summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson2024-09-03 16:57:56 +0000
committerDaniel Gustafsson2024-09-03 16:57:56 +0000
commitba7625a7a51b58c712541d7c0d6667c1f860e33f (patch)
tree6f8afc148370bf4e69eed8e6a620ee6b5969a07d
parente5f1f0a4f2ab19d205a520c52530264c19747c0a (diff)
Use library functions to edit config in SSL tests
The SSL tests were editing the postgres configuration by directly reading and writing the files rather than using append_conf() from the testcode library. Reviewed-by: Peter Eisentraut <[email protected]> Discussion: https://postgr.es/m/[email protected]
-rw-r--r--src/test/ssl/t/SSL/Server.pm81
1 files changed, 39 insertions, 42 deletions
diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm
index 021eec74abf..de06f6f242f 100644
--- a/src/test/ssl/t/SSL/Server.pm
+++ b/src/test/ssl/t/SSL/Server.pm
@@ -197,17 +197,18 @@ sub configure_test_server_for_ssl
}
# enable logging etc.
- open my $conf, '>>', "$pgdata/postgresql.conf" or die $!;
- print $conf "fsync=off\n";
- print $conf "log_connections=on\n";
- print $conf "log_hostname=on\n";
- print $conf "listen_addresses='$serverhost'\n";
- print $conf "log_statement=all\n";
+ $node->append_conf(
+ 'postgresql.conf', <<EOF
+fsync=off
+log_connections=on
+log_hostname=on
+listen_addresses='$serverhost'
+log_statement=all
+EOF
+ );
# enable SSL and set up server key
- print $conf "include 'sslconfig.conf'\n";
-
- close $conf;
+ $node->append_conf('postgresql.conf', "include 'sslconfig.conf'");
# SSL configuration will be placed here
open my $sslconf, '>', "$pgdata/sslconfig.conf" or die $!;
@@ -296,13 +297,12 @@ sub switch_server_cert
my %params = @_;
my $pgdata = $node->data_dir;
- open my $sslconf, '>', "$pgdata/sslconfig.conf" or die $!;
- print $sslconf "ssl=on\n";
- print $sslconf $backend->set_server_cert(\%params);
- print $sslconf "ssl_passphrase_command='"
- . $params{passphrase_cmd} . "'\n"
+ ok(unlink($node->data_dir . '/sslconfig.conf'));
+ $node->append_conf('sslconfig.conf', "ssl=on");
+ $node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
+ $node->append_conf('sslconfig.conf',
+ "ssl_passphrase_command='" . $params{passphrase_cmd} . "'")
if defined $params{passphrase_cmd};
- close $sslconf;
return if (defined($params{restart}) && $params{restart} eq 'no');
@@ -321,35 +321,32 @@ sub _configure_hba_for_ssl
# but seems best to keep it as narrow as possible for security reasons.
#
# When connecting to certdb, also check the client certificate.
- open my $hba, '>', "$pgdata/pg_hba.conf" or die $!;
- print $hba
- "# TYPE DATABASE USER ADDRESS METHOD OPTIONS\n";
- print $hba
- "hostssl trustdb md5testuser $servercidr md5\n";
- print $hba
- "hostssl trustdb all $servercidr $authmethod\n";
- print $hba
- "hostssl verifydb ssltestuser $servercidr $authmethod clientcert=verify-full\n";
- print $hba
- "hostssl verifydb anotheruser $servercidr $authmethod clientcert=verify-full\n";
- print $hba
- "hostssl verifydb yetanotheruser $servercidr $authmethod clientcert=verify-ca\n";
- print $hba
- "hostssl certdb all $servercidr cert\n";
- print $hba
- "hostssl certdb_dn all $servercidr cert clientname=DN map=dn\n",
- "hostssl certdb_dn_re all $servercidr cert clientname=DN map=dnre\n",
- "hostssl certdb_cn all $servercidr cert clientname=CN map=cn\n";
- close $hba;
+ ok(unlink($node->data_dir . '/pg_hba.conf'));
+ $node->append_conf(
+ 'pg_hba.conf', <<EOF
+# TYPE DATABASE USER ADDRESS METHOD OPTIONS
+hostssl trustdb md5testuser $servercidr md5
+hostssl trustdb all $servercidr $authmethod
+hostssl verifydb ssltestuser $servercidr $authmethod clientcert=verify-full
+hostssl verifydb anotheruser $servercidr $authmethod clientcert=verify-full
+hostssl verifydb yetanotheruser $servercidr $authmethod clientcert=verify-ca
+hostssl certdb all $servercidr cert
+hostssl certdb_dn all $servercidr cert clientname=DN map=dn
+hostssl certdb_dn_re all $servercidr cert clientname=DN map=dnre
+hostssl certdb_cn all $servercidr cert clientname=CN map=cn
+EOF
+ );
# Also set the ident maps. Note: fields with commas must be quoted
- open my $map, ">", "$pgdata/pg_ident.conf" or die $!;
- print $map
- "# MAPNAME SYSTEM-USERNAME PG-USERNAME\n",
- "dn \"CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG\" ssltestuser\n",
- "dnre \"/^.*OU=Testing,.*\$\" ssltestuser\n",
- "cn ssltestuser-dn ssltestuser\n";
-
+ ok(unlink($node->data_dir . '/pg_ident.conf'));
+ $node->append_conf(
+ 'pg_ident.conf', <<EOF
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
+dn "CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG" ssltestuser
+dnre "/^.*OU=Testing,.*\$" ssltestuser
+cn ssltestuser-dn ssltestuser
+EOF
+ );
return;
}