New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create user in envtool
for PostgreSQL
#4133
Changes from 12 commits
36c81c0
d3a2bef
167ccf6
2043e92
b2f6205
ff25f6f
d68a777
1f1c728
af0bdff
563e165
96d34ef
9db3718
34bd803
f41adb2
80bf3a0
aba7e4e
6192940
4c4add2
8d5ca45
5278da8
3134785
5801476
afae527
0b57bbe
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,8 +17,14 @@ package integration | |
import ( | ||
"testing" | ||
|
||
"github.com/FerretDB/FerretDB/internal/types" | ||
"github.com/FerretDB/FerretDB/internal/util/must" | ||
|
||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
"go.mongodb.org/mongo-driver/bson" | ||
"go.mongodb.org/mongo-driver/mongo" | ||
"go.mongodb.org/mongo-driver/mongo/options" | ||
|
||
"github.com/FerretDB/FerretDB/integration/setup" | ||
"github.com/FerretDB/FerretDB/internal/util/testutil" | ||
|
@@ -27,12 +33,55 @@ import ( | |
func TestCommandsAuthenticationLogout(t *testing.T) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Logout does not fail on authentication check, if user is not authenticated, it just returns success. |
||
t.Parallel() | ||
|
||
ctx, collection := setup.Setup(t) | ||
db := collection.Database() | ||
s := setup.SetupWithOpts(t, nil) | ||
ctx, db := s.Ctx, s.Collection.Database() | ||
username, password, mechanism := "testuser", "testpass", "SCRAM-SHA-256" | ||
|
||
err := db.RunCommand(ctx, bson.D{ | ||
{"createUser", username}, | ||
{"roles", bson.A{}}, | ||
{"pwd", password}, | ||
{"mechanisms", bson.A{mechanism}}, | ||
}).Err() | ||
require.NoError(t, err, "cannot create user") | ||
|
||
credential := options.Credential{ | ||
AuthMechanism: mechanism, | ||
AuthSource: db.Name(), | ||
Username: username, | ||
Password: password, | ||
} | ||
|
||
opts := options.Client().ApplyURI(s.MongoDBURI).SetAuth(credential) | ||
|
||
client, err := mongo.Connect(ctx, opts) | ||
require.NoError(t, err, "cannot connect to MongoDB") | ||
|
||
t.Cleanup(func() { | ||
require.NoError(t, client.Disconnect(ctx)) | ||
}) | ||
|
||
db = client.Database(db.Name()) | ||
|
||
// the test user logs out | ||
var res bson.D | ||
err := db.RunCommand(ctx, bson.D{{"logout", 1}}).Decode(&res) | ||
err = db.RunCommand(ctx, bson.D{{"connectionStatus", 1}}).Decode(&res) | ||
assert.NoError(t, err) | ||
|
||
actualAuth := must.NotFail(ConvertDocument(t, res).Get("authInfo")).(*types.Document) | ||
actualUsers := must.NotFail(actualAuth.Get("authenticatedUsers")).(*types.Array) | ||
|
||
var hasUser bool | ||
for i := 0; i < actualUsers.Len(); i++ { | ||
actualUser := must.NotFail(must.NotFail(actualUsers.Get(i)).(*types.Document).Get("user")) | ||
if actualUser == username { | ||
hasUser = true | ||
break | ||
} | ||
} | ||
|
||
assert.True(t, hasUser, res) | ||
|
||
err = db.RunCommand(ctx, bson.D{{"logout", 1}}).Decode(&res) | ||
assert.NoError(t, err) | ||
|
||
actual := ConvertDocument(t, res) | ||
|
@@ -42,15 +91,22 @@ func TestCommandsAuthenticationLogout(t *testing.T) { | |
expected := ConvertDocument(t, bson.D{{"ok", float64(1)}}) | ||
testutil.AssertEqual(t, expected, actual) | ||
|
||
// the test user logs out again, it has no effect | ||
err = db.RunCommand(ctx, bson.D{{"logout", 1}}).Decode(&res) | ||
err = db.RunCommand(ctx, bson.D{{"connectionStatus", 1}}).Decode(&res) | ||
assert.NoError(t, err) | ||
|
||
actual = ConvertDocument(t, res) | ||
actual.Remove("$clusterTime") | ||
actual.Remove("operationTime") | ||
actualAuth = must.NotFail(ConvertDocument(t, res).Get("authInfo")).(*types.Document) | ||
actualUsers = must.NotFail(actualAuth.Get("authenticatedUsers")).(*types.Array) | ||
|
||
testutil.AssertEqual(t, expected, actual) | ||
for i := 0; i < actualUsers.Len(); i++ { | ||
actualUser := must.NotFail(must.NotFail(actualUsers.Get(i)).(*types.Document).Get("user")) | ||
if actualUser == username { | ||
assert.Fail(t, "user is still authenticated", res) | ||
} | ||
} | ||
|
||
// the test user logs out again, it has no effect | ||
err = db.RunCommand(ctx, bson.D{{"logout", 1}}).Err() | ||
assert.NoError(t, err) | ||
} | ||
|
||
func TestCommandsAuthenticationLogoutTLS(t *testing.T) { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For run-secured to work, what other better thing can I do?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That target was supposed to be for the "old" authentication that does not need credentials in the PostgreSQL URI. Why are they needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's because postgres started on port 5433 is created from
postgres_secured
docker https://github.com/FerretDB/FerretDB/blob/main/docker-compose.yml#L28.Unlike
postgres
docker which hasPOSTGRES_HOST_AUTH_METHOD=trust
,postgres_secured
doesn't havetrust
so username/password is required to connect to it.