Thread: Add regular expression testing for user name mapping in the peer authentication TAP test

Hi hackers,

while working on [1], I thought it could also be useful to add regular 
expression testing for user name mapping in the peer authentication TAP 
test.

This kind of test already exists in kerberos/t/001_auth.pl but the 
proposed one in the peer authentication testing would probably be more 
widely tested.

Please find attached a patch proposal to do so.

[1]: 
https://www.postgresql.org/message-id/4f55303e-62c1-1072-61db-fbfb30bd66c8%40gmail.com

Looking forward to your feedback,

Regards,

-- 
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com

On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote:
> while working on [1], I thought it could also be useful to add regular
> expression testing for user name mapping in the peer authentication TAP
> test.

Good idea now that we have a bit more coverage in the authentication
tests.

> +# Test with regular expression in user name map.
> +my $last_system_user_char = substr($system_user, -1);

This would attach to the regex the last character of the system user.
I would perhaps have used more characters than that (-3?), as substr()
with a negative number larger than the string given in input would
give the entire string.  That's a nit, though.

> +# The regular expression does not match.
> +reset_pg_ident($node, 'mypeermap', '/^$', 'testmapuser');

This matches only an empty string, my brain gets that right?
--
Michael

Hi,

On 10/15/22 5:11 AM, Michael Paquier wrote:
> On Fri, Oct 14, 2022 at 06:31:15PM +0200, Drouvot, Bertrand wrote:
>> while working on [1], I thought it could also be useful to add regular
>> expression testing for user name mapping in the peer authentication TAP
>> test.
> 
> Good idea now that we have a bit more coverage in the authentication
> tests.

Thanks for looking at it!

>> +# Test with regular expression in user name map.
>> +my $last_system_user_char = substr($system_user, -1);
> 
> This would attach to the regex the last character of the system user.

Right.

> I would perhaps have used more characters than that (-3?), as substr()
> with a negative number larger than the string given in input would
> give the entire string.  That's a nit, though.

I don't have a strong opinion on this, so let's extract the last 3 
characters. This is what v2 attached does.

> 
>> +# The regular expression does not match.
>> +reset_pg_ident($node, 'mypeermap', '/^$', 'testmapuser');
> 
> This matches only an empty string, my brain gets that right?

Right. Giving a second thought to the non matching case, I think I'd 
prefer to concatenate the system_user to the system_user instead. This 
is what v2 does.

Regards,

-- 
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com

On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote:
> Right. Giving a second thought to the non matching case, I think I'd prefer
> to concatenate the system_user to the system_user instead. This is what v2
> does.

Fine by me, so applied v2.  Thanks!
--
Michael

Hi,

On 10/17/22 4:07 AM, Michael Paquier wrote:
> On Sat, Oct 15, 2022 at 07:54:30AM +0200, Drouvot, Bertrand wrote:
>> Right. Giving a second thought to the non matching case, I think I'd prefer
>> to concatenate the system_user to the system_user instead. This is what v2
>> does.
> 
> Fine by me, so applied v2.  Thanks!

Thanks!

Regards,

-- 
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com