toluaina
Check only required permissions
Context:
Im using managed postgresql from Yandex.Cloud and they cannot provide me a superuser and userepl permissions because of security. Instead, they have separate roles (mdb_replication and mdb_admin), which can be used to do just what pgsync does.
I granted these roles to my user, forked, deleted checks of permissions and tested that. It worked
So, maybe permissions check function should validate if certain functions are available, not just superuser role? I guess, any provider wont give you full permissions
Thats a good idea. Perhaps we can have something the user can define in a plugin.
I'll leave this open for now. I have not had time to implement this new feature yet due to other commitments. One way is to use a plugin as suggested. But it might be better to research how the cloud services consider a user that has permission to create and read replication slots. Vanilla Postgres has a documented method for that which is usesuper and userrepl
are there setting specific to Yandex.Cloud in pg_settings?
i.e
SELECT * setting FROM pg_settings
For instance AWS has a rds.* entry for AWS Postgres
I believe this is also an issue with Azure. are you able to provide me with a temp account to look into this?
You no longer need to have super user permissions as this is restricted by most cloud service providers in one ways or the other.
You do however need to have permission to:
- create/drop replication slots/
- create/drop triggers on the target database.
@evstratbg