test: add tests for different auth methods (scram-sha-256, password, md5)

Author: laraujo7

.gitignore

@@ -41,3 +41,5 @@ priv/native/*
 /.pre-commit-config.yaml
 *.coverdata
 /tmp
+
+.devenv/

config/test.exs

@@ -41,6 +41,29 @@ config :supavisor, Supavisor.Repo,
   pool_size: 10,
   port: 6432
 
+config :supavisor, :test_auth_profiles,
+  "scram-sha-256": %{
+    hostname: "localhost",
+    port: 6432,
+    database: "supavisor_test",
+    username: "postgres",
+    password: "postgres"
+  },
+  # md5: %{
+  #   hostname: "localhost",
+  #   port: 6433,
+  #   database: "supavisor_test",
+  #   username: "postgres",
+  #   password: "postgres"
+  # },
+  password: %{
+    hostname: "localhost",
+    port: 6434,
+    database: "supavisor_test",
+    username: "postgres",
+    password: "postgres"
+  }
+
 # We don't run a server during test. If one is required,
 # you can enable the server option below.
 config :supavisor, SupavisorWeb.Endpoint,

docker-compose.db.yml

@@ -8,15 +8,35 @@ services:
       - "6432:5432"
     volumes:
       - ./dev/postgres:/docker-entrypoint-initdb.d/
-      # Uncomment to set MD5 authentication method on uninitialized databases
-      # - ./dev/postgres/md5/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
-      # Uncomment to set password authentication method on uninitialized databases
-      # - ./dev/postgres/password/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
     command: postgres -c config_file=/etc/postgresql/postgresql.conf -c max_prepared_transactions=2000
     environment:
       POSTGRES_HOST: /var/run/postgresql
       POSTGRES_PASSWORD: postgres
-      # Uncomment to set MD5 authentication method on uninitialized databases
-      # POSTGRES_INITDB_ARGS: --auth-host=md5
-      # Uncomment to set password authentication method on uninitialized databases
-      # POSTGRES_INITDB_ARGS: --auth-host=password
+
+  db_md5:
+    image: supabase/postgres:14.1.0.106
+    container_name: supavisor-db-md5
+    ports:
+      - "6433:5432"
+    volumes:
+      - ./dev/postgres:/docker-entrypoint-initdb.d/
+      - ./dev/postgres/md5/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
+    command: postgres -c config_file=/etc/postgresql/postgresql.conf -c max_prepared_transactions=2000
+    environment:
+      POSTGRES_HOST: /var/run/postgresql
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-host=md5
+
+  db_password:
+    image: supabase/postgres:14.1.0.106
+    container_name: supavisor-db-password
+    ports:
+      - "6434:5432"
+    volumes:
+      - ./dev/postgres:/docker-entrypoint-initdb.d/
+      - ./dev/postgres/password/etc/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf
+    command: postgres -c config_file=/etc/postgresql/postgresql.conf -c max_prepared_transactions=2000
+    environment:
+      POSTGRES_HOST: /var/run/postgresql
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-host=password

priv/repo/seeds_after_migration.exs

@@ -2,41 +2,46 @@ alias Supavisor.Tenants
 alias Supavisor.Repo
 import Ecto.Adapters.SQL, only: [query: 3]
 
-db_conf = Application.get_env(:supavisor, Repo)
+auth_profiles_conf = Application.get_env(:supavisor, :test_auth_profiles)
 
 tenant_name = "dev_tenant"
 
 if Tenants.get_tenant_by_external_id(tenant_name) do
   Tenants.delete_tenant_by_external_id(tenant_name)
 end
 
-if !Tenants.get_tenant_by_external_id("is_manager") do
-  {:ok, _} =
-    %{
-      db_host: db_conf[:hostname],
-      db_port: db_conf[:port],
-      db_database: db_conf[:database],
-      default_parameter_status: %{},
-      external_id: "is_manager",
-      require_user: false,
-      auth_query: "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1;",
-      users: [
-        %{
-          "db_user" => db_conf[:username],
-          "db_password" => db_conf[:password],
-          "pool_size" => 2,
-          "mode_type" => "transaction",
-          "is_manager" => true,
-          "pool_checkout_timeout" => 1000
-        }
-      ]
-    }
-    |> Tenants.create_tenant()
-end
+auth_profiles_conf
+|> Enum.each(fn {key, db_conf} ->
+  if !Tenants.get_tenant_by_external_id("is_manager_#{key}") do
+    {:ok, _} =
+      %{
+        db_host: db_conf[:hostname],
+        db_port: db_conf[:port],
+        db_database: db_conf[:database],
+        default_parameter_status: %{},
+        external_id: "is_manager_#{key}",
+        require_user: false,
+        auth_query: "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1;",
+        users: [
+          %{
+            "db_user" => db_conf[:username],
+            "db_password" => db_conf[:password],
+            "pool_size" => 2,
+            "mode_type" => "transaction",
+            "is_manager" => true,
+            "pool_checkout_timeout" => 1000
+          }
+        ]
+      }
+      |> Tenants.create_tenant()
+  end
+end)
 
