Re: Proposal: Save user's original authenticated identity for logging
Jacob Champion <pchampion@vmware.com>
From: Jacob Champion <pchampion@vmware.com>
To: "michael@paquier.xyz" <michael@paquier.xyz>
Cc: "magnus@hagander.net" <magnus@hagander.net>, "stark@mit.edu" <stark@mit.edu>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, "sfrost@snowman.net" <sfrost@snowman.net>, "tgl@sss.pgh.pa.us" <tgl@sss.pgh.pa.us>
Date: 2021-03-26T22:41:03Z
Lists: pgsql-hackers
Attachments
- since-v11.diff.txt (text/plain)
- v12-0001-ssl-store-client-s-DN-in-port-peer_dn.patch (text/x-patch) patch v12-0001
- v12-0002-Log-authenticated-identity-from-all-auth-backend.patch (text/x-patch) patch v12-0002
On Fri, 2021-03-26 at 09:12 +0900, Michael Paquier wrote: > Does it really matter to have the full contents of the file from the > previous tests though? For a few of the bugs I was tracking down, it was imperative. The tests aren't isolated enough (or at all) to keep one from affecting the others. And if the test is written incorrectly, or becomes incorrect due to implementation changes, then the log files are really the only way to debug after a false positive -- with truncation, the bad test succeeds incorrectly and then swallows the evidence. :) > Could you make the comments in those various areas more > explicit about the difference and that it is intentional to register > the auth ID before checking the user map? Anybody reading this code > in the future may get confused with the differences in handling all > that according to the auth type involved if that's not clearly > stated. I took a stab at this in v12, attached. --Jacob
Commits
-
Add missing $Test::Builder::Level settings
- 73aa5e0cafd0 15.0 landed
- e536a2683439 14.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 landed
-
Fix some issues with SSL and Kerberos tests
- 5a71964a832f 14.0 landed
-
Refactor all TAP test suites doing connection checks
- c50624cdd248 14.0 landed