Added SCRAM auth feature tests (#292)

* Added "I run commandon host" step

* Added .feature file

* Some fixes

* Switch back to "regress" user

* Frontend auth test

* Added "Command output should match" step

* Added psql output check

* Added backend auth test

* Moved psql installation to Dockerfile

docker/router/Dockerfile

@@ -1,3 +1,5 @@
 FROM spqr-base-image
 
+RUN apt-get update && apt-get install -y postgresql-client
+
 ENTRYPOINT CONFIG_PATH=${ROUTER_CONFIG=/spqr/docker/router/cfg.yaml} && CUR_HOST=$(cat ${CONFIG_PATH} | grep "host:") && sed -i "s/${CUR_HOST}/${ROUTER_HOST=${CUR_HOST}}/g" ${CONFIG_PATH} && /spqr/spqr-router run -c ${CONFIG_PATH} --proto-debug

test/feature/conf/router_with_scram_backend.yaml

@@ -0,0 +1,46 @@
+host: 'regress_router'
+router_port: '6432'
+admin_console_port: '7432'
+grpc_api_port: '7000'
+router_mode: PROXY
+log_level: fatal
+log_filename: router.log
+time_quantiles:
+  - 0.75
+world_shard_fallback: true
+show_notice_messages: true
+frontend_rules:
+  - db: regress
+    usr: regress
+    pool_default: true
+    pool_mode: TRANSACTION
+    auth_rule:
+      auth_method: ok
+shards:
+  sh1:
+    db: regress
+    usr: regress
+    pwd: 12345678
+    type: DATA
+    hosts:
+      - 'spqr_shard_1:6432'
+  sh2:
+    db: regress
+    usr: regress
+    pwd: 12345678
+    type: DATA
+    hosts:
+      - 'spqr_shard_2:6432'
+
+backend_rules:
+  - db: regress
+    usr: regress
+    pool_discard: true
+    pool_rollback: true
+    auth_rules:
+      sh1:
+        auth_method: scram
+        password: 12345678
+      sh2:
+        auth_method: scram
+        password: 12345678

test/feature/conf/router_with_scram_frontend.yaml

@@ -0,0 +1,47 @@
+host: 'regress_router'
+router_port: '6432'
+admin_console_port: '7432'
+grpc_api_port: '7000'
+router_mode: PROXY
+log_level: fatal
+log_filename: router.log
+time_quantiles:
+  - 0.75
+world_shard_fallback: true
+show_notice_messages: true
+frontend_rules:
+  - db: regress
+    usr: regress
+    pool_default: true
+    pool_mode: TRANSACTION
+    auth_rule:
+      auth_method: scram
+      password: 12345678
+shards:
+  sh1:
+    db: regress
+    usr: regress
+    pwd: 12345678
+    type: DATA
+    hosts:
+      - 'spqr_shard_1:6432'
+  sh2:
+    db: regress
+    usr: regress
+    pwd: 12345678
+    type: DATA
+    hosts:
+      - 'spqr_shard_2:6432'
+
+backend_rules:
+  - db: regress
+    usr: regress
+    pool_discard: true
+    pool_rollback: true
+    auth_rules:
+      sh1:
+        auth_method: password
+        password: 12345678
+      sh2:
+        auth_method: password
+        password: 12345678

test/feature/features/scram_auth.feature

@@ -0,0 +1,45 @@
+Feature: SCRAM auth test
+
+  Scenario: Frontend auth works
+    Given cluster environment is
+    """
+    ROUTER_CONFIG=/spqr/test/feature/conf/router_with_scram_frontend.yaml
+    """
+    Given cluster is up and running
+    When I run command on host "router"
+    """
+    PGPASSWORD=12345678 psql -c "SELECT 1" -d regress -U regress -p 6432 -h localhost
+    """
+    Then command return code should be "0"
+    And command output should match regexp
+    """
+    1
+    """
+
+  Scenario: Backend auth works
+    Given cluster environment is
+    """
+    ROUTER_CONFIG=/spqr/test/feature/conf/router_with_scram_backend.yaml
+    """
+    Given cluster is up and running
+    When I run command on host "shard1"
+    """
+    echo 'host all all all scram-sha-256' > /var/lib/postgresql/13/main/pg_hba.conf
+    service postgresql reload
+    """
+    Then command return code should be "0"
+    When I run command on host "shard2"
+    """
+    echo 'host all all all scram-sha-256' > /var/lib/postgresql/13/main/pg_hba.conf
+    service postgresql reload
+    """
+    Then command return code should be "0"
+    When I run SQL on host "router"
+    """
+    SELECT 1
+    """
+    Then command return code should be "0"
+    And SQL result should match regexp
+    """
+    1
+    """

test/feature/spqr_test.go

@@ -28,6 +28,7 @@ import (
 )
 
 const (
+	commandExecutionTimeout         = 10 * time.Second
 	spqrShardName                   = "shard"
 	spqrRouterName                  = "router"
 	spqrCoordinatorName             = "coordinator"
@@ -562,13 +563,28 @@ func (tctx *testContext) stepHostIsStarted(service string) error {
 	return fmt.Errorf("service %s was not found in docker composer", service)
 }
 
+func (tctx *testContext) stepIRunCommandOnHost(host string, body *godog.DocString) error {
+	cmd := strings.TrimSpace(body.Content)
+	var err error
+	tctx.commandRetcode, tctx.commandOutput, err = tctx.composer.RunCommand(host, cmd, commandExecutionTimeout)
+	return err
+}
+
 func (tctx *testContext) stepCommandReturnCodeShouldBe(code int) error {
 	if tctx.commandRetcode != code {
 		return fmt.Errorf("command return code is %d, while expected %d\n%s", tctx.commandRetcode, code, tctx.commandOutput)
 	}
 	return nil
 }
 
+func (tctx *testContext) stepCommandOutputShouldMatch(matcher string, body *godog.DocString) error {
+	m, err := matchers.GetMatcher(matcher)
+	if err != nil {
+		return err
+	}
+	return m(tctx.commandOutput, strings.TrimSpace(body.Content))
+}
+
 func (tctx *testContext) stepIRunSQLOnHost(host string, body *godog.DocString) error {
 	query := strings.TrimSpace(body.Content)
 
@@ -748,7 +764,9 @@ func InitializeScenario(s *godog.ScenarioContext, t *testing.T) {
 	s.Step(`^host "([^"]*)" is started$`, tctx.stepHostIsStarted)
 
 	// command and SQL execution
+	s.Step(`^I run command on host "([^"]*)"$`, tctx.stepIRunCommandOnHost)
 	s.Step(`^command return code should be "(\d+)"$`, tctx.stepCommandReturnCodeShouldBe)
+	s.Step(`^command output should match (\w+)$`, tctx.stepCommandOutputShouldMatch)
 	s.Step(`^I run SQL on host "([^"]*)"$`, tctx.stepIRunSQLOnHost)
 	s.Step(`^I execute SQL on host "([^"]*)"$`, tctx.stepIExecuteSql)
 	s.Step(`^SQL result should match (\w+)$`, tctx.stepSQLResultShouldMatch)