formatted

Currently the python tests act as scripts. A lot of output is generated to stdout which makes it very hard to figure out where problems were. Also if you want to run only a single test you basically need to comment out code in order to accomplish this.

This PR modifies the python tests to us the pytest python testing framework. This framework allows individual tests to be targeted via the command line, without touching the source code. It also suppressed stdout by default making the test output much easier to read. Also after the tests run it will provide a summary of what failed, what succeded, etc.


Co-authored-by: CommanderKeynes <andrewjackson947@gmail.coma>
Co-authored-by: Andrew Jackson <andrewjackson2988@gmail.com>

.circleci/run_tests.sh

@@ -26,6 +26,7 @@ PGPASSWORD=sharding_user pgbench -h 127.0.0.1 -U sharding_user shard1 -i
 PGPASSWORD=sharding_user pgbench -h 127.0.0.1 -U sharding_user shard2 -i
 
 # Start Toxiproxy
+kill -9 $(pgrep toxiproxy) || true
 LOG_LEVEL=error toxiproxy-server &
 sleep 1
 
@@ -177,3 +178,6 @@ killall pgcat -s SIGINT
 
 # Allow for graceful shutdown
 sleep 1
+
+kill -9 $(pgrep toxiproxy)
+sleep 1

src/client.rs

@@ -346,6 +346,14 @@ where
         // Client is requesting to cancel a running query (plain text connection).
         CANCEL_REQUEST_CODE => Ok((ClientConnectionType::CancelQuery, bytes)),
 
+        // Client is requesting a GSS encoded connection
+        GSSENC_REQUEST_CODE => {
+            error_response_terminal(stream, "").await?;
+            Err(Error::ProtocolSyncError(
+                "PGCat does not support GSSAPI encoding".into(),
+            ))
+        }
+
         // Something else, probably something is wrong and it's not our fault,
         // e.g. badly implemented Postgres client.
         _ => Err(Error::ProtocolSyncError(format!(

src/constants.rs

@@ -11,6 +11,9 @@ pub const SSL_REQUEST_CODE: i32 = 80877103;
 // CancelRequest: the cancel request code.
 pub const CANCEL_REQUEST_CODE: i32 = 80877102;
 
+// GSSENCRequest: used to indicate we wants GSS connection
+pub const GSSENC_REQUEST_CODE: i32 = 80877104;
+
 // AuthenticationMD5Password
 pub const MD5_ENCRYPTED_PASSWORD: i32 = 5;
 

tests/docker/Dockerfile

@@ -2,7 +2,9 @@ FROM rust:bullseye
 
 COPY --from=sclevine/yj /bin/yj /bin/yj
 RUN /bin/yj -h
-RUN apt-get update && apt-get install llvm-11 psmisc postgresql-contrib postgresql-client ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 -y
+RUN apt-get update && apt-get install llvm-11 psmisc postgresql-contrib postgresql-client ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 gnupg lsb-release -y
+RUN env DEBIAN_FRONTEND=noninteractive apt-get -y install krb5-kdc krb5-admin-server krb5-user
+
 RUN cargo install cargo-binutils rustfilt
 RUN rustup component add llvm-tools-preview
 RUN sudo gem install bundler

tests/python/test_krb.py

@@ -0,0 +1,94 @@
+import signal
+import socket
+import subprocess
+import utils
+
+REALM = 'EXAMPLE.COM'
+SUPPORTED_ENCRYPTION_TYPES = 'aes256-cts-hmac-sha1-96:normal'
+KADMIN_PRINCIPAL = 'root'
+KADMIN_PASSWORD = 'root'
+KDC_KADMIN_SERVER = socket.gethostname()
+
+LOGDIR = 'log'
+PG_LOG = f'{LOGDIR}/krb.log'
+# Assumes packages are installed; krb5-kdc and krb5-admin-server on debian
+KADMIN_PRINCIPAL_FULL = f'{KADMIN_PRINCIPAL}@{REALM}'
+MASTER_PASSWORD = 'master_password'
+
+
+def setup_krb():
+    krb5_conf = f"""
+[libdefaults]
+        default_realm = {REALM}
+        rdns = false
+
+[realms]
+        {REALM} = {{
+                kdc_ports = 88,750
+                kadmind_port = 749
+                kdc = {KDC_KADMIN_SERVER}
+                admin_server = {KDC_KADMIN_SERVER}
+        }}
+    """
+    with open("/etc/krb5.conf", "w") as text_file:
+        text_file.write(krb5_conf)
+
+    kdc_conf = f"""
+[realms]
+        {REALM} = {{
+                acl_file = /etc/krb5kdc/kadm5.acl
+                max_renewable_life = 7d 0h 0m 0s
+                supported_enctypes = {SUPPORTED_ENCRYPTION_TYPES}
+                default_principal_flags = +preauth
+        }}
+    """
+    with open("/etc/krb5kdc/kdc.conf", "w") as text_file:
+        text_file.write(kdc_conf)
+
+    kadm5_acl = f"""
+    {KADMIN_PRINCIPAL_FULL} *
+    """
+    with open("/etc/krb5kdc/kadm5.acl", "w") as text_file:
+        text_file.write(kadm5_acl)
+
+    kerberos_command = f"""
+    krb5_newrealm <<EOF
+    {MASTER_PASSWORD}
+    {MASTER_PASSWORD}
+    EOF
+    """
+    subprocess.run(kerberos_command, check=False, shell=True)
+
+    delete_principal = f'kadmin.local -q "delete_principal -force {KADMIN_PRINCIPAL_FULL}"'
+    subprocess.run(delete_principal, check=True, shell=True)
+
+    create_principal = f'kadmin.local -q "addprinc -pw {KADMIN_PASSWORD} {KADMIN_PRINCIPAL_FULL}"'
+    subprocess.run(create_principal, check=True, shell=True)
+
+    kinit_command = f'echo {KADMIN_PASSWORD} | kinit'
+    subprocess.run(kinit_command, check=True, shell=True)
+
+    utils.pgcat_start()
+
+
+def teardown_krb():
+    subprocess.run('kdestroy', check=True, shell=True)
+
+    delete_principal = f'kadmin.local -q "delete_principal -force {KADMIN_PRINCIPAL_FULL}"'
+    subprocess.run(delete_principal, check=True, shell=True)
+
+    utils.pg_cat_send_signal(signal.SIGINT)
+
+
+def test_krb():
+    setup_krb()
+    # TODO test connect to database
+
+    utils.pgcat_start()
+    conn, cur = utils.connect_db(autocommit=False)
+    cur.execute("SELECT 1")
+    res = cur.fetchall()
+    print(res)
+    utils.cleanup_conn(conn, cur)
+
+    teardown_krb()