Create user in envtool for PostgreSQL

Taskfile.yml

@@ -419,7 +419,7 @@ tasks:
         --proxy-addr=127.0.0.1:47017
         --mode=diff-normal
         --handler=pg
-        --postgresql-url='postgres://127.0.0.1:5433/ferretdb?search_path='
+        --postgresql-url='postgres://username:password@127.0.0.1:5433/ferretdb?search_path='
         --test-records-dir=tmp/records
 
   run-proxy:

cmd/envtool/envtool.go

@@ -40,6 +40,9 @@
 	"github.com/FerretDB/FerretDB/build/version"
 	mysqlpool "github.com/FerretDB/FerretDB/internal/backends/mysql/metadata/pool"
 	"github.com/FerretDB/FerretDB/internal/backends/postgresql/metadata/pool"
+	"github.com/FerretDB/FerretDB/internal/clientconn"
+	"github.com/FerretDB/FerretDB/internal/clientconn/connmetrics"
+	"github.com/FerretDB/FerretDB/internal/handler/registry"
 	"github.com/FerretDB/FerretDB/internal/util/ctxutil"
 	"github.com/FerretDB/FerretDB/internal/util/debug"
 	"github.com/FerretDB/FerretDB/internal/util/lazyerrors"
@@ -132,7 +135,7 @@
 		return ctx.Err()
 	}
 
-	return nil
+	return setupUser(ctx, logger, uint16(port))
 }
 
 // setupPostgres configures `postgres` container.
@@ -219,6 +222,118 @@
 	return ctx.Err()
 }
 
+// setupUser creates a user in admin database with supported mechanisms.
+// The user uses username/password credential which is the same as the PostgreSQL
+// credentials.
+//
+// Without this, once the first user is created, the authentication fails
+// as username/password does not exist in admin.system.users collection.
+func setupUser(ctx context.Context, logger *zap.SugaredLogger, postgreSQLPort uint16) error {
+	if err := waitForPort(ctx, logger.Named("postgreSQL"), postgreSQLPort); err != nil {
+		return err
+	}
+
+	sp, err := state.NewProvider("")
+	if err != nil {
+		return err
+	}
+
+	postgreSQlURL := fmt.Sprintf("postgres://username:password@localhost:%d/ferretdb", postgreSQLPort)
+	listenerMetrics := connmetrics.NewListenerMetrics()
+	handlerOpts := &registry.NewHandlerOpts{
+		Logger:        logger.Desugar(),
+		ConnMetrics:   listenerMetrics.ConnMetrics,
+		StateProvider: sp,
+		PostgreSQLURL: postgreSQlURL,
+		TestOpts: registry.TestOpts{
+			CappedCleanupPercentage: 20,
+			EnableNewAuth:           true,
+		},
+	}
+
+	h, closeBackend, err := registry.NewHandler("postgresql", handlerOpts)
+	if err != nil {
+		return err
+	}
+
+	defer closeBackend()
+
+	listenerOpts := clientconn.NewListenerOpts{
+		Mode:    clientconn.NormalMode,
+		Metrics: listenerMetrics,
+		Handler: h,
+		Logger:  logger.Desugar(),
+		TCP:     "127.0.0.1:0",
+	}
+
+	l := clientconn.NewListener(&listenerOpts)
+
+	runErr := make(chan error)
+
+	go func() {
+		if err := l.Run(ctx); err != nil && !errors.Is(err, context.Canceled) && !errors.Is(err, context.DeadlineExceeded) {
+			runErr <- err
+
+			return
+		}
+	}()
+
+	defer close(runErr)
+
+	select {
+	case err := <-runErr:
+		if err != nil {
+			return err
+		}
+	case <-time.After(time.Millisecond):
+	}
+
+	port := l.TCPAddr().(*net.TCPAddr).Port
+
+	var retry int64
+
+	eval := `'
+	if (db.getSiblingDB("admin").getUser("username") == null){
+		db.getSiblingDB("admin").createUser(
+			{user: "username", pwd: "password", roles: [], mechanisms: ["SCRAM-SHA-1","SCRAM-SHA-256","PLAIN"]}
+		)
+	}
+'`
+	args := []string{
+		"compose",
+		"exec",
+		"-T",
+		"mongodb",
+		"mongosh",
+		"--host=host.docker.internal",
+		fmt.Sprintf("--port=%d", port),
+		"--eval",
+		eval,
+	}
+
+	var buf bytes.Buffer
+
+	for ctx.Err() == nil {
+		buf.Reset()
+
+		err = runCommand("docker", args, &buf, logger)
+		if err == nil {
+			break
+		}
+
+		logger.Infof("%s:\n%s", err, buf.String())
+
+		retry++
+		ctxutil.SleepWithJitter(ctx, time.Second, retry)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	return ctx.Err()
+}
+
 // setupMongodbSecured configures `mongodb_secured` container.
 func setupMongodbSecured(ctx context.Context, logger *zap.SugaredLogger) error {
 	if err := waitForPort(ctx, logger.Named("mongodb_secured"), 47018); err != nil {

cmd/envtool/envtool_test.go

@@ -16,8 +16,10 @@ package main
 
 import (
 	"bytes"
+	"context"
 	"os"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -92,3 +94,26 @@ func TestPackageVersion(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "1.0.0", output.String())
 }
+
+func TestSetupUser(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping in -short mode")
+	}
+
+	t.Parallel()
+
+	ctx, cancel := context.WithTimeout(testutil.Ctx(t), 5*time.Second)
+	t.Cleanup(cancel)
+
+	l := testutil.Logger(t).Sugar()
+
+	err := setupUser(ctx, l, 5432)
+	require.NoError(t, err)
+
+	// if the user already exists, it should not fail
+	err = setupUser(ctx, l, 5432)
+	require.NoError(t, err)
+
+	err = setupUser(ctx, l, 5433)
+	require.NoError(t, err)
+}