Split out testdata/init a bit

Everything in one directory was getting a bit unwieldy.

Author: arp242

README.md

@@ -260,7 +260,7 @@ In addition, your `/etc/hosts` needs an entry:
     127.0.0.1 postgres postgres-invalid
 
 Or you can use any other PostgreSQL instance; see
-`testdata/init/docker-entrypoint-initdb.d` for the required setup. You can use
+`testdata/postgres/docker-entrypoint-initdb.d` for the required setup. You can use
 the standard `PG*` environment variables to control the connection details; it
 uses the following defaults:
 

compose.yaml

@@ -6,16 +6,16 @@ services:
     image:    'cleanstart/pgbouncer:latest'
     ports:    ['127.0.0.1:6432:6432']
     command:  ['/init/pgbouncer.ini']
-    volumes:  ['./testdata/init:/init']
+    volumes:  ['./testdata/pgbouncer:/init', './testdata/ssl:/ssl']
     environment:
       'PGBOUNCER_DATABASE': 'pqgo'
 
   pgpool:
     profiles:   ['pgpool']
     image:      'pgpool/pgpool:4.4.3'
     ports:      ['127.0.0.1:7432:7432']
-    volumes:    ['./testdata/init:/init']
-    entrypoint: '/init/entry-pgpool.sh'
+    volumes:    ['./testdata/pgpool:/init', './testdata/ssl:/ssl']
+    entrypoint: '/init/entry.sh'
     environment:
       'PGPOOL_PARAMS_PORT':              '7432'
       'PGPOOL_PARAMS_BACKEND_HOSTNAME0': 'pg18'
@@ -24,7 +24,7 @@ services:
     image:       'postgres:18'
     ports:       ['127.0.0.1:5432:5432']
     entrypoint:  '/init/entry.sh'
-    volumes:     ['./testdata/init:/init']
+    volumes:     ['./testdata/postgres:/init', './testdata/ssl:/ssl']
     shm_size:    '128mb'
     healthcheck: {test: ['CMD-SHELL', 'pg_isready', '-U', 'pqgo', '-d', 'pqgo'], start_period: '30s', start_interval: '1s'}
     environment:
@@ -36,7 +36,7 @@ services:
     image:       'postgres:17'
     ports:       ['127.0.0.1:5432:5432']
     entrypoint:  '/init/entry.sh'
-    volumes:     ['./testdata/init:/init']
+    volumes:     ['./testdata/postgres:/init', './testdata/ssl:/ssl']
     shm_size:    '128mb'
     healthcheck: {test: ['CMD-SHELL', 'pg_isready', '-U', 'pqgo', '-d', 'pqgo'], start_period: '30s', start_interval: '1s'}
     environment:
@@ -48,7 +48,7 @@ services:
     image:       'postgres:16'
     ports:       ['127.0.0.1:5432:5432']
     entrypoint:  '/init/entry.sh'
-    volumes:     ['./testdata/init:/init']
+    volumes:     ['./testdata/postgres:/init', './testdata/ssl:/ssl']
     shm_size:    '128mb'
     healthcheck: {test: ['CMD-SHELL', 'pg_isready', '-U', 'pqgo', '-d', 'pqgo'], start_period: '30s', start_interval: '1s'}
     environment:
@@ -60,7 +60,7 @@ services:
     image:       'postgres:15'
     ports:       ['127.0.0.1:5432:5432']
     entrypoint:  '/init/entry.sh'
-    volumes:     ['./testdata/init:/init']
+    volumes:     ['./testdata/postgres:/init', './testdata/ssl:/ssl']
     shm_size:    '128mb'
     healthcheck: {test: ['CMD-SHELL', 'pg_isready', '-U', 'pqgo', '-d', 'pqgo'], start_period: '30s', start_interval: '1s'}
     environment:
@@ -72,7 +72,7 @@ services:
     image:       'postgres:14'
     ports:       ['127.0.0.1:5432:5432']
     entrypoint:  '/init/entry.sh'
-    volumes:     ['./testdata/init:/init']
+    volumes:     ['./testdata/postgres:/init', './testdata/ssl:/ssl']
     shm_size:    '128mb'
     healthcheck: {test: ['CMD-SHELL', 'pg_isready', '-U', 'pqgo', '-d', 'pqgo'], start_period: '30s', start_interval: '1s'}
     environment:

example_test.go

@@ -244,15 +244,15 @@ func ExampleConnectorWithNoticeHandler() {
 }
 
 func ExampleRegisterTLSConfig() {
-	pem, err := os.ReadFile("testdata/init/root.crt")
+	pem, err := os.ReadFile("testdata/ssl/root.crt")
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	root := x509.NewCertPool()
 	root.AppendCertsFromPEM(pem)
 
-	certs, err := tls.LoadX509KeyPair("testdata/init/postgresql.crt", "testdata/init/postgresql.key")
+	certs, err := tls.LoadX509KeyPair("testdata/ssl/postgresql.crt", "testdata/ssl/postgresql.key")
 	if err != nil {
 		log.Fatal(err)
 	}

ssl_test.go

@@ -66,22 +66,22 @@ func TestSSLMode(t *testing.T) {
 		// sslmode=verify-ca: verify that the certificate was signed by a trusted CA
 		{"host=postgres sslmode=verify-ca user=pqgossl", "invalid-cert"},
 		{"host=postgres sslmode=verify-ca user=pqgossl sslrootcert=''", "invalid-cert"},
-		{"sslrootcert=testdata/init/root.crt sslmode=verify-ca user=pqgossl host=127.0.0.1", ""},
-		{"sslrootcert=testdata/init/root.crt sslmode=verify-ca user=pqgossl host=postgres-invalid", ""},
-		{"sslrootcert=testdata/init/root.crt sslmode=verify-ca user=pqgossl host=postgres", ""},
+		{"sslrootcert=testdata/ssl/root.crt sslmode=verify-ca user=pqgossl host=127.0.0.1", ""},
+		{"sslrootcert=testdata/ssl/root.crt sslmode=verify-ca user=pqgossl host=postgres-invalid", ""},
+		{"sslrootcert=testdata/ssl/root.crt sslmode=verify-ca user=pqgossl host=postgres", ""},
 
 		// sslmode=verify-full: verify that the certification was signed by a trusted CA and the host matches
 		{"sslmode=verify-full user=pqgossl host=postgres", "invalid-cert"},
-		{"sslrootcert=testdata/init/root.crt sslmode=verify-full user=pqgossl host=127.0.0.1", "invalid-cert"},
-		{"sslrootcert=testdata/init/root.crt sslmode=verify-full user=pqgossl host=postgres-invalid", "invalid-cert"},
-		{"sslrootcert=testdata/init/root.crt sslmode=verify-full user=pqgossl host=postgres", ""},
+		{"sslrootcert=testdata/ssl/root.crt sslmode=verify-full user=pqgossl host=127.0.0.1", "invalid-cert"},
+		{"sslrootcert=testdata/ssl/root.crt sslmode=verify-full user=pqgossl host=postgres-invalid", "invalid-cert"},
+		{"sslrootcert=testdata/ssl/root.crt sslmode=verify-full user=pqgossl host=postgres", ""},
 
 		// With root cert
-		{"sslrootcert=testdata/init/bogus_root.crt host=postgres sslmode=require user=pqgossl", "invalid-cert"},
-		{"sslrootcert=testdata/init/non_existent.crt host=127.0.0.1 sslmode=require user=pqgossl", ""},
-		{"sslrootcert=testdata/init/root.crt host=127.0.0.1 sslmode=require user=pqgossl", ""},
-		{"sslrootcert=testdata/init/root.crt host=postgres sslmode=require user=pqgossl", ""},
-		{"sslrootcert=testdata/init/root.crt host=postgres-invalid sslmode=require user=pqgossl", ""},
+		{"sslrootcert=testdata/ssl/bogus_root.crt host=postgres sslmode=require user=pqgossl", "invalid-cert"},
+		{"sslrootcert=testdata/ssl/non_existent.crt host=127.0.0.1 sslmode=require user=pqgossl", ""},
+		{"sslrootcert=testdata/ssl/root.crt host=127.0.0.1 sslmode=require user=pqgossl", ""},
+		{"sslrootcert=testdata/ssl/root.crt host=postgres sslmode=require user=pqgossl", ""},
+		{"sslrootcert=testdata/ssl/root.crt host=postgres-invalid sslmode=require user=pqgossl", ""},
 
 		// sslmode=prefer
 		{"sslmode=prefer user=pqgossl", ""},
@@ -138,7 +138,7 @@ func TestSSLClientCertificates(t *testing.T) {
 	pqtest.SkipPgbouncer(t) // TODO: can't get it to work.
 	t.Parallel()
 	startSSLTest(t, "pqgosslcert")
-	pqtest.Chmod(t, 0o600, "testdata/init/postgresql.key")
+	pqtest.Chmod(t, 0o600, "testdata/ssl/postgresql.key")
 
 	tests := []struct {
 		connect string
@@ -147,16 +147,16 @@ func TestSSLClientCertificates(t *testing.T) {
 		{"sslmode=require user=pqgosslcert", "requires a valid client certificate (28000)"},
 		{"sslmode=require user=pqgosslcert sslcert=''", "requires a valid client certificate (28000)"},
 		{"sslmode=require user=pqgosslcert sslcert=/tmp/filedoesnotexist", "requires a valid client certificate (28000)"},
-		{"sslmode=require user=pqgosslcert sslcert=testdata/init/postgresql.crt", "directory"},
-		{"sslmode=require user=pqgosslcert sslcert=testdata/init/postgresql.crt sslkey=''", "directory"},
-		{"sslmode=require user=pqgosslcert sslcert=testdata/init/postgresql.crt sslkey=/tmp/filedoesnotexist", "no such file or directory"},
-		{"sslmode=require user=pqgosslcert sslcert=testdata/init/postgresql.crt sslkey=testdata/init/postgresql.crt", "has world access"},
+		{"sslmode=require user=pqgosslcert sslcert=testdata/ssl/postgresql.crt", "directory"},
+		{"sslmode=require user=pqgosslcert sslcert=testdata/ssl/postgresql.crt sslkey=''", "directory"},
+		{"sslmode=require user=pqgosslcert sslcert=testdata/ssl/postgresql.crt sslkey=/tmp/filedoesnotexist", "no such file or directory"},
+		{"sslmode=require user=pqgosslcert sslcert=testdata/ssl/postgresql.crt sslkey=testdata/ssl/postgresql.crt", "has world access"},
 
-		{"sslmode=require user=pqgosslcert sslcert=testdata/init/postgresql.crt sslkey=testdata/init/postgresql.key", ""},
+		{"sslmode=require user=pqgosslcert sslcert=testdata/ssl/postgresql.crt sslkey=testdata/ssl/postgresql.key", ""},
 
 		{fmt.Sprintf("sslmode=require user=pqgosslcert sslinline=true sslcert='%s' sslkey='%s'",
-			pqtest.Read(t, "testdata/init/postgresql.crt"),
-			pqtest.Read(t, "testdata/init/postgresql.key")),
+			pqtest.Read(t, "testdata/ssl/postgresql.crt"),
+			pqtest.Read(t, "testdata/ssl/postgresql.key")),
 			""},
 	}
 
@@ -187,7 +187,7 @@ func TestSSLClientCertificateIntermediate(t *testing.T) {
 	pqtest.SkipPgbouncer(t) // TODO: can't get it to work.
 	t.Parallel()
 	startSSLTest(t, "pqgosslcert")
-	pqtest.Chmod(t, 0o600, "testdata/init/client_intermediate.key")
+	pqtest.Chmod(t, 0o600, "testdata/ssl/client_intermediate.key")
 
