Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pgwire: make tests work with the test tenant with AcceptSQLWithoutTLS #107310

Open
yuzefovich opened this issue Jul 20, 2023 · 1 comment
Open

pgwire: make tests work with the test tenant with AcceptSQLWithoutTLS #107310

yuzefovich opened this issue Jul 20, 2023 · 1 comment
Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. db-cy-23 T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)

Comments

@yuzefovich
Copy link
Member

yuzefovich commented Jul 20, 2023
edited by knz
Loading

Currently, when running against the test tenant it fails with

--- FAIL: TestAuthenticationAndHBARules (35.55s)
    --- FAIL: TestAuthenticationAndHBARules/insecure=false (18.65s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/conn_log (1.20s)
        --- PASS: TestAuthenticationAndHBARules/insecure=false/current_database (1.07s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/empty_hba (1.17s)
            --- PASS: TestAuthenticationAndHBARules/insecure=false/empty_hba/root (0.01s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/empty_hba/normaluser_cert (0.06s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/hba_alternative_root_rule (1.19s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/hba_default_equivalence (1.05s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/hba_host_selection (1.21s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/hba_host_selection/nomatch (0.01s)
        --- PASS: TestAuthenticationAndHBARules/insecure=false/hba_syntax (1.06s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/hba_user_selection (1.20s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/hba_user_selection/root (0.01s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/identity_map (1.22s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=false/insecure (1.16s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/password_change (2.27s)
            --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/regular_user (0.57s)
                --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/regular_user/bcrypt (0.41s)
                --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/regular_user/scram (0.13s)
                --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/regular_user/no_password (0.03s)
            --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/precomputed_hash (0.35s)
                --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/precomputed_hash/bcrypt (0.24s)
                --- PASS: TestAuthenticationAndHBARules/insecure=false/password_change/precomputed_hash/scram (0.12s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/password_change/root_pw (0.18s)
                --- FAIL: TestAuthenticationAndHBARules/insecure=false/password_change/root_pw/bcrypt (0.17s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/scram (1.22s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/scram/conn_plaintext (0.01s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/secure_non_tls (1.17s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/special_cases (1.22s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/special_cases/root_user_cannot_use_password (0.01s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=false/trust_reject (1.24s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=false/trust_reject/auth_reject (0.02s)
    --- FAIL: TestAuthenticationAndHBARules/insecure=true (16.90s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/conn_log (1.21s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/current_database (1.04s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/empty_hba (1.15s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/hba_alternative_root_rule (1.14s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/hba_default_equivalence (1.17s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/hba_host_selection (1.16s)
        --- PASS: TestAuthenticationAndHBARules/insecure=true/hba_syntax (1.16s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/hba_user_selection (1.18s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/identity_map (1.04s)
        --- FAIL: TestAuthenticationAndHBARules/insecure=true/insecure (1.18s)
            --- PASS: TestAuthenticationAndHBARules/insecure=true/insecure/check_ssl_disabled_error (0.00s)
            --- FAIL: TestAuthenticationAndHBARules/insecure=true/insecure/root_always_enabled (0.00s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/password_change (1.03s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/scram (1.16s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/secure_non_tls (1.10s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/special_cases (1.04s)
        --- SKIP: TestAuthenticationAndHBARules/insecure=true/trust_reject (1.15s)

TestSSLSessionVar also fails.

I think it has to do with AcceptSQLWithoutTLS knob.

Jira issue: CRDB-29983
Epic: CRDB-26687
@yuzefovich yuzefovich added the C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. label Jul 20, 2023
@blathers-crl blathers-crl bot added the T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) label Jul 20, 2023
@yuzefovich yuzefovich changed the title pgwire: make TestAuthenticationAndHBARules work with test tenant pgwire: make tests work with the test tenant with AcceptSQLWithoutTLS Jul 20, 2023
@knz
Copy link
Contributor

knz commented Aug 2, 2023

Some progress is made on this here: #107866

However, the HBA rules appear to be different in secondary tenants. This is worrying.

@souravcrl souravcrl mentioned this issue Sep 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. db-cy-23 T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@knz @rafiss @yuzefovich