test: add tests for different auth methods (scram-sha-256, password, md5)

Author: laraujo7

.gitignore

@@ -41,3 +41,5 @@ priv/native/*
 /.pre-commit-config.yaml
 *.coverdata
 /tmp
+
+.devenv/

config/test.exs

@@ -41,6 +41,32 @@ config :supavisor, Supavisor.Repo,
   pool_size: 10,
   port: 6432
 
+config :supavisor, :test_auth_profiles,
+  "scram-sha-256":
+    {[
+       hostname: "localhost",
+       port: 6432,
+       database: "postgres",
+       username: "postgres",
+       password: "postgres"
+     ], Supavisor.Repo},
+  md5:
+    {[
+       hostname: "localhost",
+       port: 6433,
+       database: "postgres",
+       username: "postgres",
+       password: "postgres"
+     ], Supavisor.MD5Repo},
+  password:
+    {[
+       hostname: "localhost",
+       port: 6434,
+       database: "postgres",
+       username: "postgres",
+       password: "postgres"
+     ], Supavisor.PasswordRepo}
+
 # We don't run a server during test. If one is required,
 # you can enable the server option below.
 config :supavisor, SupavisorWeb.Endpoint,

docker-compose.db.yml

@@ -8,15 +8,35 @@ services:
       - "6432:5432"
     volumes:
       - ./dev/postgres:/docker-entrypoint-initdb.d/
-      # Uncomment to set MD5 authentication method on uninitialized databases
-      # - ./dev/postgres/md5/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
-      # Uncomment to set password authentication method on uninitialized databases
-      # - ./dev/postgres/password/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
     command: postgres -c config_file=/etc/postgresql/postgresql.conf -c max_prepared_transactions=2000
     environment:
       POSTGRES_HOST: /var/run/postgresql
       POSTGRES_PASSWORD: postgres
-      # Uncomment to set MD5 authentication method on uninitialized databases
-      # POSTGRES_INITDB_ARGS: --auth-host=md5
-      # Uncomment to set password authentication method on uninitialized databases
-      # POSTGRES_INITDB_ARGS: --auth-host=password
+
+  db_md5:
+    image: supabase/postgres:14.1.0.106
+    container_name: supavisor-db-md5
+    ports:
+      - "6433:5432"
+    volumes:
+      - ./dev/postgres:/docker-entrypoint-initdb.d/
+      - ./dev/postgres/md5/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
+    command: postgres -c config_file=/etc/postgresql/postgresql.conf -c max_prepared_transactions=2000
+    environment:
+      POSTGRES_HOST: /var/run/postgresql
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-host=md5
+
+  db_password:
+    image: supabase/postgres:14.1.0.106
+    container_name: supavisor-db-password
+    ports:
+      - "6434:5432"
+    volumes:
+      - ./dev/postgres:/docker-entrypoint-initdb.d/
+      - ./dev/postgres/password/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
+    command: postgres -c config_file=/etc/postgresql/postgresql.conf -c max_prepared_transactions=2000
+    environment:
+      POSTGRES_HOST: /var/run/postgresql
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-host=password

lib/supavisor/client_handler.ex

@@ -741,7 +741,8 @@ defmodule Supavisor.ClientHandler do
             tag: :password_message,
             payload: {:md5, client_md5}
           }, _} <- receive_next(socket, "Timeout while waiting for the md5 exchange"),
-         {:ok, key} <- authenticate_exchange(method, client_md5, secrets.().secret, salt) do
+         {:ok, key} <-
+           authenticate_exchange(method, client_md5, secrets.().secret, salt) do
       {:ok, key}
     else
       {:error, message} -> {:error, message}

priv/repo/seeds_after_migration.exs

@@ -2,41 +2,46 @@ alias Supavisor.Tenants
 alias Supavisor.Repo
 import Ecto.Adapters.SQL, only: [query: 3]
 
