From 168676b3b6a20177c39a49dc27c203098d7ec116 Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Wed, 15 Feb 2017 03:15:03 +0000 Subject: [PATCH] Introduce --no-superuser-check option. The current client checks for superuser before attempting to execute pg_repack commands. In Amazon RDS, customers are given access to a psuedo-superuser role called rds_superuser, but they are not given access to superuser. However, rds_superusers will otherwise have the ability to execute pg_repack commands in RDS. This change introduces the --no-superuser-check option in the client code so that users can disable the client-side superuser checks. --- bin/pg_repack.c | 6 ++++++ doc/pg_repack.rst | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/bin/pg_repack.c b/bin/pg_repack.c index 8ccb1ae..39f773e 100644 --- a/bin/pg_repack.c +++ b/bin/pg_repack.c @@ -244,6 +244,7 @@ static int wait_timeout = 60; /* in seconds */ static int jobs = 0; /* number of concurrent worker conns. */ static bool dryrun = false; static unsigned int temp_obj_num = 0; /* temporary objects counter */ +static bool no_superuser_check = false; /* buffer should have at least 11 bytes */ static char * @@ -269,6 +270,7 @@ static pgut_option options[] = { 'i', 'T', "wait-timeout", &wait_timeout }, { 'B', 'Z', "no-analyze", &analyze }, { 'i', 'j', "jobs", &jobs }, + { 'b', 'k', "no-superuser-check", &no_superuser_check }, { 0 }, }; @@ -371,6 +373,9 @@ is_superuser(void) { const char *val; + if (no_superuser_check) + return true; + if (!connection) return false; @@ -2064,4 +2069,5 @@ pgut_help(bool details) printf(" -x, --only-indexes move only indexes of the specified table\n"); printf(" -T, --wait-timeout=SECS timeout to cancel other backends on conflict\n"); printf(" -Z, --no-analyze don't analyze at end\n"); + printf(" -k, --no-superuser-check skip superuser checks in client\n"); } diff --git a/doc/pg_repack.rst b/doc/pg_repack.rst index c51e1d2..37783b9 100644 --- a/doc/pg_repack.rst +++ b/doc/pg_repack.rst @@ -128,6 +128,7 @@ Options: -x, --only-indexes move only indexes of the specified table -T, --wait-timeout=SECS timeout to cancel other backends on conflict -Z, --no-analyze don't analyze at end + -k, --no-superuser-check skip superuser checks in client Connection options: -d, --dbname=DBNAME database to connect @@ -210,6 +211,10 @@ Reorg Options Disable ANALYZE after a full-table reorganization. If not specified, run ANALYZE after the reorganization. +``-k``, ``--no-superuser-check`` + Skip the superuser checks in the client. This setting is useful for using + pg_repack on platforms that support running it as non-superusers. + Connection Options ^^^^^^^^^^^^^^^^^^