From b8ecfbf1a1987b57d4735a2fea6b8f4f8dfd5b5d Mon Sep 17 00:00:00 2001 From: Bharath Rupireddy Date: Thu, 18 Nov 2021 07:35:51 +0000 Subject: [PATCH v2] Add pg_ls_logicalsnapdir, pg_ls_logicalmapdir, pg_ls_replslotdir functions These functions lists the contents of the respective directories, and are intended to be used by monitoring tools. Unlike pg_ls_dir(), access to it can be granted to non-superusers so that those monitoring tools can observe the principle of least privilege. Access is also given by default to members of pg_monitor. Note: Haven't changed the CATALOG_VERSION_NO as it is creating the conflicts with the committed code, so the committer can take care of it while committing this patch. --- doc/src/sgml/func.sgml | 72 ++++++++++++++++++++++++ src/backend/catalog/system_functions.sql | 12 ++++ src/backend/utils/adt/genfile.c | 47 ++++++++++++++++ src/include/catalog/pg_proc.dat | 15 +++++ 4 files changed, 146 insertions(+) diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 24447c0017..5e7eb76023 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -27417,6 +27417,78 @@ SELECT convert_from(pg_read_binary_file('file_in_utf8.txt'), 'UTF8'); can be granted EXECUTE to run the function. + + + + + pg_ls_logicalsnapdir + + pg_ls_logicalsnapdir () + setof record + ( name text, + size bigint, + modification timestamp with time zone ) + + + Returns the name, size, and last modification time (mtime) of each + ordinary file in the server's pg_logical/snapshots directory. + Filenames beginning with a dot, directories, and other special files + are excluded. + + + This function is restricted to superusers and members of + the pg_monitor role by default, but other users can + be granted EXECUTE to run the function. + + + + + + + pg_ls_logicalmapdir + + pg_ls_logicalmapdir () + setof record + ( name text, + size bigint, + modification timestamp with time zone ) + + + Returns the name, size, and last modification time (mtime) of each + ordinary file in the server's pg_logical/mappings directory. + Filenames beginning with a dot, directories, and other special files + are excluded. + + + This function is restricted to superusers and members of + the pg_monitor role by default, but other users can + be granted EXECUTE to run the function. + + + + + + + pg_ls_replslotdir + + pg_ls_replslotdir ( slot_name text ) + setof record + ( name text, + size bigint, + modification timestamp with time zone ) + + + Returns the name, size, and last modification time (mtime) of each + ordinary file in the server's pg_replslot/slot_name directory. + Filenames beginning with a dot, directories, and other special files + are excluded. + + + This function is restricted to superusers and members of + the pg_monitor role by default, but other users can + be granted EXECUTE to run the function. + + diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index 54c93b16c4..f6789025a5 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -701,6 +701,12 @@ REVOKE EXECUTE ON FUNCTION pg_ls_dir(text,boolean,boolean) FROM public; REVOKE EXECUTE ON FUNCTION pg_log_backend_memory_contexts(integer) FROM PUBLIC; +REVOKE EXECUTE ON FUNCTION pg_ls_logicalsnapdir() FROM PUBLIC; + +REVOKE EXECUTE ON FUNCTION pg_ls_logicalmapdir() FROM PUBLIC; + +REVOKE EXECUTE ON FUNCTION pg_ls_replslotdir(text) FROM PUBLIC; + -- -- We also set up some things as accessible to standard roles. -- @@ -715,6 +721,12 @@ GRANT EXECUTE ON FUNCTION pg_ls_tmpdir() TO pg_monitor; GRANT EXECUTE ON FUNCTION pg_ls_tmpdir(oid) TO pg_monitor; +GRANT EXECUTE ON FUNCTION pg_ls_logicalsnapdir() TO pg_monitor; + +GRANT EXECUTE ON FUNCTION pg_ls_logicalmapdir() TO pg_monitor; + +GRANT EXECUTE ON FUNCTION pg_ls_replslotdir(text) TO pg_monitor; + GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c index c436d9318b..04666589d3 100644 --- a/src/backend/utils/adt/genfile.c +++ b/src/backend/utils/adt/genfile.c @@ -29,6 +29,7 @@ #include "mb/pg_wchar.h" #include "miscadmin.h" #include "postmaster/syslogger.h" +#include "replication/slot.h" #include "storage/fd.h" #include "utils/acl.h" #include "utils/builtins.h" @@ -720,3 +721,49 @@ pg_ls_archive_statusdir(PG_FUNCTION_ARGS) { return pg_ls_dir_files(fcinfo, XLOGDIR "/archive_status", true); } + +/* + * Function to return the list of files in the pg_logical/snapshots directory. + */ +Datum +pg_ls_logicalsnapdir(PG_FUNCTION_ARGS) +{ + return pg_ls_dir_files(fcinfo, "pg_logical/snapshots", false); +} + +/* + * Function to return the list of files in the pg_logical/mappings directory. + */ +Datum +pg_ls_logicalmapdir(PG_FUNCTION_ARGS) +{ + return pg_ls_dir_files(fcinfo, "pg_logical/mappings", false); +} + +/* + * Function to return the list of files in the pg_replslot/ + * directory. + */ +Datum +pg_ls_replslotdir(PG_FUNCTION_ARGS) +{ + text *slotname_t; + char path[MAXPGPATH]; + char *slotname; + ReplicationSlot *slot; + + slotname_t = PG_GETARG_TEXT_PP(0); + + slotname = text_to_cstring(slotname_t); + + slot = SearchNamedReplicationSlot(slotname, true); + + if (!slot) + ereport(ERROR, + (errcode(ERRCODE_UNDEFINED_OBJECT), + errmsg("replication slot \"%s\" does not exist", + slotname))); + + snprintf(path, sizeof(path), "%s/%s", "pg_replslot", slotname); + return pg_ls_dir_files(fcinfo, path, false); +} diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index 6412f369f1..509b9824fd 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -11623,6 +11623,21 @@ proallargtypes => '{oid,text,int8,timestamptz}', proargmodes => '{i,o,o,o}', proargnames => '{tablespace,name,size,modification}', prosrc => 'pg_ls_tmpdir_1arg' }, +{ oid => '4642', descr => 'list of files in the pg_logical/snapshots directory', + proname => 'pg_ls_logicalsnapdir', procost => '10', prorows => '20', proretset => 't', + provolatile => 'v', prorettype => 'record', proargtypes => '', + proallargtypes => '{text,int8,timestamptz}', proargmodes => '{o,o,o}', + proargnames => '{name,size,modification}', prosrc => 'pg_ls_logicalsnapdir' }, +{ oid => '4643', descr => 'list of files in the pg_logical/mappings directory', + proname => 'pg_ls_logicalmapdir', procost => '10', prorows => '20', proretset => 't', + provolatile => 'v', prorettype => 'record', proargtypes => '', + proallargtypes => '{text,int8,timestamptz}', proargmodes => '{o,o,o}', + proargnames => '{name,size,modification}', prosrc => 'pg_ls_logicalmapdir' }, +{ oid => '4644', descr => 'list of files in the pg_logical/mappings directory', + proname => 'pg_ls_replslotdir', procost => '10', prorows => '20', proretset => 't', + provolatile => 'v', prorettype => 'record', proargtypes => 'text', + proallargtypes => '{text,text,int8,timestamptz}', proargmodes => '{i,o,o,o}', + proargnames => '{slot_name,name,size,modification}', prosrc => 'pg_ls_replslotdir' }, # hash partitioning constraint function { oid => '5028', descr => 'hash partition CHECK constraint', -- 2.25.1