From 4e1024eb47a3d19145a8db42a48d55d608ad4054 Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Tue, 4 Mar 2025 09:41:19 -0800 Subject: [PATCH 1/5] oauth: Use IPv4-only issuer in oauth_validator tests The test authorization server implemented in oauth_server.py does not listen on IPv6. Most of the time, libcurl happily falls back to IPv4 after failing its initial connection, but on NetBSD, something is consistently showing up on the unreserved IPv6 port and causing a test failure. Rather than deal with dual-stack details across all test platforms, change the issuer to enforce the use of IPv4 only. (This elicits more punishing timeout behavior from libcurl, so it's a useful change from the testing perspective as well.) Reported-by: Thomas Munro Discussion: https://postgr.es/m/CAOYmi%2Bn4EDOOUL27_OqYT2-F2rS6S%2B3mK-ppWb2Ec92UEoUbYA%40mail.gmail.com --- src/test/modules/oauth_validator/t/001_server.pl | 2 +- src/test/modules/oauth_validator/t/OAuth/Server.pm | 4 ++-- src/test/modules/oauth_validator/t/oauth_server.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/modules/oauth_validator/t/001_server.pl b/src/test/modules/oauth_validator/t/001_server.pl index 6fa59fbeb25..30295364ebd 100644 --- a/src/test/modules/oauth_validator/t/001_server.pl +++ b/src/test/modules/oauth_validator/t/001_server.pl @@ -68,7 +68,7 @@ END } my $port = $webserver->port(); -my $issuer = "http://localhost:$port"; +my $issuer = "http://127.0.0.1:$port"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf( diff --git a/src/test/modules/oauth_validator/t/OAuth/Server.pm b/src/test/modules/oauth_validator/t/OAuth/Server.pm index 655b2870b0b..52ae7afa991 100644 --- a/src/test/modules/oauth_validator/t/OAuth/Server.pm +++ b/src/test/modules/oauth_validator/t/OAuth/Server.pm @@ -15,7 +15,7 @@ OAuth::Server - runs a mock OAuth authorization server for testing $server->run; my $port = $server->port; - my $issuer = "http://localhost:$port"; + my $issuer = "http://127.0.0.1:$port"; # test against $issuer... @@ -28,7 +28,7 @@ daemon implemented in t/oauth_server.py. (Python has a fairly usable HTTP server in its standard library, so the implementation was ported from Perl.) This authorization server does not use TLS (it implements a nonstandard, unsafe -issuer at "http://localhost:"), so libpq in particular will need to set +issuer at "http://127.0.0.1:"), so libpq in particular will need to set PGOAUTHDEBUG=UNSAFE to be able to talk to it. =cut diff --git a/src/test/modules/oauth_validator/t/oauth_server.py b/src/test/modules/oauth_validator/t/oauth_server.py index 4faf3323d38..5bc30be87fd 100755 --- a/src/test/modules/oauth_validator/t/oauth_server.py +++ b/src/test/modules/oauth_validator/t/oauth_server.py @@ -251,7 +251,7 @@ class OAuthHandler(http.server.BaseHTTPRequestHandler): def config(self) -> JsonObject: port = self.server.socket.getsockname()[1] - issuer = f"http://localhost:{port}" + issuer = f"http://127.0.0.1:{port}" if self._alt_issuer: issuer += "/alternate" elif self._parameterized: -- 2.34.1