Merge pull request #1236 from muzarski/ccm-auth

tests: port AUTH tests to ccm
scylladb · Feb 13, 2025 · ee98512 · ee98512
2 parents a253772 + f37c98e
commit ee98512
Show file tree

Hide file tree

Showing 7 changed files with 144 additions and 153 deletions.
diff --git a/.github/workflows/authenticate_test.yml b/.github/workflows/authenticate_test.yml
diff --git a/scylla/tests/ccm_integration/authenticate.rs b/scylla/tests/ccm_integration/authenticate.rs
@@ -0,0 +1,134 @@
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use bytes::{BufMut, BytesMut};
+use scylla::authentication::{AuthenticatorProvider, AuthenticatorSession};
+use scylla::errors::AuthError;
+use tokio::sync::Mutex;
+
+use crate::ccm::cluster::{Cluster, ClusterOptions};
+use crate::ccm::{run_ccm_test_with_configuration, CLUSTER_VERSION};
+use crate::common::utils::{setup_tracing, unique_keyspace_name, PerformDDL};
+
+fn cluster_1_node() -> ClusterOptions {
+    ClusterOptions {
+        name: "cluster_auth_1_node".to_string(),
+        version: CLUSTER_VERSION.clone(),
+        nodes: vec![1],
+        ..ClusterOptions::default()
+    }
+}
+
+async fn run_ccm_auth_test_cluster_one_node<T, TFut>(test: T)
+where
+    T: FnOnce(Arc<Mutex<Cluster>>) -> TFut,
+    TFut: std::future::Future<Output = ()>,
+{
+    run_ccm_test_with_configuration(
+        cluster_1_node,
+        |cluster| async move {
+            cluster
+                .enable_password_authentication()
+                .await
+                .expect("Failed to enable password authenticator");
+            cluster
+        },
+        test,
+    )
+    .await
+}
+
+#[tokio::test]
+#[cfg_attr(not(ccm_tests), ignore)]
+async fn authenticate_superuser_cluster_one_node() {
+    setup_tracing();
+    async fn test(cluster: Arc<Mutex<Cluster>>) {
+        let cluster = cluster.lock().await;
+
+        tracing::info!(
+            "Connecting to {:?} with cassandra superuser...",
+            cluster.nodes().get_contact_endpoints().await
+        );
+
+        let session = cluster
+            .make_session_builder()
+            .await
+            .user("cassandra", "cassandra")
+            .build()
+            .await
+            .unwrap();
+        let ks = unique_keyspace_name();
+
+        session.ddl(format!("CREATE KEYSPACE IF NOT EXISTS {} WITH REPLICATION = {{'class' : 'NetworkTopologyStrategy', 'replication_factor' : 1}}", ks)).await.unwrap();
+        session.use_keyspace(ks, false).await.unwrap();
+        session.ddl("DROP TABLE IF EXISTS t;").await.unwrap();
+
+        tracing::info!("Ok.");
+    }
+
+    run_ccm_auth_test_cluster_one_node(test).await
+}
+
+struct CustomAuthenticator;
+
+#[async_trait]
+impl AuthenticatorSession for CustomAuthenticator {
+    async fn evaluate_challenge(
+        &mut self,
+        _token: Option<&[u8]>,
+    ) -> Result<Option<Vec<u8>>, AuthError> {
+        Err("Challenges are not expected".to_string())
+    }
+
+    async fn success(&mut self, _token: Option<&[u8]>) -> Result<(), AuthError> {
+        Ok(())
+    }
+}
+
+struct CustomAuthenticatorProvider;
+
+#[async_trait]
+impl AuthenticatorProvider for CustomAuthenticatorProvider {
+    async fn start_authentication_session(
+        &self,
+        _authenticator_name: &str,
+    ) -> Result<(Option<Vec<u8>>, Box<dyn AuthenticatorSession>), AuthError> {
+        let mut response = BytesMut::new();
+        let cred = "\0cassandra\0cassandra";
+
+        response.put_slice(cred.as_bytes());
+
+        Ok((Some(response.to_vec()), Box::new(CustomAuthenticator)))
+    }
+}
+
+#[tokio::test]
+#[cfg_attr(not(ccm_tests), ignore)]
+async fn custom_authentication_cluster_one_node() {
+    setup_tracing();
+    async fn test(cluster: Arc<Mutex<Cluster>>) {
+        let cluster = cluster.lock().await;
+
+        tracing::info!(
+            "Connecting to {:?} with custom authenticator as cassandra superuser...",
+            cluster.nodes().get_contact_endpoints().await
+        );
+
+        let session = cluster
+            .make_session_builder()
+            .await
+            .authenticator_provider(Arc::new(CustomAuthenticatorProvider))
+            .build()
+            .await
+            .unwrap();
+        let ks = unique_keyspace_name();
+
+        session.ddl(format!("CREATE KEYSPACE IF NOT EXISTS {} WITH REPLICATION = {{'class' : 'NetworkTopologyStrategy', 'replication_factor' : 1}}", ks)).await.unwrap();
+        session.use_keyspace(ks, false).await.unwrap();
+        session.ddl("DROP TABLE IF EXISTS t;").await.unwrap();
+
+        tracing::info!("Ok.");
+    }
+
+    run_ccm_auth_test_cluster_one_node(test).await
+}
diff --git a/scylla/tests/ccm_integration/ccm/cluster.rs b/scylla/tests/ccm_integration/ccm/cluster.rs
@@ -705,6 +705,15 @@ impl Cluster {
         self.updateconf(args).await
     }
 
+    /// Enables the `PasswordAuthenticator` for the cluster.
+    // Consider making it accept an enum in the future. Supported authenticators:
+    // https://github.com/scylladb/scylladb/blob/529ff3efa57553eef6b0239b03b81581b70fb9ed/db/config.cc#L1045-L1051.
+    pub(crate) async fn enable_password_authentication(&self) -> Result<(), Error> {
+        let args = [("authenticator", "PasswordAuthenticator")];
+
+        self.updateconf(args).await
+    }
+
     fn get_ccm_env(&self) -> HashMap<String, String> {
         let mut env: HashMap<String, String> = HashMap::new();
         env.insert(

diff --git a/scylla/tests/ccm_integration/main.rs b/scylla/tests/ccm_integration/main.rs
@@ -1,6 +1,7 @@
 #[path = "../common/mod.rs"]
 mod common;
 
+mod authenticate;
 pub(crate) mod ccm;
 mod test_example;
 #[cfg(feature = "ssl")]

diff --git a/scylla/tests/integration/authenticate.rs b/scylla/tests/integration/authenticate.rs
diff --git a/scylla/tests/integration/main.rs b/scylla/tests/integration/main.rs
@@ -1,4 +1,3 @@
-mod authenticate;
 mod batch;
 mod consistency;
 mod cql_collections;

diff --git a/test/cluster/docker-compose-passauth.yml b/test/cluster/docker-compose-passauth.yml