github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/sql/pgwire/testdata/auth/hba_host_selection (about) 1 # These tests exercise the "hostname" filter in HBA rules. 2 3 config secure 4 ---- 5 6 subtest nomatch 7 8 # If the CIDR mask does not match, auth doesn't find a rule. 9 10 set_hba 11 host all all 0.0.0.0/32 cert 12 ---- 13 # Active authentication configuration on this node: 14 # Original configuration: 15 # host all root all cert-password # CockroachDB mandatory rule 16 # host all all 0.0.0.0/32 cert 17 # 18 # Interpreted configuration: 19 # TYPE DATABASE USER ADDRESS METHOD OPTIONS 20 host all root all cert-password 21 host all all 0.0.0.0/32 cert 22 23 connect user=testuser 24 ---- 25 ERROR: no server.host_based_authentication.configuration entry for host "127.0.0.1", user "testuser" 26 27 subtest nomatch/root_override 28 29 # However, even if no rule matches root can still log in. 30 31 connect user=root 32 ---- 33 ok defaultdb 34 35 subtest end nomatch/root_override 36 37 38 subtest end nomatch 39 40 subtest match_net 41 42 # It's possible to use a network mask. Since the test is connecting using 127.0.0.1, 43 # then all the 127/8 network matches. 44 45 set_hba 46 host all all 127.0.0.0/8 cert 47 ---- 48 # Active authentication configuration on this node: 49 # Original configuration: 50 # host all root all cert-password # CockroachDB mandatory rule 51 # host all all 127.0.0.0/8 cert 52 # 53 # Interpreted configuration: 54 # TYPE DATABASE USER ADDRESS METHOD OPTIONS 55 host all root all cert-password 56 host all all 127.0.0.0/8 cert 57 58 connect user=testuser 59 ---- 60 ok defaultdb 61 62 subtest end match_net