@@ -75,16 +75,15 @@ def _check_local_connection(self):
7575 "test_user" ,
7676 ),
7777 )
78- except AssertionError :
78+ break
79+ except ProcessExecutionError :
7980 if attempt < 9 :
80- print ("Failure number {} . Retrying...". format ( attempt ) )
81+ print (f"Attempt { attempt + 1 } failed . Retrying..."
8182 else :
8283 raise
83- else :
84- continue
8584
8685 def _check_password_auth (self , host = None ):
87- """Test connection with password auth work fine."""
86+ """Test connection with password auth works fine."""
8887 if not host :
8988 # Connect via LAN by default
9089 host = self .postgres_container [:12 ]
@@ -142,7 +141,7 @@ def _check_cert_auth(self):
142141 "PGUSER=test_user" ,
143142 CONF_EXTRA ,
144143 "-v" ,
145- "{ }:/certs". format ( local . cwd ) ,
144+ f" { local . cwd }
146145 self .image ,
147146 "psql" ,
148147 "--host" ,
@@ -188,7 +187,7 @@ def test_server_certs_mount(self):
188187 with local .cwd (tdir ):
189188 self ._generate_certs ()
190189 cert_vols = [
191- "-v{0 }/{1 }:/etc/postgres/{1}" . format ( local . cwd , cert )
190+ f "-v{ local . cwd } { cert } { cert } "
192191 for cert in [
193192 "client.ca.cert.pem" ,
194193 "server.cert.pem" ,
@@ -299,6 +298,111 @@ def test_certs_falsy_lan(self):
299298 with self .assertRaises (ProcessExecutionError ):
300299 self ._check_password_auth ("example.localdomain" )
301300
301+ def test_hba_extra_rules (self ):
302+ """Test that HBA_EXTRA_RULES are correctly applied."""
303+ # Define custom HBA rules
304+ hba_extra_rules = [
305+ "host test_db custom_user 0.0.0.0/0 trust" ,
306+ "hostssl all all 192.168.0.0/16 md5" ,
307+ ]
308+
309+ # Start the Postgres container with HBA_EXTRA_RULES
310+ self .postgres_container = docker (
311+ "container" ,
312+ "run" ,
313+ "-d" ,
314+ "--network" ,
315+ "lan" ,
316+ "-e" ,
317+ "POSTGRES_DB=test_db" ,
318+ "-e" ,
319+ "POSTGRES_USER=test_user" ,
320+ "-e" ,
321+ "POSTGRES_PASSWORD=test_password" ,
322+ "-e" ,
323+ "HBA_EXTRA_RULES=" + json .dumps (hba_extra_rules ),
324+ CONF_EXTRA ,
325+ self .image ,
326+ ).strip ()
327+
328+ self ._check_local_connection ()
329+
330+ # Test connection as custom_user without password (trust auth)
331+ self .assertEqual (
332+ "1\n " ,
333+ docker (
334+ "container" ,
335+ "run" ,
336+ "--network" ,
337+ "lan" ,
338+ "-e" ,
339+ "PGDATABASE=test_db" ,
340+ "-e" ,
341+ "PGUSER=custom_user" ,
342+ self .image ,
343+ "psql" ,
344+ "--host" ,
345+ self .postgres_container [:12 ],
346+ "--command" ,
347+ "SELECT 1" ,
348+ "--no-align" ,
349+ "--tuples-only" ,
350+ ),
351+ )
352+
353+ # Connect the WAN network to test the md5 auth for 192.168.0.0/16
354+ self ._connect_wan_network (alias = "192.168.1.100" )
355+
356+ # Test WAN connection with md5 authentication
357+ self .assertEqual (
358+ "1\n " ,
359+ docker (
360+ "container" ,
361+ "run" ,
362+ "--network" ,
363+ "wan" ,
364+ "-e" ,
365+ "PGDATABASE=test_db" ,
366+ "-e" ,
367+ "PGUSER=test_user" ,
368+ "-e" ,
369+ "PGPASSWORD=test_password" ,
370+ "-e" ,
371+ "PGSSLMODE=require" ,
372+ self .image ,
373+ "psql" ,
374+ "--host" ,
375+ "192.168.1.100" ,
376+ "--command" ,
377+ "SELECT 1" ,
378+ "--no-align" ,
379+ "--tuples-only" ,
380+ ),
381+ )
382+
383+ # Test that connection is refused from WAN with incorrect user
384+ with self .assertRaises (ProcessExecutionError ):
385+ docker (
386+ "container" ,
387+ "run" ,
388+ "--network" ,
389+ "wan" ,
390+ "-e" ,
391+ "PGDATABASE=test_db" ,
392+ "-e" ,
393+ "PGUSER=invalid_user" ,
394+ "-e" ,
395+ "PGSSLMODE=require" ,
396+ self .image ,
397+ "psql" ,
398+ "--host" ,
399+ "192.168.1.100" ,
400+ "--command" ,
401+ "SELECT 1" ,
402+ "--no-align" ,
403+ "--tuples-only" ,
404+ )
405+
302406
303407if __name__ == "__main__" :
304408 unittest .main ()
0 commit comments