Thread
Commits
-
Add checks for regexes with user name map in test for peer authentication
- 7622422b725e 16.0 landed
-
Add regular expression testing for user name mapping in the peer authentication TAP test
Bertrand Drouvot <bertranddrouvot.pg@gmail.com> — 2022-10-14T16:31:15Z
Hi hackers, while working on [1], I thought it could also be useful to add regular expression testing for user name mapping in the peer authentication TAP test. This kind of test already exists in kerberos/t/001_auth.pl but the proposed one in the peer authentication testing would probably be more widely tested. Please find attached a patch proposal to do so. [1]: https://www.postgresql.org/message-id/4f55303e-62c1-1072-61db-fbfb30bd66c8%40gmail.com Looking forward to your feedback, Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
-
Re: Add regular expression testing for user name mapping in the peer authentication TAP test
Michael Paquier <michael@paquier.xyz> — 2022-10-15T03:11:28Z
On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote: > while working on [1], I thought it could also be useful to add regular > expression testing for user name mapping in the peer authentication TAP > test. Good idea now that we have a bit more coverage in the authentication tests. > +# Test with regular expression in user name map. > +my $last_system_user_char = substr($system_user, -1); This would attach to the regex the last character of the system user. I would perhaps have used more characters than that (-3?), as substr() with a negative number larger than the string given in input would give the entire string. That's a nit, though. > +# The regular expression does not match. > +reset_pg_ident($node, 'mypeermap', '/^$', 'testmapuser'); This matches only an empty string, my brain gets that right? -- Michael
-
Re: Add regular expression testing for user name mapping in the peer authentication TAP test
Bertrand Drouvot <bertranddrouvot.pg@gmail.com> — 2022-10-15T05:54:30Z
Hi, On 10/15/22 5:11 AM, Michael Paquier wrote: > On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote: >> while working on [1], I thought it could also be useful to add regular >> expression testing for user name mapping in the peer authentication TAP >> test. > > Good idea now that we have a bit more coverage in the authentication > tests. Thanks for looking at it! >> +# Test with regular expression in user name map. >> +my $last_system_user_char = substr($system_user, -1); > > This would attach to the regex the last character of the system user. Right. > I would perhaps have used more characters than that (-3?), as substr() > with a negative number larger than the string given in input would > give the entire string. That's a nit, though. I don't have a strong opinion on this, so let's extract the last 3 characters. This is what v2 attached does. > >> +# The regular expression does not match. >> +reset_pg_ident($node, 'mypeermap', '/^$', 'testmapuser'); > > This matches only an empty string, my brain gets that right? Right. Giving a second thought to the non matching case, I think I'd prefer to concatenate the system_user to the system_user instead. This is what v2 does. Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
-
Re: Add regular expression testing for user name mapping in the peer authentication TAP test
Michael Paquier <michael@paquier.xyz> — 2022-10-17T02:07:15Z
On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote: > Right. Giving a second thought to the non matching case, I think I'd prefer > to concatenate the system_user to the system_user instead. This is what v2 > does. Fine by me, so applied v2. Thanks! -- Michael
-
Re: Add regular expression testing for user name mapping in the peer authentication TAP test
Bertrand Drouvot <bertranddrouvot.pg@gmail.com> — 2022-10-17T06:27:35Z
Hi, On 10/17/22 4:07 AM, Michael Paquier wrote: > On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote: >> Right. Giving a second thought to the non matching case, I think I'd prefer >> to concatenate the system_user to the system_user instead. This is what v2 >> does. > > Fine by me, so applied v2. Thanks! Thanks! Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com