summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28317de)
raw | patch | inline | side by side (parent: 28317de)
| author | Thomas Munro <tmunro@postgresql.org> | |
| Wed, 19 Mar 2025 03:16:15 +0000 (16:16 +1300) | ||
| committer | Thomas Munro <tmunro@postgresql.org> | |
| Wed, 19 Mar 2025 03:45:01 +0000 (16:45 +1300) |
The test authorization server implemented in oauth_server.py does not
listen on IPv6. Most of the time, libcurl happily falls back to IPv4
after failing its initial connection, but on NetBSD, something is
consistently showing up on the unreserved IPv6 port and causing a test
failure.
Rather than deal with dual-stack details across all test platforms,
change the issuer to enforce the use of IPv4 only. (This elicits more
punishing timeout behavior from libcurl, so it's a useful change from
the testing perspective as well.)
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Reported-by: Thomas Munro <thomas.munro@gmail.com>
Discussion: https://postgr.es/m/CAOYmi%2Bn4EDOOUL27_OqYT2-F2rS6S%2B3mK-ppWb2Ec92UEoUbYA%40mail.gmail.com
listen on IPv6. Most of the time, libcurl happily falls back to IPv4
after failing its initial connection, but on NetBSD, something is
consistently showing up on the unreserved IPv6 port and causing a test
failure.
Rather than deal with dual-stack details across all test platforms,
change the issuer to enforce the use of IPv4 only. (This elicits more
punishing timeout behavior from libcurl, so it's a useful change from
the testing perspective as well.)
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Reported-by: Thomas Munro <thomas.munro@gmail.com>
Discussion: https://postgr.es/m/CAOYmi%2Bn4EDOOUL27_OqYT2-F2rS6S%2B3mK-ppWb2Ec92UEoUbYA%40mail.gmail.com
diff --git a/src/test/modules/oauth_validator/t/001_server.pl b/src/test/modules/oauth_validator/t/001_server.pl
index 6fa59fbeb257295ffe3d50d5627f31c274424f5a..30295364ebd1c85f08b0baf07f86bc91f7a56307 100644 (file)
}
my $port = $webserver->port();
-my $issuer = "http://localhost:$port";
+my $issuer = "http://127.0.0.1:$port";
unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf(
diff --git a/src/test/modules/oauth_validator/t/OAuth/Server.pm b/src/test/modules/oauth_validator/t/OAuth/Server.pm
index 655b2870b0b0ae5abf1bf75a94aeff623a9fa481..52ae7afa991c3f5e32515757d8838a352de90ce8 100644 (file)
$server->run;
my $port = $server->port;
- my $issuer = "http://localhost:$port";
+ my $issuer = "http://127.0.0.1:$port";
# test against $issuer...
in its standard library, so the implementation was ported from Perl.)
This authorization server does not use TLS (it implements a nonstandard, unsafe
-issuer at "http://localhost:<port>"), so libpq in particular will need to set
+issuer at "http://127.0.0.1:<port>"), so libpq in particular will need to set
PGOAUTHDEBUG=UNSAFE to be able to talk to it.
=cut
diff --git a/src/test/modules/oauth_validator/t/oauth_server.py b/src/test/modules/oauth_validator/t/oauth_server.py
index 4faf3323d388654deec269585c0dce23db4f6d1b..5bc30be87fdea337a707fb0d703ca0f5d060adbf 100755 (executable)
def config(self) -> JsonObject:
port = self.server.socket.getsockname()[1]
- issuer = f"http://localhost:{port}"
+ issuer = f"http://127.0.0.1:{port}"
if self._alt_issuer:
issuer += "/alternate"
elif self._parameterized: