From db3d6c3baa6388bab7490f8918f12e3b49928c7f Mon Sep 17 00:00:00 2001
From: Lev Kokotov <lev.kokotov@gmail.com>
Date: Thu, 30 Mar 2023 13:18:26 -0700
Subject: [PATCH] Some tests

---
 tests/ruby/auth_spec.rb             | 39 +++++++++++++++++++++++++++++
 tests/ruby/helpers/pgcat_helper.rb  | 18 ++++++++++---
 tests/ruby/helpers/pgcat_process.rb |  7 ++++--
 3 files changed, 58 insertions(+), 6 deletions(-)
 create mode 100644 tests/ruby/auth_spec.rb

diff --git a/tests/ruby/auth_spec.rb b/tests/ruby/auth_spec.rb
new file mode 100644
index 0000000..acf458b
--- /dev/null
+++ b/tests/ruby/auth_spec.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+
+
+describe "Authentication" do
+  describe "multiple secrets configured" do
+    let(:secrets) { ["one_secret", "two_secret"] }
+    let(:processes) { Helpers::Pgcat.three_shard_setup("sharded_db", 5, pool_mode="transaction", lb_mode="random", log_level="info", secrets=["one_secret", "two_secret"]) }
+
+    after do
+      processes.all_databases.map(&:reset)
+      processes.pgcat.shutdown
+    end
+
+    it "can connect using all secrets and postgres password" do
+      secrets.push("sharding_user").each do |secret|
+        conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user", password=secret))
+        conn.exec("SELECT current_user")
+      end
+    end
+  end
+
+  describe "no secrets configured" do
+    let(:secrets) { [] }
+    let(:processes) { Helpers::Pgcat.three_shard_setup("sharded_db", 5, pool_mode="transaction", lb_mode="random", log_level="info") }
+
+    after do
+      processes.all_databases.map(&:reset)
+      processes.pgcat.shutdown
+    end
+
+    it "can connect using only the password" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      conn.exec("SELECT current_user")
+
+      expect { PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user", password="secret_one")) }.to raise_error PG::ConnectionBad
+    end
+  end
+end
diff --git a/tests/ruby/helpers/pgcat_helper.rb b/tests/ruby/helpers/pgcat_helper.rb
index 13dc668..8395d09 100644
--- a/tests/ruby/helpers/pgcat_helper.rb
+++ b/tests/ruby/helpers/pgcat_helper.rb
@@ -12,14 +12,18 @@ end
 
 module Helpers
   module Pgcat
-    def self.three_shard_setup(pool_name, pool_size, pool_mode="transaction", lb_mode="random", log_level="info")
+    def self.three_shard_setup(pool_name, pool_size, pool_mode="transaction", lb_mode="random", log_level="info", secrets=nil)
       user = {
         "password" => "sharding_user",
         "pool_size" => pool_size,
         "statement_timeout" => 0,
-        "username" => "sharding_user"
+        "username" => "sharding_user",
       }
 
+      if !secrets.nil?
+        user["secrets"] = secrets
+      end
+
       pgcat    = PgcatProcess.new(log_level)
       primary0 = PgInstance.new(5432, user["username"], user["password"], "shard0")
       primary1 = PgInstance.new(7432, user["username"], user["password"], "shard1")
@@ -27,7 +31,7 @@ module Helpers
 
       pgcat_cfg = pgcat.current_config
       pgcat_cfg["pools"] = {
-        "#{pool_name}" => {
+        "#{pool_name}" =>  {
           "default_role" => "any",
           "pool_mode" => pool_mode,
           "load_balancing_mode" => lb_mode,
@@ -41,8 +45,14 @@ module Helpers
             "2" => { "database" => "shard2", "servers" => [["localhost", primary2.port.to_s, "primary"]] },
           },
           "users" => { "0" => user }
-        }
+        },
       }
+
+      if !secrets.nil?
+        pgcat_cfg["general"]["tls_certificate"] = "../../.circleci/server.cert"
+        pgcat_cfg["general"]["tls_private_key"] = "../../.circleci/server.key"
+      end
+
       pgcat.update_config(pgcat_cfg)
 
       pgcat.start
diff --git a/tests/ruby/helpers/pgcat_process.rb b/tests/ruby/helpers/pgcat_process.rb
index e1dbea8..5489bc9 100644
--- a/tests/ruby/helpers/pgcat_process.rb
+++ b/tests/ruby/helpers/pgcat_process.rb
@@ -112,10 +112,13 @@ class PgcatProcess
     "postgresql://#{username}:#{password}@0.0.0.0:#{@port}/pgcat"
   end
 
-  def connection_string(pool_name, username, password = nil)
+  def connection_string(pool_name, username, password=nil)
     cfg = current_config
     user_idx, user_obj = cfg["pools"][pool_name]["users"].detect { |k, user| user["username"] == username }
-    "postgresql://#{username}:#{password || user_obj["password"]}@0.0.0.0:#{@port}/#{pool_name}"
+
+    password = if password.nil? then user_obj["password"] else password end
+
+    "postgresql://#{username}:#{password}@0.0.0.0:#{@port}/#{pool_name}"
   end
 
   def example_connection_string