From 9f5ba8159c31975c295f2a6c4eb601bdec7af9bf Mon Sep 17 00:00:00 2001 From: Yury Frolov <57130330+EinKrebs@users.noreply.github.com> Date: Tue, 29 Aug 2023 21:30:38 +0500 Subject: [PATCH] Added SCRAM auth feature tests (#292) * Added "I run commandon host" step * Added .feature file * Some fixes * Switch back to "regress" user * Frontend auth test * Added "Command output should match" step * Added psql output check * Added backend auth test * Moved psql installation to Dockerfile --- docker/router/Dockerfile | 2 + .../conf/router_with_scram_backend.yaml | 46 ++++++++++++++++++ .../conf/router_with_scram_frontend.yaml | 47 +++++++++++++++++++ test/feature/features/scram_auth.feature | 45 ++++++++++++++++++ test/feature/spqr_test.go | 18 +++++++ 5 files changed, 158 insertions(+) create mode 100644 test/feature/conf/router_with_scram_backend.yaml create mode 100644 test/feature/conf/router_with_scram_frontend.yaml create mode 100644 test/feature/features/scram_auth.feature diff --git a/docker/router/Dockerfile b/docker/router/Dockerfile index 3d4aca029..20c54b52f 100644 --- a/docker/router/Dockerfile +++ b/docker/router/Dockerfile @@ -1,3 +1,5 @@ FROM spqr-base-image +RUN apt-get update && apt-get install -y postgresql-client + ENTRYPOINT CONFIG_PATH=${ROUTER_CONFIG=/spqr/docker/router/cfg.yaml} && CUR_HOST=$(cat ${CONFIG_PATH} | grep "host:") && sed -i "s/${CUR_HOST}/${ROUTER_HOST=${CUR_HOST}}/g" ${CONFIG_PATH} && /spqr/spqr-router run -c ${CONFIG_PATH} --proto-debug diff --git a/test/feature/conf/router_with_scram_backend.yaml b/test/feature/conf/router_with_scram_backend.yaml new file mode 100644 index 000000000..9ab48478e --- /dev/null +++ b/test/feature/conf/router_with_scram_backend.yaml @@ -0,0 +1,46 @@ +host: 'regress_router' +router_port: '6432' +admin_console_port: '7432' +grpc_api_port: '7000' +router_mode: PROXY +log_level: fatal +log_filename: router.log +time_quantiles: + - 0.75 +world_shard_fallback: true +show_notice_messages: true +frontend_rules: + - db: regress + usr: regress + pool_default: true + pool_mode: TRANSACTION + auth_rule: + auth_method: ok +shards: + sh1: + db: regress + usr: regress + pwd: 12345678 + type: DATA + hosts: + - 'spqr_shard_1:6432' + sh2: + db: regress + usr: regress + pwd: 12345678 + type: DATA + hosts: + - 'spqr_shard_2:6432' + +backend_rules: + - db: regress + usr: regress + pool_discard: true + pool_rollback: true + auth_rules: + sh1: + auth_method: scram + password: 12345678 + sh2: + auth_method: scram + password: 12345678 diff --git a/test/feature/conf/router_with_scram_frontend.yaml b/test/feature/conf/router_with_scram_frontend.yaml new file mode 100644 index 000000000..ac1968544 --- /dev/null +++ b/test/feature/conf/router_with_scram_frontend.yaml @@ -0,0 +1,47 @@ +host: 'regress_router' +router_port: '6432' +admin_console_port: '7432' +grpc_api_port: '7000' +router_mode: PROXY +log_level: fatal +log_filename: router.log +time_quantiles: + - 0.75 +world_shard_fallback: true +show_notice_messages: true +frontend_rules: + - db: regress + usr: regress + pool_default: true + pool_mode: TRANSACTION + auth_rule: + auth_method: scram + password: 12345678 +shards: + sh1: + db: regress + usr: regress + pwd: 12345678 + type: DATA + hosts: + - 'spqr_shard_1:6432' + sh2: + db: regress + usr: regress + pwd: 12345678 + type: DATA + hosts: + - 'spqr_shard_2:6432' + +backend_rules: + - db: regress + usr: regress + pool_discard: true + pool_rollback: true + auth_rules: + sh1: + auth_method: password + password: 12345678 + sh2: + auth_method: password + password: 12345678 diff --git a/test/feature/features/scram_auth.feature b/test/feature/features/scram_auth.feature new file mode 100644 index 000000000..56d8f25e4 --- /dev/null +++ b/test/feature/features/scram_auth.feature @@ -0,0 +1,45 @@ +Feature: SCRAM auth test + + Scenario: Frontend auth works + Given cluster environment is + """ + ROUTER_CONFIG=/spqr/test/feature/conf/router_with_scram_frontend.yaml + """ + Given cluster is up and running + When I run command on host "router" + """ + PGPASSWORD=12345678 psql -c "SELECT 1" -d regress -U regress -p 6432 -h localhost + """ + Then command return code should be "0" + And command output should match regexp + """ + 1 + """ + + Scenario: Backend auth works + Given cluster environment is + """ + ROUTER_CONFIG=/spqr/test/feature/conf/router_with_scram_backend.yaml + """ + Given cluster is up and running + When I run command on host "shard1" + """ + echo 'host all all all scram-sha-256' > /var/lib/postgresql/13/main/pg_hba.conf + service postgresql reload + """ + Then command return code should be "0" + When I run command on host "shard2" + """ + echo 'host all all all scram-sha-256' > /var/lib/postgresql/13/main/pg_hba.conf + service postgresql reload + """ + Then command return code should be "0" + When I run SQL on host "router" + """ + SELECT 1 + """ + Then command return code should be "0" + And SQL result should match regexp + """ + 1 + """ \ No newline at end of file diff --git a/test/feature/spqr_test.go b/test/feature/spqr_test.go index 0373b2e47..006b115b9 100644 --- a/test/feature/spqr_test.go +++ b/test/feature/spqr_test.go @@ -28,6 +28,7 @@ import ( ) const ( + commandExecutionTimeout = 10 * time.Second spqrShardName = "shard" spqrRouterName = "router" spqrCoordinatorName = "coordinator" @@ -562,6 +563,13 @@ func (tctx *testContext) stepHostIsStarted(service string) error { return fmt.Errorf("service %s was not found in docker composer", service) } +func (tctx *testContext) stepIRunCommandOnHost(host string, body *godog.DocString) error { + cmd := strings.TrimSpace(body.Content) + var err error + tctx.commandRetcode, tctx.commandOutput, err = tctx.composer.RunCommand(host, cmd, commandExecutionTimeout) + return err +} + func (tctx *testContext) stepCommandReturnCodeShouldBe(code int) error { if tctx.commandRetcode != code { return fmt.Errorf("command return code is %d, while expected %d\n%s", tctx.commandRetcode, code, tctx.commandOutput) @@ -569,6 +577,14 @@ func (tctx *testContext) stepCommandReturnCodeShouldBe(code int) error { return nil } +func (tctx *testContext) stepCommandOutputShouldMatch(matcher string, body *godog.DocString) error { + m, err := matchers.GetMatcher(matcher) + if err != nil { + return err + } + return m(tctx.commandOutput, strings.TrimSpace(body.Content)) +} + func (tctx *testContext) stepIRunSQLOnHost(host string, body *godog.DocString) error { query := strings.TrimSpace(body.Content) @@ -748,7 +764,9 @@ func InitializeScenario(s *godog.ScenarioContext, t *testing.T) { s.Step(`^host "([^"]*)" is started$`, tctx.stepHostIsStarted) // command and SQL execution + s.Step(`^I run command on host "([^"]*)"$`, tctx.stepIRunCommandOnHost) s.Step(`^command return code should be "(\d+)"$`, tctx.stepCommandReturnCodeShouldBe) + s.Step(`^command output should match (\w+)$`, tctx.stepCommandOutputShouldMatch) s.Step(`^I run SQL on host "([^"]*)"$`, tctx.stepIRunSQLOnHost) s.Step(`^I execute SQL on host "([^"]*)"$`, tctx.stepIExecuteSql) s.Step(`^SQL result should match (\w+)$`, tctx.stepSQLResultShouldMatch)