postgres: confusing error when logical replication is disabled in Amazon RDS #3317
Description
In Amazon RDS for PostgreSQL, if logical replication is not enabled in the instance, we throw the following error:
failed to validate replication permissions: postgres user does not have replication role
The validation query is checking for the value of the rds.logical_replication server configuration setting, but the error suggests an issue with user privileges.
Since we have a separate validation for wal_level, is what we want to check for here membership in the rds_replication role instead?
postgres=> SELECT r.rolname, m.rolname as member
FROM pg_roles r
JOIN pg_auth_members am ON r.oid = am.roleid
JOIN pg_roles m ON am.member = m.oid
WHERE r.rolname = 'rds_replication' AND m.rolname = 'clickpipes_user';
rolname | member
-----------------+-----------------
rds_replication | clickpipes_user
(1 row)If logical replication is enabled but the user has not been granted replication privileges, we then pass through the raw PostgreSQL error (which is straightforward to understand):
failed to establish replication connection: insufficient privileges for user clickpipes_user: failed to connect to
user=clickpipes_user database=postgres: 54.229.109.71:5432 (clickpipes-rds-pg.cbv5p5ydu6hp.eu-west-1.rds.amazonaws.com): server error: FATAL: permission denied to start WAL sender (SQLSTATE 42501)