luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/plugins/database/mysql/mysql_test.go

493 lines
13 KiB
Go
Raw Normal View History

Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
package mysql
import (
Database gRPC plugins (#3666) * Start work on context aware backends * Start work on moving the database plugins to gRPC in order to pass context * Add context to builtin database plugins * use byte slice instead of string * Context all the things * Move proto messages to the dbplugin package * Add a grpc mechanism for running backend plugins * Serve the GRPC plugin * Add backwards compatibility to the database plugins * Remove backend plugin changes * Remove backend plugin changes * Cleanup the transport implementations * If grpc connection is in an unexpected state restart the plugin * Fix tests * Fix tests * Remove context from the request object, replace it with context.TODO * Add a test to verify netRPC plugins still work * Remove unused mapstructure call * Code review fixes * Code review fixes * Code review fixes
2017-12-14 22:03:11 +00:00
"context"
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
"database/sql"
"strings"
"testing"
"time"
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
stdmysql "github.com/go-sql-driver/mysql"
Factor out mysqlhelper so we can create mysql docker containers in other tests. (#8167)
2020-01-16 22:51:10 +00:00
mysqlhelper "github.com/hashicorp/vault/helper/testhelpers/mysql"
Update to api 1.0.1 and sdk 0.1.8
2019-04-15 18:10:07 +00:00
"github.com/hashicorp/vault/sdk/database/dbplugin"
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests.
2019-04-22 16:26:10 +00:00
"github.com/hashicorp/vault/sdk/database/helper/credsutil"
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
"github.com/hashicorp/vault/sdk/database/helper/dbutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
)
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
var _ dbplugin.Database = (*MySQL)(nil)
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
func TestMySQL_Initialize(t *testing.T) {
Factor out mysqlhelper so we can create mysql docker containers in other tests. (#8167)
2020-01-16 22:51:10 +00:00
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, false, "secret")
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
defer cleanup()
connectionDetails := map[string]interface{}{
"connection_url": connURL,
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
db := new(MetadataLen, MetadataLen, UsernameLen)
_, err := db.Init(context.Background(), connectionDetails, true)
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
if !db.Initialized {
changed misspelled english words (#6432)
2019-03-19 13:32:45 +00:00
t.Fatal("Database should be initialized")
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
}
err = db.Close()
if err != nil {
t.Fatalf("err: %s", err)
}
Use WeakDecode to decode the initialize values (#2871)
2017-06-15 01:59:27 +00:00
// Test decoding a string value for max_open_connections
connectionDetails = map[string]interface{}{
"connection_url": connURL,
"max_open_connections": "5",
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
_, err = db.Init(context.Background(), connectionDetails, true)
Use WeakDecode to decode the initialize values (#2871)
2017-06-15 01:59:27 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
}
func TestMySQL_CreateUser(t *testing.T) {
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
t.Run("missing creation statements", func(t *testing.T) {
db := new(MetadataLen, MetadataLen, UsernameLen)
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
usernameConfig := dbplugin.UsernameConfig{
DisplayName: "test-long-displayname",
RoleName: "test-long-rolename",
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
username, password, err := db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute))
if err == nil {
t.Fatalf("expected err, got nil")
}
if username != "" {
t.Fatalf("expected empty username, got [%s]", username)
}
if password != "" {
t.Fatalf("expected empty password, got [%s]", password)
}
})
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
t.Run("non-legacy", func(t *testing.T) {
// Shared test container for speed - there should not be any overlap between the tests
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, false, "secret")
defer cleanup()
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
connectionDetails := map[string]interface{}{
"connection_url": connURL,
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
db := new(MetadataLen, MetadataLen, UsernameLen)
_, err := db.Init(context.Background(), connectionDetails, true)
if err != nil {
t.Fatalf("err: %s", err)
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
testCreateUser(t, db, connURL)
})
database/mysql: Allow the creation statement to use commands that are… (#3619) * database/mysql: Allow the creation statement to use commands that are not yet supported by the prepare statement protocol * Remove unnecessary else block
2017-11-28 18:19:49 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
t.Run("legacy", func(t *testing.T) {
// Shared test container for speed - there should not be any overlap between the tests
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, true, "secret")
