Create user in envtool for PostgreSQL

[chilagrow]

Description

To test it, I added --test-enable-new-auth flag in task file run: and run-secured:.
It does not create user for SQLite, that will be handled in a separate PR.

Closes #1877.

Readiness checklist

• I added/updated unit tests (and they pass).
• I added/updated integration/compatibility tests (and they pass).
• I added/updated comments and checked rendering.
• I made spot refactorings.
• I updated user documentation.
• I ran task all, and it passed.
• I ensured that PR title is good enough for the changelog.
• (for maintainers only) I set Reviewers (@FerretDB/core), Milestone (Next), Labels, Project and project's Sprint fields.
• I marked all done items in this checklist.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.80%. Comparing base (5a5ca29) to head (0b57bbe).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4133      +/-   ##
==========================================
- Coverage   74.31%   73.80%   -0.51%     
==========================================
  Files         353      353              
  Lines       22738    22739       +1     
==========================================
- Hits        16897    16783     -114     
- Misses       4552     4686     +134     
+ Partials     1289     1270      -19     

Files	Coverage Δ
integration/setup/setup.go	81.25% <100.00%> (ø)
internal/handler/commands.go	100.00% <100.00%> (ø)

... and 12 files with indirect coverage changes

Flag	Coverage Δ
filter-true	67.51% <100.00%> (-0.31%)	⬇️
hana-1	?
integration	67.51% <100.00%> (-0.31%)	⬇️
mongodb-1	4.75% <25.00%> (+<0.01%)	⬆️
postgresql-1	48.72% <100.00%> (+0.53%)	⬆️
postgresql-2	50.07% <100.00%> (+1.48%)	⬆️
postgresql-3	48.07% <100.00%> (-1.02%)	⬇️
sqlite-1	47.66% <75.00%> (+0.32%)	⬆️
sqlite-2	48.99% <75.00%> (+1.21%)	⬆️
sqlite-3	47.47% <75.00%> (-0.71%)	⬇️
unit	32.59% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

[chilagrow]

This does not replace setupUser() in integration test.
Because this function creates user in ferretdb database which postgreSQL schema, postgres://username@127.0.0.1:5432/ferretdb?pool_max_conns=50.

Each integration test create its own schema like so, postgres://username@127.0.0.1:5432/testauthentication?pool_max_conns=50.

[henvic]

Thanks for the clarification! I was worried this could jeopardize running tests directly with go test for a moment 😄

[chilagrow]

It's still there for SQLite. It only has handler level authentication, and once the first user is created without this code, auth would fail.

It will be handled in a separate PR.

[chilagrow]

For run-secured to work, what other better thing can I do?

[AlekSi]

That target was supposed to be for the "old" authentication that does not need credentials in the PostgreSQL URI. Why are they needed?

[chilagrow]

It's because postgres started on port 5433 is created from postgres_secured docker https://github.com/FerretDB/FerretDB/blob/main/docker-compose.yml#L28.
Unlike postgres docker which has POSTGRES_HOST_AUTH_METHOD=trust, postgres_secured doesn't have trust so username/password is required to connect to it.

[chilagrow]

Logout does not fail on authentication check, if user is not authenticated, it just returns success.
This test was updated to use newly created user, because if it uses default username/password user and logs out in this test, t.Cleanup to drop collection fails due to not authenticate.

[chilagrow]

For SQLite we need something similar to have a database with default user. Will be handle in a separate PR.

[henvic]

And also for MySQL.

[chilagrow]

Yes that's true. MySQL hasn't been handled. let me see the status of MySQL backend

[AlekSi]

MySQL and HANA backends are not yet supported, no need to do anything for them

[rumyantseva]

LGTM

[AlekSi]

That target was supposed to be for the "old" authentication that does not need credentials in the PostgreSQL URI. Why are they needed?

[AlekSi]

I don't understand why those calls are not inside setupAnyPostgres and what we are doing with credentials there

[AlekSi]

I think we could simply that by:

if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.DuplicateSchema {
  err = nil
}
if err != nil {
  return err
}

[AlekSi]

Yikes!..
I wonder if we should step away from that and just implement the localhost exception that we are already working on.

[chilagrow]

Yes unfortunately this is something needed to be exposed.
It was copy and paste from log output, logic is too difficult to copy accurately 🙈

You know what, let me leave this PR for now and progress with local host exception.

[AlekSi]

MySQL and HANA backends are not yet supported, no need to do anything for them

[AlekSi]

Let's not forget to port fixes from that PR

[chilagrow]

Thanks yep that has been included in #4156