From e8d8071cbb972324eb75de3bb1d700e93e4ee928 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Sat, 17 Feb 2018 22:39:39 +0900 Subject: [PATCH 2/2] Add PROVE_EXTRA_ALLOWED to control optional test suites By default, SSL and LDAP test suites are not allowed to run as they are not secure for multi-user environments, which is why they are not part of check-world. This commit adds an extra make variable which can be used to optionally enable them if wanted. The user can make use of the variable like that for example: make -C src/test check PROVE_EXTRA_ALLOWED='ssl ldap' PROVE_EXTRA_ALLOWED needs to be a list of items separated by whitespaces, and supports two values for now: 'ssl' and 'ldap' to be able to run respectively tests in src/test/ssl and src/test/ldap. In consequence, the SSL and LDAP test suites are added to check-world but they are skipped except if the user has asked for them to be enabled. --- doc/src/sgml/regress.sgml | 15 +++++++++++++++ src/test/Makefile | 9 ++++----- src/test/ldap/t/001_auth.pl | 13 ++++++++++++- src/test/perl/TestLib.pm | 21 +++++++++++++++++++++ src/test/ssl/t/001_ssltests.pl | 13 ++++++++++++- src/test/ssl/t/002_scram.pl | 13 ++++++++++++- 6 files changed, 76 insertions(+), 8 deletions(-) diff --git a/doc/src/sgml/regress.sgml b/doc/src/sgml/regress.sgml index 53716a029f..e6559dae2a 100644 --- a/doc/src/sgml/regress.sgml +++ b/doc/src/sgml/regress.sgml @@ -675,6 +675,21 @@ make -C src/bin check PROVE_FLAGS='--timer' See the manual page of prove for more information. + + TAP tests under src/test/ssl and + src/test/ldap are not secure to run on a multi-system + environment. You can decide which test suites to additionally allow by + setting the make variable + PROVE_EXTRA_ALLOWED to define a list of tests separated + by a whitespace. + +make -C src/test check PROVE_EXTRA_ALLOWED='ssl ldap' + + As of now, two test types are supported: ssl to allow + tests in src/test/ssl to be run, and + ldap for src/test/ldap. + + The TAP tests require the Perl module IPC::Run. This module is available from CPAN or an operating system package. diff --git a/src/test/Makefile b/src/test/Makefile index 73abf163f1..c4ae0965b2 100644 --- a/src/test/Makefile +++ b/src/test/Makefile @@ -12,13 +12,12 @@ subdir = src/test top_builddir = ../.. include $(top_builddir)/src/Makefile.global -SUBDIRS = perl regress isolation modules authentication recovery subscription +SUBDIRS = perl regress isolation ldap modules authentication recovery \ + ssl subscription # We don't build or execute examples/, locale/, or thread/ by default, -# but we do want "make clean" etc to recurse into them. Likewise for -# ldap/ and ssl/, because these test suites are not secure to run on a -# multi-user system. -ALWAYS_SUBDIRS = examples ldap locale thread ssl +# but we do want "make clean" etc to recurse into them. +ALWAYS_SUBDIRS = examples locale thread # We want to recurse to all subdirs for all standard targets, except that # installcheck and install should not recurse into the subdirectory "modules". diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl index 9d5065c494..ca4c5d47ee 100644 --- a/src/test/ldap/t/001_auth.pl +++ b/src/test/ldap/t/001_auth.pl @@ -2,7 +2,18 @@ use strict; use warnings; use TestLib; use PostgresNode; -use Test::More tests => 19; +use Test::More; + +# Check if test is allowed by user. Be sure to check that before the +# build compatibility. +if (check_extra_allowed("ldap")) +{ + plan tests => 19; +} +else +{ + plan skip_all => 'LDAP test suite not allowed to run'; +} # LDAP tests are not supported without proper build options die "LDAP tests not supported without support in build" unless diff --git a/src/test/perl/TestLib.pm b/src/test/perl/TestLib.pm index fdd427608b..e9fc09f5c5 100644 --- a/src/test/perl/TestLib.pm +++ b/src/test/perl/TestLib.pm @@ -26,6 +26,7 @@ our @EXPORT = qw( slurp_dir slurp_file append_to_file + check_extra_allowed check_pg_config system_or_bail system_log @@ -240,6 +241,26 @@ sub check_pg_config return $match; } +# Check if the test specified by the name given by caller is authorized to +# run or not. We check for a match in the list of entries using whitespace +# as separator in the environment variable PROVE_EXTRA_ALLOWED. +sub check_extra_allowed +{ + my $test_name = shift; + + if (defined($ENV{PROVE_EXTRA_ALLOWED})) + { + my @tests = split / /, $ENV{PROVE_EXTRA_ALLOWED}; + + foreach my $test (@tests) + { + return 1 if ($test eq $test_name) + } + } + + return 0; +} + # # Test functions # diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl index bf68a727eb..071d6ccc1b 100644 --- a/src/test/ssl/t/001_ssltests.pl +++ b/src/test/ssl/t/001_ssltests.pl @@ -2,10 +2,21 @@ use strict; use warnings; use PostgresNode; use TestLib; -use Test::More tests => 40; +use Test::More; use ServerSetup; use File::Copy; +# Check if test is allowed by user. Be sure to check that before the +# build compatibility. +if (check_extra_allowed("ssl")) +{ + plan tests => 40; +} +else +{ + plan skip_all => 'SSL test suite not allowed to run'; +} + # SSL tests are not supported without proper build options die "SSL tests not supported without support in build" unless check_pg_config("#define USE_OPENSSL 1"); diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index 8e79b6a99f..1b5efb44a3 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -4,10 +4,21 @@ use strict; use warnings; use PostgresNode; use TestLib; -use Test::More tests => 5; +use Test::More; use ServerSetup; use File::Copy; +# Check if test is allowed by user. Be sure to check that before the +# build compatibility. +if (check_extra_allowed("ssl")) +{ + plan tests => 5; +} +else +{ + plan skip_all => 'SSL test suite not allowed to run'; +} + # SSL tests are not supported without proper build die "SSL tests not supported without support in build" unless check_pg_config("#define USE_OPENSSL 1"); -- 2.16.1