 	tests := []struct {
 		name    string
@@ -200,27 +200,27 @@ func TestSSLClientCertificateIntermediate(t *testing.T) {
 			// so sslAppendIntermediates must send the intermediate in the TLS chain.
 			name: "file certs",
 			connect: "sslmode=require user=pqgosslcert " +
-				"sslrootcert=testdata/init/root+intermediate.crt " +
-				"sslcert=testdata/init/client_intermediate.crt " +
-				"sslkey=testdata/init/client_intermediate.key",
+				"sslrootcert=testdata/ssl/root+intermediate.crt " +
+				"sslcert=testdata/ssl/client_intermediate.crt " +
+				"sslkey=testdata/ssl/client_intermediate.key",
 		},
 		{
 			name: "inline certs",
 			connect: fmt.Sprintf(
 				"sslmode=require user=pqgosslcert sslinline=true sslrootcert='%s' sslcert='%s' sslkey='%s'",
-				pqtest.Read(t, "testdata/init/root+intermediate.crt"),
-				pqtest.Read(t, "testdata/init/client_intermediate.crt"),
-				pqtest.Read(t, "testdata/init/client_intermediate.key"),
+				pqtest.Read(t, "testdata/ssl/root+intermediate.crt"),
+				pqtest.Read(t, "testdata/ssl/client_intermediate.crt"),
+				pqtest.Read(t, "testdata/ssl/client_intermediate.key"),
 			),
 		},
 		{
 			// Without the intermediate in sslrootcert, sslAppendIntermediates has
 			// nothing to append, so the server can't verify the client cert chain.
 			name: "fails without intermediate in sslrootcert",
 			connect: "sslmode=require user=pqgosslcert " +
-				"sslrootcert=testdata/init/root.crt " +
-				"sslcert=testdata/init/client_intermediate.crt " +
-				"sslkey=testdata/init/client_intermediate.key",
+				"sslrootcert=testdata/ssl/root.crt " +
+				"sslcert=testdata/ssl/client_intermediate.crt " +
+				"sslkey=testdata/ssl/client_intermediate.key",
 			wantErr: "unknown certificate authority",
 		},
 	}
@@ -376,11 +376,11 @@ func TestSSLDefaults(t *testing.T) {
 
 			pqtest.Write(t, []byte("invalid data"), pqutil.Home(true), tt.file)
 			if tt.file == "postgresql.crt" {
-				pqtest.Write(t, pqtest.Read(t, "testdata/init/postgresql.key"), pqutil.Home(true), "postgresql.key")
+				pqtest.Write(t, pqtest.Read(t, "testdata/ssl/postgresql.key"), pqutil.Home(true), "postgresql.key")
 				pqtest.Chmod(t, 0o600, pqutil.Home(true), "postgresql.key")
 			}
 			if tt.file == "postgresql.key" {
-				pqtest.Write(t, pqtest.Read(t, "testdata/init/postgresql.crt"), pqutil.Home(true), "postgresql.crt")
+				pqtest.Write(t, pqtest.Read(t, "testdata/ssl/postgresql.crt"), pqutil.Home(true), "postgresql.crt")
 				pqtest.Chmod(t, 0o600, pqutil.Home(true), "postgresql.key")
 			}
 
@@ -393,9 +393,9 @@ func TestSSLDefaults(t *testing.T) {
 
 	t.Run("work with default paths", func(t *testing.T) {
 		pqtest.Home(t)
-		pqtest.Write(t, pqtest.Read(t, "testdata/init/root.crt"), pqutil.Home(true), "root.crt")
-		pqtest.Write(t, pqtest.Read(t, "testdata/init/postgresql.crt"), pqutil.Home(true), "postgresql.crt")
-		pqtest.Write(t, pqtest.Read(t, "testdata/init/postgresql.key"), pqutil.Home(true), "postgresql.key")
+		pqtest.Write(t, pqtest.Read(t, "testdata/ssl/root.crt"), pqutil.Home(true), "root.crt")
+		pqtest.Write(t, pqtest.Read(t, "testdata/ssl/postgresql.crt"), pqutil.Home(true), "postgresql.crt")
+		pqtest.Write(t, pqtest.Read(t, "testdata/ssl/postgresql.key"), pqutil.Home(true), "postgresql.key")
 		pqtest.Chmod(t, 0o600, pqutil.Home(true), "postgresql.key")
 		_ = pqtest.MustDB(t, "host=postgres user=pqgosslcert sslmode=verify-ca")
 	})
@@ -411,7 +411,7 @@ func TestSSLRootCA(t *testing.T) {
 		testSystemRoots = nil
 	})
 	testSystemRoots = x509.NewCertPool()
-	if !testSystemRoots.AppendCertsFromPEM(pqtest.Read(t, "testdata/init/root.crt")) {
+	if !testSystemRoots.AppendCertsFromPEM(pqtest.Read(t, "testdata/ssl/root.crt")) {
 		t.Fatal()
 	}
 

testdata/init/pool_passwd

@@ -13,6 +13,6 @@ log_stats       = 0
 verbose         = 0
 
 client_tls_sslmode   = allow
-client_tls_ca_file   = /init/root.crt
-client_tls_cert_file = /init/server.crt
-client_tls_key_file  = /init/server.key
+client_tls_ca_file   = /ssl/root.crt
+client_tls_cert_file = /ssl/server.crt
+client_tls_key_file  = /ssl/server.key