrib/dblink/Makefile @@ -8,7 +8,7 @@ PG_CPPFLAGS = -I$(libpq_srcdir) SHLIB_LINK_INTERNAL = $(libpq) EXTENSION = dblink -DATA = dblink--1.2.sql dblink--1.1--1.2.sql dblink--1.0--1.1.sql +DATA = dblink--1.3.sql dblink--1.2--1.3.sql dblink--1.1--1.2.sql dblink--1.0--1.1.sql PGFILEDESC = "dblink - connect to other PostgreSQL databases" REGRESS = dblink diff --git a/contrib/dblink/dblink--1.2--1.3.sql b/contrib/dblink/dblink--1.2--1.3.sql new file mode 100644 index 00000000000..77928a9e656 --- /dev/null +++ b/contrib/dblink/dblink--1.2--1.3.sql @@ -0,0 +1,12 @@ +/* contrib/dblink/dblink--1.2--1.3.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION dblink UPDATE TO '1.3'" to load this file. \quit + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION dblink_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT PARALLEL RESTRICTED; + +ALTER FOREIGN DATA WRAPPER dblink_fdw CONNECTION dblink_fdw_connection; diff --git a/contrib/dblink/dblink--1.2.sql b/contrib/dblink/dblink--1.3.sql similarity index 96% rename from contrib/dblink/dblink--1.2.sql rename to contrib/dblink/dblink--1.3.sql index 405eccb0ff9..22e4ea2061e 100644 --- a/contrib/dblink/dblink--1.2.sql +++ b/contrib/dblink/dblink--1.3.sql @@ -1,4 +1,4 @@ -/* contrib/dblink/dblink--1.2.sql */ +/* contrib/dblink/dblink--1.3.sql */ -- complain if script is sourced in psql, rather than via CREATE EXTENSION \echo Use "CREATE EXTENSION dblink" to load this file. \quit @@ -232,4 +232,11 @@ RETURNS void AS 'MODULE_PATHNAME', 'dblink_fdw_validator' LANGUAGE C STRICT PARALLEL SAFE; -CREATE FOREIGN DATA WRAPPER dblink_fdw VALIDATOR dblink_fdw_validator; +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION dblink_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT PARALLEL RESTRICTED; + +CREATE FOREIGN DATA WRAPPER dblink_fdw VALIDATOR dblink_fdw_validator + CONNECTION dblink_fdw_connection; diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index 2498d80c8e7..3a4b307ff64 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -1993,6 +1993,87 @@ dblink_fdw_validator(PG_FUNCTION_ARGS) PG_RETURN_VOID(); } +/* + * Implement FDW CONNECTION clause. + */ +PG_FUNCTION_INFO_V1(dblink_fdw_connection); +Datum +dblink_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *foreign_server = GetForeignServer(serverid); + UserMapping *user_mapping = GetUserMapping(userid, serverid); + ForeignDataWrapper *fdw = GetForeignDataWrapper(foreign_server->fdwid); + AclResult aclresult; + ListCell *cell; + StringInfoData buf; + + static const PQconninfoOption *options = NULL; + + initStringInfo(&buf); + + /* + * Get list of valid libpq options. + * + * To avoid unnecessary work, we get the list once and use it throughout + * the lifetime of this backend process. We don't need to care about + * memory context issues, because PQconndefaults allocates with malloc. + */ + if (!options) + { + options = PQconndefaults(); + if (!options) /* assume reason for failure is OOM */ + ereport(ERROR, + (errcode(ERRCODE_FDW_OUT_OF_MEMORY), + errmsg("out of memory"), + errdetail("Could not get libpq's default connection options."))); + } + + /* Check permissions, user must have usage on the server. */ + aclresult = object_aclcheck(ForeignServerRelationId, serverid, userid, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, foreign_server->servername); + + /* + * First append hardcoded options needed for SCRAM pass-through, so if the + * user overwrites these options we can ereport on dblink_connstr_check + * and dblink_security_check. + */ + if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(foreign_server, user_mapping)) + appendSCRAMKeysInfo(&buf); + + foreach(cell, fdw->options) + { + DefElem *def = lfirst(cell); + + if (is_valid_dblink_option(options, def->defname, ForeignDataWrapperRelationId)) + appendStringInfo(&buf, "%s='%s' ", def->defname, + escape_param_str(strVal(def->arg))); + } + + foreach(cell, foreign_server->options) + { + DefElem *def = lfirst(cell); + + if (is_valid_dblink_option(options, def->defname, ForeignServerRelationId)) + appendStringInfo(&buf, "%s='%s' ", def->defname, + escape_param_str(strVal(def->arg))); + } + + foreach(cell, user_mapping->options) + { + + DefElem *def = lfirst(cell); + + if (is_valid_dblink_option(options, def->defname, UserMappingRelationId)) + appendStringInfo(&buf, "%s='%s' ", def->defname, + escape_param_str(strVal(def->arg))); + } + + PG_RETURN_TEXT_P(cstring_to_text(buf.data)); +} + /************************************************************* * internal functions @@ -2855,93 +2936,17 @@ static char * get_connect_string(const char *servername) { ForeignServer *foreign_server = NULL; - UserMapping *user_mapping; - ListCell *cell; - StringInfoData buf; - ForeignDataWrapper *fdw; - AclResult aclresult; char *srvname; - static const PQconninfoOption *options = NULL; - - initStringInfo(&buf); - - /* - * Get list of valid libpq options. - * - * To avoid unnecessary work, we get the list once and use it throughout - * the lifetime of this backend process. We don't need to care about - * memory context issues, because PQconndefaults allocates with malloc. - */ - if (!options) - { - options = PQconndefaults(); - if (!options) /* assume reason for failure is OOM */ - ereport(ERROR, - (errcode(ERRCODE_FDW_OUT_OF_MEMORY), - errmsg("out of memory"), - errdetail("Could not get libpq's default connection options."))); - } - /* first gather the server connstr options */ srvname = pstrdup(servername); truncate_identifier(srvname, strlen(srvname), false); foreign_server = GetForeignServerByName(srvname, true); - if (foreign_server) - { - Oid serverid = foreign_server->serverid; - Oid fdwid = foreign_server->fdwid; - Oid userid = GetUserId(); - - user_mapping = GetUserMapping(userid, serverid); - fdw = GetForeignDataWrapper(fdwid); - - /* Check permissions, user must have usage on the server. */ - aclresult = object_aclcheck(ForeignServerRelationId, serverid, userid, ACL_USAGE); - if (aclresult != ACLCHECK_OK) - aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, foreign_server->servername); - - /* - * First append hardcoded options needed for SCRAM pass-through, so if - * the user overwrites these options we can ereport on - * dblink_connstr_check and dblink_security_check. - */ - if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(foreign_server, user_mapping)) - appendSCRAMKeysInfo(&buf); - - foreach(cell, fdw->options) - { - DefElem *def = lfirst(cell); - - if (is_valid_dblink_option(options, def->defname, ForeignDataWrapperRelationId)) - appendStringInfo(&buf, "%s='%s' ", def->defname, - escape_param_str(strVal(def->arg))); - } - - foreach(cell, foreign_server->options) - { - DefElem *def = lfirst(cell); - - if (is_valid_dblink_option(options, def->defname, ForeignServerRelationId)) - appendStringInfo(&buf, "%s='%s' ", def->defname, - escape_param_str(strVal(def->arg))); - } - - foreach(cell, user_mapping->options) - { - - DefElem *def = lfirst(cell); - - if (is_valid_dblink_option(options, def->defname, UserMappingRelationId)) - appendStringInfo(&buf, "%s='%s' ", def->defname, - escape_param_str(strVal(def->arg))); - } - - return buf.data; - } - else + if (!foreign_server) return NULL; + + return ForeignServerConnectionString(GetUserId(), foreign_server->serverid); } /* diff --git a/contrib/dblink/dblink.control b/contrib/dblink/dblink.control index bdd17d28a4b..816d19f4483 100644 --- a/contrib/dblink/dblink.control +++ b/contrib/dblink/dblink.control @@ -1,5 +1,5 @@ # dblink extension comment = 'connect to other PostgreSQL databases from within a database' -default_version = '1.2' +default_version = '1.3' module_pathname = '$libdir/dblink' relocatable = true diff --git a/contrib/dblink/meson.build b/contrib/dblink/meson.build index e2489f41229..fc91b4a918d 100644 --- a/contrib/dblink/meson.build +++ b/contrib/dblink/meson.build @@ -22,7 +22,8 @@ install_data( 'dblink.control', 'dblink--1.0--1.1.sql', 'dblink--1.1--1.2.sql', - 'dblink--1.2.sql', + 'dblink--1.2--1.3.sql', + 'dblink--1.3.sql', kwargs: contrib_data_args, ) -- 2.43.0 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-03 18:19 Masahiko Sawada <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 0 replies; 63+ messages in thread From: Masahiko Sawada @ 2026-03-03 18:19 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, Mar 2, 2026 at 1:34 PM Jeff Davis <[email protected]> wrote: > > On Thu, 2026-02-26 at 11:12 -0800, Jeff Davis wrote: > > On Wed, 2026-02-04 at 13:53 +0900, Masahiko Sawada wrote: > > > I've reviewed the latest patch set. I understand the motivation > > > behind > > > this proposal and find it useful. > > > > Thank you, that's important feedback. > > Attached v18: > > * rebase > * Changed ForeignServerConnectionString() to use a local variable > rather than a static. It's not very performance-sensitive, so it's OK > to create a memory context for each invocation, which will be deleted. > I'm not aware of an actual problem in the previous code, but it seemed > a bit less safe. > > I plan to commit the main patch (v18-0001) soon, after rechecking some > details (like the postgres_fdw upgrade). I have a few minor comments: + Oid subserver; /* Set if connecting with server */ + Do we want to add BKI_LOOKUP(pg_foreign_data_wrapper) here? --- + +# Copyright (c) 2021-2024, PostgreSQL Global Development Group + Need to update the copyright year. The rest looks good to me. > v18-0002 could use some review > first. Thank you for making this patch. I'll look at this patch too. FYI interestingly, dblink_fdw can also be used for subscription connections like postgres_fdw. It made me think that it might be interesting to implement a FDW that supports only the libpq connection (i.e., NO HANDLER, NO VALIDATOR, and CONNECTION) as it provides the connection management capability useful for subscriptions while users can avoid any security risks in postgres_fdw that users might be concerned about. Regards, -- Masahiko Sawada Amazon Web Services: https://aws.amazon.com ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-05 03:51 Amit Kapila <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Amit Kapila @ 2026-03-05 03:51 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, Mar 3, 2026 at 3:04 AM Jeff Davis <[email protected]> wrote: > > Attached v18: > I haven't checked the details but while glancing at the patch, I have few observations: 1. @@ -92,9 +92,11 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * exceeded max_retention_duration, when * defined */ + Oid subserver; /* Set if connecting with server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ We revoke view rights on subconninfo from the public. See below [A] in system_views.sql. Do we want to do the same for subserver or is it okay for users to see it? I think the following comment and some place in docs needs to be updated. [A] -- All columns of pg_subscription except subconninfo are publicly readable. REVOKE ALL ON pg_subscription FROM public; GRANT SELECT (oid, subdbid, subskiplsn, subname, subowner, subenabled, subbinary, substream, subtwophasestate, subdisableonerr, subpasswordrequired, subrunasowner, subfailover, subretaindeadtuples, submaxretention, subretentionactive, subslotname, subsynccommit, subpublications, suborigin) ON pg_subscription TO public; 2. We may want to update the following text in pg_dump docs about the new way of connecting to hosts. See [B] (When dumping logical replication subscriptions, pg_dump will generate CREATE SUBSCRIPTION commands that use the connect = false option, so that restoring the subscription does not make remote connections for creating a replication slot or for initial table copy. That way, the dump can be restored without requiring network access to the remote servers. It is then up to the user to reactivate the subscriptions in a suitable way. If the involved hosts have changed, the connection information might have to be changed.) [B] - https://www.postgresql.org/docs/devel/app-pgdump.html -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-05 08:52 Jeff Davis <[email protected]> parent: Amit Kapila <[email protected]> 0 siblings, 2 replies; 63+ messages in thread From: Jeff Davis @ 2026-03-05 08:52 UTC (permalink / raw) To: Amit Kapila <[email protected]>; +Cc: Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Thu, 2026-03-05 at 09:21 +0530, Amit Kapila wrote: > We revoke view rights on subconninfo from the public. See below [A] > in > system_views.sql. Do we want to do the same for subserver or is it > okay for users to see it? I can't think of a reason that the server name should be secret, but let me know if you think so. > I think the following comment and some place > in docs needs to be updated. > [A] > -- All columns of pg_subscription except subconninfo are publicly > readable. > REVOKE ALL ON pg_subscription FROM public; > GRANT SELECT (oid, subdbid, subskiplsn, subname, subowner, Good catch! Thank you. > 2. We may want to update the following text in pg_dump docs about the > new way of connecting to hosts. See [B] (When dumping logical > replication subscriptions, pg_dump will generate CREATE SUBSCRIPTION > commands that use the connect = false option, so that restoring the > subscription does not make remote connections for creating a > replication slot or for initial table copy. That way, the dump can be > restored without requiring network access to the remote servers. It > is > then up to the user to reactivate the subscriptions in a suitable > way. > If the involved hosts have changed, the connection information might > have to be changed.) > > [B] - https://www.postgresql.org/docs/devel/app-pgdump.html > I think the above comment is still correct -- it would be a bit easier to deal with servers rather than raw connection strings, but the comment already says "...might have to be changed" which is just a reminder to look. Attached a new patch that also addressed the review comments from here: https://www.postgresql.org/message-id/[email protected]... Additionally, I ran into a problem that's worth highlighting: DROP SERVER ... CASCADE was broken, because the subscription is dependent on it but that's in a global catalog, which is not handled by doDeletion(). The subscription is conceptually a per-database object, but it's in a shared catalog with a subdbid field. I solved that problem by adding a guard to findDependentObjects() to check for the referenced object belonging to a shared catalog, and if so it just throws an error (so CASCADE is not supported for servers used in subscriptions). That's a simple but not a very satisfying solution, so let me know if you see a problem with that. Regards, Jeff Davis Attachments: [text/x-patch] v19-0001-CREATE-SUBSCRIPTION-.-SERVER.patch (131.6K, 2-v19-0001-CREATE-SUBSCRIPTION-.-SERVER.patch) download | inline diff: From 752b8a1e07d9541de91873259bb3f7a74fadc0a6 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Tue, 2 Jan 2024 13:42:48 -0800 Subject: [PATCH v19] CREATE SUBSCRIPTION ... SERVER. Allow CREATE SUBSCRIPTION to accept a foreign server using the SERVER clause instead of a raw connection string using the CONNECTION clause. * Enables a user with sufficient privileges to create a subscription using a foreign server by name without specifying the connection details. * Integrates with user mappings (and other FDW infrastructure) using the subscription owner. * Provides a layer of indirection to manage multiple subscriptions to the same remote server more easily. Also add CREATE FOREIGN DATA WRAPPER ... CONNECTION clause to specify a connection_function. To be eligible for a subscription, the foreign server's foreign data wrapper must specify a connection_function. Add connection_function support to postgres_fdw, and bump postgres_fdw version to 1.3. Bump catversion. Reviewed-by: Ashutosh Bapat <[email protected]> Reviewed-by: Shlok Kyal <[email protected]> Reviewed-by: Masahiko Sawada <[email protected]> Discussion: https://postgr.es/m/[email protected] --- contrib/postgres_fdw/Makefile | 2 +- contrib/postgres_fdw/connection.c | 299 +++++++++++------- .../postgres_fdw/expected/postgres_fdw.out | 8 + contrib/postgres_fdw/meson.build | 2 + .../postgres_fdw/postgres_fdw--1.2--1.3.sql | 12 + contrib/postgres_fdw/postgres_fdw.control | 2 +- contrib/postgres_fdw/sql/postgres_fdw.sql | 7 + contrib/postgres_fdw/t/010_subscription.pl | 71 +++++ doc/src/sgml/logical-replication.sgml | 4 +- doc/src/sgml/postgres-fdw.sgml | 26 ++ .../sgml/ref/alter_foreign_data_wrapper.sgml | 20 ++ doc/src/sgml/ref/alter_subscription.sgml | 18 +- .../sgml/ref/create_foreign_data_wrapper.sgml | 20 ++ doc/src/sgml/ref/create_server.sgml | 7 + doc/src/sgml/ref/create_subscription.sgml | 16 +- src/backend/catalog/dependency.c | 11 + src/backend/catalog/pg_subscription.c | 38 ++- src/backend/catalog/system_views.sql | 2 +- src/backend/commands/foreigncmds.c | 58 +++- src/backend/commands/subscriptioncmds.c | 168 +++++++++- src/backend/foreign/foreign.c | 86 +++++ src/backend/parser/gram.y | 22 ++ src/backend/replication/logical/worker.c | 24 +- src/bin/pg_dump/pg_dump.c | 39 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/describe.c | 6 +- src/bin/psql/tab-complete.in.c | 11 +- src/include/catalog/catversion.h | 2 +- src/include/catalog/pg_foreign_data_wrapper.h | 3 + src/include/catalog/pg_subscription.h | 8 +- src/include/foreign/foreign.h | 3 + src/include/nodes/parsenodes.h | 3 + src/test/regress/expected/oidjoins.out | 2 + src/test/regress/expected/subscription.out | 199 ++++++------ src/test/regress/regress.c | 7 + src/test/regress/sql/subscription.sql | 26 ++ 36 files changed, 986 insertions(+), 247 deletions(-) create mode 100644 contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql create mode 100644 contrib/postgres_fdw/t/010_subscription.pl diff --git a/contrib/postgres_fdw/Makefile b/contrib/postgres_fdw/Makefile index 8eaf4d263b6..b8c78b58804 100644 --- a/contrib/postgres_fdw/Makefile +++ b/contrib/postgres_fdw/Makefile @@ -14,7 +14,7 @@ PG_CPPFLAGS = -I$(libpq_srcdir) SHLIB_LINK_INTERNAL = $(libpq) EXTENSION = postgres_fdw -DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql +DATA = postgres_fdw--1.0.sql postgres_fdw--1.0--1.1.sql postgres_fdw--1.1--1.2.sql postgres_fdw--1.2--1.3.sql REGRESS = postgres_fdw query_cancel ISOLATION = eval_plan_qual diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index 311936406f2..7e2b822d161 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -132,6 +132,7 @@ PG_FUNCTION_INFO_V1(postgres_fdw_get_connections); PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect); PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all); +PG_FUNCTION_INFO_V1(postgres_fdw_connection); /* prototypes of private functions */ static void make_new_connection(ConnCacheEntry *entry, UserMapping *user); @@ -477,141 +478,159 @@ pgfdw_security_check(const char **keywords, const char **values, UserMapping *us } /* - * Connect to remote server using specified server and user mapping properties. + * Construct connection params from generic options of ForeignServer and + * UserMapping. (Some of them might not be libpq options, in which case we'll + * just waste a few array slots.) */ -static PGconn * -connect_pg_server(ForeignServer *server, UserMapping *user) +static void +construct_connection_params(ForeignServer *server, UserMapping *user, + const char ***p_keywords, const char ***p_values, + char **p_appname) { - PGconn *volatile conn = NULL; + const char **keywords; + const char **values; + char *appname = NULL; + int n; /* - * Use PG_TRY block to ensure closing connection on error. + * Add 4 extra slots for application_name, fallback_application_name, + * client_encoding, end marker, and 3 extra slots for scram keys and + * required scram pass-through options. */ - PG_TRY(); - { - const char **keywords; - const char **values; - char *appname = NULL; - int n; + n = list_length(server->options) + list_length(user->options) + 4 + 3; + keywords = (const char **) palloc(n * sizeof(char *)); + values = (const char **) palloc(n * sizeof(char *)); - /* - * Construct connection params from generic options of ForeignServer - * and UserMapping. (Some of them might not be libpq options, in - * which case we'll just waste a few array slots.) Add 4 extra slots - * for application_name, fallback_application_name, client_encoding, - * end marker, and 3 extra slots for scram keys and required scram - * pass-through options. - */ - n = list_length(server->options) + list_length(user->options) + 4 + 3; - keywords = (const char **) palloc(n * sizeof(char *)); - values = (const char **) palloc(n * sizeof(char *)); + n = 0; + n += ExtractConnectionOptions(server->options, + keywords + n, values + n); + n += ExtractConnectionOptions(user->options, + keywords + n, values + n); - n = 0; - n += ExtractConnectionOptions(server->options, - keywords + n, values + n); - n += ExtractConnectionOptions(user->options, - keywords + n, values + n); - - /* - * Use pgfdw_application_name as application_name if set. - * - * PQconnectdbParams() processes the parameter arrays from start to - * end. If any key word is repeated, the last value is used. Therefore - * note that pgfdw_application_name must be added to the arrays after - * options of ForeignServer are, so that it can override - * application_name set in ForeignServer. - */ - if (pgfdw_application_name && *pgfdw_application_name != '\0') - { - keywords[n] = "application_name"; - values[n] = pgfdw_application_name; - n++; - } + /* + * Use pgfdw_application_name as application_name if set. + * + * PQconnectdbParams() processes the parameter arrays from start to end. + * If any key word is repeated, the last value is used. Therefore note + * that pgfdw_application_name must be added to the arrays after options + * of ForeignServer are, so that it can override application_name set in + * ForeignServer. + */ + if (pgfdw_application_name && *pgfdw_application_name != '\0') + { + keywords[n] = "application_name"; + values[n] = pgfdw_application_name; + n++; + } - /* - * Search the parameter arrays to find application_name setting, and - * replace escape sequences in it with status information if found. - * The arrays are searched backwards because the last value is used if - * application_name is repeatedly set. - */ - for (int i = n - 1; i >= 0; i--) + /* + * Search the parameter arrays to find application_name setting, and + * replace escape sequences in it with status information if found. The + * arrays are searched backwards because the last value is used if + * application_name is repeatedly set. + */ + for (int i = n - 1; i >= 0; i--) + { + if (strcmp(keywords[i], "application_name") == 0 && + *(values[i]) != '\0') { - if (strcmp(keywords[i], "application_name") == 0 && - *(values[i]) != '\0') + /* + * Use this application_name setting if it's not empty string even + * after any escape sequences in it are replaced. + */ + appname = process_pgfdw_appname(values[i]); + if (appname[0] != '\0') { - /* - * Use this application_name setting if it's not empty string - * even after any escape sequences in it are replaced. - */ - appname = process_pgfdw_appname(values[i]); - if (appname[0] != '\0') - { - values[i] = appname; - break; - } - - /* - * This empty application_name is not used, so we set - * values[i] to NULL and keep searching the array to find the - * next one. - */ - values[i] = NULL; - pfree(appname); - appname = NULL; + values[i] = appname; + break; } + + /* + * This empty application_name is not used, so we set values[i] to + * NULL and keep searching the array to find the next one. + */ + values[i] = NULL; + pfree(appname); + appname = NULL; } + } + + *p_appname = appname; - /* Use "postgres_fdw" as fallback_application_name */ - keywords[n] = "fallback_application_name"; - values[n] = "postgres_fdw"; + /* Use "postgres_fdw" as fallback_application_name */ + keywords[n] = "fallback_application_name"; + values[n] = "postgres_fdw"; + n++; + + /* Set client_encoding so that libpq can convert encoding properly. */ + keywords[n] = "client_encoding"; + values[n] = GetDatabaseEncodingName(); + n++; + + /* Add required SCRAM pass-through connection options if it's enabled. */ + if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user)) + { + int len; + int encoded_len; + + keywords[n] = "scram_client_key"; + len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey)); + /* don't forget the zero-terminator */ + values[n] = palloc0(len + 1); + encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey, + sizeof(MyProcPort->scram_ClientKey), + (char *) values[n], len); + if (encoded_len < 0) + elog(ERROR, "could not encode SCRAM client key"); n++; - /* Set client_encoding so that libpq can convert encoding properly. */ - keywords[n] = "client_encoding"; - values[n] = GetDatabaseEncodingName(); + keywords[n] = "scram_server_key"; + len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey)); + /* don't forget the zero-terminator */ + values[n] = palloc0(len + 1); + encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey, + sizeof(MyProcPort->scram_ServerKey), + (char *) values[n], len); + if (encoded_len < 0) + elog(ERROR, "could not encode SCRAM server key"); n++; - /* Add required SCRAM pass-through connection options if it's enabled. */ - if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user)) - { - int len; - int encoded_len; - - keywords[n] = "scram_client_key"; - len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey)); - /* don't forget the zero-terminator */ - values[n] = palloc0(len + 1); - encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey, - sizeof(MyProcPort->scram_ClientKey), - (char *) values[n], len); - if (encoded_len < 0) - elog(ERROR, "could not encode SCRAM client key"); - n++; - - keywords[n] = "scram_server_key"; - len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey)); - /* don't forget the zero-terminator */ - values[n] = palloc0(len + 1); - encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey, - sizeof(MyProcPort->scram_ServerKey), - (char *) values[n], len); - if (encoded_len < 0) - elog(ERROR, "could not encode SCRAM server key"); - n++; + /* + * Require scram-sha-256 to ensure that no other auth method is used + * when connecting with foreign server. + */ + keywords[n] = "require_auth"; + values[n] = "scram-sha-256"; + n++; + } - /* - * Require scram-sha-256 to ensure that no other auth method is - * used when connecting with foreign server. - */ - keywords[n] = "require_auth"; - values[n] = "scram-sha-256"; - n++; - } + keywords[n] = values[n] = NULL; + + /* Verify the set of connection parameters. */ + check_conn_params(keywords, values, user); - keywords[n] = values[n] = NULL; + *p_keywords = keywords; + *p_values = values; +} + +/* + * Connect to remote server using specified server and user mapping properties. + */ +static PGconn * +connect_pg_server(ForeignServer *server, UserMapping *user) +{ + PGconn *volatile conn = NULL; + + /* + * Use PG_TRY block to ensure closing connection on error. + */ + PG_TRY(); + { + const char **keywords; + const char **values; + char *appname; - /* Verify the set of connection parameters. */ - check_conn_params(keywords, values, user); + construct_connection_params(server, user, &keywords, &values, &appname); /* first time, allocate or get the custom wait event */ if (pgfdw_we_connect == 0) @@ -2310,6 +2329,56 @@ postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo, } } +/* + * Values in connection strings must be enclosed in single quotes. Single + * quotes and backslashes must be escaped with backslash. NB: these rules are + * different from the rules for escaping a SQL literal. + */ +static void +appendEscapedValue(StringInfo str, const char *val) +{ + appendStringInfoChar(str, '\''); + for (int i = 0; val[i] != '\0'; i++) + { + if (val[i] == '\\' || val[i] == '\'') + appendStringInfoChar(str, '\\'); + appendStringInfoChar(str, val[i]); + } + appendStringInfoChar(str, '\''); +} + +Datum +postgres_fdw_connection(PG_FUNCTION_ARGS) +{ + Oid userid = PG_GETARG_OID(0); + Oid serverid = PG_GETARG_OID(1); + ForeignServer *server = GetForeignServer(serverid); + UserMapping *user = GetUserMapping(userid, serverid); + StringInfoData str; + const char **keywords; + const char **values; + char *appname; + char *sep = ""; + + construct_connection_params(server, user, &keywords, &values, &appname); + + initStringInfo(&str); + for (int i = 0; keywords[i] != NULL; i++) + { + if (values[i] == NULL) + continue; + appendStringInfo(&str, "%s%s = ", sep, keywords[i]); + appendEscapedValue(&str, values[i]); + sep = " "; + } + + if (appname != NULL) + pfree(appname); + pfree(keywords); + pfree(values); + PG_RETURN_TEXT_P(cstring_to_text(str.data)); +} + /* * List active foreign server connections. * diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index 2ccb72c539a..0f5271d476e 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -255,6 +255,14 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); -- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_pgfdw_subscription; +-- =================================================================== -- test error case for create publication on foreign table -- =================================================================== CREATE PUBLICATION testpub_ftbl FOR TABLE ft1; -- should fail diff --git a/contrib/postgres_fdw/meson.build b/contrib/postgres_fdw/meson.build index ea4cd9fcd46..3e2ed06b766 100644 --- a/contrib/postgres_fdw/meson.build +++ b/contrib/postgres_fdw/meson.build @@ -27,6 +27,7 @@ install_data( 'postgres_fdw--1.0.sql', 'postgres_fdw--1.0--1.1.sql', 'postgres_fdw--1.1--1.2.sql', + 'postgres_fdw--1.2--1.3.sql', kwargs: contrib_data_args, ) @@ -50,6 +51,7 @@ tests += { 'tap': { 'tests': [ 't/001_auth_scram.pl', + 't/010_subscription.pl', ], }, } diff --git a/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql b/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql new file mode 100644 index 00000000000..5bcf0ba2e09 --- /dev/null +++ b/contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql @@ -0,0 +1,12 @@ +/* contrib/postgres_fdw/postgres_fdw--1.2--1.3.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION postgres_fdw UPDATE TO '1.3'" to load this file. \quit + +-- takes internal parameter to prevent calling from SQL +CREATE FUNCTION postgres_fdw_connection(oid, oid, internal) +RETURNS text +AS 'MODULE_PATHNAME' +LANGUAGE C STRICT PARALLEL RESTRICTED; + +ALTER FOREIGN DATA WRAPPER postgres_fdw CONNECTION postgres_fdw_connection; diff --git a/contrib/postgres_fdw/postgres_fdw.control b/contrib/postgres_fdw/postgres_fdw.control index a4b800be4fc..ae2963d480d 100644 --- a/contrib/postgres_fdw/postgres_fdw.control +++ b/contrib/postgres_fdw/postgres_fdw.control @@ -1,5 +1,5 @@ # postgres_fdw extension comment = 'foreign-data wrapper for remote PostgreSQL servers' -default_version = '1.2' +default_version = '1.3' module_pathname = '$libdir/postgres_fdw' relocatable = true diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index 72d2d9c311b..49ed797e8ef 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -244,6 +244,13 @@ SELECT c3, c4 FROM ft1 ORDER BY c3, c1 LIMIT 1; -- should work again ANALYZE ft1; ALTER FOREIGN TABLE ft2 OPTIONS (use_remote_estimate 'true'); +-- =================================================================== +-- test subscription +-- =================================================================== +CREATE SUBSCRIPTION regress_pgfdw_subscription SERVER testserver1 + PUBLICATION pub1 WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_pgfdw_subscription; + -- =================================================================== -- test error case for create publication on foreign table -- =================================================================== diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl new file mode 100644 index 00000000000..1e41091badc --- /dev/null +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -0,0 +1,71 @@ + +# Copyright (c) 2021-2026, PostgreSQL Global Development Group + +# Basic logical replication test +use strict; +use warnings FATAL => 'all'; +use PostgreSQL::Test::Cluster; +use PostgreSQL::Test::Utils; +use Test::More; + +# Initialize publisher node +my $node_publisher = PostgreSQL::Test::Cluster->new('publisher'); +$node_publisher->init(allows_streaming => 'logical'); +$node_publisher->start; + +# Create subscriber node +my $node_subscriber = PostgreSQL::Test::Cluster->new('subscriber'); +$node_subscriber->init; +$node_subscriber->start; + +# Create some preexisting content on publisher +$node_publisher->safe_psql('postgres', + "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); + +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); + +# Setup structure on subscriber +$node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); +$node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); + +# Setup logical replication +my $publisher_connstr = $node_publisher->connstr . ' dbname=postgres'; +$node_publisher->safe_psql('postgres', "CREATE PUBLICATION tap_pub FOR TABLE tab_ins"); + +my $publisher_host = $node_publisher->host; +my $publisher_port = $node_publisher->port; +$node_subscriber->safe_psql('postgres', + "CREATE SERVER tap_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host '$publisher_host', port '$publisher_port', dbname 'postgres')" +); + +$node_subscriber->safe_psql('postgres', + "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" +); + +$node_subscriber->safe_psql('postgres', + "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" +); +$node_subscriber->safe_psql('postgres', + "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" +); + +# Wait for initial table sync to finish +$node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); + +my $result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1002), 'check that initial data was copied to subscriber'); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1003,1050) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); +is($result, qq(1050), 'check that inserted data was copied to subscriber'); + +done_testing(); diff --git a/doc/src/sgml/logical-replication.sgml b/doc/src/sgml/logical-replication.sgml index bcb473c078b..72c8d3d59bd 100644 --- a/doc/src/sgml/logical-replication.sgml +++ b/doc/src/sgml/logical-replication.sgml @@ -2577,7 +2577,9 @@ CONTEXT: processing remote data for replication origin "pg_16395" during "INSER <para> To create a subscription, the user must have the privileges of the <literal>pg_create_subscription</literal> role, as well as - <literal>CREATE</literal> privileges on the database. + <literal>CREATE</literal> privileges on the database. If + <literal>SERVER</literal> is specified, the user also must have + <literal>USAGE</literal> privileges on the server. </para> <para> diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml index fcf10e4317e..de69ddcdebc 100644 --- a/doc/src/sgml/postgres-fdw.sgml +++ b/doc/src/sgml/postgres-fdw.sgml @@ -1049,6 +1049,32 @@ postgres=# SELECT postgres_fdw_disconnect_all(); </para> </sect2> + <sect2 id="postgres-fdw-server-subscription"> + <title>Subscription Management</title> + + <para> + <filename>postgres_fdw</filename> supports subscription connections using + the same options described in <xref + linkend="postgres-fdw-options-connection"/>. + </para> + + <para> + For example, assuming the remote server <literal>foreign-host</literal> has + a publication <literal>testpub</literal>: +<programlisting> +CREATE SERVER subscription_server FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'foreign-host', dbname 'foreign_db'); +CREATE USER MAPPING FOR local_user SERVER subscription_server OPTIONS (user 'foreign_user', password 'password'); +CREATE SUBSCRIPTION my_subscription SERVER subscription_server PUBLICATION testpub; +</programlisting> + </para> + + <para> + To create a subscription, the user must be a member of the <xref + linkend="predefined-role-pg-create-subscription"/> role and have + <literal>USAGE</literal> privileges on the server. + </para> + </sect2> + <sect2 id="postgres-fdw-transaction-management"> <title>Transaction Management</title> diff --git a/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml b/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml index dc0957d965a..640c02893cf 100644 --- a/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml +++ b/doc/src/sgml/ref/alter_foreign_data_wrapper.sgml @@ -24,6 +24,7 @@ PostgreSQL documentation ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> [ HANDLER <replaceable class="parameter">handler_function</replaceable> | NO HANDLER ] [ VALIDATOR <replaceable class="parameter">validator_function</replaceable> | NO VALIDATOR ] + [ CONNECTION <replaceable class="parameter">connection_function</replaceable> | NO CONNECTION ] [ OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ]) ] ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> OWNER TO { <replaceable>new_owner</replaceable> | CURRENT_ROLE | CURRENT_USER | SESSION_USER } ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable> @@ -112,6 +113,25 @@ ALTER FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> REN </listitem> </varlistentry> + <varlistentry> + <term><literal>CONNECTION <replaceable class="parameter">connection_function</replaceable></literal></term> + <listitem> + <para> + Specifies a new connection function for the foreign-data wrapper. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>NO CONNECTION</literal></term> + <listitem> + <para> + This is used to specify that the foreign-data wrapper should no + longer have a connection function. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( [ ADD | SET | DROP ] <replaceable class="parameter">option</replaceable> ['<replaceable class="parameter">value</replaceable>'] [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/alter_subscription.sgml b/doc/src/sgml/ref/alter_subscription.sgml index 5318998e80c..f215fb0e5a2 100644 --- a/doc/src/sgml/ref/alter_subscription.sgml +++ b/doc/src/sgml/ref/alter_subscription.sgml @@ -21,6 +21,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> +ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SERVER <replaceable>servername</replaceable> ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> CONNECTION '<replaceable>conninfo</replaceable>' ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> SET PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> ADD PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">publication_option</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] @@ -102,13 +103,24 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO < </listitem> </varlistentry> + <varlistentry id="sql-altersubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the foreign server + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-altersubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> <para> - This clause replaces the connection string originally set by - <xref linkend="sql-createsubscription"/>. See there for more - information. + This clause replaces the foreign server or connection string originally + set by <xref linkend="sql-createsubscription"/> with the connection + string <replaceable>conninfo</replaceable>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_foreign_data_wrapper.sgml b/doc/src/sgml/ref/create_foreign_data_wrapper.sgml index 0fcba18a347..7b83f500b25 100644 --- a/doc/src/sgml/ref/create_foreign_data_wrapper.sgml +++ b/doc/src/sgml/ref/create_foreign_data_wrapper.sgml @@ -24,6 +24,7 @@ PostgreSQL documentation CREATE FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> [ HANDLER <replaceable class="parameter">handler_function</replaceable> | NO HANDLER ] [ VALIDATOR <replaceable class="parameter">validator_function</replaceable> | NO VALIDATOR ] + [ CONNECTION <replaceable class="parameter">connection_function</replaceable> | NO CONNECTION ] [ OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] ) ] </synopsis> </refsynopsisdiv> @@ -99,6 +100,25 @@ CREATE FOREIGN DATA WRAPPER <replaceable class="parameter">name</replaceable> </listitem> </varlistentry> + <varlistentry> + <term><literal>CONNECTION <replaceable class="parameter">connection_function</replaceable></literal></term> + <listitem> + <para> + <replaceable class="parameter">connection_function</replaceable> is the + name of a previously registered function that will be called to generate + the postgres connection string when a foreign server is used as part of + <xref linkend="sql-createsubscription"/>. If no connection function or + <literal>NO CONNECTION</literal> is specified, then servers using this + foreign data wrapper cannot be used for <literal>CREATE + SUBSCRIPTION</literal>. The connection function must take three + arguments: one of type <type>oid</type> for the user, one of type + <type>oid</type> for the server, and an unused third argument of type + <type>internal</type> (which prevents calling the function in other + contexts). + </para> + </listitem> + </varlistentry> + <varlistentry> <term><literal>OPTIONS ( <replaceable class="parameter">option</replaceable> '<replaceable class="parameter">value</replaceable>' [, ... ] )</literal></term> <listitem> diff --git a/doc/src/sgml/ref/create_server.sgml b/doc/src/sgml/ref/create_server.sgml index 05f4019453b..ce4a064eabb 100644 --- a/doc/src/sgml/ref/create_server.sgml +++ b/doc/src/sgml/ref/create_server.sgml @@ -42,6 +42,13 @@ CREATE SERVER [ IF NOT EXISTS ] <replaceable class="parameter">server_name</repl means of user mappings. </para> + <para> + If the foreign data wrapper <replaceable>fdw_name</replaceable> is + specified with a <literal>CONNECTION</literal> clause, then <xref + linkend="sql-createsubscription"/> may use this foreign server for + connection information. + </para> + <para> The server name must be unique within the database. </para> diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index eb0cc645d8f..07d5b1bd77c 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -22,7 +22,7 @@ PostgreSQL documentation <refsynopsisdiv> <synopsis> CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceable> - CONNECTION '<replaceable class="parameter">conninfo</replaceable>' + { SERVER <replaceable class="parameter">servername</replaceable> | CONNECTION '<replaceable class="parameter">conninfo</replaceable>' } PUBLICATION <replaceable class="parameter">publication_name</replaceable> [, ...] [ WITH ( <replaceable class="parameter">subscription_parameter</replaceable> [= <replaceable class="parameter">value</replaceable>] [, ... ] ) ] </synopsis> @@ -77,6 +77,20 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl </listitem> </varlistentry> + <varlistentry id="sql-createsubscription-params-server"> + <term><literal>SERVER <replaceable class="parameter">servername</replaceable></literal></term> + <listitem> + <para> + A foreign server to use for the connection. The server's foreign data + wrapper must have a <replaceable>connection_function</replaceable> + registered, and a user mapping for the subscription owner on the server + must exist. Additionally, the subscription owner must have + <literal>USAGE</literal> privileges on + <replaceable>servername</replaceable>. + </para> + </listitem> + </varlistentry> + <varlistentry id="sql-createsubscription-params-connection"> <term><literal>CONNECTION '<replaceable class="parameter">conninfo</replaceable>'</literal></term> <listitem> diff --git a/src/backend/catalog/dependency.c b/src/backend/catalog/dependency.c index 570c434ede8..09575278de3 100644 --- a/src/backend/catalog/dependency.c +++ b/src/backend/catalog/dependency.c @@ -895,6 +895,17 @@ findDependentObjects(const ObjectAddress *object, object->objectSubId == 0) continue; + /* + * Check that the dependent object is not in a shared catalog, which + * is not supported by doDeletion(). + */ + if (IsSharedRelation(otherObject.classId)) + ereport(ERROR, + (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST), + errmsg("cannot drop %s because %s depends on it", + getObjectDescription(object, false), + getObjectDescription(&otherObject, false)))); + /* * Must lock the dependent object before recursing to it. */ diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index acf42b853ed..3673d4f0bc1 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -19,11 +19,14 @@ #include "access/htup_details.h" #include "access/tableam.h" #include "catalog/indexing.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "storage/lmgr.h" +#include "utils/acl.h" #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" @@ -69,7 +72,7 @@ GetPublicationsStr(List *publications, StringInfo dest, bool quote_literal) * Fetch the subscription from the syscache. */ Subscription * -GetSubscription(Oid subid, bool missing_ok) +GetSubscription(Oid subid, bool missing_ok, bool aclcheck) { HeapTuple tup; Subscription *sub; @@ -108,10 +111,35 @@ GetSubscription(Oid subid, bool missing_ok) sub->retentionactive = subform->subretentionactive; /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, - tup, - Anum_pg_subscription_subconninfo); - sub->conninfo = TextDatumGetCString(datum); + if (OidIsValid(subform->subserver)) + { + AclResult aclresult; + + /* recheck ACL if requested */ + if (aclcheck) + { + aclresult = object_aclcheck(ForeignServerRelationId, + subform->subserver, + subform->subowner, ACL_USAGE); + + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(subform->subowner, false), + ForeignServerName(subform->subserver)))); + } + + sub->conninfo = ForeignServerConnectionString(subform->subowner, + subform->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, + tup, + Anum_pg_subscription_subconninfo); + sub->conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index 1ea8f1faa9e..dcf0f8ef4fe 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -1442,7 +1442,7 @@ GRANT SELECT (oid, subdbid, subskiplsn, subname, subowner, subenabled, subbinary, substream, subtwophasestate, subdisableonerr, subpasswordrequired, subrunasowner, subfailover, subretaindeadtuples, submaxretention, subretentionactive, - subslotname, subsynccommit, subpublications, suborigin) + subserver, subslotname, subsynccommit, subpublications, suborigin) ON pg_subscription TO public; CREATE VIEW pg_stat_subscription_stats AS diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index b56d1ad6785..45681235782 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -522,21 +522,53 @@ lookup_fdw_validator_func(DefElem *validator) /* validator's return value is ignored, so we don't check the type */ } +/* + * Convert a connection string function name passed from the parser to an Oid. + */ +static Oid +lookup_fdw_connection_func(DefElem *connection) +{ + Oid connectionOid; + Oid funcargtypes[3]; + + if (connection == NULL || connection->arg == NULL) + return InvalidOid; + + /* connection string functions take user oid, server oid */ + funcargtypes[0] = OIDOID; + funcargtypes[1] = OIDOID; + funcargtypes[2] = INTERNALOID; + + connectionOid = LookupFuncName((List *) connection->arg, 3, funcargtypes, false); + + /* check that connection string function has correct return type */ + if (get_func_rettype(connectionOid) != TEXTOID) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("function %s must return type %s", + NameListToString((List *) connection->arg), "text"))); + + return connectionOid; +} + /* * Process function options of CREATE/ALTER FDW */ static void parse_func_options(ParseState *pstate, List *func_options, bool *handler_given, Oid *fdwhandler, - bool *validator_given, Oid *fdwvalidator) + bool *validator_given, Oid *fdwvalidator, + bool *connection_given, Oid *fdwconnection) { ListCell *cell; *handler_given = false; *validator_given = false; + *connection_given = false; /* return InvalidOid if not given */ *fdwhandler = InvalidOid; *fdwvalidator = InvalidOid; + *fdwconnection = InvalidOid; foreach(cell, func_options) { @@ -556,6 +588,13 @@ parse_func_options(ParseState *pstate, List *func_options, *validator_given = true; *fdwvalidator = lookup_fdw_validator_func(def); } + else if (strcmp(def->defname, "connection") == 0) + { + if (*connection_given) + errorConflictingDefElem(def, pstate); + *connection_given = true; + *fdwconnection = lookup_fdw_connection_func(def); + } else elog(ERROR, "option \"%s\" not recognized", def->defname); @@ -575,8 +614,10 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) Oid fdwId; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; Datum fdwoptions; Oid ownerId; ObjectAddress myself; @@ -620,10 +661,12 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) /* Lookup handler and validator functions, if given */ parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); values[Anum_pg_foreign_data_wrapper_fdwhandler - 1] = ObjectIdGetDatum(fdwhandler); values[Anum_pg_foreign_data_wrapper_fdwvalidator - 1] = ObjectIdGetDatum(fdwvalidator); + values[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); nulls[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true; @@ -695,8 +738,10 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) Datum datum; bool handler_given; bool validator_given; + bool connection_given; Oid fdwhandler; Oid fdwvalidator; + Oid fdwconnection; ObjectAddress myself; rel = table_open(ForeignDataWrapperRelationId, RowExclusiveLock); @@ -726,7 +771,8 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) parse_func_options(pstate, stmt->func_options, &handler_given, &fdwhandler, - &validator_given, &fdwvalidator); + &validator_given, &fdwvalidator, + &connection_given, &fdwconnection); if (handler_given) { @@ -764,6 +810,12 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) fdwvalidator = fdwForm->fdwvalidator; } + if (connection_given) + { + repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); + repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + } + /* * If options specified, validate and update. */ diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 5e3c0964d38..091e7b7372d 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -27,13 +27,16 @@ #include "catalog/objectaddress.h" #include "catalog/pg_authid_d.h" #include "catalog/pg_database_d.h" +#include "catalog/pg_foreign_server.h" #include "catalog/pg_subscription.h" #include "catalog/pg_subscription_rel.h" #include "catalog/pg_type.h" +#include "catalog/pg_user_mapping.h" #include "commands/defrem.h" #include "commands/event_trigger.h" #include "commands/subscriptioncmds.h" #include "executor/executor.h" +#include "foreign/foreign.h" #include "miscadmin.h" #include "nodes/makefuncs.h" #include "pgstat.h" @@ -619,6 +622,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Datum values[Natts_pg_subscription]; Oid owner = GetUserId(); HeapTuple tup; + Oid serverid; char *conninfo; char originname[NAMEDATALEN]; List *publications; @@ -730,15 +734,40 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.wal_receiver_timeout == NULL) opts.wal_receiver_timeout = "-1"; - conninfo = stmt->conninfo; - publications = stmt->publication; - /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); + if (stmt->servername) + { + ForeignServer *server; + + Assert(!stmt->conninfo); + conninfo = NULL; + + server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, owner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername); + + /* make sure a user mapping exists */ + GetUserMapping(owner, server->serverid); + + serverid = server->serverid; + conninfo = ForeignServerConnectionString(owner, serverid); + } + else + { + Assert(stmt->conninfo); + + serverid = InvalidOid; + conninfo = stmt->conninfo; + } + /* Check the connection info string. */ walrcv_check_conninfo(conninfo, opts.passwordrequired && !superuser()); + publications = stmt->publication; + /* Everything ok, form a new tuple. */ memset(values, 0, sizeof(values)); memset(nulls, false, sizeof(nulls)); @@ -768,8 +797,12 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, Int32GetDatum(opts.maxretention); values[Anum_pg_subscription_subretentionactive - 1] = Int32GetDatum(opts.retaindeadtuples); - values[Anum_pg_subscription_subconninfo - 1] = - CStringGetTextDatum(conninfo); + values[Anum_pg_subscription_subserver - 1] = serverid; + if (!OidIsValid(serverid)) + values[Anum_pg_subscription_subconninfo - 1] = + CStringGetTextDatum(conninfo); + else + nulls[Anum_pg_subscription_subconninfo - 1] = true; if (opts.slot_name) values[Anum_pg_subscription_subslotname - 1] = DirectFunctionCall1(namein, CStringGetDatum(opts.slot_name)); @@ -792,6 +825,18 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, recordDependencyOnOwner(SubscriptionRelationId, subid, owner); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + + if (stmt->servername) + { + ObjectAddress referenced; + + Assert(OidIsValid(serverid)); + + ObjectAddressSet(referenced, ForeignServerRelationId, serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + /* * A replication origin is currently created for all subscriptions, * including those that only contain sequences or are otherwise empty. @@ -945,8 +990,6 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, if (opts.enabled || opts.retaindeadtuples) ApplyLauncherWakeupAtCommit(); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostCreateHook(SubscriptionRelationId, subid, 0); return myself; @@ -1410,7 +1453,14 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION, stmt->subname); - sub = GetSubscription(subid, false); + /* + * Skip ACL checks on the subscription's foreign server, if any. If + * changing the server (or replacing it with a raw connection), then the + * old one will be removed anyway. If changing something unrelated, + * there's no need to do an additional ACL check here; that will be done + * by the subscription worker anyway. + */ + sub = GetSubscription(subid, false, false); retain_dead_tuples = sub->retaindeadtuples; origin = sub->origin; @@ -1435,6 +1485,8 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, memset(nulls, false, sizeof(nulls)); memset(replaces, false, sizeof(replaces)); + ObjectAddressSet(myself, SubscriptionRelationId, subid); + switch (stmt->kind) { case ALTER_SUBSCRIPTION_OPTIONS: @@ -1753,7 +1805,79 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, break; } + case ALTER_SUBSCRIPTION_SERVER: + { + ForeignServer *new_server; + ObjectAddress referenced; + AclResult aclresult; + char *conninfo; + + /* + * Remove what was there before, either another foreign server + * or a connection string. + */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + } + else + { + nulls[Anum_pg_subscription_subconninfo - 1] = true; + replaces[Anum_pg_subscription_subconninfo - 1] = true; + } + + /* + * Find the new server and user mapping. Check ACL of server + * based on current user ID, but find the user mapping based + * on the subscription owner. + */ + new_server = GetForeignServerByName(stmt->servername, false); + aclresult = object_aclcheck(ForeignServerRelationId, + new_server->serverid, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(new_server->serverid)))); + + /* make sure a user mapping exists */ + GetUserMapping(form->subowner, new_server->serverid); + + conninfo = ForeignServerConnectionString(form->subowner, + new_server->serverid); + + /* Load the library providing us libpq calls. */ + load_file("libpqwalreceiver", false); + /* Check the connection info string. */ + walrcv_check_conninfo(conninfo, + sub->passwordrequired && !sub->ownersuperuser); + + values[Anum_pg_subscription_subserver - 1] = new_server->serverid; + replaces[Anum_pg_subscription_subserver - 1] = true; + + ObjectAddressSet(referenced, ForeignServerRelationId, new_server->serverid); + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + + update_tuple = true; + } + break; + case ALTER_SUBSCRIPTION_CONNECTION: + /* remove reference to foreign server and dependencies, if present */ + if (form->subserver) + { + deleteDependencyRecordsForSpecific(SubscriptionRelationId, form->oid, + DEPENDENCY_NORMAL, + ForeignServerRelationId, form->subserver); + + values[Anum_pg_subscription_subserver - 1] = InvalidOid; + replaces[Anum_pg_subscription_subserver - 1] = true; + } + /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); /* Check the connection info string. */ @@ -2038,8 +2162,6 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, table_close(rel, RowExclusiveLock); - ObjectAddressSet(myself, SubscriptionRelationId, subid); - InvokeObjectPostAlterHook(SubscriptionRelationId, subid, 0); /* Wake up related replication workers to handle this change quickly. */ @@ -2126,9 +2248,28 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) subname = pstrdup(NameStr(*DatumGetName(datum))); /* Get conninfo */ - datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, - Anum_pg_subscription_subconninfo); - conninfo = TextDatumGetCString(datum); + if (OidIsValid(form->subserver)) + { + AclResult aclresult; + + aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, + form->subowner, ACL_USAGE); + if (aclresult != ACLCHECK_OK) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", + GetUserNameFromId(form->subowner, false), + ForeignServerName(form->subserver)))); + + conninfo = ForeignServerConnectionString(form->subowner, + form->subserver); + } + else + { + datum = SysCacheGetAttrNotNull(SUBSCRIPTIONOID, tup, + Anum_pg_subscription_subconninfo); + conninfo = TextDatumGetCString(datum); + } /* Get slotname */ datum = SysCacheGetAttr(SUBSCRIPTIONOID, tup, @@ -2227,6 +2368,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) } /* Clean up dependencies */ + deleteDependencyRecordsFor(SubscriptionRelationId, subid, false); deleteSharedDependencyRecordsFor(SubscriptionRelationId, subid, 0); /* Remove any associated relation synchronization states. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index b912a06dd15..c53699959ea 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -72,6 +72,7 @@ GetForeignDataWrapperExtended(Oid fdwid, bits16 flags) fdw->fdwname = pstrdup(NameStr(fdwform->fdwname)); fdw->fdwhandler = fdwform->fdwhandler; fdw->fdwvalidator = fdwform->fdwvalidator; + fdw->fdwconnection = fdwform->fdwconnection; /* Extract the fdwoptions */ datum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, @@ -176,6 +177,31 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } +/* + * ForeignServerName - get name of foreign server. + */ +char * +ForeignServerName(Oid serverid) +{ + Form_pg_foreign_server serverform; + char *servername; + HeapTuple tp; + + tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); + + if (!HeapTupleIsValid(tp)) + elog(ERROR, "cache lookup failed for foreign server %u", serverid); + + serverform = (Form_pg_foreign_server) GETSTRUCT(tp); + + servername = pstrdup(NameStr(serverform->srvname)); + + ReleaseSysCache(tp); + + return servername; +} + + /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -191,6 +217,66 @@ GetForeignServerByName(const char *srvname, bool missing_ok) } +/* + * Retrieve connection string from server's FDW. + */ +char * +ForeignServerConnectionString(Oid userid, Oid serverid) +{ + MemoryContext tempContext; + MemoryContext oldcxt; + volatile text *connection_text = NULL; + char *result = NULL; + + /* + * GetForeignServer, GetForeignDataWrapper, and the connection function + * itself all leak memory into CurrentMemoryContext. Switch to a temporary + * context for easy cleanup. + */ + tempContext = AllocSetContextCreate(CurrentMemoryContext, + "FDWConnectionContext", + ALLOCSET_SMALL_SIZES); + + oldcxt = MemoryContextSwitchTo(tempContext); + + PG_TRY(); + { + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; + + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); + + if (!OidIsValid(fdw->fdwconnection)) + ereport(ERROR, + (errmsg("foreign data wrapper \"%s\" does not support subscription connections", + fdw->fdwname), + errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); + + + connection_datum = OidFunctionCall3(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid), + PointerGetDatum(NULL)); + + connection_text = DatumGetTextPP(connection_datum); + } + PG_FINALLY(); + { + MemoryContextSwitchTo(oldcxt); + + if (connection_text) + result = text_to_cstring((text *) connection_text); + + MemoryContextDelete(tempContext); + } + PG_END_TRY(); + + return result; +} + + /* * GetUserMapping - look up the user mapping. * diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 3c3e24324a8..9cbe8eafc45 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -5583,6 +5583,8 @@ fdw_option: | NO HANDLER { $$ = makeDefElem("handler", NULL, @1); } | VALIDATOR handler_name { $$ = makeDefElem("validator", (Node *) $2, @1); } | NO VALIDATOR { $$ = makeDefElem("validator", NULL, @1); } + | CONNECTION handler_name { $$ = makeDefElem("connection", (Node *) $2, @1); } + | NO CONNECTION { $$ = makeDefElem("connection", NULL, @1); } ; fdw_options: @@ -11057,6 +11059,16 @@ CreateSubscriptionStmt: n->options = $8; $$ = (Node *) n; } + | CREATE SUBSCRIPTION name SERVER name PUBLICATION name_list opt_definition + { + CreateSubscriptionStmt *n = + makeNode(CreateSubscriptionStmt); + n->subname = $3; + n->servername = $5; + n->publication = $7; + n->options = $8; + $$ = (Node *) n; + } ; /***************************************************************************** @@ -11086,6 +11098,16 @@ AlterSubscriptionStmt: n->conninfo = $5; $$ = (Node *) n; } + | ALTER SUBSCRIPTION name SERVER name + { + AlterSubscriptionStmt *n = + makeNode(AlterSubscriptionStmt); + + n->kind = ALTER_SUBSCRIPTION_SERVER; + n->subname = $3; + n->servername = $5; + $$ = (Node *) n; + } | ALTER SUBSCRIPTION name REFRESH PUBLICATION opt_definition { AlterSubscriptionStmt *n = diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index f9c4b484754..566393d1b65 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -5058,7 +5058,7 @@ maybe_reread_subscription(void) /* Ensure allocations in permanent context. */ oldctx = MemoryContextSwitchTo(ApplyContext); - newsub = GetSubscription(MyLogicalRepWorker->subid, true); + newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); /* * Exit if the subscription was removed. This normally should not happen @@ -5200,7 +5200,9 @@ set_wal_receiver_timeout(void) } /* - * Callback from subscription syscache invalidation. + * Callback from subscription syscache invalidation. Also needed for server or + * user mapping invalidation, which can change the connection information for + * subscriptions that connect using a server object. */ static void subscription_change_cb(Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue) @@ -5805,7 +5807,7 @@ InitializeLogRepWorker(void) */ LockSharedObject(SubscriptionRelationId, MyLogicalRepWorker->subid, 0, AccessShareLock); - MySubscription = GetSubscription(MyLogicalRepWorker->subid, true); + MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); if (!MySubscription) { ereport(LOG, @@ -5870,6 +5872,22 @@ InitializeLogRepWorker(void) CacheRegisterSyscacheCallback(SUBSCRIPTIONOID, subscription_change_cb, (Datum) 0); + /* Changes to foreign servers may affect subscriptions using SERVER. */ + CacheRegisterSyscacheCallback(FOREIGNSERVEROID, + subscription_change_cb, + (Datum) 0); + /* Changes to user mappings may affect subscriptions using SERVER. */ + CacheRegisterSyscacheCallback(USERMAPPINGOID, + subscription_change_cb, + (Datum) 0); + + /* + * Changes to FDW connection_function may affect subscriptions using + * SERVER. + */ + CacheRegisterSyscacheCallback(FOREIGNDATAWRAPPEROID, + subscription_change_cb, + (Datum) 0); CacheRegisterSyscacheCallback(AUTHOID, subscription_change_cb, diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 1035bba72ce..88e0a55f8f1 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -5182,6 +5182,7 @@ getSubscriptions(Archive *fout) int i_subdisableonerr; int i_subpasswordrequired; int i_subrunasowner; + int i_subservername; int i_subconninfo; int i_subslotname; int i_subsynccommit; @@ -5286,14 +5287,24 @@ getSubscriptions(Archive *fout) if (fout->remoteVersion >= 190000) appendPQExpBufferStr(query, - " s.subwalrcvtimeout\n"); + " s.subwalrcvtimeout,\n"); else appendPQExpBufferStr(query, - " '-1' AS subwalrcvtimeout\n"); + " '-1' AS subwalrcvtimeout,\n"); + + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, " fs.srvname AS subservername\n"); + else + appendPQExpBufferStr(query, " NULL AS subservername\n"); appendPQExpBufferStr(query, "FROM pg_subscription s\n"); + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, + "LEFT JOIN pg_catalog.pg_foreign_server fs \n" + " ON fs.oid = s.subserver \n"); + if (dopt->binary_upgrade && fout->remoteVersion >= 170000) appendPQExpBufferStr(query, "LEFT JOIN pg_catalog.pg_replication_origin_status o \n" @@ -5325,6 +5336,7 @@ getSubscriptions(Archive *fout) i_subfailover = PQfnumber(res, "subfailover"); i_subretaindeadtuples = PQfnumber(res, "subretaindeadtuples"); i_submaxretention = PQfnumber(res, "submaxretention"); + i_subservername = PQfnumber(res, "subservername"); i_subconninfo = PQfnumber(res, "subconninfo"); i_subslotname = PQfnumber(res, "subslotname"); i_subsynccommit = PQfnumber(res, "subsynccommit"); @@ -5347,6 +5359,10 @@ getSubscriptions(Archive *fout) subinfo[i].subenabled = (strcmp(PQgetvalue(res, i, i_subenabled), "t") == 0); + if (PQgetisnull(res, i, i_subservername)) + subinfo[i].subservername = NULL; + else + subinfo[i].subservername = pg_strdup(PQgetvalue(res, i, i_subservername)); subinfo[i].subbinary = (strcmp(PQgetvalue(res, i, i_subbinary), "t") == 0); subinfo[i].substream = *(PQgetvalue(res, i, i_substream)); @@ -5363,8 +5379,11 @@ getSubscriptions(Archive *fout) (strcmp(PQgetvalue(res, i, i_subretaindeadtuples), "t") == 0); subinfo[i].submaxretention = atoi(PQgetvalue(res, i, i_submaxretention)); - subinfo[i].subconninfo = - pg_strdup(PQgetvalue(res, i, i_subconninfo)); + if (PQgetisnull(res, i, i_subconninfo)) + subinfo[i].subconninfo = NULL; + else + subinfo[i].subconninfo = + pg_strdup(PQgetvalue(res, i, i_subconninfo)); if (PQgetisnull(res, i, i_subslotname)) subinfo[i].subslotname = NULL; else @@ -5575,9 +5594,17 @@ dumpSubscription(Archive *fout, const SubscriptionInfo *subinfo) appendPQExpBuffer(delq, "DROP SUBSCRIPTION %s;\n", qsubname); - appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s CONNECTION ", + appendPQExpBuffer(query, "CREATE SUBSCRIPTION %s ", qsubname); - appendStringLiteralAH(query, subinfo->subconninfo, fout); + if (subinfo->subservername) + { + appendPQExpBuffer(query, "SERVER %s", fmtId(subinfo->subservername)); + } + else + { + appendPQExpBuffer(query, "CONNECTION "); + appendStringLiteralAH(query, subinfo->subconninfo, fout); + } /* Build list of quoted publications and append them to query. */ if (!parsePGArray(subinfo->subpublications, &pubnames, &npubnames)) diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index e138ef1276c..1c11a79083f 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -720,6 +720,7 @@ typedef struct _SubscriptionInfo bool subfailover; bool subretaindeadtuples; int submaxretention; + char *subservername; char *subconninfo; char *subslotname; char *subsynccommit; diff --git a/src/bin/psql/describe.c b/src/bin/psql/describe.c index a94eade282f..211d8f3b1ec 100644 --- a/src/bin/psql/describe.c +++ b/src/bin/psql/describe.c @@ -6895,7 +6895,7 @@ describeSubscriptions(const char *pattern, bool verbose) printQueryOpt myopt = pset.popt; static const bool translate_columns[] = {false, false, false, false, false, false, false, false, false, false, false, false, false, false, - false, false, false, false, false, false}; + false, false, false, false, false, false, false}; if (pset.sversion < 100000) { @@ -6965,6 +6965,10 @@ describeSubscriptions(const char *pattern, bool verbose) gettext_noop("Failover")); if (pset.sversion >= 190000) { + appendPQExpBuffer(&buf, + ", (select srvname from pg_foreign_server where oid=subserver) AS \"%s\"\n", + gettext_noop("Server")); + appendPQExpBuffer(&buf, ", subretaindeadtuples AS \"%s\"\n", gettext_noop("Retain dead tuples")); diff --git a/src/bin/psql/tab-complete.in.c b/src/bin/psql/tab-complete.in.c index f8c0865ca89..6484c6a3dd4 100644 --- a/src/bin/psql/tab-complete.in.c +++ b/src/bin/psql/tab-complete.in.c @@ -2332,7 +2332,7 @@ match_previous_words(int pattern_id, else if (Matches("ALTER", "SUBSCRIPTION", MatchAny)) COMPLETE_WITH("CONNECTION", "ENABLE", "DISABLE", "OWNER TO", "RENAME TO", "REFRESH PUBLICATION", "REFRESH SEQUENCES", - "SET", "SKIP (", "ADD PUBLICATION", "DROP PUBLICATION"); + "SERVER", "SET", "SKIP (", "ADD PUBLICATION", "DROP PUBLICATION"); /* ALTER SUBSCRIPTION <name> REFRESH */ else if (Matches("ALTER", "SUBSCRIPTION", MatchAny, MatchAnyN, "REFRESH")) COMPLETE_WITH("PUBLICATION", "SEQUENCES"); @@ -3870,9 +3870,16 @@ match_previous_words(int pattern_id, /* CREATE SUBSCRIPTION */ else if (Matches("CREATE", "SUBSCRIPTION", MatchAny)) - COMPLETE_WITH("CONNECTION"); + COMPLETE_WITH("SERVER", "CONNECTION"); + else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "SERVER", MatchAny)) + COMPLETE_WITH("PUBLICATION"); else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny)) COMPLETE_WITH("PUBLICATION"); + else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "SERVER", + MatchAny, "PUBLICATION")) + { + /* complete with nothing here as this refers to remote publications */ + } else if (Matches("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny, "PUBLICATION")) { diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index f164bf8767f..c39189237fe 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -57,6 +57,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202603041 +#define CATALOG_VERSION_NO 202603042 #endif diff --git a/src/include/catalog/pg_foreign_data_wrapper.h b/src/include/catalog/pg_foreign_data_wrapper.h index e6009069e82..3d8389de65e 100644 --- a/src/include/catalog/pg_foreign_data_wrapper.h +++ b/src/include/catalog/pg_foreign_data_wrapper.h @@ -38,6 +38,9 @@ CATALOG(pg_foreign_data_wrapper,2328,ForeignDataWrapperRelationId) Oid fdwvalidator BKI_LOOKUP_OPT(pg_proc); /* option validation * function, or 0 if * none */ + Oid fdwconnection BKI_LOOKUP_OPT(pg_proc); /* connection string + * function, or 0 if + * none */ #ifdef CATALOG_VARLEN /* variable-length fields start here */ aclitem fdwacl[1]; /* access permissions */ diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index c369b5abfb3..0058d9387d7 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -92,9 +92,12 @@ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROW * exceeded max_retention_duration, when * defined */ + Oid subserver BKI_LOOKUP_OPT(pg_foreign_server); /* If connection uses + * server */ + #ifdef CATALOG_VARLEN /* variable-length fields start here */ /* Connection string to the publisher */ - text subconninfo BKI_FORCE_NOT_NULL; + text subconninfo; /* Set if connecting with connection string */ /* Slot name on publisher */ NameData subslotname BKI_FORCE_NULL; @@ -207,7 +210,8 @@ typedef struct Subscription #endif /* EXPOSE_TO_CLIENT_CODE */ -extern Subscription *GetSubscription(Oid subid, bool missing_ok); +extern Subscription *GetSubscription(Oid subid, bool missing_ok, + bool aclcheck); extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index c185d1458a2..65ed9a7f987 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -28,6 +28,7 @@ typedef struct ForeignDataWrapper char *fdwname; /* Name of the FDW */ Oid fdwhandler; /* Oid of handler function, or 0 */ Oid fdwvalidator; /* Oid of validator function, or 0 */ + Oid fdwconnection; /* Oid of connection string function, or 0 */ List *options; /* fdwoptions as DefElem list */ } ForeignDataWrapper; @@ -65,10 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); +extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); +extern char *ForeignServerConnectionString(Oid userid, Oid serverid); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index ff41943a6db..4ee092206b0 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -4383,6 +4383,7 @@ typedef struct CreateSubscriptionStmt { NodeTag type; char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ @@ -4391,6 +4392,7 @@ typedef struct CreateSubscriptionStmt typedef enum AlterSubscriptionType { ALTER_SUBSCRIPTION_OPTIONS, + ALTER_SUBSCRIPTION_SERVER, ALTER_SUBSCRIPTION_CONNECTION, ALTER_SUBSCRIPTION_SET_PUBLICATION, ALTER_SUBSCRIPTION_ADD_PUBLICATION, @@ -4406,6 +4408,7 @@ typedef struct AlterSubscriptionStmt NodeTag type; AlterSubscriptionType kind; /* ALTER_SUBSCRIPTION_OPTIONS, etc */ char *subname; /* Name of the subscription */ + char *servername; /* Server name of publisher */ char *conninfo; /* Connection string to publisher */ List *publication; /* One or more publication to subscribe to */ List *options; /* List of DefElem nodes */ diff --git a/src/test/regress/expected/oidjoins.out b/src/test/regress/expected/oidjoins.out index 25aaae8d05a..51b9608a668 100644 --- a/src/test/regress/expected/oidjoins.out +++ b/src/test/regress/expected/oidjoins.out @@ -224,6 +224,7 @@ NOTICE: checking pg_extension {extconfig} => pg_class {oid} NOTICE: checking pg_foreign_data_wrapper {fdwowner} => pg_authid {oid} NOTICE: checking pg_foreign_data_wrapper {fdwhandler} => pg_proc {oid} NOTICE: checking pg_foreign_data_wrapper {fdwvalidator} => pg_proc {oid} +NOTICE: checking pg_foreign_data_wrapper {fdwconnection} => pg_proc {oid} NOTICE: checking pg_foreign_server {srvowner} => pg_authid {oid} NOTICE: checking pg_foreign_server {srvfdw} => pg_foreign_data_wrapper {oid} NOTICE: checking pg_user_mapping {umuser} => pg_authid {oid} @@ -269,5 +270,6 @@ NOTICE: checking pg_publication_rel {prpubid} => pg_publication {oid} NOTICE: checking pg_publication_rel {prrelid} => pg_class {oid} NOTICE: checking pg_subscription {subdbid} => pg_database {oid} NOTICE: checking pg_subscription {subowner} => pg_authid {oid} +NOTICE: checking pg_subscription {subserver} => pg_foreign_server {oid} NOTICE: checking pg_subscription_rel {srsubid} => pg_subscription {oid} NOTICE: checking pg_subscription_rel {srrelid} => pg_class {oid} diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index a5fdfe68a0e..3fd8a18b73a 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -1,6 +1,14 @@ -- -- SUBSCRIPTION -- +-- directory paths and dlsuffix are passed to us in environment variables +\getenv libdir PG_LIBDIR +\getenv dlsuffix PG_DLSUFFIX +\set regresslib :libdir '/regress' :dlsuffix +CREATE FUNCTION test_fdw_connection(oid, oid, internal) + RETURNS text + AS :'regresslib', 'test_fdw_connection' + LANGUAGE C; CREATE ROLE regress_subscription_user LOGIN SUPERUSER; CREATE ROLE regress_subscription_user2; CREATE ROLE regress_subscription_user3 IN ROLE pg_create_subscription; @@ -116,18 +124,18 @@ CREATE SUBSCRIPTION regress_testsub4 CONNECTION 'dbname=regress_doesnotexist' PU WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ regress_testsub4 - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description -------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | none | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | none | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub4 SET (origin = any); \dRs+ regress_testsub4 - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description -------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub4 | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) DROP SUBSCRIPTION regress_testsub3; @@ -140,15 +148,30 @@ ERROR: invalid connection string syntax: invalid connection option "i_dont_exis -- connecting, so this is reliable and safe) CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; ERROR: subscription "regress_testsub5" could not connect to the publisher: invalid port number: "-1" +CREATE FOREIGN DATA WRAPPER test_fdw; +CREATE SERVER test_server FOREIGN DATA WRAPPER test_fdw; +CREATE USER MAPPING FOR regress_subscription_user SERVER test_server; +-- fail, need CONNECTION clause +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +ERROR: foreign data wrapper "test_fdw" does not support subscription connections +DETAIL: Foreign data wrapper must be defined with CONNECTION specified. +ALTER FOREIGN DATA WRAPPER test_fdw CONNECTION test_fdw_connection; +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +WARNING: subscription was created, but is not connected +HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. +DROP SUBSCRIPTION regress_testsub6; +DROP USER MAPPING FOR regress_subscription_user SERVER test_server; +DROP SERVER test_server; +DROP FOREIGN DATA WRAPPER test_fdw; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; ERROR: invalid connection string syntax: missing "=" after "foobar" in connection info string \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | test subscription (1 row) ALTER SUBSCRIPTION regress_testsub SET PUBLICATION testpub2, testpub3 WITH (refresh = false); @@ -157,10 +180,10 @@ ALTER SUBSCRIPTION regress_testsub SET (slot_name = 'newname'); ALTER SUBSCRIPTION regress_testsub SET (password_required = false); ALTER SUBSCRIPTION regress_testsub SET (run_as_owner = true); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | f | t | f | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | f | t | f | | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription (1 row) ALTER SUBSCRIPTION regress_testsub SET (password_required = true); @@ -176,10 +199,10 @@ ERROR: unrecognized subscription parameter: "create_slot" -- ok ALTER SUBSCRIPTION regress_testsub SKIP (lsn = '0/12345'); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00012345 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00012345 | test subscription (1 row) -- ok - with lsn = NONE @@ -188,10 +211,10 @@ ALTER SUBSCRIPTION regress_testsub SKIP (lsn = NONE); ALTER SUBSCRIPTION regress_testsub SKIP (lsn = '0/0'); ERROR: invalid WAL location (LSN): 0/0 \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist2 | -1 | 0/00000000 | test subscription (1 row) BEGIN; @@ -227,10 +250,10 @@ ALTER SUBSCRIPTION regress_testsub_foo SET (wal_receiver_timeout = '80s'); ALTER SUBSCRIPTION regress_testsub_foo SET (wal_receiver_timeout = 'foobar'); ERROR: invalid value for parameter "wal_receiver_timeout": "foobar" \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ----------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- - regress_testsub_foo | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | f | 0 | f | local | dbname=regress_doesnotexist2 | 80s | 0/00000000 | test subscription + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +---------------------+---------------------------+---------+---------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+------------------------------+------------------+------------+------------------- + regress_testsub_foo | regress_subscription_user | f | {testpub2,testpub3} | f | parallel | d | f | any | t | f | f | | f | 0 | f | local | dbname=regress_doesnotexist2 | 80s | 0/00000000 | test subscription (1 row) -- rename back to keep the rest simple @@ -259,19 +282,19 