From fce869257f9e68821b525e666c0cd60ea96ffc44 Mon Sep 17 00:00:00 2001
From: Freddy Spierenburg <freddy@snarl.nl>
Date: Wed, 20 Feb 2019 13:31:09 +0100
Subject: [PATCH] Update the running as non-superuser section. This solves the
 problem that certain metrics didn't produce a value.

---
 README.md | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 477f507..bcf1e24 100644
--- a/README.md
+++ b/README.md
@@ -163,11 +163,13 @@ flag. This removes all built-in metrics, and uses only metrics defined by querie
 ### Running as non-superuser
 
 To be able to collect metrics from `pg_stat_activity` and `pg_stat_replication`
-as  non-superuser you have to create views as a superuser, and assign permissions
-separately to those.
+as  non-superuser you have to create functions and views as a superuser, and
+assign permissions separately to those.
 
 In PostgreSQL, views run with the permissions of the user that created them so
-they can act as security barriers.
+they can act as security barriers. Functions need to be created to share this
+data with the non-superuser. Only creating the views will leave out the most
+important bits of data.
 
 ```sql
 CREATE USER postgres_exporter PASSWORD 'password';
@@ -176,16 +178,30 @@ ALTER USER postgres_exporter SET SEARCH_PATH TO postgres_exporter,pg_catalog;
 -- If deploying as non-superuser (for example in AWS RDS), uncomment the GRANT
 -- line below and replace <MASTER_USER> with your root user.
 -- GRANT postgres_exporter TO <MASTER_USER>
-CREATE SCHEMA postgres_exporter AUTHORIZATION postgres_exporter;
+CREATE SCHEMA postgres_exporter;
+GRANT USAGE ON SCHEMA postgres_exporter TO postgres_exporter;
+
+CREATE FUNCTION get_pg_stat_activity() RETURNS SETOF pg_stat_activity AS
+$$ SELECT * FROM pg_catalog.pg_stat_activity; $$
+LANGUAGE sql
+VOLATILE
+SECURITY DEFINER;
 
 CREATE VIEW postgres_exporter.pg_stat_activity
 AS
-  SELECT * from pg_catalog.pg_stat_activity;
+  SELECT * from get_pg_stat_activity();
 
 GRANT SELECT ON postgres_exporter.pg_stat_activity TO postgres_exporter;
 
-CREATE VIEW postgres_exporter.pg_stat_replication AS
-  SELECT * from pg_catalog.pg_stat_replication;
+CREATE FUNCTION get_pg_stat_replication() RETURNS SETOF pg_stat_replication AS
+$$ SELECT * FROM pg_catalog.pg_stat_replication; $$
+LANGUAGE sql
+VOLATILE
+SECURITY DEFINER;
+
+CREATE VIEW postgres_exporter.pg_stat_replication
+AS
+  SELECT * FROM get_pg_stat_replication();
 
 GRANT SELECT ON postgres_exporter.pg_stat_replication TO postgres_exporter;
 ```