Use library functions to edit config in SSL tests

The SSL tests were editing the postgres configuration by directly reading and writing the files rather than using append_conf() from the testcode library. Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Discussion: https://postgr.es/m/01F4684C-8C98-4BBE-AB83-AC8D7C746AF8@yesql.se
2025-04-27 22:56:53 +03:00 · 2024-09-03 18:57:56 +02:00 · 2024-09-03 18:57:56 +02:00 · ba7625a7a5
commit ba7625a7a5
parent e5f1f0a4f2
1 changed files with 39 additions and 42 deletions
--- a/src/test/ssl/t/SSL/Server.pm
+++ b/src/test/ssl/t/SSL/Server.pm
@ -197,17 +197,18 @@ sub configure_test_server_for_ssl
 	}
 	# enable logging etc.
-	open my $conf, '>>', "$pgdata/postgresql.conf" or die $!;
+	$node->append_conf(
-	print $conf "fsync=off\n";
+		'postgresql.conf', <<EOF
-	print $conf "log_connections=on\n";
+fsync=off
-	print $conf "log_hostname=on\n";
+log_connections=on
-	print $conf "listen_addresses='$serverhost'\n";
+log_hostname=on
-	print $conf "log_statement=all\n";
+listen_addresses='$serverhost'
 log_statement=all
 EOF
 	);
 	# enable SSL and set up server key
-	print $conf "include 'sslconfig.conf'\n";
+	$node->append_conf('postgresql.conf', "include 'sslconfig.conf'");
 	close $conf;
 	# SSL configuration will be placed here
 	open my $sslconf, '>', "$pgdata/sslconfig.conf" or die $!;
@ -296,13 +297,12 @@ sub switch_server_cert
 	my %params = @_;
 	my $pgdata = $node->data_dir;
-	open my $sslconf, '>', "$pgdata/sslconfig.conf" or die $!;
+	ok(unlink($node->data_dir . '/sslconfig.conf'));
-	print $sslconf "ssl=on\n";
+	$node->append_conf('sslconfig.conf', "ssl=on");
-	print $sslconf $backend->set_server_cert(\%params);
+	$node->append_conf('sslconfig.conf', $backend->set_server_cert(\%params));
-	print $sslconf "ssl_passphrase_command='"
+	$node->append_conf('sslconfig.conf',
-	  . $params{passphrase_cmd} . "'\n"
+		"ssl_passphrase_command='" . $params{passphrase_cmd} . "'")
 	  if defined $params{passphrase_cmd};
 	close $sslconf;
 	return if (defined($params{restart}) && $params{restart} eq 'no');
@ -321,35 +321,32 @@ sub _configure_hba_for_ssl
 	# but seems best to keep it as narrow as possible for security reasons.
 	#
 	# When connecting to certdb, also check the client certificate.
-	open my $hba, '>', "$pgdata/pg_hba.conf" or die $!;
+	ok(unlink($node->data_dir . '/pg_hba.conf'));
-	print $hba
+	$node->append_conf(
-	  "# TYPE  DATABASE        USER            ADDRESS                 METHOD             OPTIONS\n";
+		'pg_hba.conf', <<EOF
-	print $hba
+# TYPE  DATABASE      USER            ADDRESS       METHOD         OPTIONS
-	  "hostssl trustdb         md5testuser     $servercidr            md5\n";
+hostssl trustdb       md5testuser     $servercidr   md5
-	print $hba
+hostssl trustdb       all             $servercidr   $authmethod
-	  "hostssl trustdb         all             $servercidr            $authmethod\n";
+hostssl verifydb      ssltestuser     $servercidr   $authmethod    clientcert=verify-full
-	print $hba
+hostssl verifydb      anotheruser     $servercidr   $authmethod    clientcert=verify-full
-	  "hostssl verifydb        ssltestuser     $servercidr            $authmethod        clientcert=verify-full\n";
+hostssl verifydb      yetanotheruser  $servercidr   $authmethod    clientcert=verify-ca
-	print $hba
+hostssl certdb        all             $servercidr   cert
-	  "hostssl verifydb        anotheruser     $servercidr            $authmethod        clientcert=verify-full\n";
+hostssl certdb_dn     all             $servercidr   cert clientname=DN map=dn
-	print $hba
+hostssl certdb_dn_re  all             $servercidr   cert clientname=DN map=dnre
-	  "hostssl verifydb        yetanotheruser  $servercidr            $authmethod        clientcert=verify-ca\n";
+hostssl certdb_cn     all             $servercidr   cert clientname=CN map=cn
-	print $hba
+EOF
-	  "hostssl certdb          all             $servercidr            cert\n";
+	);
 	print $hba
 	  "hostssl certdb_dn       all             $servercidr            cert clientname=DN map=dn\n",
 	  "hostssl certdb_dn_re    all             $servercidr            cert clientname=DN map=dnre\n",
 	  "hostssl certdb_cn       all             $servercidr            cert clientname=CN map=cn\n";
 	close $hba;
 	# Also set the ident maps. Note: fields with commas must be quoted
-	open my $map, ">", "$pgdata/pg_ident.conf" or die $!;
+	ok(unlink($node->data_dir . '/pg_ident.conf'));
-	print $map
+	$node->append_conf(
-	  "# MAPNAME       SYSTEM-USERNAME                           PG-USERNAME\n",
+		'pg_ident.conf', <<EOF
-	  "dn             \"CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG\"    ssltestuser\n",
+# MAPNAME SYSTEM-USERNAME                                         PG-USERNAME
-	  "dnre           \"/^.*OU=Testing,.*\$\"                    ssltestuser\n",
+dn        "CN=ssltestuser-dn,OU=Testing,OU=Engineering,O=PGDG"    ssltestuser
-	  "cn              ssltestuser-dn                            ssltestuser\n";
+dnre      "/^.*OU=Testing,.*\$"                                   ssltestuser
-
+cn        ssltestuser-dn                                          ssltestuser
 EOF
 	);
 	return;
 }