@@ -23,18 +23,34 @@ sub reset_pg_hba
23
23
return ;
24
24
}
25
25
26
+ # Delete pg_ident.conf from the given node, add a new entry to it
27
+ # and then execute a reload to refresh it.
28
+ sub reset_pg_ident
29
+ {
30
+ my $node = shift ;
31
+ my $map_name = shift ;
32
+ my $system_user = shift ;
33
+ my $pg_user = shift ;
34
+
35
+ unlink ($node -> data_dir . ' /pg_ident.conf' );
36
+ $node -> append_conf(' pg_ident.conf' , " $map_name $system_user $pg_user " );
37
+ $node -> reload;
38
+ return ;
39
+ }
40
+
26
41
# Test access for a single role, useful to wrap all tests into one.
27
42
sub test_role
28
43
{
29
44
local $Test::Builder::Level = $Test::Builder::Level + 1;
30
45
31
- my ($node , $role , $method , $expected_res , %params ) = @_ ;
46
+ my ($node , $role , $method , $expected_res , $test_details , %params ) = @_ ;
32
47
my $status_string = ' failed' ;
33
48
$status_string = ' success' if ($expected_res eq 0);
34
49
35
50
my $connstr = " user=$role " ;
36
51
my $testname =
37
- " authentication $status_string for method $method , role $role " ;
52
+ " authentication $status_string for method $method , role $role "
53
+ . $test_details ;
38
54
39
55
if ($expected_res eq 0)
40
56
{
@@ -87,16 +103,50 @@ sub find_in_log
87
103
# Tests without the user name map.
88
104
# Failure as connection is attempted with a database role not mapping
89
105
# to an authorized system user.
90
- test_role($node , qq{ testmapuser} , ' peer' , 2,
106
+ test_role(
107
+ $node , qq{ testmapuser} , ' peer' , 2,
108
+ ' without user name map' ,
91
109
log_like => [qr / Peer authentication failed for user "testmapuser"/ ]);
92
110
93
111
# Tests with a user name map.
94
- $node -> append_conf( ' pg_ident.conf ' , qq{ mypeermap $system_user testmapuser} );
112
+ reset_pg_ident( $node , ' mypeermap ' , $system_user , ' testmapuser' );
95
113
reset_pg_hba($node , ' peer map=mypeermap' );
96
114
97
115
# Success as the database role matches with the system user in the map.
98
- test_role($node , qq{ testmapuser} , ' peer' , 0,
116
+ test_role($node , qq{ testmapuser} , ' peer' , 0, ' with user name map ' ,
99
117
log_like =>
100
118
[qr / connection authenticated: identity="$system_user " method=peer/ ]);
101
119
120
+ # Test with regular expression in user name map.
121
+ # Extract the last 3 characters from the system_user
122
+ # or the entire system_user (if its length is <= -3).
123
+ my $regex_test_string = substr ($system_user , -3);
124
+
125
+ # Success as the regular expression matches.
126
+ reset_pg_ident($node , ' mypeermap' , qq{ /^.*$regex_test_string \$ } ,
127
+ ' testmapuser' );
128
+ test_role(
129
+ $node ,
130
+ qq{ testmapuser} ,
131
+ ' peer' ,
132
+ 0,
133
+ ' with regular expression in user name map' ,
134
+ log_like =>
135
+ [qr / connection authenticated: identity="$system_user " method=peer/ ]);
136
+
137
+
138
+ # Concatenate system_user to system_user.
139
+ $regex_test_string = $system_user . $system_user ;
140
+
141
+ # Failure as the regular expression does not match.
142
+ reset_pg_ident($node , ' mypeermap' , qq{ /^.*$regex_test_string \$ } ,
143
+ ' testmapuser' );
144
+ test_role(
145
+ $node ,
146
+ qq{ testmapuser} ,
147
+ ' peer' ,
148
+ 2,
149
+ ' with regular expression in user name map' ,
150
+ log_like => [qr / no match in usermap "mypeermap" for user "testmapuser"/ ]);
151
+
102
152
done_testing();
0 commit comments