Re: Proposal: Save user's original authenticated identity for logging

Jacob Champion <pchampion@vmware.com>

From: Jacob Champion <pchampion@vmware.com>
To: "michael@paquier.xyz" <michael@paquier.xyz>
Cc: "magnus@hagander.net" <magnus@hagander.net>, "stark@mit.edu" <stark@mit.edu>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, "sfrost@snowman.net" <sfrost@snowman.net>, "tgl@sss.pgh.pa.us" <tgl@sss.pgh.pa.us>
Date: 2021-03-26T22:41:03Z
Lists: pgsql-hackers

Attachments

On Fri, 2021-03-26 at 09:12 +0900, Michael Paquier wrote:
> Does it really matter to have the full contents of the file from the
> previous tests though?

For a few of the bugs I was tracking down, it was imperative. The tests
aren't isolated enough (or at all) to keep one from affecting the
others. And if the test is written incorrectly, or becomes incorrect
due to implementation changes, then the log files are really the only
way to debug after a false positive -- with truncation, the bad test
succeeds incorrectly and then swallows the evidence. :)

> Could you make the comments in those various areas more
> explicit about the difference and that it is intentional to register
> the auth ID before checking the user map?  Anybody reading this code
> in the future may get confused with the differences in handling all
> that according to the auth type involved if that's not clearly
> stated.

I took a stab at this in v12, attached.

--Jacob

Commits

  1. Add missing $Test::Builder::Level settings

  2. Add some information about authenticated identity via log_connections

  3. Fix some issues with SSL and Kerberos tests

  4. Refactor all TAP test suites doing connection checks