On Wed, Oct 05, 2022 at 03:32:20PM +0200, Drouvot, Bertrand wrote: > On 10/5/22 9:24 AM, Michael Paquier wrote: >> - test_role() -> test_conn() to be able to pass down a database name. >> - reset_pg_hba() to control the host, db and user parts. The host >> part does not really apply after moving the hosts checks to a more >> secure location, so I guess that this had better be extended just for >> the user and database, keeping host=local all the time. >> I am planning to apply 0001 attached independently, > > 0001 looks good to me.
Thanks. I have applied this refactoring, leaving the host part out of the equation as we should rely only on local connections for this part of the test. The best fit I can think about for the checks on the hostname patterns would be either the ssl, ldap or krb5 tests. SSL is more widely tested than the two others. >> reducing the >> footprint of 0002, which is your previous patch left untouched >> (mostly!). > > Thanks! I'll look at it and the comments you just made up-thread. Cool, thanks. One thing that matters a lot IMO (that I forgot to mention previously) is to preserve the order of the items parsed from the configuration files. Also, I am wondering whether we'd better have some regression tests where a regex includes a comma and a role name itself has a comma, actually, just to stress more the parsing of individual items in the HBA file. -- Michael
signature.asc
Description: PGP signature