-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding support for peer
authentication
#4255
Adding support for peer
authentication
#4255
Conversation
Question: how can we test it? |
The proper way is to run the tests on an architecture that uses peer authentication for postgresql. I originally thought that testing pgsu on all of these platforms would already be enough (and I think it has already reduced the number of issues) but it now seems that integration tests for We could think about introducing a @csadorf What do you think? |
@giovannipizzi For manual testing, one can simply follow the instructions from the documentation on Quantum Mobile (ubuntu has local peer authentication enabled by default). I think (not 100% sure) these were originally contributed by @dev-zero , so I'm a little surprised that they should actually never have worked (?)... |
After following the instructions, this is the config.json I currently get:
This is obviously not ideal, but it still seems to work (I can open the
i.e. it would have worked even without the change proposed here. It seems like the interpretation of the connect string is quite flexible and is able to deal with empty strings etc. (but chokes, when one explicitly provides a wrong hostname, such as "None") |
For @giovannipizzi to be precise: leaving the As for the setup I just thought that we could simplify it even more: at the beginning of the setup try to connect to the socket (with the default |
@ltalirz yes, I agree that running every few days might be good
? Also, @ltalirz why do you have your pwd set to Can @ltalirz and @chrisjsewell check if, with simple line change I'm mentioning above, this would work for them (I don't have a reproducible environment myself at the moment). Thanks |
Codecov Report
@@ Coverage Diff @@
## develop #4255 +/- ##
===========================================
- Coverage 79.22% 79.21% -0.00%
===========================================
Files 468 468
Lines 34559 34560 +1
===========================================
- Hits 27375 27374 -1
- Misses 7184 7186 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
afc5b4b
to
3ad2288
Compare
I checked the simplified version and it works fine for me (I just tried a new installation from scratch using PSQL provided by HomeBrew). I fixed and rebased, it's ok to merge for me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @giovannipizzi !
PostgreSQL allows "peer" authentication to connect to the database. This is signaled by a `hostname` that is set to `None` through `pgsu`. In this case, the `hostname` part of the connection string of the SQLAlchemy engine should be left empty. If it is `None` it is converted to an empty string otherwise it would be converted to the string literal "None".
3ad2288
to
cb53015
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @giovannipizzi . The build that @ltalirz approved failed because you used double quotes and the pre-commit changed them to single. I took the liberty to fix the problem, adjust the comment a bit. Hope that is ok
In Postgres it is possible to use
peer
authentication.This is signaled by a
hostname
set toNone
bypgsu
.In this case, the part
user:password@hostname:port
ofthe connection string of the SQLAlchemy engine should be left empty.
This fixes #4032