Hi,
On 9/28/22 7:52 AM, Michael Paquier wrote:
> On Fri, Aug 26, 2022 at 10:43:43AM +0200, Drouvot, Bertrand wrote:
>> During the work in [1] we created a new TAP test to test the SYSTEM_USER
>> behavior with peer authentication.
>>
>> It turns out that there is currently no TAP test for the peer
>> authentication, so we think (thanks Michael for the suggestion [2]) that
>> it's better to split the work in [1] between "pure" SYSTEM_USER related work
>> and the "pure" peer authentication TAP test work.
>>
>> That's the reason of this new thread, please find attached a patch to add a
>> new TAP test for the peer authentication.
>
> +# Get the session_user to define the user name map test.
> +my $session_user =
> + $node->safe_psql('postgres', 'select session_user');
> [...]
> +# Define a user name map.
> +$node->append_conf('pg_ident.conf', qq{mypeermap $session_user testmap$session_user});
> +
> +# Set pg_hba.conf with the peer authentication and the user name map.
> +reset_pg_hba($node, 'peer map=mypeermap');
>
> A map consists of a "MAPNAME SYSTEM_USER PG_USER". Why does this test
> use a Postgres role (from session_user) as the system user for the
> peer map?
Thanks for looking at it!
Initially selecting the session_user with a "local" connection and no
user provided during the connection is a way I came up to retrieve the
"SYSTEM_USER" to be used later on in the map.
Maybe the variable name should be system_user instead or should we use
another way to get the "SYSTEM_USER" to be used in the map?
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com