pg_check_conn
A PostgreSQL utility to check a user's access to a database. pg_check_conn
will use supplied options to connect to a PostgreSQL database and return 0
on success, and PQstatus
otherwise.
pg_check_conn
is a direct replacement for pg_isready
. The new utility accepts the same options as pg_isready
: database (-d
), hostname (-h
), username (-U
), port (-p
), and timeout (-t
). Environmental variables, like PGPASSWORD
, should work as expected as pg_check_conn
leaves them in tact for the underlying libpg
library.
The reason for the pg_check_conn
utility is, pg_isready
does not use options when it tests a connection. If you use a fictitious or incorrect option like -d foo
, -U bar
or PGPASSWORD=baz
, then pg_isready
will still return success if the PostgreSQL server is running and accepting connections. For the details, see Determine if a user and database are available on the pgsql-general mailing list.
Prerequisites
pg_check_conn
requires the PostgreSQL development package and a C++ compiler. C++ simplifies the program by handling memory management.
The PostgreSQL development packages are libpq-dev
on Debian and derivatives like Ubuntu; and libpq-devel
on Red Hat derivatives, like CentOS and Fedora.
Compiling pg_check_conn
You can compile pg_check_conn
with the following command:
g++ -g -O2 `pkg-config --cflags libpq` pg_check_conn.cpp -o pg_check_conn `pkg-config --libs libpq`
Running pg_check_conn
pg_check_conn
is a direct replacement for pg_isready
. Running pg_check_conn
with no issues will result in success and a return code of 0. On error, an error string written to standard output as reported by PQerrorMessage
and the value of PQstatus
is returned by the program. The examples below show two typical failues.
$ PGPASSWORD=${password} pg_check_conn -h "${hostname}" -U "${username}" -d "${database}" -p "${port}"
Error: connection to server at "localhost" (::1), port 5432 failed: FATAL: Ident authentication failed for user "postgres"
and
$ PGPASSWORD=${password} pg_check_conn -U "${username}" -d "${database}" -p "${port}"
Error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication failed for user "postgres"
The exit code for pg_check_conn
is different than pg_isready
since pg_isready
returns success for nearly everything, including a missing database, a missing user, bad credentials and an incorrect authentication method. pg_isready
would have reported success in the examples since the server was running and accepting connections.