Re: Refactor SSL test framework to support multiple TLS libraries - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Refactor SSL test framework to support multiple TLS libraries
Date
Msg-id YGLKNBf9zyh6+WSt@paquier.xyz
Whole thread Raw
In response to Re: Refactor SSL test framework to support multiple TLS libraries  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: Refactor SSL test framework to support multiple TLS libraries
List pgsql-hackers
On Thu, Mar 25, 2021 at 09:25:11AM -0400, Andrew Dunstan wrote:
> The thing is that SSLServer isn't currently constructed in an OO
> fashion. Typically, OO modules in perl don't export anything, and all
> access is via the class (for the constructor or static methods) or
> instances, as in
>
>     my $instance = MyClass->new();
>     $instance->mymethod();
>
> In such a module you should not see lines using Exporter or defining
> @Export.
>
> So probably the first step in this process would be to recast SSLServer
> as an OO type module, without subclassing it, and then create a subclass
> along the lines Alvarro suggests.

It seems that it does not make sense to transform all the contents of
SSLServer to become an OO module.  So it looks necessary to me to
split things, with one part being the OO module managing the server
configuration.  So, first, we have some helper routines that should
not be within the module:
- copy_files()
- test_connect_fails()
- test_connect_ok()
The test_*() ones are just wrappers for psql able to use a customized
connection string.  It seems to me that it would make sense to move
those two into PostgresNode::psql itself and extend it to be able to
handle custom connection strings?  copy_files() is more generic than
that.  Wouldn't it make sense to move that to TestLib.pm instead?

Second, the routines managing the server setup itself:
- a new() routine to create and register a node removing the
duplicated initialization setup in 001 and 002.
- switch_server_cert(), with a split on set_server_cert() as that
looks cleaner.
- configure_hba_for_ssl()
- install_certificates() (present inside Daniel's patch)
- Something to copy the keys from the tree.

Patch v2 from upthread does mostly that, but it seems to me that we
should integrate better with PostgresNode to manage the backend node,
no?

> Incidentally, I'm not sure why we need to break SSLServer into
> SSL::Server - are we expecting to create other children of the SSL
> namespace?

Agreed.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Kyotaro Horiguchi
Date:
Subject: Re: Walsender may fail to send wal to the end.
Next
From: Julien Rouhaud
Date:
Subject: Re: Idea: Avoid JOINs by using path expressions to follow FKs