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | t | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | t | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (binary = false); ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) DROP SUBSCRIPTION regress_testsub; @@ -283,27 +306,27 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | on | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | on | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (streaming = parallel); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (streaming = false); ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- fail - publication already exists @@ -318,10 +341,10 @@ ALTER SUBSCRIPTION regress_testsub ADD PUBLICATION testpub1, testpub2 WITH (refr ALTER SUBSCRIPTION regress_testsub ADD PUBLICATION testpub1, testpub2 WITH (refresh = false); ERROR: publication "testpub1" is already in subscription "regress_testsub" \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-----------------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub,testpub1,testpub2} | f | off | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-----------------------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub,testpub1,testpub2} | f | off | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- fail - publication used more than once @@ -336,10 +359,10 @@ ERROR: publication "testpub3" is not in subscription "regress_testsub" -- ok - delete publications ALTER SUBSCRIPTION regress_testsub DROP PUBLICATION testpub1, testpub2 WITH (refresh = false); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | off | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) DROP SUBSCRIPTION regress_testsub; @@ -375,19 +398,19 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | p | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | p | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- we can alter streaming when two_phase enabled ALTER SUBSCRIPTION regress_testsub SET (streaming = true); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -397,10 +420,10 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | on | p | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -413,18 +436,18 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (disable_on_error = true); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | t | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | t | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -437,10 +460,10 @@ CREATE SUBSCRIPTION regress_testsub CONNECTION 'dbname=regress_doesnotexist' PUB WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); @@ -454,19 +477,19 @@ NOTICE: max_retention_duration is ineffective when retain_dead_tuples is disabl WARNING: subscription was created, but is not connected HINT: To initiate replication, you must manually create the replication slot, enable the subscription, and alter the subscription to refresh publications. \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 1000 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 1000 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) -- ok ALTER SUBSCRIPTION regress_testsub SET (max_retention_duration = 0); \dRs+ - List of subscriptions - Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description ------------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- - regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | + List of subscriptions + Name | Owner | Enabled | Publication | Binary | Streaming | Two-phase commit | Disable on error | Origin | Password required | Run as owner? | Failover | Server | Retain dead tuples | Max retention duration | Retention active | Synchronous commit | Conninfo | Receiver timeout | Skip LSN | Description +-----------------+---------------------------+---------+-------------+--------+-----------+------------------+------------------+--------+-------------------+---------------+----------+--------+--------------------+------------------------+------------------+--------------------+-----------------------------+------------------+------------+------------- + regress_testsub | regress_subscription_user | f | {testpub} | f | parallel | d | f | any | t | f | f | | f | 0 | f | off | dbname=regress_doesnotexist | -1 | 0/00000000 | (1 row) ALTER SUBSCRIPTION regress_testsub SET (slot_name = NONE); diff --git a/src/test/regress/regress.c b/src/test/regress/regress.c index a02f41c9727..158c7b7a4c0 100644 --- a/src/test/regress/regress.c +++ b/src/test/regress/regress.c @@ -729,6 +729,13 @@ test_fdw_handler(PG_FUNCTION_ARGS) PG_RETURN_NULL(); } +PG_FUNCTION_INFO_V1(test_fdw_connection); +Datum +test_fdw_connection(PG_FUNCTION_ARGS) +{ + PG_RETURN_TEXT_P(cstring_to_text("dbname=regress_doesnotexist")); +} + PG_FUNCTION_INFO_V1(is_catalog_text_unique_index_oid); Datum is_catalog_text_unique_index_oid(PG_FUNCTION_ARGS) diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index d93cbc279d9..990d75f1749 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -2,6 +2,17 @@ -- SUBSCRIPTION -- +-- directory paths and dlsuffix are passed to us in environment variables +\getenv libdir PG_LIBDIR +\getenv dlsuffix PG_DLSUFFIX + +\set regresslib :libdir '/regress' :dlsuffix + +CREATE FUNCTION test_fdw_connection(oid, oid, internal) + RETURNS text + AS :'regresslib', 'test_fdw_connection' + LANGUAGE C; + CREATE ROLE regress_subscription_user LOGIN SUPERUSER; CREATE ROLE regress_subscription_user2; CREATE ROLE regress_subscription_user3 IN ROLE pg_create_subscription; @@ -85,6 +96,21 @@ CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'i_dont_exist=param' PUBLICATION -- connecting, so this is reliable and safe) CREATE SUBSCRIPTION regress_testsub5 CONNECTION 'port=-1' PUBLICATION testpub; +CREATE FOREIGN DATA WRAPPER test_fdw; +CREATE SERVER test_server FOREIGN DATA WRAPPER test_fdw; +CREATE USER MAPPING FOR regress_subscription_user SERVER test_server; + +-- fail, need CONNECTION clause +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); + +ALTER FOREIGN DATA WRAPPER test_fdw CONNECTION test_fdw_connection; +CREATE SUBSCRIPTION regress_testsub6 SERVER test_server PUBLICATION testpub WITH (slot_name = NONE, connect = false); +DROP SUBSCRIPTION regress_testsub6; + +DROP USER MAPPING FOR regress_subscription_user SERVER test_server; +DROP SERVER test_server; +DROP FOREIGN DATA WRAPPER test_fdw; + -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; -- 2.43.0 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-06 16:19 Ashutosh Bapat <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 2 replies; 63+ messages in thread From: Ashutosh Bapat @ 2026-03-06 16:19 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Amit Kapila <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Thu, Mar 5, 2026 at 2:23 PM Jeff Davis <[email protected]> wrote: > > On Thu, 2026-03-05 at 09:21 +0530, Amit Kapila wrote: > > We revoke view rights on subconninfo from the public. See below [A] > > in > > system_views.sql. Do we want to do the same for subserver or is it > > okay for users to see it? > > I can't think of a reason that the server name should be secret, but > let me know if you think so. > > > I think the following comment and some place > > in docs needs to be updated. > > [A] > > -- All columns of pg_subscription except subconninfo are publicly > > readable. > > REVOKE ALL ON pg_subscription FROM public; > > GRANT SELECT (oid, subdbid, subskiplsn, subname, subowner, > > Good catch! Thank you. > > > 2. We may want to update the following text in pg_dump docs about the > > new way of connecting to hosts. See [B] (When dumping logical > > replication subscriptions, pg_dump will generate CREATE SUBSCRIPTION > > commands that use the connect = false option, so that restoring the > > subscription does not make remote connections for creating a > > replication slot or for initial table copy. That way, the dump can be > > restored without requiring network access to the remote servers. It > > is > > then up to the user to reactivate the subscriptions in a suitable > > way. > > If the involved hosts have changed, the connection information might > > have to be changed.) > > > > [B] - https://www.postgresql.org/docs/devel/app-pgdump.html > > > > I think the above comment is still correct -- it would be a bit easier > to deal with servers rather than raw connection strings, but the > comment already says "...might have to be changed" which is just a > reminder to look. > > > Attached a new patch that also addressed the review comments from here: > > https://www.postgresql.org/message-id/[email protected]... > > Additionally, I ran into a problem that's worth highlighting: > > DROP SERVER ... CASCADE was broken, because the subscription is > dependent on it but that's in a global catalog, which is not handled by > doDeletion(). The subscription is conceptually a per-database object, > but it's in a shared catalog with a subdbid field. I solved that > problem by adding a guard to findDependentObjects() to check for the > referenced object belonging to a shared catalog, and if so it just > throws an error (so CASCADE is not supported for servers used in > subscriptions). That's a simple but not a very satisfying solution, so > let me know if you see a problem with that. I shared the awkwardness, but don't have any better ideas. However, it does raise a question as to why do we need an FDW to be database specific or for that matter a SERVER database specific. That might be because it requires an extension which is database specific. Probably we should support extensions which are database agnostic. However that's way beyond the scope of this patch. Other way around why do we need subscriptions to be shared objects? Again probably beyond the scope of this patch. I also see some code duplicated across Create and Alter subscription code paths. Even without this patch the code was duplicated, but with this patch the amount of duplication has increased. Can we deduplicate some of the code? I don't think we need a separate ForeignServerName function. In AlterSubscription() we already have ForeignSever object which has server name in it. Other two callers invoke ForeignServerConnectionString() which in turn fetches ForeignServer object. Those callers instead may fetch ForeignServer object themselves and pass it to ForeignServerConnectionString() and use it in the error message. The patch has changes to pg_dump.c but there is no corresponding test. But I don't think we need a separate test. If the objects created in regress/*.sql tests are not dropped, 002_pg_upgrade.pl would test dump/restore of subscriptions with server. I think we need tests for testing changes in connection when ALTER SUBSCRIPTION ... SERVER is executed and also those for switching between SERVER and CONNECTION. -- Best Wishes, Ashutosh Bapat ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-07 07:01 Amit Kapila <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Amit Kapila @ 2026-03-07 07:01 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Thu, Mar 5, 2026 at 2:23 PM Jeff Davis <[email protected]> wrote: > > Additionally, I ran into a problem that's worth highlighting: > > DROP SERVER ... CASCADE was broken, because the subscription is > dependent on it but that's in a global catalog, which is not handled by > doDeletion(). The subscription is conceptually a per-database object, > but it's in a shared catalog with a subdbid field. I solved that > problem by adding a guard to findDependentObjects() to check for the > referenced object belonging to a shared catalog, and if so it just > throws an error (so CASCADE is not supported for servers used in > subscriptions). That's a simple but not a very satisfying solution, so > let me know if you see a problem with that. > I also can't think of any straight-forward solution for it. I've not thought in detail but can a new type of dependency be required to solve this problem? I am not aware if we are doing something similar in any other CASCADE operation, so even if we want to go with giving ERROR for this case, it may be better to get somewhat wider acceptance for the same unless few other people respond here and consider this as an acceptable solution. Few other minor comments: ====================== 1. +# Replicate the changes without columns +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_no_col default VALUES"); I don't see a subscriber-side table or verification code to verify the above test. 2. + Oid subserver BKI_LOOKUP_OPT(pg_foreign_server); /* If connection uses + * server */ + Isn't it better to keep this along with other oids in the beginning of the catalog, say after subowner? It will also avoid padding before subserver field. -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-07 07:05 Amit Kapila <[email protected]> parent: Ashutosh Bapat <[email protected]> 1 sibling, 0 replies; 63+ messages in thread From: Amit Kapila @ 2026-03-07 07:05 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Jeff Davis <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, Mar 6, 2026 at 9:49 PM Ashutosh Bapat <[email protected]> wrote: > > On Thu, Mar 5, 2026 at 2:23 PM Jeff Davis <[email protected]> wrote: > > > > On Thu, 2026-03-05 at 09:21 +0530, Amit Kapila wrote: > > > > Additionally, I ran into a problem that's worth highlighting: > > > > DROP SERVER ... CASCADE was broken, because the subscription is > > dependent on it but that's in a global catalog, which is not handled by > > doDeletion(). The subscription is conceptually a per-database object, > > but it's in a shared catalog with a subdbid field. I solved that > > problem by adding a guard to findDependentObjects() to check for the > > referenced object belonging to a shared catalog, and if so it just > > throws an error (so CASCADE is not supported for servers used in > > subscriptions). That's a simple but not a very satisfying solution, so > > let me know if you see a problem with that. > > I shared the awkwardness, but don't have any better ideas. However, it > does raise a question as to why do we need an FDW to be database > specific or for that matter a SERVER database specific. That might be > because it requires an extension which is database specific. Probably > we should support extensions which are database agnostic. However > that's way beyond the scope of this patch. Other way around why do we > need subscriptions to be shared objects? > It is because the launcher process needs to traverse all subscriptions to start workers. -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-09 06:23 Amit Kapila <[email protected]> parent: Amit Kapila <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Amit Kapila @ 2026-03-09 06:23 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sat, Mar 7, 2026 at 12:31 PM Amit Kapila <[email protected]> wrote: > > On Thu, Mar 5, 2026 at 2:23 PM Jeff Davis <[email protected]> wrote: > > > > Few other minor comments: > ====================== > 1. > +# Replicate the changes without columns > +$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); > +$node_publisher->safe_psql('postgres', > + "INSERT INTO tab_no_col default VALUES"); > > I don't see a subscriber-side table or verification code to verify the > above test. > I see that the committed version (8185bb5347) has this part of the test, isn't that test incomplete, if not, tell me what am I missing? It seems I have sent this message after you have committed the last version. > 2. > + Oid subserver BKI_LOOKUP_OPT(pg_foreign_server); /* If connection uses > + * server */ > + > > Isn't it better to keep this along with other oids in the beginning of > the catalog, say after subowner? It will also avoid padding before > subserver field. > We can probably consider this one as well though there is no correctness issue as such. -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-10 14:23 Jeff Davis <[email protected]> parent: Amit Kapila <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Jeff Davis @ 2026-03-10 14:23 UTC (permalink / raw) To: Amit Kapila <[email protected]>; +Cc: Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, 2026-03-09 at 11:53 +0530, Amit Kapila wrote: > > +# Replicate the changes without columns > > +$node_publisher->safe_psql('postgres', "CREATE TABLE > > tab_no_col()"); > > +$node_publisher->safe_psql('postgres', > > + "INSERT INTO tab_no_col default VALUES"); > > > > I don't see a subscriber-side table or verification code to verify > > the > > above test. > > > > I see that the committed version (8185bb5347) has this part of the > test, isn't that test incomplete, if not, tell me what am I missing? In 8185bb5347, contrib/postgres_fdw/t/010_subscription.pl has: ... # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); ... $result = $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); is($result, qq(1050), 'check that inserted data was copied to subscriber'); ... which creates the subscriber-side table and verifies the result. If I change 1050 -> 1051, then the test fails, so I think it's functioning. Perhaps I don't understand the question? > It seems I have sent this message after you have committed the last > version. Yes, thank you, I will address those shortly. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-14 09:44 Amit Kapila <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Amit Kapila @ 2026-03-14 09:44 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Ashutosh Bapat <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, Mar 10, 2026 at 7:53 PM Jeff Davis <[email protected]> wrote: > > On Mon, 2026-03-09 at 11:53 +0530, Amit Kapila wrote: > > > +# Replicate the changes without columns > > > +$node_publisher->safe_psql('postgres', "CREATE TABLE > > > tab_no_col()"); > > > +$node_publisher->safe_psql('postgres', > > > + "INSERT INTO tab_no_col default VALUES"); > > > > > > I don't see a subscriber-side table or verification code to verify > > > the > > > above test. > > > > > > > I see that the committed version (8185bb5347) has this part of the > > test, isn't that test incomplete, if not, tell me what am I missing? > > In 8185bb5347, contrib/postgres_fdw/t/010_subscription.pl has: > > ... > # Setup structure on subscriber > $node_subscriber->safe_psql('postgres', "CREATE EXTENSION > postgres_fdw"); > $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, > b int)"); > ... > $result = > $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT > f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE > match"); > is($result, qq(1050), 'check that inserted data was copied to > subscriber'); > ... > > which creates the subscriber-side table and verifies the result. > I am talking about a table with the name tab_no_col whereas you are talking about a table with the name tab_ins. The test doesn't create a table with the name tab_no_col on the subscriber-side which makes it redundant, am I missing something? -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-14 22:55 Jeff Davis <[email protected]> parent: Ashutosh Bapat <[email protected]> 1 sibling, 2 replies; 63+ messages in thread From: Jeff Davis @ 2026-03-14 22:55 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Amit Kapila <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2026-03-06 at 21:49 +0530, Ashutosh Bapat wrote: > I don't think we need a separate ForeignServerName function. In > AlterSubscription() we already have ForeignSever object which has > server name in it. Other two callers invoke > ForeignServerConnectionString() which in turn fetches ForeignServer > object. Those callers instead may fetch ForeignServer object > themselves and pass it to ForeignServerConnectionString() and use it > in the error message. Done. > The patch has changes to pg_dump.c but there is no corresponding > test. > But I don't think we need a separate test. If the objects created in > regress/*.sql tests are not dropped, 002_pg_upgrade.pl would test > dump/restore of subscriptions with server. It seems that foreign_data.sql expects there to be zero FDWs, servers, and user mappings, so it's not quite that simple. I'm not entirely sure why that is, but I suppose it's meant to be tested in 002_pg_dump.pl instead. I wrote the tests there (attached), which revealed that CREATE FOREIGN DATA WRAPPER ... CONNECTION wasn't being dumped properly. I attached a separate fix for that. Unfortunately I don't think we can rely on regress.so being available when 002_pg_dump.pl runs. Do you have an idea how I can effectively test the FDW (which is needed to test the server and subscription)? I suppose I could make it a built-in function, and that wouldn't be so bad, but not ideal. Right now this test is failing for CI on debian autoconf. > I think we need tests for testing changes in connection when ALTER > SUBSCRIPTION ... SERVER is executed and also those for switching > between SERVER and CONNECTION. Done. Attached series including patches to address Andres's and Amit's comments, too. Thank you! Regards, Jeff Davis Attachments: [text/x-patch] v22-0001-Clean-up-postgres_fdw-t-010_subscription.pl.patch (3.0K, 2-v22-0001-Clean-up-postgres_fdw-t-010_subscription.pl.patch) download | inline diff: From 7726c05c6338bfea1ccac68aaf8288fe8a165107 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Sat, 14 Mar 2026 11:03:53 -0700 Subject: [PATCH v22 1/6] Clean up postgres_fdw/t/010_subscription.pl. The test was based on test/subscription/002_rep_changes.pl, but had some leftover copy+paste problems that were useless and/or distracted from the point of the test. Discussion: https://postgr.es/m/CAA4eK1+=V_UFNHwcoMFqzy0F4AtS9_GyXhQDUzizgieQPWr=0A@mail.gmail.com Reported-by: Amit Kapila <[email protected]> --- contrib/postgres_fdw/t/010_subscription.pl | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl index 1e41091badc..a04d64bb78c 100644 --- a/contrib/postgres_fdw/t/010_subscription.pl +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -1,7 +1,8 @@ # Copyright (c) 2021-2026, PostgreSQL Global Development Group -# Basic logical replication test +# Test postgres_fdw foreign server for use with a subscription. + use strict; use warnings FATAL => 'all'; use PostgreSQL::Test::Cluster; @@ -22,11 +23,6 @@ $node_subscriber->start; $node_publisher->safe_psql('postgres', "CREATE TABLE tab_ins AS SELECT a, a + 1 as b FROM generate_series(1,1002) AS a"); -# Replicate the changes without columns -$node_publisher->safe_psql('postgres', "CREATE TABLE tab_no_col()"); -$node_publisher->safe_psql('postgres', - "INSERT INTO tab_no_col default VALUES"); - # Setup structure on subscriber $node_subscriber->safe_psql('postgres', "CREATE EXTENSION postgres_fdw"); $node_subscriber->safe_psql('postgres', "CREATE TABLE tab_ins (a int, b int)"); @@ -45,9 +41,6 @@ $node_subscriber->safe_psql('postgres', "CREATE USER MAPPING FOR PUBLIC SERVER tap_server" ); -$node_subscriber->safe_psql('postgres', - "CREATE FOREIGN TABLE f_tab_ins (a int, b int) SERVER tap_server OPTIONS(table_name 'tab_ins')" -); $node_subscriber->safe_psql('postgres', "CREATE SUBSCRIPTION tap_sub SERVER tap_server PUBLICATION tap_pub WITH (password_required=false)" ); @@ -56,7 +49,7 @@ $node_subscriber->safe_psql('postgres', $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); my $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1002), 'check that initial data was copied to subscriber'); $node_publisher->safe_psql('postgres', @@ -65,7 +58,7 @@ $node_publisher->safe_psql('postgres', $node_publisher->wait_for_catchup('tap_sub'); $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM (SELECT f.b = l.b as match FROM tab_ins l, f_tab_ins f WHERE l.a = f.a) WHERE match"); + $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); is($result, qq(1050), 'check that inserted data was copied to subscriber'); done_testing(); -- 2.43.0 [text/x-patch] v22-0002-ALTER-SUBSCRIPTION-.-SERVER-test.patch (2.9K, 3-v22-0002-ALTER-SUBSCRIPTION-.-SERVER-test.patch) download | inline diff: From 08001be72c54ce6f1bd4729546260b28821a46a1 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Sat, 14 Mar 2026 12:50:45 -0700 Subject: [PATCH v22 2/6] ALTER SUBSCRIPTION ... SERVER test. Test ALTER SUBSCRIPTION ... SERVER and ALTER SUBSCRIPTION ... CONNECTION, including invalidation. Discussion: https://postgr.es/m/CAExHW5vV5znEvecX=ra2-v7UBj9-M6qvdDzuB78M-TxbYD1PEA@mail.gmail.com Suggested-by: Ashutosh Bapat <[email protected]> --- contrib/postgres_fdw/t/010_subscription.pl | 38 ++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/contrib/postgres_fdw/t/010_subscription.pl b/contrib/postgres_fdw/t/010_subscription.pl index a04d64bb78c..50eac4c3bdb 100644 --- a/contrib/postgres_fdw/t/010_subscription.pl +++ b/contrib/postgres_fdw/t/010_subscription.pl @@ -49,7 +49,7 @@ $node_subscriber->safe_psql('postgres', $node_subscriber->wait_for_subscription_sync($node_publisher, 'tap_sub'); my $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); + $node_subscriber->safe_psql('postgres', "SELECT MAX(a) FROM tab_ins"); is($result, qq(1002), 'check that initial data was copied to subscriber'); $node_publisher->safe_psql('postgres', @@ -58,7 +58,41 @@ $node_publisher->safe_psql('postgres', $node_publisher->wait_for_catchup('tap_sub'); $result = - $node_subscriber->safe_psql('postgres', "SELECT count(*) FROM tab_ins"); + $node_subscriber->safe_psql('postgres', "SELECT MAX(a) FROM tab_ins"); is($result, qq(1050), 'check that inserted data was copied to subscriber'); +# change to CONNECTION and confirm invalidation +my $log_offset = -s $node_subscriber->logfile; +$node_subscriber->safe_psql('postgres', + "ALTER SUBSCRIPTION tap_sub CONNECTION '$publisher_connstr'"); +$node_subscriber->wait_for_log( + qr/logical replication worker for subscription "tap_sub" will restart because of a parameter change/, + $log_offset); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1051,1057) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT MAX(a) FROM tab_ins"); +is($result, qq(1057), 'check subscription after ALTER SUBSCRIPTION ... CONNECTION'); + +# change back to SERVER and confirm invalidation +$log_offset = -s $node_subscriber->logfile; +$node_subscriber->safe_psql('postgres', + "ALTER SUBSCRIPTION tap_sub SERVER tap_server"); +$node_subscriber->wait_for_log( + qr/logical replication worker for subscription "tap_sub" will restart because of a parameter change/, + $log_offset); + +$node_publisher->safe_psql('postgres', + "INSERT INTO tab_ins SELECT a, a + 1 FROM generate_series(1058,1073) a"); + +$node_publisher->wait_for_catchup('tap_sub'); + +$result = + $node_subscriber->safe_psql('postgres', "SELECT MAX(a) FROM tab_ins"); +is($result, qq(1073), 'check subscription after ALTER SUBSCRIPTION ... SERVER'); + done_testing(); -- 2.43.0 [text/x-patch] v22-0003-Temp-context-for-maybe_reread_subscription.patch (6.9K, 4-v22-0003-Temp-context-for-maybe_reread_subscription.patch) download | inline diff: From 305de8a5dd4e960e372cddb1055fbd7d0a1717a3 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Thu, 12 Mar 2026 18:04:35 -0700 Subject: [PATCH v22 3/6] Temp context for maybe_reread_subscription(). Move temp context from ForeignServerConnectionString() to maybe_reread_subscription(), so that it prevents more invalidation-related leaks. Remove PG_TRY()/PG_FINALLY() from ForeignServerConnectionString(). Suggested-by: Andres Freund <[email protected]> Discussion: https://postgr.es/m/xvdjrdqnpap3uq7owbaox3r7p5gf7sv62aaqf2ju3vb6yglatr%40kvvwhoudrlxq --- src/backend/catalog/pg_subscription.c | 14 ----- src/backend/foreign/foreign.c | 66 +++++++----------------- src/backend/replication/logical/worker.c | 30 +++++++++-- src/include/catalog/pg_subscription.h | 1 - 4 files changed, 43 insertions(+), 68 deletions(-) diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 3673d4f0bc1..ca053c152cf 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -216,20 +216,6 @@ CountDBSubscriptions(Oid dbid) return nsubs; } -/* - * Free memory allocated by subscription struct. - */ -void -FreeSubscription(Subscription *sub) -{ - pfree(sub->name); - pfree(sub->conninfo); - if (sub->slotname) - pfree(sub->slotname); - list_free_deep(sub->publications); - pfree(sub); -} - /* * Disable the given subscription. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 160cf6f51c9..f437b447282 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -219,62 +219,32 @@ GetForeignServerByName(const char *srvname, bool missing_ok) /* * Retrieve connection string from server's FDW. + * + * NB: leaks into CurrentMemoryContext. */ char * ForeignServerConnectionString(Oid userid, Oid serverid) { - MemoryContext tempContext; - MemoryContext oldcxt; - text *volatile connection_text = NULL; - char *result = NULL; - - /* - * GetForeignServer, GetForeignDataWrapper, and the connection function - * itself all leak memory into CurrentMemoryContext. Switch to a temporary - * context for easy cleanup. - */ - tempContext = AllocSetContextCreate(CurrentMemoryContext, - "FDWConnectionContext", - ALLOCSET_SMALL_SIZES); - - oldcxt = MemoryContextSwitchTo(tempContext); - - PG_TRY(); - { - ForeignServer *server; - ForeignDataWrapper *fdw; - Datum connection_datum; - - server = GetForeignServer(serverid); - fdw = GetForeignDataWrapper(server->fdwid); - - if (!OidIsValid(fdw->fdwconnection)) - ereport(ERROR, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("foreign data wrapper \"%s\" does not support subscription connections", - fdw->fdwname), - errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); - - - connection_datum = OidFunctionCall3(fdw->fdwconnection, - ObjectIdGetDatum(userid), - ObjectIdGetDatum(serverid), - PointerGetDatum(NULL)); + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; - connection_text = DatumGetTextPP(connection_datum); - } - PG_FINALLY(); - { - MemoryContextSwitchTo(oldcxt); + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); - if (connection_text) - result = text_to_cstring((text *) connection_text); + if (!OidIsValid(fdw->fdwconnection)) + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("foreign data wrapper \"%s\" does not support subscription connections", + fdw->fdwname), + errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); - MemoryContextDelete(tempContext); - } - PG_END_TRY(); + connection_datum = OidFunctionCall3(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid), + PointerGetDatum(NULL)); - return result; + return text_to_cstring(DatumGetTextPP(connection_datum)); } diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 033858752d9..4ea65a61fb4 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -479,6 +479,7 @@ static MemoryContext LogicalStreamingContext = NULL; WalReceiverConn *LogRepWorkerWalRcvConn = NULL; Subscription *MySubscription = NULL; +static MemoryContext MySubscriptionCtx = NULL; static bool MySubscriptionValid = false; static List *on_commit_wakeup_workers_subids = NIL; @@ -5042,6 +5043,7 @@ void maybe_reread_subscription(void) { MemoryContext oldctx; + MemoryContext newctx; Subscription *newsub; bool started_tx = false; @@ -5056,8 +5058,15 @@ maybe_reread_subscription(void) started_tx = true; } - /* Ensure allocations in permanent context. */ - oldctx = MemoryContextSwitchTo(ApplyContext); + newctx = AllocSetContextCreate(ApplyContext, + "Subscription Context", + ALLOCSET_SMALL_SIZES); + + /* + * GetSubscription() leaks a number of small allocations, so use a + * subcontext for each call. + */ + oldctx = MemoryContextSwitchTo(newctx); newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); @@ -5149,7 +5158,8 @@ maybe_reread_subscription(void) } /* Clean old subscription info and switch to new one. */ - FreeSubscription(MySubscription); + MemoryContextDelete(MySubscriptionCtx); + MySubscriptionCtx = newctx; MySubscription = newsub; MemoryContextSwitchTo(oldctx); @@ -5794,12 +5804,19 @@ InitializeLogRepWorker(void) */ SetConfigOption("search_path", "", PGC_SUSET, PGC_S_OVERRIDE); - /* Load the subscription into persistent memory context. */ ApplyContext = AllocSetContextCreate(TopMemoryContext, "ApplyContext", ALLOCSET_DEFAULT_SIZES); + + /* + * GetSubscription() leaks a number of small allocations, so use a + * subcontext for each call. + */ + MySubscriptionCtx = AllocSetContextCreate(ApplyContext, + "Subscription Context", + ALLOCSET_SMALL_SIZES); + StartTransactionCommand(); - oldctx = MemoryContextSwitchTo(ApplyContext); /* * Lock the subscription to prevent it from being concurrently dropped, @@ -5808,7 +5825,10 @@ InitializeLogRepWorker(void) */ LockSharedObject(SubscriptionRelationId, MyLogicalRepWorker->subid, 0, AccessShareLock); + + oldctx = MemoryContextSwitchTo(MySubscriptionCtx); MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); + if (!MySubscription) { ereport(LOG, diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index 0058d9387d7..2f6f7b57698 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -212,7 +212,6 @@ typedef struct Subscription extern Subscription *GetSubscription(Oid subid, bool missing_ok, bool aclcheck); -extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); extern int CountDBSubscriptions(Oid dbid); -- 2.43.0 [text/x-patch] v22-0004-Refactor-to-remove-ForeignServerName.patch (7.3K, 5-v22-0004-Refactor-to-remove-ForeignServerName.patch) download | inline diff: From 9cc1598f8a6686015a0c8167cab56888729395b0 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Fri, 13 Mar 2026 19:37:21 -0700 Subject: [PATCH v22 4/6] Refactor to remove ForeignServerName(). Callers either have a ForeignServer object or can readily construct one. Also simplify ForeignServerConnectionString() by accepting a ForeignServer rather than its OID. Discussion: https://postgr.es/m/CAExHW5vV5znEvecX=ra2-v7UBj9-M6qvdDzuB78M-TxbYD1PEA@mail.gmail.com Suggested-by: Ashutosh Bapat <[email protected]> --- src/backend/catalog/pg_subscription.c | 7 ++++-- src/backend/commands/subscriptioncmds.c | 20 +++++++++------- src/backend/foreign/foreign.c | 31 ++----------------------- src/include/foreign/foreign.h | 4 ++-- 4 files changed, 20 insertions(+), 42 deletions(-) diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index ca053c152cf..d9e220172e9 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -114,6 +114,9 @@ GetSubscription(Oid subid, bool missing_ok, bool aclcheck) if (OidIsValid(subform->subserver)) { AclResult aclresult; + ForeignServer *server; + + server = GetForeignServer(subform->subserver); /* recheck ACL if requested */ if (aclcheck) @@ -127,11 +130,11 @@ GetSubscription(Oid subid, bool missing_ok, bool aclcheck) (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", GetUserNameFromId(subform->subowner, false), - ForeignServerName(subform->subserver)))); + server->servername))); } sub->conninfo = ForeignServerConnectionString(subform->subowner, - subform->subserver); + server); } else { diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 724637cff5b..7375e214cb4 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -753,7 +753,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, GetUserMapping(owner, server->serverid); serverid = server->serverid; - conninfo = ForeignServerConnectionString(owner, serverid); + conninfo = ForeignServerConnectionString(owner, server); } else { @@ -1841,13 +1841,13 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", GetUserNameFromId(form->subowner, false), - ForeignServerName(new_server->serverid))); + new_server->servername)); /* make sure a user mapping exists */ GetUserMapping(form->subowner, new_server->serverid); conninfo = ForeignServerConnectionString(form->subowner, - new_server->serverid); + new_server); /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); @@ -2250,7 +2250,9 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) if (OidIsValid(form->subserver)) { AclResult aclresult; + ForeignServer *server; + server = GetForeignServer(form->subserver); aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, form->subowner, ACL_USAGE); if (aclresult != ACLCHECK_OK) @@ -2263,12 +2265,12 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) */ err = psprintf(_("subscription owner \"%s\" does not have permission on foreign server \"%s\""), GetUserNameFromId(form->subowner, false), - ForeignServerName(form->subserver)); + server->servername); conninfo = NULL; } else conninfo = ForeignServerConnectionString(form->subowner, - form->subserver); + server); } else { @@ -2593,18 +2595,18 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) */ if (OidIsValid(form->subserver)) { - Oid serverid = form->subserver; + ForeignServer *server = GetForeignServer(form->subserver); - aclresult = object_aclcheck(ForeignServerRelationId, serverid, newOwnerId, ACL_USAGE); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, newOwnerId, ACL_USAGE); if (aclresult != ACLCHECK_OK) ereport(ERROR, errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("new subscription owner \"%s\" does not have permission on foreign server \"%s\"", GetUserNameFromId(newOwnerId, false), - ForeignServerName(serverid))); + server->servername)); /* make sure a user mapping exists */ - GetUserMapping(newOwnerId, serverid); + GetUserMapping(newOwnerId, server->serverid); } form->subowner = newOwnerId; diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index f437b447282..5e9a1ac8514 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -177,31 +177,6 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } -/* - * ForeignServerName - get name of foreign server. - */ -char * -ForeignServerName(Oid serverid) -{ - Form_pg_foreign_server serverform; - char *servername; - HeapTuple tp; - - tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); - - if (!HeapTupleIsValid(tp)) - elog(ERROR, "cache lookup failed for foreign server %u", serverid); - - serverform = (Form_pg_foreign_server) GETSTRUCT(tp); - - servername = pstrdup(NameStr(serverform->srvname)); - - ReleaseSysCache(tp); - - return servername; -} - - /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -223,13 +198,11 @@ GetForeignServerByName(const char *srvname, bool missing_ok) * NB: leaks into CurrentMemoryContext. */ char * -ForeignServerConnectionString(Oid userid, Oid serverid) +ForeignServerConnectionString(Oid userid, ForeignServer *server) { - ForeignServer *server; ForeignDataWrapper *fdw; Datum connection_datum; - server = GetForeignServer(serverid); fdw = GetForeignDataWrapper(server->fdwid); if (!OidIsValid(fdw->fdwconnection)) @@ -241,7 +214,7 @@ ForeignServerConnectionString(Oid userid, Oid serverid) connection_datum = OidFunctionCall3(fdw->fdwconnection, ObjectIdGetDatum(userid), - ObjectIdGetDatum(serverid), + ObjectIdGetDatum(server->serverid), PointerGetDatum(NULL)); return text_to_cstring(DatumGetTextPP(connection_datum)); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 65ed9a7f987..564c3cc1b7f 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -66,12 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); -extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); -extern char *ForeignServerConnectionString(Oid userid, Oid serverid); +extern char *ForeignServerConnectionString(Oid userid, + ForeignServer *server); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, -- 2.43.0 [text/x-patch] v22-0005-Fix-pg_dump-for-CREATE-FOREIGN-DATA-WRAPPER-.-CO.patch (2.9K, 6-v22-0005-Fix-pg_dump-for-CREATE-FOREIGN-DATA-WRAPPER-.