HomeDevCentral
Diffusion Nasqueron Operations 905fee1ce5b9

Test if PostgreSQL connections for pg_hba.conf use CIDR notation
905fee1ce5b9
Actions

Description

Test if PostgreSQL connections for pg_hba.conf use CIDR notation

[ Context ]

PostgreSQL doesn't accept "127.0.0.1" anymore in pg_hba.conf, as
it accepts two notation, IP range or "ip-address ip-mask".

To represent the "127.0.0.1" address, two notations are valid:
"127.0.0.1/32" or "127.0.0.1 255.255.255.255".

Nasqueron configuration uses the CIDR notation format.

[ Test suite for connections ]

  • Check all mandatory keys are there
  • Check no unknown key is there (would be ignored by our template)
  • Check the ips parameter is a CIDR range (contains "/")

Reference: https://www.postgresql.org/docs/17/auth-pg-hba-conf.html

Test Plan:

  • New tests pass for current configuration
  • Tests fail for "ips: 127.0.0.1"
  • Tests fail if we mess with the keys
  • DNS test still pass

Differential Revision: https://devcentral.nasqueron.org/D3878

Details

Provenance
derecksonAuthored on Tue, Nov 11, 15:43
derecksonPushed on Tue, Nov 11, 15:52
Differential Revision
D3878: Test if PostgreSQL connections for pg_hba.conf use CIDR notation
Parents
rOPS1b64a441817e: Add Jinja2 to tests requirements
Branches
Unknown
Tags
Unknown

Event Timeline

dereckson committed rOPS905fee1ce5b9: Test if PostgreSQL connections for pg_hba.conf use CIDR notation (authored by dereckson).Tue, Nov 11, 15:52
dereckson added an edge: D3878: Test if PostgreSQL connections for pg_hba.conf use CIDR notation.
dereckson mentioned this in rOPS614936d220ab: Use CIDR notation for devserver localhost connections.Tue, Nov 11, 15:55
dereckson added inline comments.Tue, Nov 11, 16:03
/_tests/pillar/dbserver/test_postgresql.py
69

It's asserted a simple reminder to add /32 for unique IP address is the real need here.

If we want to test further CIDR correctness, ip_network can help.

Changes (7)

PathSize
_tests/
pillar/
dbserver/
roles/
python/
dns/

rOPS905fee1ce5b9

View Options

_tests/Makefile

Loading...
View Options

_tests/helpers.py

Loading...
View Options

_tests/pillar/dbserver/__init__.py

Loading...
View Options

_tests/pillar/dbserver/test_postgresql.py

Loading...
View Options

_tests/roles/python/dns/run_test_dns_zones.sh

Loading...
View Options

_tests/roles/python/dns/test_dns_zones.py

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator