[pgpool-hackers: 4571] Proposal: new client authentication test

Tatsuo Ishii ishii at postgresql.org
Fri Mar 14 14:45:15 JST 2025 

Currently we have 3 client authentication tests (besides SSL related
tests). Namely:

020.allow_clear_text_frontend_auth
021.pool_passwd_auth
022.pool_passwd_alternative_auth

Client authentication in pgpool is complicated because multiple
configuration files such as pgpool.conf, pg_hba.conf, pool_hba.conf
and pool_passwd are involved. The 3 tests have been added at the time
when the feature was developed. I have been worried about those tests
may not cover some cases.

Instead of enhancing the tests, I propose a new regression test
040.clent_auth (see attached patch).

The idea is a "table driven" test. The test script reads the csv file
and performs the test. The csv file has 6 fields:
---
username: the username used for the test case

pool_hba.conf: takes "scram", "md5" or "off". If "scram" or "md5", the
user will have an entry in pool_hba.conf accordingly. If "off",
enable_pool_hba.conf will be off.

allow_clear_text_frontend_auth: takes "on" or "off".

pool_passwd:
takes "AES", "md5" or "off". If "AES" or "md5" the user's password
will be stored in pool_passwd using ASE256 or md5 encryption method
accordingly. If "off" is specified, no entry will be created.

pg_hba.conf: almost same as pool_hba.conf except this is for
pg_hba.conf.

expected: takes "ok" or "ng". If ok, the authentication is expected to
be succeeded. If failed, the test is regarded as failed. "ng" is
opposite. The authentication is expected to be failed. If succeeds,
the test regarded as failed.
---

By changing these fields, we can easily create test cases. Currently
14 test cases are proposed in the table.  The merit of this method is
possible higher test coverage. For human, it is easier to find
uncovered test cases in a table than in a program code.

Comments are suggestions are welcome.
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client_auth_test.patch
Type: application/octet-stream
Size: 7503 bytes
Desc: not available
URL: <http://www.pgpool.net/pipermail/pgpool-hackers/attachments/20250314/ceca9263/attachment.obj>

More information about the pgpool-hackers mailing list