-CO.patch) download | inline diff: From d5496c2cdb21cc083a7b844d5ef312d3107941b0 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Sat, 14 Mar 2026 15:07:27 -0700 Subject: [PATCH v22 5/6] Fix pg_dump for CREATE FOREIGN DATA WRAPPER ... CONNECTION. --- src/bin/pg_dump/pg_dump.c | 15 ++++++++++++++- src/bin/pg_dump/pg_dump.h | 1 + 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 137161aa5e0..17fa533086c 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -10525,6 +10525,7 @@ getForeignDataWrappers(Archive *fout) int i_fdwowner; int i_fdwhandler; int i_fdwvalidator; + int i_fdwconnection; int i_fdwacl; int i_acldefault; int i_fdwoptions; @@ -10534,7 +10535,14 @@ getForeignDataWrappers(Archive *fout) appendPQExpBufferStr(query, "SELECT tableoid, oid, fdwname, " "fdwowner, " "fdwhandler::pg_catalog.regproc, " - "fdwvalidator::pg_catalog.regproc, " + "fdwvalidator::pg_catalog.regproc, "); + + if (fout->remoteVersion >= 190000) + appendPQExpBufferStr(query, "fdwconnection::pg_catalog.regproc, "); + else + appendPQExpBufferStr(query, "'-' AS fdwconnection, "); + + appendPQExpBufferStr(query, "fdwacl, " "acldefault('F', fdwowner) AS acldefault, " "array_to_string(ARRAY(" @@ -10557,6 +10565,7 @@ getForeignDataWrappers(Archive *fout) i_fdwowner = PQfnumber(res, "fdwowner"); i_fdwhandler = PQfnumber(res, "fdwhandler"); i_fdwvalidator = PQfnumber(res, "fdwvalidator"); + i_fdwconnection = PQfnumber(res, "fdwconnection"); i_fdwacl = PQfnumber(res, "fdwacl"); i_acldefault = PQfnumber(res, "acldefault"); i_fdwoptions = PQfnumber(res, "fdwoptions"); @@ -10576,6 +10585,7 @@ getForeignDataWrappers(Archive *fout) fdwinfo[i].rolname = getRoleName(PQgetvalue(res, i, i_fdwowner)); fdwinfo[i].fdwhandler = pg_strdup(PQgetvalue(res, i, i_fdwhandler)); fdwinfo[i].fdwvalidator = pg_strdup(PQgetvalue(res, i, i_fdwvalidator)); + fdwinfo[i].fdwconnection = pg_strdup(PQgetvalue(res, i, i_fdwconnection)); fdwinfo[i].fdwoptions = pg_strdup(PQgetvalue(res, i, i_fdwoptions)); /* Decide whether we want to dump it */ @@ -16179,6 +16189,9 @@ dumpForeignDataWrapper(Archive *fout, const FdwInfo *fdwinfo) if (strcmp(fdwinfo->fdwvalidator, "-") != 0) appendPQExpBuffer(q, " VALIDATOR %s", fdwinfo->fdwvalidator); + if (strcmp(fdwinfo->fdwconnection, "-") != 0) + appendPQExpBuffer(q, " CONNECTION %s", fdwinfo->fdwconnection); + if (strlen(fdwinfo->fdwoptions) > 0) appendPQExpBuffer(q, " OPTIONS (\n %s\n)", fdwinfo->fdwoptions); diff --git a/src/bin/pg_dump/pg_dump.h b/src/bin/pg_dump/pg_dump.h index 1c11a79083f..b150d736db1 100644 --- a/src/bin/pg_dump/pg_dump.h +++ b/src/bin/pg_dump/pg_dump.h @@ -604,6 +604,7 @@ typedef struct _fdwInfo const char *rolname; char *fdwhandler; char *fdwvalidator; + char *fdwconnection; char *fdwoptions; } FdwInfo; -- 2.43.0 [text/x-patch] v22-0006-Add-pg_dump-tests-related-to-CREATE-SUBSCRIPTION.patch (3.0K, 7-v22-0006-Add-pg_dump-tests-related-to-CREATE-SUBSCRIPTION.patch) download | inline diff: From 2b28e4bc147bbf47bc6912986b4400d634f17131 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Sat, 14 Mar 2026 15:07:52 -0700 Subject: [PATCH v22 6/6] Add pg_dump tests related to CREATE SUBSCRIPTION ... SERVER. Suggested-by: Ashutosh Bapat <[email protected]> Discussion: https://postgr.es/m/CAExHW5vV5znEvecX=ra2-v7UBj9-M6qvdDzuB78M-TxbYD1PEA@mail.gmail.com --- src/bin/pg_dump/t/002_pg_dump.pl | 49 ++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/bin/pg_dump/t/002_pg_dump.pl b/src/bin/pg_dump/t/002_pg_dump.pl index 6d1d38128fc..11a944dd5f8 100644 --- a/src/bin/pg_dump/t/002_pg_dump.pl +++ b/src/bin/pg_dump/t/002_pg_dump.pl @@ -2846,6 +2846,40 @@ my %tests = ( like => { %full_runs, section_pre_data => 1, }, }, + 'CREATE FUNCTION public.test_fdw_connection(oid, oid, internal)' => { + create_order => 37, + create_sql => "CREATE FUNCTION public.test_fdw_connection(oid, oid, internal) RETURNS text AS '\$libdir/regress', 'test_fdw_connection' LANGUAGE C;", + regexp => qr/^ + \QCREATE FUNCTION public.test_fdw_connection(oid, oid, internal) \E + \QRETURNS text\E + \n\s+\QLANGUAGE c\E + \n\s+AS\ \'\$ + \Qlibdir\/regress', 'test_fdw_connection';\E + /xm, + like => { %full_runs, section_pre_data => 1, }, + }, + + 'CREATE FOREIGN DATA WRAPPER test_fdw CONNECTION public.test_fdw_connection' => { + create_order => 38, + create_sql => 'CREATE FOREIGN DATA WRAPPER test_fdw CONNECTION public.test_fdw_connection;', + regexp => qr/CREATE FOREIGN DATA WRAPPER test_fdw CONNECTION public.test_fdw_connection;/m, + like => { %full_runs, section_pre_data => 1, }, + }, + + 'CREATE SERVER s2 FOREIGN DATA WRAPPER test_fdw' => { + create_order => 39, + create_sql => 'CREATE SERVER s2 FOREIGN DATA WRAPPER test_fdw;', + regexp => qr/CREATE SERVER s2 FOREIGN DATA WRAPPER test_fdw;/m, + like => { %full_runs, section_pre_data => 1, }, + }, + + 'CREATE USER MAPPING FOR public SERVER s2' => { + create_order => 40, + create_sql => 'CREATE USER MAPPING FOR public SERVER s2;', + regexp => qr/CREATE USER MAPPING FOR public SERVER s2;/m, + like => { %full_runs, section_pre_data => 1, }, + }, + 'CREATE FOREIGN TABLE dump_test.foreign_table SERVER s1' => { create_order => 88, create_sql => @@ -3275,6 +3309,21 @@ my %tests = ( }, }, + 'CREATE SUBSCRIPTION sub4 SERVER s2' => { + create_order => 50, + create_sql => 'CREATE SUBSCRIPTION sub4 + SERVER s2 PUBLICATION pub1 + WITH (connect = false, slot_name = NONE, origin = any, streaming = on);', + regexp => qr/^ + \QCREATE SUBSCRIPTION sub4 SERVER s2 PUBLICATION pub1 WITH (connect = false, slot_name = NONE, streaming = on);\E + /xm, + like => { %full_runs, section_post_data => 1, }, + unlike => { + no_subscriptions => 1, + no_subscriptions_restore => 1, + }, + }, + # Regardless of whether the table or schema is excluded, publications must # still be dumped, as excluded objects do not apply to publications. We -- 2.43.0 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-16 05:38 Amit Kapila <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Amit Kapila @ 2026-03-16 05:38 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sun, Mar 15, 2026 at 4:25 AM Jeff Davis <[email protected]> wrote: > > Attached series including patches to address Andres's and Amit's > comments, too. > 0001 LGTM. 0003: @@ -5056,8 +5058,15 @@ maybe_reread_subscription(void) started_tx = true; } - /* Ensure allocations in permanent context. */ - oldctx = MemoryContextSwitchTo(ApplyContext); + newctx = AllocSetContextCreate(ApplyContext, + "Subscription Context", + ALLOCSET_SMALL_SIZES); + Won't it be sufficient if we just reset MySubscriptionCtx here or in callback subscription_change_cb()? -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-17 05:59 Amit Kapila <[email protected]> parent: Amit Kapila <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Amit Kapila @ 2026-03-17 05:59 UTC (permalink / raw) To: Jeff Davis <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Mon, Mar 16, 2026 at 9:56 PM Jeff Davis <[email protected]> wrote: > > On Mon, 2026-03-16 at 11:08 +0530, Amit Kapila wrote: > > Won't it be sufficient if we just reset MySubscriptionCtx here or in > > callback subscription_change_cb()? > > The old and new subscriptions are compared against eachother (to see > whether to restart the worker or not), so they both have to exist at > the same time. If we put them in the same context, then we can't reset > it. > > I suppose we could have just two contexts and switch back and forth > between them, resetting the last one. But that doesn't seem to be worth > the trouble. > Yeah, or the other possibility could be to let the newsub information get allocated in the current transaction context and reset the subscription context if we decide not to exit from the worker. Then copy/get the subscription info in subscription context but not sure if that is worth it. The minor oddity in the proposed approach is that the worker will exit in many cases after allocating the new context but that may be the best we can do here. -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-17 16:56 Jeff Davis <[email protected]> parent: Amit Kapila <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Jeff Davis @ 2026-03-17 16:56 UTC (permalink / raw) To: Amit Kapila <[email protected]>; +Cc: Ashutosh Bapat <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Tue, 2026-03-17 at 11:29 +0530, Amit Kapila wrote: > Yeah, or the other possibility could be to let the newsub information > get allocated in the current transaction context and reset the > subscription context if we decide not to exit from the worker. Then > copy/get the subscription info in subscription context but not sure > if > that is worth it. Then we have to invent a deep copy for the Subscription, and we've already seen that the FreeSubscrpition() method was not being maintained properly. > The minor oddity in the proposed approach is that > the worker will exit in many cases after allocating the new context > but that may be the best we can do here. Agreed. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-18 19:06 Jeff Davis <[email protected]> parent: Jeff Davis <[email protected]> 1 sibling, 1 reply; 63+ messages in thread From: Jeff Davis @ 2026-03-18 19:06 UTC (permalink / raw) To: Ashutosh Bapat <[email protected]>; +Cc: Amit Kapila <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Sat, 2026-03-14 at 15:55 -0700, Jeff Davis wrote: > Attached series including patches to address Andres's and Amit's > comments, too. Committed two patches. New patch 0004: fixes missing dependencies from the FDW to the connection function. There's a related pre-existing issue with the dependency from the FDW to the handler function, which I will post as a separate backportable bugfix. I'd still like to find a good way to add pg_dump tests. The only idea I have now is to build the test function into core postgres (without pg_proc entry), which might be worthwhile. Regards, Jeff Davis Attachments: [text/x-patch] v23-0001-Temp-context-for-maybe_reread_subscription.patch (6.9K, 2-v23-0001-Temp-context-for-maybe_reread_subscription.patch) download | inline diff: From 2939a576908866394795460ac509cea369280b2b Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Thu, 12 Mar 2026 18:04:35 -0700 Subject: [PATCH v23 1/4] Temp context for maybe_reread_subscription(). Move temp context from ForeignServerConnectionString() to maybe_reread_subscription(), so that it prevents more invalidation-related leaks. Remove PG_TRY()/PG_FINALLY() from ForeignServerConnectionString(). Suggested-by: Andres Freund <[email protected]> Discussion: https://postgr.es/m/xvdjrdqnpap3uq7owbaox3r7p5gf7sv62aaqf2ju3vb6yglatr%40kvvwhoudrlxq --- src/backend/catalog/pg_subscription.c | 14 ----- src/backend/foreign/foreign.c | 66 +++++++----------------- src/backend/replication/logical/worker.c | 30 +++++++++-- src/include/catalog/pg_subscription.h | 1 - 4 files changed, 43 insertions(+), 68 deletions(-) diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index 3673d4f0bc1..ca053c152cf 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -216,20 +216,6 @@ CountDBSubscriptions(Oid dbid) return nsubs; } -/* - * Free memory allocated by subscription struct. - */ -void -FreeSubscription(Subscription *sub) -{ - pfree(sub->name); - pfree(sub->conninfo); - if (sub->slotname) - pfree(sub->slotname); - list_free_deep(sub->publications); - pfree(sub); -} - /* * Disable the given subscription. */ diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 2edfac68d9b..1b53ca306a0 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -220,62 +220,32 @@ GetForeignServerByName(const char *srvname, bool missing_ok) /* * Retrieve connection string from server's FDW. + * + * NB: leaks into CurrentMemoryContext. */ char * ForeignServerConnectionString(Oid userid, Oid serverid) { - MemoryContext tempContext; - MemoryContext oldcxt; - text *volatile connection_text = NULL; - char *result = NULL; - - /* - * GetForeignServer, GetForeignDataWrapper, and the connection function - * itself all leak memory into CurrentMemoryContext. Switch to a temporary - * context for easy cleanup. - */ - tempContext = AllocSetContextCreate(CurrentMemoryContext, - "FDWConnectionContext", - ALLOCSET_SMALL_SIZES); - - oldcxt = MemoryContextSwitchTo(tempContext); - - PG_TRY(); - { - ForeignServer *server; - ForeignDataWrapper *fdw; - Datum connection_datum; - - server = GetForeignServer(serverid); - fdw = GetForeignDataWrapper(server->fdwid); - - if (!OidIsValid(fdw->fdwconnection)) - ereport(ERROR, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("foreign data wrapper \"%s\" does not support subscription connections", - fdw->fdwname), - errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); - - - connection_datum = OidFunctionCall3(fdw->fdwconnection, - ObjectIdGetDatum(userid), - ObjectIdGetDatum(serverid), - PointerGetDatum(NULL)); + ForeignServer *server; + ForeignDataWrapper *fdw; + Datum connection_datum; - connection_text = DatumGetTextPP(connection_datum); - } - PG_FINALLY(); - { - MemoryContextSwitchTo(oldcxt); + server = GetForeignServer(serverid); + fdw = GetForeignDataWrapper(server->fdwid); - if (connection_text) - result = text_to_cstring((text *) connection_text); + if (!OidIsValid(fdw->fdwconnection)) + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("foreign data wrapper \"%s\" does not support subscription connections", + fdw->fdwname), + errdetail("Foreign data wrapper must be defined with CONNECTION specified."))); - MemoryContextDelete(tempContext); - } - PG_END_TRY(); + connection_datum = OidFunctionCall3(fdw->fdwconnection, + ObjectIdGetDatum(userid), + ObjectIdGetDatum(serverid), + PointerGetDatum(NULL)); - return result; + return text_to_cstring(DatumGetTextPP(connection_datum)); } diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 2d7708805a6..a8256a54a97 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -481,6 +481,7 @@ static MemoryContext LogicalStreamingContext = NULL; WalReceiverConn *LogRepWorkerWalRcvConn = NULL; Subscription *MySubscription = NULL; +static MemoryContext MySubscriptionCtx = NULL; static bool MySubscriptionValid = false; static List *on_commit_wakeup_workers_subids = NIL; @@ -5044,6 +5045,7 @@ void maybe_reread_subscription(void) { MemoryContext oldctx; + MemoryContext newctx; Subscription *newsub; bool started_tx = false; @@ -5058,8 +5060,15 @@ maybe_reread_subscription(void) started_tx = true; } - /* Ensure allocations in permanent context. */ - oldctx = MemoryContextSwitchTo(ApplyContext); + newctx = AllocSetContextCreate(ApplyContext, + "Subscription Context", + ALLOCSET_SMALL_SIZES); + + /* + * GetSubscription() leaks a number of small allocations, so use a + * subcontext for each call. + */ + oldctx = MemoryContextSwitchTo(newctx); newsub = GetSubscription(MyLogicalRepWorker->subid, true, true); @@ -5151,7 +5160,8 @@ maybe_reread_subscription(void) } /* Clean old subscription info and switch to new one. */ - FreeSubscription(MySubscription); + MemoryContextDelete(MySubscriptionCtx); + MySubscriptionCtx = newctx; MySubscription = newsub; MemoryContextSwitchTo(oldctx); @@ -5796,12 +5806,19 @@ InitializeLogRepWorker(void) */ SetConfigOption("search_path", "", PGC_SUSET, PGC_S_OVERRIDE); - /* Load the subscription into persistent memory context. */ ApplyContext = AllocSetContextCreate(TopMemoryContext, "ApplyContext", ALLOCSET_DEFAULT_SIZES); + + /* + * GetSubscription() leaks a number of small allocations, so use a + * subcontext for each call. + */ + MySubscriptionCtx = AllocSetContextCreate(ApplyContext, + "Subscription Context", + ALLOCSET_SMALL_SIZES); + StartTransactionCommand(); - oldctx = MemoryContextSwitchTo(ApplyContext); /* * Lock the subscription to prevent it from being concurrently dropped, @@ -5810,7 +5827,10 @@ InitializeLogRepWorker(void) */ LockSharedObject(SubscriptionRelationId, MyLogicalRepWorker->subid, 0, AccessShareLock); + + oldctx = MemoryContextSwitchTo(MySubscriptionCtx); MySubscription = GetSubscription(MyLogicalRepWorker->subid, true, true); + if (!MySubscription) { ereport(LOG, diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index 0058d9387d7..2f6f7b57698 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -212,7 +212,6 @@ typedef struct Subscription extern Subscription *GetSubscription(Oid subid, bool missing_ok, bool aclcheck); -extern void FreeSubscription(Subscription *sub); extern void DisableSubscription(Oid subid); extern int CountDBSubscriptions(Oid dbid); -- 2.43.0 [text/x-patch] v23-0002-Refactor-to-remove-ForeignServerName.patch (7.3K, 3-v23-0002-Refactor-to-remove-ForeignServerName.patch) download | inline diff: From ca756b2802b689b87323f017455bb179b691a6c6 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Fri, 13 Mar 2026 19:37:21 -0700 Subject: [PATCH v23 2/4] Refactor to remove ForeignServerName(). Callers either have a ForeignServer object or can readily construct one. Also simplify ForeignServerConnectionString() by accepting a ForeignServer rather than its OID. Discussion: https://postgr.es/m/CAExHW5vV5znEvecX=ra2-v7UBj9-M6qvdDzuB78M-TxbYD1PEA@mail.gmail.com Suggested-by: Ashutosh Bapat <[email protected]> --- src/backend/catalog/pg_subscription.c | 7 ++++-- src/backend/commands/subscriptioncmds.c | 20 +++++++++------- src/backend/foreign/foreign.c | 31 ++----------------------- src/include/foreign/foreign.h | 4 ++-- 4 files changed, 20 insertions(+), 42 deletions(-) diff --git a/src/backend/catalog/pg_subscription.c b/src/backend/catalog/pg_subscription.c index ca053c152cf..d9e220172e9 100644 --- a/src/backend/catalog/pg_subscription.c +++ b/src/backend/catalog/pg_subscription.c @@ -114,6 +114,9 @@ GetSubscription(Oid subid, bool missing_ok, bool aclcheck) if (OidIsValid(subform->subserver)) { AclResult aclresult; + ForeignServer *server; + + server = GetForeignServer(subform->subserver); /* recheck ACL if requested */ if (aclcheck) @@ -127,11 +130,11 @@ GetSubscription(Oid subid, bool missing_ok, bool aclcheck) (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", GetUserNameFromId(subform->subowner, false), - ForeignServerName(subform->subserver)))); + server->servername))); } sub->conninfo = ForeignServerConnectionString(subform->subowner, - subform->subserver); + server); } else { diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c index 724637cff5b..7375e214cb4 100644 --- a/src/backend/commands/subscriptioncmds.c +++ b/src/backend/commands/subscriptioncmds.c @@ -753,7 +753,7 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt, GetUserMapping(owner, server->serverid); serverid = server->serverid; - conninfo = ForeignServerConnectionString(owner, serverid); + conninfo = ForeignServerConnectionString(owner, server); } else { @@ -1841,13 +1841,13 @@ AlterSubscription(ParseState *pstate, AlterSubscriptionStmt *stmt, errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("subscription owner \"%s\" does not have permission on foreign server \"%s\"", GetUserNameFromId(form->subowner, false), - ForeignServerName(new_server->serverid))); + new_server->servername)); /* make sure a user mapping exists */ GetUserMapping(form->subowner, new_server->serverid); conninfo = ForeignServerConnectionString(form->subowner, - new_server->serverid); + new_server); /* Load the library providing us libpq calls. */ load_file("libpqwalreceiver", false); @@ -2250,7 +2250,9 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) if (OidIsValid(form->subserver)) { AclResult aclresult; + ForeignServer *server; + server = GetForeignServer(form->subserver); aclresult = object_aclcheck(ForeignServerRelationId, form->subserver, form->subowner, ACL_USAGE); if (aclresult != ACLCHECK_OK) @@ -2263,12 +2265,12 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel) */ err = psprintf(_("subscription owner \"%s\" does not have permission on foreign server \"%s\""), GetUserNameFromId(form->subowner, false), - ForeignServerName(form->subserver)); + server->servername); conninfo = NULL; } else conninfo = ForeignServerConnectionString(form->subowner, - form->subserver); + server); } else { @@ -2593,18 +2595,18 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId) */ if (OidIsValid(form->subserver)) { - Oid serverid = form->subserver; + ForeignServer *server = GetForeignServer(form->subserver); - aclresult = object_aclcheck(ForeignServerRelationId, serverid, newOwnerId, ACL_USAGE); + aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, newOwnerId, ACL_USAGE); if (aclresult != ACLCHECK_OK) ereport(ERROR, errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("new subscription owner \"%s\" does not have permission on foreign server \"%s\"", GetUserNameFromId(newOwnerId, false), - ForeignServerName(serverid))); + server->servername)); /* make sure a user mapping exists */ - GetUserMapping(newOwnerId, serverid); + GetUserMapping(newOwnerId, server->serverid); } form->subowner = newOwnerId; diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c index 1b53ca306a0..005282f17f6 100644 --- a/src/backend/foreign/foreign.c +++ b/src/backend/foreign/foreign.c @@ -178,31 +178,6 @@ GetForeignServerExtended(Oid serverid, bits16 flags) } -/* - * ForeignServerName - get name of foreign server. - */ -char * -ForeignServerName(Oid serverid) -{ - Form_pg_foreign_server serverform; - char *servername; - HeapTuple tp; - - tp = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)); - - if (!HeapTupleIsValid(tp)) - elog(ERROR, "cache lookup failed for foreign server %u", serverid); - - serverform = (Form_pg_foreign_server) GETSTRUCT(tp); - - servername = pstrdup(NameStr(serverform->srvname)); - - ReleaseSysCache(tp); - - return servername; -} - - /* * GetForeignServerByName - look up the foreign server definition by name. */ @@ -224,13 +199,11 @@ GetForeignServerByName(const char *srvname, bool missing_ok) * NB: leaks into CurrentMemoryContext. */ char * -ForeignServerConnectionString(Oid userid, Oid serverid) +ForeignServerConnectionString(Oid userid, ForeignServer *server) { - ForeignServer *server; ForeignDataWrapper *fdw; Datum connection_datum; - server = GetForeignServer(serverid); fdw = GetForeignDataWrapper(server->fdwid); if (!OidIsValid(fdw->fdwconnection)) @@ -242,7 +215,7 @@ ForeignServerConnectionString(Oid userid, Oid serverid) connection_datum = OidFunctionCall3(fdw->fdwconnection, ObjectIdGetDatum(userid), - ObjectIdGetDatum(serverid), + ObjectIdGetDatum(server->serverid), PointerGetDatum(NULL)); return text_to_cstring(DatumGetTextPP(connection_datum)); diff --git a/src/include/foreign/foreign.h b/src/include/foreign/foreign.h index 65ed9a7f987..564c3cc1b7f 100644 --- a/src/include/foreign/foreign.h +++ b/src/include/foreign/foreign.h @@ -66,12 +66,12 @@ typedef struct ForeignTable extern ForeignServer *GetForeignServer(Oid serverid); -extern char *ForeignServerName(Oid serverid); extern ForeignServer *GetForeignServerExtended(Oid serverid, bits16 flags); extern ForeignServer *GetForeignServerByName(const char *srvname, bool missing_ok); -extern char *ForeignServerConnectionString(Oid userid, Oid serverid); +extern char *ForeignServerConnectionString(Oid userid, + ForeignServer *server); extern UserMapping *GetUserMapping(Oid userid, Oid serverid); extern ForeignDataWrapper *GetForeignDataWrapper(Oid fdwid); extern ForeignDataWrapper *GetForeignDataWrapperExtended(Oid fdwid, -- 2.43.0 [text/x-patch] v23-0003-Add-pg_dump-tests-related-to-CREATE-SUBSCRIPTION.patch (3.0K, 4-v23-0003-Add-pg_dump-tests-related-to-CREATE-SUBSCRIPTION.patch) download | inline diff: From 92ce5061780886ddf22398d829e047bb27b135a8 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Sat, 14 Mar 2026 15:07:52 -0700 Subject: [PATCH v23 3/4] Add pg_dump tests related to CREATE SUBSCRIPTION ... SERVER. Suggested-by: Ashutosh Bapat <[email protected]> Discussion: https://postgr.es/m/CAExHW5vV5znEvecX=ra2-v7UBj9-M6qvdDzuB78M-TxbYD1PEA@mail.gmail.com --- src/bin/pg_dump/t/002_pg_dump.pl | 49 ++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/bin/pg_dump/t/002_pg_dump.pl b/src/bin/pg_dump/t/002_pg_dump.pl index 051a3d8ea3d..c0cbdd4c65e 100644 --- a/src/bin/pg_dump/t/002_pg_dump.pl +++ b/src/bin/pg_dump/t/002_pg_dump.pl @@ -2846,6 +2846,40 @@ my %tests = ( like => { %full_runs, section_pre_data => 1, }, }, + 'CREATE FUNCTION public.test_fdw_connection(oid, oid, internal)' => { + create_order => 37, + create_sql => "CREATE FUNCTION public.test_fdw_connection(oid, oid, internal) RETURNS text AS '\$libdir/regress', 'test_fdw_connection' LANGUAGE C;", + regexp => qr/^ + \QCREATE FUNCTION public.test_fdw_connection(oid, oid, internal) \E + \QRETURNS text\E + \n\s+\QLANGUAGE c\E + \n\s+AS\ \'\$ + \Qlibdir\/regress', 'test_fdw_connection';\E + /xm, + like => { %full_runs, section_pre_data => 1, }, + }, + + 'CREATE FOREIGN DATA WRAPPER test_fdw CONNECTION public.test_fdw_connection' => { + create_order => 38, + create_sql => 'CREATE FOREIGN DATA WRAPPER test_fdw CONNECTION public.test_fdw_connection;', + regexp => qr/CREATE FOREIGN DATA WRAPPER test_fdw CONNECTION public.test_fdw_connection;/m, + like => { %full_runs, section_pre_data => 1, }, + }, + + 'CREATE SERVER s2 FOREIGN DATA WRAPPER test_fdw' => { + create_order => 39, + create_sql => 'CREATE SERVER s2 FOREIGN DATA WRAPPER test_fdw;', + regexp => qr/CREATE SERVER s2 FOREIGN DATA WRAPPER test_fdw;/m, + like => { %full_runs, section_pre_data => 1, }, + }, + + 'CREATE USER MAPPING FOR public SERVER s2' => { + create_order => 40, + create_sql => 'CREATE USER MAPPING FOR public SERVER s2;', + regexp => qr/CREATE USER MAPPING FOR public SERVER s2;/m, + like => { %full_runs, section_pre_data => 1, }, + }, + 'CREATE FOREIGN TABLE dump_test.foreign_table SERVER s1' => { create_order => 88, create_sql => @@ -3287,6 +3321,21 @@ my %tests = ( }, }, + 'CREATE SUBSCRIPTION sub4 SERVER s2' => { + create_order => 50, + create_sql => 'CREATE SUBSCRIPTION sub4 + SERVER s2 PUBLICATION pub1 + WITH (connect = false, slot_name = NONE, origin = any, streaming = on);', + regexp => qr/^ + \QCREATE SUBSCRIPTION sub4 SERVER s2 PUBLICATION pub1 WITH (connect = false, slot_name = NONE, streaming = on);\E + /xm, + like => { %full_runs, section_post_data => 1, }, + unlike => { + no_subscriptions => 1, + no_subscriptions_restore => 1, + }, + }, + # Regardless of whether the table or schema is excluded, publications must # still be dumped, as excluded objects do not apply to publications. We -- 2.43.0 [text/x-patch] v23-0004-Add-dependency-entry-for-FDW-connection-function.patch (5.1K, 5-v23-0004-Add-dependency-entry-for-FDW-connection-function.patch) download | inline diff: From 9540cc9f76178f71e2d4f7ca9621064281207131 Mon Sep 17 00:00:00 2001 From: Jeff Davis <[email protected]> Date: Wed, 18 Mar 2026 10:31:38 -0700 Subject: [PATCH v23 4/4] Add dependency entry for FDW connection function. Missed in commit 8185bb5347. Catalog version bump. --- src/backend/commands/foreigncmds.c | 40 +++++++++++++++++++++- src/include/catalog/catversion.h | 2 +- src/test/regress/expected/subscription.out | 9 +++++ src/test/regress/sql/subscription.sql | 8 +++++ 4 files changed, 57 insertions(+), 2 deletions(-) diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index 45681235782..61ee25b345d 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -707,6 +707,14 @@ CreateForeignDataWrapper(ParseState *pstate, CreateFdwStmt *stmt) recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); } + if (OidIsValid(fdwconnection)) + { + referenced.classId = ProcedureRelationId; + referenced.objectId = fdwconnection; + referenced.objectSubId = 0; + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } + recordDependencyOnOwner(ForeignDataWrapperRelationId, fdwId, ownerId); /* dependency on extension */ @@ -814,6 +822,28 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) { repl_val[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = ObjectIdGetDatum(fdwconnection); repl_repl[Anum_pg_foreign_data_wrapper_fdwconnection - 1] = true; + + /* + * If the connection function is changed, behavior of dependent + * subscriptions can change. If NO CONNECTION, dependent + * subscriptions will fail. + */ + if (OidIsValid(fdwForm->fdwconnection)) + { + if (OidIsValid(fdwconnection)) + ereport(WARNING, + (errmsg("changing the foreign-data wrapper connection function can cause " + "the options for dependent objects to become invalid"))); + else + ereport(WARNING, + (errmsg("removing the foreign-data wrapper connection function will cause " + "dependent subscriptions to fail"))); + } + } + else + { + /* connection function unchanged */ + fdwconnection = fdwForm->fdwconnection; } /* @@ -854,7 +884,7 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) ObjectAddressSet(myself, ForeignDataWrapperRelationId, fdwId); /* Update function dependencies if we changed them */ - if (handler_given || validator_given) + if (handler_given || validator_given || connection_given) { ObjectAddress referenced; @@ -884,6 +914,14 @@ AlterForeignDataWrapper(ParseState *pstate, AlterFdwStmt *stmt) referenced.objectSubId = 0; recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); } + + if (OidIsValid(fdwconnection)) + { + referenced.classId = ProcedureRelationId; + referenced.objectId = fdwconnection; + referenced.objectSubId = 0; + recordDependencyOn(&myself, &referenced, DEPENDENCY_NORMAL); + } } InvokeObjectPostAlterHook(ForeignDataWrapperRelationId, fdwId, 0); diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 55a8fbbd509..a4f0d02af9c 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -57,6 +57,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202603171 +#define CATALOG_VERSION_NO 202603181 #endif diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out index f57f359127b..7e3cabdb93f 100644 --- a/src/test/regress/expected/subscription.out +++ b/src/test/regress/expected/subscription.out @@ -185,6 +185,15 @@ DROP SUBSCRIPTION regress_testsub6; SET SESSION AUTHORIZATION regress_subscription_user; REVOKE CREATE ON DATABASE REGRESSION FROM regress_subscription_user3; DROP SERVER test_server; +-- fail, FDW is dependent +DROP FUNCTION test_fdw_connection(oid, oid, internal); +ERROR: cannot drop function test_fdw_connection(oid,oid,internal) because other objects depend on it +DETAIL: foreign-data wrapper test_fdw depends on function test_fdw_connection(oid,oid,internal) +HINT: Use DROP ... CASCADE to drop the dependent objects too. +-- warn +ALTER FOREIGN DATA WRAPPER test_fdw NO CONNECTION; +WARNING: removing the foreign-data wrapper connection function will cause dependent subscriptions to fail +DROP FUNCTION test_fdw_connection(oid, oid, internal); DROP FOREIGN DATA WRAPPER test_fdw; -- fail - invalid connection string during ALTER ALTER SUBSCRIPTION regress_testsub CONNECTION 'foobar'; diff --git a/src/test/regress/sql/subscription.sql b/src/test/regress/sql/subscription.sql index a642b368183..6c3d9632e8a 100644 --- a/src/test/regress/sql/subscription.sql +++ b/src/test/regress/sql/subscription.sql @@ -138,6 +138,14 @@ SET SESSION AUTHORIZATION regress_subscription_user; REVOKE CREATE ON DATABASE REGRESSION FROM regress_subscription_user3; DROP SERVER test_server; + +-- fail, FDW is dependent +DROP FUNCTION test_fdw_connection(oid, oid, internal); +-- warn +ALTER FOREIGN DATA WRAPPER test_fdw NO CONNECTION; + +DROP FUNCTION test_fdw_connection(oid, oid, internal); + DROP FOREIGN DATA WRAPPER test_fdw; -- fail - invalid connection string during ALTER -- 2.43.0 ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-03-21 10:55 Amit Kapila <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Amit Kapila @ 2026-03-21 10:55 UTC (permalink / raw) To: Álvaro Herrera <[email protected]>; +Cc: Jeff Davis <[email protected]>; Ashutosh Bapat <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Wed, Mar 18, 2026 at 11:31 PM Álvaro Herrera <[email protected]> wrote: > > On 2026-Mar-18, Álvaro Herrera wrote: > > > On 2026-03-17, Jeff Davis wrote: > > > > > Then we have to invent a deep copy for the Subscription, and we've > > > already seen that the FreeSubscrpition() method was not being > > > maintained properly. > > > > Maybe another possibility would be to use a separate memory context > > for each subscription, initially making it a child of the transaction > > context, and then reparenting it as appropriate. > > I mean something like this on top of your 0003. > +1. This approach and patch looks like a better way to deal with this issue. -- With Regards, Amit Kapila. ^ permalink raw reply [nested|flat] 63+ messages in thread
* RE: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-04-10 02:00 Shinoda, Noriyoshi (PSD Japan FSI) <[email protected]> parent: Jeff Davis <[email protected]> 0 siblings, 1 reply; 63+ messages in thread From: Shinoda, Noriyoshi (PSD Japan FSI) @ 2026-04-10 02:00 UTC (permalink / raw) To: Jeff Davis <[email protected]>; Ashutosh Bapat <[email protected]>; +Cc: Amit Kapila <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers Hi, Thanks for developing this great feature. > Committed two patches. The commit of 0004 patch added the `fdwconnection` column to the pg_foreign_data_wrapper catalog. However, it seems the documentation is missing the definition for this column. The small patch attached adds the information for this column to catalog.sgml. There might be a better phrasing for the description text. Regards, Noriyoshi Shinoda -----Original Message----- From: Jeff Davis <[email protected]> Sent: Thursday, March 19, 2026 4:07 AM To: Ashutosh Bapat <[email protected]> Cc: Amit Kapila <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; [email protected] Subject: Re: [19] CREATE SUBSCRIPTION ... SERVER On Sat, 2026-03-14 at 15:55 -0700, Jeff Davis wrote: > Attached series including patches to address Andres's and Amit's > comments, too. Committed two patches. New patch 0004: fixes missing dependencies from the FDW to the connection function. There's a related pre-existing issue with the dependency from the FDW to the handler function, which I will post as a separate backportable bugfix. I'd still like to find a good way to add pg_dump tests. The only idea I have now is to build the test function into core postgres (without pg_proc entry), which might be worthwhile. Regards, Jeff Davis Attachments: [application/octet-stream] pg_foreign_data_wrapper_doc_v1.diff (941B, 2-pg_foreign_data_wrapper_doc_v1.diff) download | inline diff: diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 0b3e6308d56..58d4db7e957 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -4181,6 +4181,17 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l </para></entry> </row> + <row> + <entry role="catalog_table_entry"><para role="column_definition"> + <structfield>fdwconnection</structfield> <type>oid</type> + (references <link linkend="catalog-pg-proc"><structname>pg_proc</structname></link>.<structfield>oid</structfield>) + </para> + <para> + References a connection function that is responsible for + providing the connection string for the foreign-data wrapper + </para></entry> + </row> + <row> <entry role="catalog_table_entry"><para role="column_definition"> <structfield>fdwacl</structfield> <type>aclitem[]</type> ^ permalink raw reply [nested|flat] 63+ messages in thread
* Re: [19] CREATE SUBSCRIPTION ... SERVER @ 2026-04-10 03:33 Jeff Davis <[email protected]> parent: Shinoda, Noriyoshi (PSD Japan FSI) <[email protected]> 0 siblings, 0 replies; 63+ messages in thread From: Jeff Davis @ 2026-04-10 03:33 UTC (permalink / raw) To: Shinoda, Noriyoshi (PSD Japan FSI) <[email protected]>; Ashutosh Bapat <[email protected]>; +Cc: Amit Kapila <[email protected]>; Masahiko Sawada <[email protected]>; Shlok Kyal <[email protected]>; Bharath Rupireddy <[email protected]>; Joe Conway <[email protected]>; pgsql-hackers On Fri, 2026-04-10 at 02:00 +0000, Shinoda, Noriyoshi (PSD Japan FSI) wrote: > However, it seems the documentation is missing the definition for > this column. The small patch attached adds the information for this > column to catalog.sgml. There might be a better phrasing for the > description text. Thank you, committed with expanded wording. The pg_subscription.subserver field was also missing documentation, and I fixed that too. Regards, Jeff Davis ^ permalink raw reply [nested|flat] 63+ messages in thread
end of thread, other threads:[~2026-04-10 03:33 UTC | newest] Thread overview: 63+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2023-08-30 13:41 Re: [17] CREATE SUBSCRIPTION ... SERVER Ashutosh Bapat <[email protected]> 2023-08-30 15:30 ` Jeff Davis <[email protected]> 2023-08-31 05:29 ` Ashutosh Bapat <[email protected]> 2023-08-31 16:52 ` Jeff Davis <[email protected]> 2023-08-31 21:17 ` Joe Conway <[email protected]> 2023-09-01 06:58 ` Ashutosh Bapat <[email protected]> 2023-09-01 18:54 ` Jeff Davis <[email protected]> 2023-09-04 12:31 ` Ashutosh Bapat <[email protected]> 2023-09-05 19:08 ` Jeff Davis <[email protected]> 2023-09-12 22:55 ` Jeff Davis <[email protected]> 2023-12-29 23:22 ` Jeff Davis <[email protected]> 2023-12-31 18:59 ` Jeff Davis <[email protected]> 2024-01-02 09:44 ` Bharath Rupireddy <[email protected]> 2024-01-05 00:56 ` Jeff Davis <[email protected]> 2024-01-05 07:19 ` Ashutosh Bapat <[email protected]> 2024-01-05 08:04 ` Jeff Davis <[email protected]> 2024-01-05 10:41 ` Ashutosh Bapat <[email protected]> 2024-01-13 01:17 ` Jeff Davis <[email protected]> 2024-01-15 20:53 ` Joe Conway <[email protected]> 2024-01-15 21:34 ` Jeff Davis <[email protected]> 2024-01-16 01:55 ` Jeff Davis <[email protected]> 2024-01-16 03:53 ` Bharath Rupireddy <[email protected]> 2024-01-18 07:17 ` Jeff Davis <[email protected]> 2024-01-22 13:11 ` Ashutosh Bapat <[email protected]> 2024-01-22 19:03 ` Jeff Davis <[email protected]> 2024-01-23 09:51 ` Ashutosh Bapat <[email protected]> 2024-01-24 01:45 ` Jeff Davis <[email protected]> 2024-01-29 17:41 ` Bharath Rupireddy <[email protected]> 2024-01-29 17:47 ` Bharath Rupireddy <[email protected]> 2024-01-30 10:47 ` Ashutosh Bapat <[email protected]> 2024-01-30 20:45 ` Jeff Davis <[email protected]> 2024-01-31 05:40 ` Ashutosh Bapat <[email protected]> 2024-03-08 08:20 ` Jeff Davis <[email protected]> 2024-10-30 15:08 ` Jeff Davis <[email protected]> 2024-12-17 04:05 ` Jeff Davis <[email protected]> 2025-02-28 23:05 ` Jeff Davis <[email protected]> 2025-03-24 12:56 ` vignesh C <[email protected]> 2025-03-25 02:29 ` vignesh C <[email protected]> 2025-04-02 12:28 ` Shlok Kyal <[email protected]> 2025-04-08 20:19 ` Jeff Davis <[email protected]> 2025-12-26 21:52 ` Jeff Davis <[email protected]> 2026-01-11 04:55 ` Jeff Davis <[email protected]> 2026-03-02 21:34 ` Jeff Davis <[email protected]> 2026-03-03 18:19 ` Masahiko Sawada <[email protected]> 2026-03-05 03:51 ` Amit Kapila <[email protected]> 2026-03-05 08:52 ` Jeff Davis <[email protected]> 2026-03-06 16:19 ` Ashutosh Bapat <[email protected]> 2026-03-07 07:05 ` Amit Kapila <[email protected]> 2026-03-14 22:55 ` Jeff Davis <[email protected]> 2026-03-16 05:38 ` Amit Kapila <[email protected]> 2026-03-17 05:59 ` Amit Kapila <[email protected]> 2026-03-17 16:56 ` Jeff Davis <[email protected]> 2026-03-18 19:06 ` Jeff Davis <[email protected]> 2026-04-10 02:00 ` Shinoda, Noriyoshi (PSD Japan FSI) <[email protected]> 2026-04-10 03:33 ` Jeff Davis <[email protected]> 2026-03-07 07:01 ` Amit Kapila <[email protected]> 2026-03-09 06:23 ` Amit Kapila <[email protected]> 2026-03-10 14:23 ` Jeff Davis <[email protected]> 2026-03-14 09:44 ` Amit Kapila <[email protected]> 2023-09-01 18:57 ` Jeff Davis <[email protected]> 2023-09-01 20:11 ` Robert Haas <[email protected]> 2023-09-04 12:34 ` Ashutosh Bapat <[email protected]> 2026-03-21 10:55 Re: [19] CREATE SUBSCRIPTION ... SERVER Amit Kapila <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox