How come drongo didn't fail authentication here?

  • Jump to comment-1
    tgl@sss.pgh.pa.us2022-07-28T14:24:51+00:00
    In commits 7c34555f8/e1bd4990b, I added a new role used by a TAP script but neglected the auth_extra incantation needed to allow login as that role. This should have resulted in SSPI auth failures on certain Windows configurations, and indeed it did on drongo's next run in the v15 branch: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A01%3A47 However, its immediately-following run on HEAD succeeded, though I'd obviously not had time to put in the fix yet: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A30%3A27 How can that be? Have we somehow broken SSPI authentication in HEAD? regards, tom lane
    • Jump to comment-1
      andrew@dunslane.net2022-07-28T14:36:53+00:00
      On 2022-07-28 Th 10:24, Tom Lane wrote: > In commits 7c34555f8/e1bd4990b, I added a new role used by a TAP > script but neglected the auth_extra incantation needed to allow > login as that role. This should have resulted in SSPI auth > failures on certain Windows configurations, and indeed it did > on drongo's next run in the v15 branch: > > https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A01%3A47 > > However, its immediately-following run on HEAD succeeded, > though I'd obviously not had time to put in the fix yet: > > https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A30%3A27 > > How can that be? Have we somehow broken SSPI authentication > in HEAD? > > Nothing is broken. On HEAD drongo uses Unix sockets. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
      • Jump to comment-1
        tgl@sss.pgh.pa.us2022-07-28T14:55:21+00:00
        Andrew Dunstan <andrew@dunslane.net> writes: > On 2022-07-28 Th 10:24, Tom Lane wrote: >> How can that be? Have we somehow broken SSPI authentication >> in HEAD? > Nothing is broken. On HEAD drongo uses Unix sockets. I see. Seems like we've created a gotcha for ourselves: a test script can look perfectly fine in Unix-based testing, and even in Windows CI, and then fail when it hits the back branches in the buildfarm. Is it worth doing something to cause the lack of a valid auth_extra spec to fail on Unix? regards, tom lane
        • Jump to comment-1
          andrew@dunslane.net2022-07-28T15:29:44+00:00
          On 2022-07-28 Th 10:55, Tom Lane wrote: > Andrew Dunstan <andrew@dunslane.net> writes: >> On 2022-07-28 Th 10:24, Tom Lane wrote: >>> How can that be? Have we somehow broken SSPI authentication >>> in HEAD? >> Nothing is broken. On HEAD drongo uses Unix sockets. > I see. Seems like we've created a gotcha for ourselves: > a test script can look perfectly fine in Unix-based testing, > and even in Windows CI, and then fail when it hits the back > branches in the buildfarm. Is it worth doing something to > cause the lack of a valid auth_extra spec to fail on Unix? > > Maybe we should just have a windows testing instance that doesn't use Unix sockets at all. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com