pgwire: improve some HBA error messages #43710
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patch introduces a datadriven test runner for HBA config tests. It also replaces the previous `TestHBA` by more exhaustive datadriven input files, with comments that better explain the narrative of the test. Release note: None
Before: ``` > set cluster setting server.host_based_authentication.configuration = 'host db all 0.0.0.0/32 cert'; ERROR: database must be specified as all ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all myhost cert'; ERROR: host addresses not supported ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all 0.0.0.0/32 sdfsf'; ERROR: unknown auth method "sdfsdf" ``` After: ``` > set cluster setting server.host_based_authentication.configuration = 'host db all 0.0.0.0/32 cert'; ERROR: unimplemented: per-database HBA rules are not supported SQLSTATE: 0A000 HINT: You have attempted to use a feature that is not yet implemented. -- Use the special value 'all' (without quotes) to match all databases. ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all myhost cert'; ERROR: unimplemented: hostname-based HBA rules are not supported SQLSTATE: 0A000 HINT: You have attempted to use a feature that is not yet implemented. -- List the numeric CIDR notation instead, for example: 127.0.0.1/8. ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all 0.0.0.0/32 sdfsdf' ERROR: unimplemented: unknown auth method "sdfsdf" SQLSTATE: 0A000 HINT: You have attempted to use a feature that is not yet implemented. -- Supported methods: cert, cert-password, password ``` Release note (sql change): CockroachDB will now provide more descriptive error messages and a error hint when an unsupported rule is provided via `server.host_based_authentication.configuration`.
|
This change is |
maddyblue
approved these changes
Jan 3, 2020
|
thanks! bors r+ |
craig bot
pushed a commit
that referenced
this pull request
Jan 3, 2020
43701: sqlsmith: add support for interleaved tables r=mjibson a=mjibson This commit adds interleaved table support to sqlsmith. When running with the rand-tables configuration, there's a 50% chance of all tables but the first one to get interleaved into a random other table. Release note: None 43709: pgwire: use datadriven-based testing for HBA configs r=knz a=knz (I'm currently working on #31113 and updating this test makes my life easier.) This patch introduces a datadriven test runner for HBA config tests. It also replaces the previous `TestHBA` by more exhaustive datadriven input files, with comments that better explain the narrative of the test. Release note: None 43710: pgwire: improve some HBA error messages r=knz a=knz First commit from #43709. Before: ``` > set cluster setting server.host_based_authentication.configuration = 'host db all 0.0.0.0/32 cert'; ERROR: database must be specified as all ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all myhost cert'; ERROR: host addresses not supported ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all 0.0.0.0/32 sdfsf'; ERROR: unknown auth method "sdfsdf" ``` After: ``` > set cluster setting server.host_based_authentication.configuration = 'host db all 0.0.0.0/32 cert'; ERROR: unimplemented: per-database HBA rules are not supported SQLSTATE: 0A000 HINT: You have attempted to use a feature that is not yet implemented. -- Use the special value 'all' (without quotes) to match all databases. ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all myhost cert'; ERROR: unimplemented: hostname-based HBA rules are not supported SQLSTATE: 0A000 HINT: You have attempted to use a feature that is not yet implemented. -- List the numeric CIDR notation instead, for example: 127.0.0.1/8. ``` ``` > set cluster setting server.host_based_authentication.configuration = 'host all all 0.0.0.0/32 sdfsdf' ERROR: unimplemented: unknown auth method "sdfsdf" SQLSTATE: 0A000 HINT: You have attempted to use a feature that is not yet implemented. -- Supported methods: cert, cert-password, password ``` Release note (sql change): CockroachDB will now provide more descriptive error messages and a error hint when an unsupported rule is provided via `server.host_based_authentication.configuration`. 43711: pgwire: split the authentication code in its own files r=knz a=knz First two commits from #43709 and #43710. This patch splits the pgwire authentication in its own files and adds missing explanatory comments. No functional changes. 43713: pgwire/hba: fix a bug in the parsing logic r=knz a=knz Release note (bug fix): There was a bug in the parsing logic for server.host_based_authentication.configuration, where both single-character strings, and quoted strings containing spaces and separated by commas were not properly parsed. This would cause e.g. rules for usernames consisting of a single characters, or usernames containing spaces, to apply improperly. Co-authored-by: Jordan Lewis <[email protected]> Co-authored-by: Raphael 'kena' Poss <[email protected]>
Build succeeded |
|
(found while fixing #31113) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First commit from #43709.
Before:
After:
Release note (sql change): CockroachDB will now provide more
descriptive error messages and a error hint when an unsupported rule
is provided via
server.host_based_authentication.configuration.