Thread

Commits

  1. Add checks for regexes with user name map in test for peer authentication

  1. Add regular expression testing for user name mapping in the peer authentication TAP test

    Bertrand Drouvot <bertranddrouvot.pg@gmail.com> — 2022-10-14T16:31:15Z

    Hi hackers,
    
    while working on [1], I thought it could also be useful to add regular 
    expression testing for user name mapping in the peer authentication TAP 
    test.
    
    This kind of test already exists in kerberos/t/001_auth.pl but the 
    proposed one in the peer authentication testing would probably be more 
    widely tested.
    
    Please find attached a patch proposal to do so.
    
    [1]: 
    https://www.postgresql.org/message-id/4f55303e-62c1-1072-61db-fbfb30bd66c8%40gmail.com
    
    Looking forward to your feedback,
    
    Regards,
    
    -- 
    Bertrand Drouvot
    PostgreSQL Contributors Team
    RDS Open Source Databases
    Amazon Web Services: https://aws.amazon.com
  2. Re: Add regular expression testing for user name mapping in the peer authentication TAP test

    Michael Paquier <michael@paquier.xyz> — 2022-10-15T03:11:28Z

    On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote:
    > while working on [1], I thought it could also be useful to add regular
    > expression testing for user name mapping in the peer authentication TAP
    > test.
    
    Good idea now that we have a bit more coverage in the authentication
    tests.
    
    > +# Test with regular expression in user name map.
    > +my $last_system_user_char = substr($system_user, -1);
    
    This would attach to the regex the last character of the system user.
    I would perhaps have used more characters than that (-3?), as substr()
    with a negative number larger than the string given in input would
    give the entire string.  That's a nit, though.
    
    > +# The regular expression does not match.
    > +reset_pg_ident($node, 'mypeermap', '/^$', 'testmapuser');
    
    This matches only an empty string, my brain gets that right?
    --
    Michael
    
  3. Re: Add regular expression testing for user name mapping in the peer authentication TAP test

    Bertrand Drouvot <bertranddrouvot.pg@gmail.com> — 2022-10-15T05:54:30Z

    Hi,
    
    On 10/15/22 5:11 AM, Michael Paquier wrote:
    > On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote:
    >> while working on [1], I thought it could also be useful to add regular
    >> expression testing for user name mapping in the peer authentication TAP
    >> test.
    > 
    > Good idea now that we have a bit more coverage in the authentication
    > tests.
    
    Thanks for looking at it!
    
    >> +# Test with regular expression in user name map.
    >> +my $last_system_user_char = substr($system_user, -1);
    > 
    > This would attach to the regex the last character of the system user.
    
    Right.
    
    > I would perhaps have used more characters than that (-3?), as substr()
    > with a negative number larger than the string given in input would
    > give the entire string.  That's a nit, though.
    
    I don't have a strong opinion on this, so let's extract the last 3 
    characters. This is what v2 attached does.
    
    > 
    >> +# The regular expression does not match.
    >> +reset_pg_ident($node, 'mypeermap', '/^$', 'testmapuser');
    > 
    > This matches only an empty string, my brain gets that right?
    
    Right. Giving a second thought to the non matching case, I think I'd 
    prefer to concatenate the system_user to the system_user instead. This 
    is what v2 does.
    
    Regards,
    
    -- 
    Bertrand Drouvot
    PostgreSQL Contributors Team
    RDS Open Source Databases
    Amazon Web Services: https://aws.amazon.com
  4. Re: Add regular expression testing for user name mapping in the peer authentication TAP test

    Michael Paquier <michael@paquier.xyz> — 2022-10-17T02:07:15Z

    On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote:
    > Right. Giving a second thought to the non matching case, I think I'd prefer
    > to concatenate the system_user to the system_user instead. This is what v2
    > does.
    
    Fine by me, so applied v2.  Thanks!
    --
    Michael
    
  5. Re: Add regular expression testing for user name mapping in the peer authentication TAP test

    Bertrand Drouvot <bertranddrouvot.pg@gmail.com> — 2022-10-17T06:27:35Z

    Hi,
    
    On 10/17/22 4:07 AM, Michael Paquier wrote:
    > On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote:
    >> Right. Giving a second thought to the non matching case, I think I'd prefer
    >> to concatenate the system_user to the system_user instead. This is what v2
    >> does.
    > 
    > Fine by me, so applied v2.  Thanks!
    
    Thanks!
    
    Regards,
    
    -- 
    Bertrand Drouvot
    PostgreSQL Contributors Team
    RDS Open Source Databases
    Amazon Web Services: https://aws.amazon.com