NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit051b096

committed

Refactor TAP test authentication/001_password.pl

The test is changed to test for connection strings rather than specificroles, and the reset logic of pg_hba.conf is extended so as the databaseand user name entries can be directly specified. This is aimed at beingused as a base for more test scenarios of pg_hba.conf and authenticationpaths.Author: Bertrand Drouvot, Michael PaquierDiscussion:https://postgr.es/m/Yz0xO0emJ+mxtj2a@paquier.xyz

1 parentd8df67b commit051b096Copy full SHA for 051b096

File tree

1 file changed

+31

-29

lines changed

src/test/authentication/t
- 001_password.pl

1 file changed

+31

-29

lines changed

`‎src/test/authentication/t/001_password.pl`

Lines changed: 31 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,28 +24,30 @@`
`24`	`24`	`subreset_pg_hba`
`25`	`25`	`{`
`26`	`26`	`my$node =shift;`
	`27`	`+my$database =shift;`
	`28`	`+my$role =shift;`
`27`	`29`	`my$hba_method =shift;`
`28`	`30`
`29`	`31`	`unlink($node->data_dir .'/pg_hba.conf');`
`30`	`32`	`# just for testing purposes, use a continuation line`
`31`		`-$node->append_conf('pg_hba.conf',"local all all\\\n$hba_method");`
	`33`	`+$node->append_conf('pg_hba.conf',`
	`34`	`+"local$database$role\\\n$hba_method");`
`32`	`35`	`$node->reload;`
`33`	`36`	`return;`
`34`	`37`	`}`
`35`	`38`
`36`		`-# Test access for asingle role, useful to wrap all tests into one. Extra`
`37`		`-# named parameters are passed to connect_ok/fails as-is.`
`38`		`-subtest_role`
	`39`	`+# Test access for aconnection string, useful to wrap all tests into one.`
	`40`	`+#Extranamed parameters are passed to connect_ok/fails as-is.`
	`41`	`+subtest_conn`
`39`	`42`	`{`
`40`	`43`	`local$Test::Builder::Level =$Test::Builder::Level + 1;`
`41`	`44`
`42`		`-my ($node,$role,$method,$expected_res,%params) =@_;`
	`45`	`+my ($node,$connstr,$method,$expected_res,%params) =@_;`
`43`	`46`	`my$status_string ='failed';`
`44`	`47`	`$status_string ='success'if ($expected_reseq 0);`
`45`	`48`
`46`		`-my$connstr ="user=$role";`
`47`	`49`	`my$testname =`
`48`		`-"authentication$status_string for method$method,role$role";`
	`50`	`+"authentication$status_string for method$method,connstr$connstr";`
`49`	`51`
`50`	`52`	`if ($expected_reseq 0)`
`51`	`53`	`{`
`@@ -81,10 +83,10 @@ sub test_role`
`81`	`83`
`82`	`84`	`# For "trust" method, all users should be able to connect. These users are not`
`83`	`85`	`# considered to be authenticated.`
`84`		`-reset_pg_hba($node,'trust');`
`85`		`-test_role($node,'scram_role','trust', 0,`
	`86`	`+reset_pg_hba($node,'all','all','trust');`
	`87`	`+test_conn($node,'user=scram_role','trust', 0,`
`86`	`88`	`log_unlike=> [qr/connection authenticated:/]);`
`87`		`-test_role($node,'md5_role','trust', 0,`
	`89`	`+test_conn($node,'user=md5_role','trust', 0,`
`88`	`90`	`log_unlike=> [qr/connection authenticated:/]);`
`89`	`91`
`90`	`92`	`# SYSTEM_USER is null when not authenticated.`
`@@ -106,40 +108,40 @@ sub test_role`
`106`	`108`	`);`
`107`	`109`
`108`	`110`	`# For plain "password" method, all users should also be able to connect.`
`109`		`-reset_pg_hba($node,'password');`
`110`		`-test_role($node,'scram_role','password', 0,`
	`111`	`+reset_pg_hba($node,'all','all','password');`
	`112`	`+test_conn($node,'user=scram_role','password', 0,`
`111`	`113`	`log_like=>`
`112`	`114`	`[qr/connection authenticated: identity="scram_role" method=password/]);`
`113`		`-test_role($node,'md5_role','password', 0,`
	`115`	`+test_conn($node,'user=md5_role','password', 0,`
`114`	`116`	`log_like=>`
`115`	`117`	`[qr/connection authenticated: identity="md5_role" method=password/]);`
