Differential D3878

Test if PostgreSQL connections for pg_hba.conf use CIDR notation
ClosedPublic
Actions

Authored by dereckson on Nov 11 2025, 15:50.

Details

Reviewers

dereckson

Commits

rOPS905fee1ce5b9: Test if PostgreSQL connections for pg_hba.conf use CIDR notation

Summary

[ Context ]

PostgreSQL doesn't accept "127.0.0.1" anymore in pg_hba.conf, as
it accepts two notation, IP range or "ip-address ip-mask".

To represent the "127.0.0.1" address, two notations are valid:
"127.0.0.1/32" or "127.0.0.1 255.255.255.255".

Nasqueron configuration uses the CIDR notation format.

[ Test suite for connections ]

Check all mandatory keys are there
Check no unknown key is there (would be ignored by our template)
Check the ips parameter is a CIDR range (contains "/")

Reference: https://www.postgresql.org/docs/17/auth-pg-hba-conf.html

Test Plan

New tests pass for current configuration
Tests fail for "ips: 127.0.0.1"
Tests fail if we mess with the keys
DNS test still pass

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Nov 11 2025, 15:50

dereckson created this revision.

Harbormaster completed remote builds in B6181: Diff 10034.Nov 11 2025, 15:50

dereckson accepted this revision.Nov 11 2025, 15:52

This revision is now accepted and ready to land.Nov 11 2025, 15:52

This revision was landed with ongoing or failed builds.Nov 11 2025, 15:52

Closed by commit rOPS905fee1ce5b9: Test if PostgreSQL connections for pg_hba.conf use CIDR notation (authored by dereckson). · Explain Why

This revision was automatically updated to reflect the committed changes.

dereckson added a commit: rOPS905fee1ce5b9: Test if PostgreSQL connections for pg_hba.conf use CIDR notation.

dereckson mentioned this in rOPS614936d220ab: Use CIDR notation for devserver localhost connections.Nov 11 2025, 15:55

Revision Contents
Changeset List

Path

Size

_tests/

Makefile

2 lines

helpers.py

36 lines

pillar/

dbserver/

__init__.py

test_postgresql.py

72 lines

roles/

python/

dns/

run_test_dns_zones.sh

3 lines

test_dns_zones.py

39 lines

Diff 10035

View Options

_tests/Makefile

View Options

_tests/helpers.py

View Options

_tests/pillar/dbserver/init.py

View Options

_tests/pillar/dbserver/test_postgresql.py

View Options

_tests/roles/python/dns/run_test_dns_zones.sh

View Options

_tests/roles/python/dns/test_dns_zones.py

Test if PostgreSQL connections for pg_hba.conf use CIDR notationClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 10035

_tests/Makefile

_tests/helpers.py

_tests/pillar/dbserver/__init__.py

_tests/pillar/dbserver/test_postgresql.py

_tests/roles/python/dns/run_test_dns_zones.sh

_tests/roles/python/dns/test_dns_zones.py

Test if PostgreSQL connections for pg_hba.conf use CIDR notation
ClosedPublic
Actions

Revision Contents
Changeset List

_tests/pillar/dbserver/init.py