defer cleanup()
database/mysql: Allow the creation statement to use commands that are… (#3619) * database/mysql: Allow the creation statement to use commands that are not yet supported by the prepare statement protocol * Remove unnecessary else block
2017-11-28 18:19:49 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
connectionDetails := map[string]interface{}{
"connection_url": connURL,
}
database/mysql: Allow the creation statement to use commands that are… (#3619) * database/mysql: Allow the creation statement to use commands that are not yet supported by the prepare statement protocol * Remove unnecessary else block
2017-11-28 18:19:49 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
db := new(credsutil.NoneLength, LegacyMetadataLen, LegacyUsernameLen)
_, err := db.Init(context.Background(), connectionDetails, true)
if err != nil {
t.Fatalf("err: %s", err)
}
database/mysql: Allow the creation statement to use commands that are… (#3619) * database/mysql: Allow the creation statement to use commands that are not yet supported by the prepare statement protocol * Remove unnecessary else block
2017-11-28 18:19:49 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
testCreateUser(t, db, connURL)
})
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
}
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
func testCreateUser(t *testing.T, db *MySQL, connURL string) {
type testCase struct {
createStmts []string
}
tests := map[string]testCase{
"create name": {
createStmts: []string{`
CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{name}}'@'%';`,
},
},
"create username": {
createStmts: []string{`
CREATE USER '{{username}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{username}}'@'%';`,
},
},
"prepared statement name": {
createStmts: []string{`
CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
set @grants=CONCAT("GRANT SELECT ON ", "*", ".* TO '{{name}}'@'%'");
PREPARE grantStmt from @grants;
EXECUTE grantStmt;
DEALLOCATE PREPARE grantStmt;
`,
},
},
"prepared statement username": {
createStmts: []string{`
CREATE USER '{{username}}'@'%' IDENTIFIED BY '{{password}}';
set @grants=CONCAT("GRANT SELECT ON ", "*", ".* TO '{{username}}'@'%'");
PREPARE grantStmt from @grants;
EXECUTE grantStmt;
DEALLOCATE PREPARE grantStmt;
`,
},
},
}
for name, test := range tests {
t.Run(name, func(t *testing.T) {
usernameConfig := dbplugin.UsernameConfig{
DisplayName: "test-long-displayname",
RoleName: "test-long-rolename",
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
statements := dbplugin.Statements{
Creation: test.createStmts,
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
username, password, err := db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Minute))
if err != nil {
t.Fatalf("err: %s", err)
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
if err := mysqlhelper.TestCredsExist(t, connURL, username, password); err != nil {
t.Fatalf("Could not connect with new credentials: %s", err)
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// Test a second time to make sure usernames don't collide
username, password, err = db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Minute))
if err != nil {
t.Fatalf("err: %s", err)
}
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
if err := mysqlhelper.TestCredsExist(t, connURL, username, password); err != nil {
t.Fatalf("Could not connect with new credentials: %s", err)
}
})
Fix MySQL legacy username regression (#3141) * Fix the mysql legacy username length * Remove boolean parameter * Add a MySQL 5.6 container to test the legacy MySQL plugin against * Add database plugins to the make file * Fix credsutil test
2017-08-11 01:28:18 +00:00
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
func TestMySQL_RotateRootCredentials(t *testing.T) {
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
type testCase struct {
statements []string
}
tests := map[string]testCase{
"empty statements": {
statements: nil,
},
"default username": {
statements: []string{defaultMySQLRotateCredentialsSQL},
},
"default name": {
statements: []string{`
ALTER USER '{{username}}'@'%' IDENTIFIED BY '{{password}}';`,
},
},
}
for name, test := range tests {
t.Run(name, func(t *testing.T) {
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, false, "secret")
defer cleanup()
connURL = strings.Replace(connURL, "root:secret", `{{username}}:{{password}}`, -1)
connectionDetails := map[string]interface{}{
"connection_url": connURL,
"username": "root",
"password": "secret",
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// Give a timeout just in case the test decides to be problematic
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
db := new(MetadataLen, MetadataLen, UsernameLen)
_, err := db.Init(ctx, connectionDetails, true)
if err != nil {
t.Fatalf("err: %s", err)
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
if !db.Initialized {
t.Fatal("Database should be initialized")
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
newConf, err := db.RotateRootCredentials(ctx, test.statements)
if err != nil {
t.Fatalf("err: %v", err)
}
if newConf["password"] == "secret" {
t.Fatal("password was not updated")
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
err = db.Close()
if err != nil {
t.Fatalf("err: %s", err)
}
})
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
}
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
}
func TestMySQL_RevokeUser(t *testing.T) {
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
type testCase struct {
revokeStmts []string
}
tests := map[string]testCase{
"empty statements": {
revokeStmts: nil,
},
"default name": {
revokeStmts: []string{defaultMysqlRevocationStmts},
},
"default username": {
revokeStmts: []string{`
REVOKE ALL PRIVILEGES, GRANT OPTION FROM '{{username}}'@'%';
DROP USER '{{username}}'@'%'`,
},
},
}
// Shared test container for speed - there should not be any overlap between the tests
Factor out mysqlhelper so we can create mysql docker containers in other tests. (#8167)
2020-01-16 22:51:10 +00:00
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, false, "secret")
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
defer cleanup()
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
Database Root Credential Rotation (#3976) * redoing connection handling * a little more cleanup * empty implementation of rotation * updating rotate signature * signature update * updating interfaces again :( * changing back to interface * adding templated url support and rotation for postgres * adding correct username * return updates * updating statements to be a list * adding error sanitizing middleware * fixing log sanitizier * adding postgres rotate test * removing conf from rotate * adding rotate command * adding mysql rotate * finishing up the endpoint in the db backend for rotate * no more structs, just store raw config * fixing tests * adding db instance lock * adding support for statement list in cassandra * wip redoing interface to support BC * adding falllback for Initialize implementation * adding backwards compat for statements * fix tests * fix more tests * fixing up tests, switching to new fields in statements * fixing more tests * adding mssql and mysql * wrapping all the things in middleware, implementing templating for mongodb * wrapping all db servers with error santizer * fixing test * store the name with the db instance * adding rotate to cassandra * adding compatibility translation to both server and plugin * reordering a few things * store the name with the db instance * reordering * adding a few more tests * switch secret values from slice to map * addressing some feedback * reinstate execute plugin after resetting connection * set database connection to closed * switching secret values func to map[string]interface for potential future uses * addressing feedback
2018-03-21 19:05:56 +00:00
connectionDetails := map[string]interface{}{
"connection_url": connURL,
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// Give a timeout just in case the test decides to be problematic
initCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
Use the role name in the db username (#2812)
2017-06-06 13:49:49 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
db := new(MetadataLen, MetadataLen, UsernameLen)
_, err := db.Init(initCtx, connectionDetails, true)
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
for name, test := range tests {
t.Run(name, func(t *testing.T) {
statements := dbplugin.Statements{
Creation: []string{`
CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{name}}'@'%';`,
},
Revocation: test.revokeStmts,
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
usernameConfig := dbplugin.UsernameConfig{
DisplayName: "test",
RoleName: "test",
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// Give a timeout just in case the test decides to be problematic
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
username, password, err := db.CreateUser(ctx, statements, usernameConfig, time.Now().Add(time.Minute))
if err != nil {
t.Fatalf("err: %s", err)
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
if err := mysqlhelper.TestCredsExist(t, connURL, username, password); err != nil {
t.Fatalf("Could not connect with new credentials: %s", err)
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
err = db.RevokeUser(context.Background(), statements, username)
if err != nil {
t.Fatalf("err: %s", err)
}
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
if err := mysqlhelper.TestCredsExist(t, connURL, username, password); err == nil {
t.Fatal("Credentials were not revoked")
}
})
Move plugins into main vault repo
2017-04-13 20:48:32 +00:00
}
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
func TestMySQL_SetCredentials(t *testing.T) {
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
type testCase struct {
rotateStmts []string
}
tests := map[string]testCase{
"empty statements": {
rotateStmts: nil,
},
"custom statement name": {
rotateStmts: []string{`
ALTER USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';`},
},
"custom statement username": {
rotateStmts: []string{`
ALTER USER '{{username}}'@'%' IDENTIFIED BY '{{password}}';`},
},
}
for name, test := range tests {
t.Run(name, func(t *testing.T) {
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, false, "secret")
defer cleanup()
// create the database user and verify we can access
dbUser := "vaultstatictest"
initPassword := "password"
createStatements := `
CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{name}}'@'%';`