-db_conf = Application.get_env(:supavisor, Repo)
+auth_profiles_conf = Application.get_env(:supavisor, :test_auth_profiles)
 
 tenant_name = "dev_tenant"
 
 if Tenants.get_tenant_by_external_id(tenant_name) do
   Tenants.delete_tenant_by_external_id(tenant_name)
 end
 
-if !Tenants.get_tenant_by_external_id("is_manager") do
-  {:ok, _} =
-    %{
-      db_host: db_conf[:hostname],
-      db_port: db_conf[:port],
-      db_database: db_conf[:database],
-      default_parameter_status: %{},
-      external_id: "is_manager",
-      require_user: false,
-      auth_query: "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1;",
-      users: [
-        %{
-          "db_user" => db_conf[:username],
-          "db_password" => db_conf[:password],
-          "pool_size" => 2,
-          "mode_type" => "transaction",
-          "is_manager" => true,
-          "pool_checkout_timeout" => 1000
-        }
-      ]
-    }
-    |> Tenants.create_tenant()
-end
+auth_profiles_conf
+|> Enum.each(fn {key, {db_conf, _repo}} ->
+  if !Tenants.get_tenant_by_external_id("is_manager_#{key}") do
+    {:ok, _} =
+      %{
+        db_host: db_conf[:hostname],
+        db_port: db_conf[:port],
+        db_database: db_conf[:database],
+        default_parameter_status: %{},
+        external_id: "is_manager_#{key}",
+        require_user: false,
+        auth_query: "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1;",
+        users: [
+          %{
+            "db_user" => db_conf[:username],
+            "db_password" => db_conf[:password],
+            "pool_size" => 2,
+            "mode_type" => "transaction",
+            "is_manager" => true,
+            "pool_checkout_timeout" => 1000
+          }
+        ]
+      }
+      |> Tenants.create_tenant()
+  end
+end)
 
 ["proxy_tenant1", "syn_tenant", "prom_tenant", "max_pool_tenant", "metrics_tenant"]
 |> Enum.each(fn tenant ->
   if !Tenants.get_tenant_by_external_id(tenant) do
+    {db_conf, _repo} = auth_profiles_conf[:"scram-sha-256"]
+
     {:ok, _} =
       %{
         db_host: db_conf[:hostname],

test/supavisor/monitoring/tenant_test.exs

@@ -35,37 +35,39 @@ defmodule Supavisor.PromEx.Plugins.TenantTest do
     end
   end
 
-  describe "execute_client_connections_lifetime" do
-    setup ctx do
-      create_instance([__MODULE__, ctx.line])
-    end
+  for {key, {auth_config, repo}} <- list_authentication_configs() do
+    describe "execute_client_connections_lifetime when authentication method is #{key}" do
+      setup ctx do
+        create_instance([__MODULE__, ctx.line, unquote(key)], unquote(auth_config), unquote(repo))
+      end
 
-    test "emits event for active client connections", ctx do
-      start_supervised!(
-        {SingleConnection,
-         hostname: "localhost",
-         port: Application.fetch_env!(:supavisor, :proxy_port_transaction),
-         database: ctx.db,
-         username: ctx.user,
-         password: "postgres"}
-      )
-
-      ref = attach_handler([:supavisor, :client, :connection, :lifetime])
-      assert :ok = Tenant.execute_client_connections_lifetime()
-
-      assert_receive {^ref, {[:supavisor, :client, :connection, :lifetime], measurement, meta}}
-
-      assert %{lifetime: lifetime} = measurement
-      assert lifetime >= 0
-
-      assert meta == %{
-               tenant: ctx.db,
-               user: String.split(ctx.user, ".") |> List.first(),
-               mode: :transaction,
-               type: :single,
-               db_name: ctx.db,
-               search_path: nil
-             }
+      test "emits event for active client connections", ctx do
+        start_supervised!(
+          {SingleConnection,
+           hostname: "localhost",
+           port: Application.fetch_env!(:supavisor, :proxy_port_transaction),
+           database: ctx.db,
+           username: ctx.user,
+           password: "postgres"}
+        )
+
+        ref = attach_handler([:supavisor, :client, :connection, :lifetime])
+        assert :ok = Tenant.execute_client_connections_lifetime()
+
+        assert_receive {^ref, {[:supavisor, :client, :connection, :lifetime], measurement, meta}}
+
+        assert %{lifetime: lifetime} = measurement
+        assert lifetime >= 0
+
+        assert meta == %{
+                 tenant: ctx.db,
+                 user: String.split(ctx.user, ".") |> List.first(),
+                 mode: :transaction,
+                 type: :single,
+                 db_name: ctx.db,
+                 search_path: nil
+               }
+      end
     end
   end
 

