rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-05-25 09:00:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for link auth to compute connection

Browse Source
This commit is contained in:
Stas Kelvich
2023-04-28 13:06:54 +03:00
parent 040f736909
commit 9486d76b2a
11 changed files with 88 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
test_runner/fixtures/neon_fixtures.py
View File

@@ -1820,6 +1820,24 @@ class VanillaPostgres(PgProtocol):
self.pg_bin.run_capture(["initdb", "-D", str(pgdatadir)])
self.configure([f"port = {port}\n"])
def enable_tls(self):
assert not self.running
# generate self-signed certificate
subprocess.run(
["openssl", "req", "-new", "-x509", "-days", "365", "-nodes", "-text",
"-out", self.pgdatadir / "server.crt",
"-keyout", self.pgdatadir / "server.key",
"-subj", "/CN=localhost"]
)
# configure postgresql.conf
self.configure(
[
"ssl = on",
"ssl_cert_file = 'server.crt'",
"ssl_key_file = 'server.key'",
]
)
def configure(self, options: List[str]):
"""Append lines into postgresql.conf file."""
assert not self.running
@@ -1992,6 +2010,7 @@ class NeonProxy(PgProtocol):
# Link auth backend params
*["--auth-backend", "link"],
*["--uri", NeonProxy.link_auth_uri],
*["--allow-self-signed-compute", "true"],
]
@dataclass(frozen=True)
@@ -2012,6 +2031,7 @@ class NeonProxy(PgProtocol):
def __init__(
self,
neon_binpath: Path,
test_output_dir: Path,
proxy_port: int,
http_port: int,
mgmt_port: int,
@@ -2025,6 +2045,7 @@ class NeonProxy(PgProtocol):
self.host = host
self.http_port = http_port
self.neon_binpath = neon_binpath
self.test_output_dir = test_output_dir
self.proxy_port = proxy_port
self.mgmt_port = mgmt_port
self.auth_backend = auth_backend
@@ -2051,7 +2072,8 @@ class NeonProxy(PgProtocol):
*["--metric-collection-interval", self.metric_collection_interval],
]
self._popen = subprocess.Popen(args)
logfile = open(self.test_output_dir / "proxy.log", "w")
self._popen = subprocess.Popen(args, stdout=logfile, stderr=logfile)
self._wait_until_ready()
return self
@@ -2119,6 +2141,7 @@ class NeonProxy(PgProtocol):
if create_user:
log.info("creating a new user for link auth test")
local_vanilla_pg.enable_tls()
local_vanilla_pg.start()
local_vanilla_pg.safe_psql(f"create user {pg_user} with login superuser")
@@ -2152,7 +2175,7 @@ class NeonProxy(PgProtocol):
@pytest.fixture(scope="function")
def link_proxy(port_distributor: PortDistributor, neon_binpath: Path) -> Iterator[NeonProxy]:
def link_proxy(port_distributor: PortDistributor, neon_binpath: Path, test_output_dir: Path) -> Iterator[NeonProxy]:
"""Neon proxy that routes through link auth."""
http_port = port_distributor.get_port()
@@ -2161,6 +2184,7 @@ def link_proxy(port_distributor: PortDistributor, neon_binpath: Path) -> Iterato
with NeonProxy(
neon_binpath=neon_binpath,
test_output_dir=test_output_dir,
proxy_port=proxy_port,
http_port=http_port,
mgmt_port=mgmt_port,
@@ -2172,7 +2196,8 @@ def link_proxy(port_distributor: PortDistributor, neon_binpath: Path) -> Iterato
@pytest.fixture(scope="function")
def static_proxy(
vanilla_pg: VanillaPostgres, port_distributor: PortDistributor, neon_binpath: Path
vanilla_pg: VanillaPostgres, port_distributor: PortDistributor, neon_binpath: Path,
test_output_dir: Path
) -> Iterator[NeonProxy]:
"""Neon proxy that routes directly to vanilla postgres."""
@@ -2191,6 +2216,7 @@ def static_proxy(
with NeonProxy(
neon_binpath=neon_binpath,
test_output_dir=test_output_dir,
proxy_port=proxy_port,
http_port=http_port,
mgmt_port=mgmt_port,

4
test_runner/regress/test_metric_collection.py
View File

@@ -201,7 +201,8 @@ def proxy_metrics_handler(request: Request) -> Response:
@pytest.fixture(scope="session")
def proxy_with_metric_collector(
port_distributor: PortDistributor, neon_binpath: Path, httpserver_listen_address
port_distributor: PortDistributor, neon_binpath: Path, httpserver_listen_address,
test_output_dir: Path
) -> Iterator[NeonProxy]:
"""Neon proxy that routes through link auth and has metric collection enabled."""
@@ -215,6 +216,7 @@ def proxy_with_metric_collector(
with NeonProxy(
neon_binpath=neon_binpath,
test_output_dir=test_output_dir,
proxy_port=proxy_port,
http_port=http_port,
mgmt_port=mgmt_port,

10
test_runner/regress/test_sni_router.py
View File

@@ -37,7 +37,6 @@ class PgSniRouter(PgProtocol):
neon_binpath: Path,
port: int,
destination: str,
destination_port: int,
tls_cert: Path,
tls_key: Path,
):
@@ -49,7 +48,6 @@ class PgSniRouter(PgProtocol):
self.neon_binpath = neon_binpath
self.port = port
self.destination = destination
self.destination_port = destination_port
self.tls_cert = tls_cert
self.tls_key = tls_key
self._popen: Optional[subprocess.Popen[bytes]] = None
@@ -62,7 +60,6 @@ class PgSniRouter(PgProtocol):
*["--tls-cert", self.tls_cert],
*["--tls-key", self.tls_key],
*["--destination", self.destination],
*["--destination-port", str(self.destination_port)],
]
self._popen = subprocess.Popen(args)
@@ -110,7 +107,7 @@ def test_pg_sni_router(
):
generate_tls_cert(
"external.test", test_output_dir / "router.crt", test_output_dir / "router.key"
"endpoint.namespace.localtest.me", test_output_dir / "router.crt", test_output_dir / "router.key"
)
# Start a stand-alone Postgres to test with
@@ -122,8 +119,7 @@ def test_pg_sni_router(
with PgSniRouter(
neon_binpath=neon_binpath,
port=router_port,
destination="localhost",
destination_port=pg_port,
destination="localtest.me",
tls_cert=test_output_dir / "router.crt",
tls_key=test_output_dir / "router.key",
) as router:
@@ -133,7 +129,7 @@ def test_pg_sni_router(
"select 1",
dbname="postgres",
sslmode="require",
host="localhost.external.test",
host=f"endpoint--namespace--{pg_port}.localtest.me",
hostaddr="127.0.0.1",
)
assert out[0][0] == 1