createTestMySQLUser(t, connURL, dbUser, initPassword, createStatements)
if err := mysqlhelper.TestCredsExist(t, connURL, dbUser, "password"); err != nil {
t.Fatalf("Could not connect with credentials: %s", err)
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
connectionDetails := map[string]interface{}{
"connection_url": connURL,
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// Give a timeout just in case the test decides to be problematic
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
db := new(MetadataLen, MetadataLen, UsernameLen)
_, err := db.Init(ctx, connectionDetails, true)
if err != nil {
t.Fatalf("err: %s", err)
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
newPassword, err := db.GenerateCredentials(ctx)
if err != nil {
t.Fatalf("unable to generate password: %s", err)
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
userConfig := dbplugin.StaticUserConfig{
Username: dbUser,
Password: newPassword,
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
statements := dbplugin.Statements{
Rotation: test.rotateStmts,
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
username, password, err := db.SetCredentials(ctx, statements, userConfig)
if err != nil {
t.Fatalf("err: %s", err)
}
if username != userConfig.Username {
t.Fatalf("expected username [%s], got [%s]", userConfig.Username, username)
}
if password != userConfig.Password {
t.Fatalf("expected password [%s] got [%s]", userConfig.Password, password)
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// verify new password works
if err := mysqlhelper.TestCredsExist(t, connURL, dbUser, newPassword); err != nil {
t.Fatalf("Could not connect with new credentials: %s", err)
}
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
plugins/database: Allow both {{name}} and {{username}} in MySQL & Postgres (#8240) * Allow {{name}} or {{username}} in psql templates * Fix default rotation bug; allow {{user}} and {{username}}
2020-02-03 20:57:28 +00:00
// verify old password doesn't work
if err := mysqlhelper.TestCredsExist(t, connURL, dbUser, initPassword); err == nil {
t.Fatalf("Should not be able to connect with initial credentials")
}
})
Fix MySQL Plugin password special character escape bug (#8040) * Fix MySQL password escape bug * Add test * Add debug output * Add debug line * Added debug output * Debug * Debug * Update vendor * Remove debug comments
2020-01-07 15:51:49 +00:00
}
}
func TestMySQL_Initialize_ReservedChars(t *testing.T) {
pw := "#secret!%25#{@}"
Factor out mysqlhelper so we can create mysql docker containers in other tests. (#8167)
2020-01-16 22:51:10 +00:00
cleanup, connURL := mysqlhelper.PrepareMySQLTestContainer(t, false, pw)
Fix MySQL Plugin password special character escape bug (#8040) * Fix MySQL password escape bug * Add test * Add debug output * Add debug line * Added debug output * Debug * Debug * Update vendor * Remove debug comments
2020-01-07 15:51:49 +00:00
defer cleanup()
// Revert password set to test replacement by db.Init
connURL = strings.ReplaceAll(connURL, pw, "{{password}}")
connectionDetails := map[string]interface{}{
"connection_url": connURL,
"password": pw,
}
db := new(MetadataLen, MetadataLen, UsernameLen)
_, err := db.Init(context.Background(), connectionDetails, true)
if err != nil {
t.Fatalf("err: %s", err)
}
if !db.Initialized {
t.Fatal("Database should be initialized")
}
err = db.Close()
if err != nil {
t.Fatalf("err: %s", err)
Combined Database backend: Add Static Account support to MySQL (#6970) * temp support for mysql+static accounts * remove create/update database user for static accounts * update tests after create/delete removed * small cleanups * update postgresql setcredentials test * temp support for mysql+static accounts * Add Static Account support to MySQL * add note that MySQL supports static roles * remove code comment * tidy up tests * Update plugins/database/mysql/mysql_test.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update plugins/database/mysql/mysql.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * update what password we test * refactor CreateUser and SetCredentials to use a common helper * add close statements for statements in loops * remove some redundant checks in the mysql test * use root rotation statements as default for static accounts * missed a file save
2019-07-05 18:52:56 +00:00
}
}
func createTestMySQLUser(t *testing.T, connURL, username, password, query string) {
t.Helper()
db, err := sql.Open("mysql", connURL)
defer db.Close()
if err != nil {
t.Fatal(err)
}
// Start a transaction
ctx := context.Background()
tx, err := db.BeginTx(ctx, nil)
if err != nil {
t.Fatal(err)
}
defer func() {
_ = tx.Rollback()
}()
// copied from mysql.go
for _, query := range strutil.ParseArbitraryStringSlice(query, ";") {
query = strings.TrimSpace(query)
if len(query) == 0 {
continue
}
query = dbutil.QueryHelper(query, map[string]string{
"name": username,
"password": password,
})
stmt, err := tx.PrepareContext(ctx, query)
if err != nil {
if e, ok := err.(*stdmysql.MySQLError); ok && e.Number == 1295 {
_, err = tx.ExecContext(ctx, query)
if err != nil {
t.Fatal(err)
}
stmt.Close()
continue
}
t.Fatal(err)
}
if _, err := stmt.ExecContext(ctx); err != nil {
stmt.Close()
t.Fatal(err)
}
stmt.Close()
}
}
Reference in a new issue Copy permalink