test/support/e2e_case.ex

@@ -27,23 +27,29 @@ defmodule Supavisor.E2ECase do
     Ecto.Adapters.SQL.Sandbox.unboxed_run(@repo, fun)
   end
 
-  def create_instance(external_id) do
+  def create_instance(external_id, config \\ %{port: 6432, hostname: "localhost"}, repo \\ @repo)
+
+  def create_instance(external_id, config, repo) when is_list(config) do
+    create_instance(external_id, Map.new(config), repo)
+  end
+
+  def create_instance(external_id, config, repo) do
     external_id =
       external_id
       |> List.wrap()
       |> Enum.map_join("_", &String.replace(to_string(&1), ~r/\W/, "_"))
       |> String.downcase()
 
     unboxed(fn ->
-      assert {:ok, _} = @repo.query("DROP DATABASE IF EXISTS #{external_id}")
-      assert {:ok, _} = @repo.query("CREATE DATABASE #{external_id}")
+      assert {:ok, _} = repo.query("DROP DATABASE IF EXISTS #{external_id}")
+      assert {:ok, _} = repo.query("CREATE DATABASE #{external_id}")
     end)
 
     assert {:ok, tenant} =
              Supavisor.Tenants.create_tenant(%{
                default_parameter_status: %{},
-               db_host: "localhost",
-               db_port: 6432,
+               db_host: config[:hostname],
+               db_port: config[:port],
                db_database: external_id,
                auth_query: "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1;",
                external_id: external_id,
@@ -63,10 +69,22 @@ defmodule Supavisor.E2ECase do
       _ = Supavisor.stop({{:single, external_id}, "postgres", :transaction, external_id, nil})
 
       unboxed(fn ->
-        assert {:ok, _} = @repo.query("DROP DATABASE #{external_id}")
+        assert {:ok, _} = repo.query("DROP DATABASE #{external_id}")
       end)
     end)
 
-    {:ok, %{user: "postgres.#{external_id}", db: tenant.db_database, external_id: external_id}}
+    {:ok,
+     %{
+       user: "postgres.#{external_id}",
+       db: tenant.db_database,
+       external_id: external_id,
+       auth_config: config
+     }}
+  end
+
+  def list_authentication_configs do
+    :supavisor
+    |> Application.get_env(:test_auth_profiles)
+    |> Macro.escape()
   end
 end

test/support/fixtures/repos/md5_repo.ex

@@ -0,0 +1,5 @@
+defmodule Supavisor.MD5Repo do
+  use Ecto.Repo,
+    otp_app: :supavisor,
+    adapter: Ecto.Adapters.Postgres
+end

test/support/fixtures/repos/password_repo.ex

@@ -0,0 +1,5 @@
+defmodule Supavisor.PasswordRepo do
+  use Ecto.Repo,
+    otp_app: :supavisor,
+    adapter: Ecto.Adapters.Postgres
+end

test/test_helper.exs

@@ -2,6 +2,12 @@
 
 Cachex.start_link(name: Supavisor.Cache)
 
+auth_profiles_conf = Application.get_env(:supavisor, :test_auth_profiles)
+
+Supavisor.PasswordRepo.start_link(elem(auth_profiles_conf[:password], 0))
+
+Supavisor.MD5Repo.start_link(elem(auth_profiles_conf[:md5], 0))
+
 logs =
   case System.get_env("TEST_LOGS", "all") do
     level when level in ~w[all true] ->