`116`	`118`
`117`	`119`	`# For "scram-sha-256" method, user "scram_role" should be able to connect.`
`118`		`-reset_pg_hba($node,'scram-sha-256');`
`119`		`-test_role(`
	`120`	`+reset_pg_hba($node,'all','all','scram-sha-256');`
	`121`	`+test_conn(`
`120`	`122`	`$node,`
`121`		`-'scram_role',`
	`123`	`+'user=scram_role',`
`122`	`124`	`'scram-sha-256',`
`123`	`125`	`0,`
`124`	`126`	`log_like=> [`
`125`	`127`	`qr/connection authenticated: identity="scram_role" method=scram-sha-256/`
`126`	`128`	`]);`
`127`		`-test_role($node,'md5_role','scram-sha-256', 2,`
	`129`	`+test_conn($node,'user=md5_role','scram-sha-256', 2,`
`128`	`130`	`log_unlike=> [qr/connection authenticated:/]);`
`129`	`131`
`130`	`132`	`# Test that bad passwords are rejected.`
`131`	`133`	`$ENV{"PGPASSWORD"} ='badpass';`
`132`		`-test_role($node,'scram_role','scram-sha-256', 2,`
	`134`	`+test_conn($node,'user=scram_role','scram-sha-256', 2,`
`133`	`135`	`log_unlike=> [qr/connection authenticated:/]);`
`134`	`136`	`$ENV{"PGPASSWORD"} ='pass';`
`135`	`137`
`136`	`138`	`# For "md5" method, all users should be able to connect (SCRAM`
`137`	`139`	`# authentication will be performed for the user with a SCRAM secret.)`
`138`		`-reset_pg_hba($node,'md5');`
`139`		`-test_role($node,'scram_role','md5', 0,`
	`140`	`+reset_pg_hba($node,'all','all','md5');`
	`141`	`+test_conn($node,'user=scram_role','md5', 0,`
`140`	`142`	`log_like=>`
`141`	`143`	`[qr/connection authenticated: identity="scram_role" method=md5/]);`
`142`		`-test_role($node,'md5_role','md5', 0,`
	`144`	`+test_conn($node,'user=md5_role','md5', 0,`
`143`	`145`	`log_like=>`
`144`	`146`	`[qr/connection authenticated: identity="md5_role" method=md5/]);`
`145`	`147`
`@@ -164,13 +166,13 @@ sub test_role`
`164`	`166`
`165`	`167`	`# Tests for channel binding without SSL.`
`166`	`168`	`# Using the password authentication method; channel binding can't work`
`167`		`-reset_pg_hba($node,'password');`
	`169`	`+reset_pg_hba($node,'all','all','password');`
`168`	`170`	`$ENV{"PGCHANNELBINDING"} ='require';`
`169`		`-test_role($node,'scram_role','scram-sha-256', 2);`
	`171`	`+test_conn($node,'user=scram_role','scram-sha-256', 2);`
`170`	`172`	`# SSL not in use; channel binding still can't work`
`171`		`-reset_pg_hba($node,'scram-sha-256');`
	`173`	`+reset_pg_hba($node,'all','all','scram-sha-256');`
`172`	`174`	`$ENV{"PGCHANNELBINDING"} ='require';`
`173`		`-test_role($node,'scram_role','scram-sha-256', 2);`
	`175`	`+test_conn($node,'user=scram_role','scram-sha-256', 2);`
`174`	`176`
`175`	`177`	`# Test .pgpass processing; but use a temp file, don't overwrite the real one!`
`176`	`178`	`my$pgpassfile ="${PostgreSQL::Test::Utils::tmp_check}/pgpass";`
`@@ -187,15 +189,15 @@ sub test_role`
`187`	`189`	`!);`
`188`	`190`	`chmod 0600,$pgpassfileordie;`
`189`	`191`
`190`		`-reset_pg_hba($node,'password');`
`191`		`-test_role($node,'scram_role','password from pgpass', 0);`
`192`		`-test_role($node,'md5_role','password from pgpass', 2);`
	`192`	`+reset_pg_hba($node,'all','all','password');`
	`193`	`+test_conn($node,'user=scram_role','password from pgpass', 0);`
	`194`	`+test_conn($node,'user=md5_role','password from pgpass', 2);`
`193`	`195`
`194`	`196`	`append_to_file(`
`195`	`197`	`$pgpassfile,qq!`
`196`	`198`	`::*:md5_role:p\\ass`
`197`	`199`	`!);`
`198`	`200`
`199`		`-test_role($node,'md5_role','password from pgpass', 0);`
	`201`	`+test_conn($node,'user=md5_role','password from pgpass', 0);`
`200`	`202`
`201`	`203`	`done_testing();`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit051b096

File tree

1 file changed

1 file changed

`‎src/test/authentication/t/001_password.pl`

0 commit comments