0007-Add-TAP-tests-for-authentication-methods.patch
application/x-download
Filename: 0007-Add-TAP-tests-for-authentication-methods.patch
Type: application/x-download
Part: 6
Patch
Format: format-patch
Series: patch 0007
Subject: Add TAP tests for authentication methods
| File | + | − |
|---|---|---|
| src/test/recovery/t/009_authentication.pl | 84 | 0 |
From 9837ba0deec314988cc0cf2e6a51dd49137b38fe Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Mon, 14 Nov 2016 14:45:44 -0800
Subject: [PATCH 7/7] Add TAP tests for authentication methods
Those are useful to test what is expected from users having either plain,
MD5-encrypted or SCRAM passwords.
---
src/test/recovery/t/009_authentication.pl | 84 +++++++++++++++++++++++++++++++
1 file changed, 84 insertions(+)
create mode 100644 src/test/recovery/t/009_authentication.pl
diff --git a/src/test/recovery/t/009_authentication.pl b/src/test/recovery/t/009_authentication.pl
new file mode 100644
index 0000000000..4713d0b971
--- /dev/null
+++ b/src/test/recovery/t/009_authentication.pl
@@ -0,0 +1,84 @@
+# Set of tests for authentication and pg_hba.conf. The following password
+# methods are checked through this test:
+# - Plain
+# - MD5-encrypted
+# - SCRAM-encrypted
+# This test cannot run on Windows as Postgres cannot be set up with Unix
+# sockets and needs to go through SSPI.
+
+use strict;
+use warnings;
+use PostgresNode;
+use TestLib;
+use Test::More tests => 12;
+
+# Delete pg_hba.conf from the given node, add a new entry to it
+# and then execute a reload to refresh it.
+sub reset_pg_hba
+{
+ my $node = shift;
+ my $hba_method = shift;
+
+ unlink($node->data_dir . '/pg_hba.conf');
+ $node->append_conf('pg_hba.conf', "local all all $hba_method");
+ $node->reload;
+}
+
+# Test access for a single role, useful to wrap all tests into one.
+sub test_role
+{
+ my $node = shift;
+ my $role = shift;
+ my $method = shift;
+ my $expected_res = shift;
+ my $status_string = 'failed';
+
+ $status_string = 'success' if ($expected_res eq 0);
+
+ my $res = $node->psql('postgres', 'SELECT 1', extra_params => ['-U', $role]);
+ is($res, $expected_res,
+ "authentication $status_string for method $method, role $role");
+}
+
+SKIP:
+{
+ skip "authentication tests cannot run on Windows", 12 if ($windows_os);
+
+ # Initialize master node
+ my $node = get_new_node('master');
+ $node->init;
+ $node->start;
+
+ # Create 3 roles with different password methods for each one. The same
+ # password is used for all of them.
+ $node->safe_psql('postgres', "CREATE ROLE scram_role LOGIN PASSWORD ('pass' USING 'scram');");
+ $node->safe_psql('postgres', "CREATE ROLE md5_role LOGIN PASSWORD ('pass' USING 'md5');");
+ $node->safe_psql('postgres', "CREATE ROLE plain_role LOGIN PASSWORD ('pass' USING 'plain');");
+ $ENV{"PGPASSWORD"} = 'pass';
+
+ # For "trust" method, all users should be able to connect.
+ reset_pg_hba($node, 'trust');
+ test_role($node, 'scram_role', 'trust', 0);
+ test_role($node, 'md5_role', 'trust', 0);
+ test_role($node, 'plain_role', 'trust', 0);
+
+ # For "plain" method, users "plain_role" and "md5_role" should be able to
+ # connect.
+ reset_pg_hba($node, 'password');
+ test_role($node, 'scram_role', 'password', 2);
+ test_role($node, 'md5_role', 'password', 0);
+ test_role($node, 'plain_role', 'password', 0);
+
+ # For "scram" method, only user "scram_role" should be able to connect.
+ reset_pg_hba($node, 'scram');
+ test_role($node, 'scram_role', 'scram', 0);
+ test_role($node, 'md5_role', 'scram', 2);
+ test_role($node, 'plain_role', 'scram', 2);
+
+ # For "md5" method, users "plain_role" and "md5_role" should be able to
+ # connect.
+ reset_pg_hba($node, 'md5');
+ test_role($node, 'scram_role', 'md5', 2);
+ test_role($node, 'md5_role', 'md5', 0);
+ test_role($node, 'plain_role', 'md5', 0);
+}
--
2.11.0