 ["proxy_tenant1", "syn_tenant", "prom_tenant", "max_pool_tenant", "metrics_tenant"]
 |> Enum.each(fn tenant ->
   if !Tenants.get_tenant_by_external_id(tenant) do
+    db_conf = auth_profiles_conf[:"scram-sha-256"]
+
     {:ok, _} =
       %{
         db_host: db_conf[:hostname],

test/supavisor/monitoring/tenant_test.exs

@@ -35,37 +35,39 @@ defmodule Supavisor.PromEx.Plugins.TenantTest do
     end
   end
 
-  describe "execute_client_connections_lifetime" do
-    setup ctx do
-      create_instance([__MODULE__, ctx.line])
-    end
+  for {key, auth_config} <- list_authentication_configs() do
+    describe "execute_client_connections_lifetime when authentication method is #{key}" do
+      setup ctx do
+        create_instance([__MODULE__, ctx.line], unquote(auth_config))
+      end
 
-    test "emits event for active client connections", ctx do
-      start_supervised!(
-        {SingleConnection,
-         hostname: "localhost",
-         port: Application.fetch_env!(:supavisor, :proxy_port_transaction),
-         database: ctx.db,
-         username: ctx.user,
-         password: "postgres"}
-      )
-
-      ref = attach_handler([:supavisor, :client, :connection, :lifetime])
-      assert :ok = Tenant.execute_client_connections_lifetime()
-
-      assert_receive {^ref, {[:supavisor, :client, :connection, :lifetime], measurement, meta}}
-
-      assert %{lifetime: lifetime} = measurement
-      assert lifetime >= 0
-
-      assert meta == %{
-               tenant: ctx.db,
-               user: String.split(ctx.user, ".") |> List.first(),
-               mode: :transaction,
-               type: :single,
-               db_name: ctx.db,
-               search_path: nil
-             }
+      test "emits event for active client connections", ctx do
+        start_supervised!(
+          {SingleConnection,
+           hostname: "localhost",
+           port: Application.fetch_env!(:supavisor, :proxy_port_transaction),
+           database: ctx.db,
+           username: ctx.user,
+           password: "postgres"}
+        )
+
+        ref = attach_handler([:supavisor, :client, :connection, :lifetime])
+        assert :ok = Tenant.execute_client_connections_lifetime()
+
+        assert_receive {^ref, {[:supavisor, :client, :connection, :lifetime], measurement, meta}}
+
+        assert %{lifetime: lifetime} = measurement
+        assert lifetime >= 0
+
+        assert meta == %{
+                 tenant: ctx.db,
+                 user: String.split(ctx.user, ".") |> List.first(),
+                 mode: :transaction,
+                 type: :single,
+                 db_name: ctx.db,
+                 search_path: nil
+               }
+      end
     end
   end
 

test/support/e2e_case.ex

@@ -27,7 +27,7 @@ defmodule Supavisor.E2ECase do
     Ecto.Adapters.SQL.Sandbox.unboxed_run(@repo, fun)
   end
 
-  def create_instance(external_id) do
+  def create_instance(external_id, config \\ %{port: 6432, hostname: "localhost"}) do
     external_id =
       external_id
       |> List.wrap()
@@ -42,8 +42,8 @@ defmodule Supavisor.E2ECase do
     assert {:ok, tenant} =
              Supavisor.Tenants.create_tenant(%{
                default_parameter_status: %{},
-               db_host: "localhost",
-               db_port: 6432,
+               db_host: config[:hostname],
+               db_port: config[:port],
                db_database: external_id,
                auth_query: "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1;",
                external_id: external_id,
@@ -67,6 +67,18 @@ defmodule Supavisor.E2ECase do
       end)
     end)
 
-    {:ok, %{user: "postgres.#{external_id}", db: tenant.db_database, external_id: external_id}}
+    {:ok,
+     %{
+       user: "postgres.#{external_id}",
+       db: tenant.db_database,
+       external_id: external_id,
+       auth_config: config
+     }}
+  end
+
+  def list_authentication_configs do
+    :supavisor
+    |> Application.get_env(:test_auth_profiles)
+    |> Macro.escape()
   end
 end