dbconfig: grant SETting of session_replication_role to taler-merchant-httpd user - merchant - Merchant backend to process payments, run by merchants

commit d81c31445686871d91f1fcda0b49748dde1dd1be
parent eb86e454e1ad49525043bb839004694d5904770a
Author: Florian Dold <florian@dold.me>
Date:   Mon,  8 Jun 2026 23:55:22 +0200

dbconfig: grant SETting of session_replication_role to taler-merchant-httpd user

This is required for the 0036 migration.

We could also do "ALTER TABLE ... DISABLE TRIGGER" on all tables
instead, but that is more tedious / error-prone.

Enbling access to session_replication_role is harmless in this case, as
taler-merchant-httpd only has access to tables it owns anyway and thus
can't disable any trigger-enforced invariants with it that it can't
already disable without the setting.

Diffstat:
M contrib/taler-merchant-dbconfig  | 12 ++++++++++++

1 file changed, 12 insertions(+), 0 deletions(-)
diff --git a/contrib/taler-merchant-dbconfig b/contrib/taler-merchant-dbconfig
@@ -84,6 +84,18 @@ if ! sudo -i -u postgres createuser "$DBUSER" 2>/dev/null; then
   echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
 fi
 
+# Allow user to change the session_replication_role setting,
+# required during migrations.
+
+sudo -i -u postgres psql -v dbuser="$DBUSER" <<'EOF' || ret=$?
+GRANT SET ON PARAMETER session_replication_role TO :"dbuser";
+EOF
+
+if ! [[ $ret -ne 0 ]]; then
+  echo "Failed to grant permissions to $DBUSER" >&2
+  exit 1
+fi
+
 DBPATH=$(taler-merchant-config \
   -c "$CFGFILE" \
   -s merchantdb-postgres \

	merchant Merchant backend to process payments, run by merchants
	Log \| Files \| Refs \| Submodules \| README \| LICENSE