From f0d56f1665488517d66c6cb1dff0cd9fb2cedd46 Mon Sep 17 00:00:00 2001 From: Taras Shpachenko Date: Tue, 23 May 2023 17:04:53 +0200 Subject: [PATCH] Implement initial logic. --- .github/workflows/ci.yml | 11 +- .rubocop.yml | 16 ++ .ruby-version | 2 +- CHANGELOG.md | 6 + Gemfile | 4 +- Gemfile.lock | 20 ++- README.md | 114 +++++++++++++-- bin/rake | 28 ++++ lib/mysql2-aws_rds_iam.rb | 3 + lib/mysql2/aws_rds_iam.rb | 22 +++ lib/mysql2/aws_rds_iam/auth_token/factory.rb | 19 +++ .../aws_rds_iam/auth_token/generator.rb | 28 ++++ lib/mysql2/aws_rds_iam/auth_token/registry.rb | 19 +++ lib/mysql2/aws_rds_iam/client_extension.rb | 32 ++++ lib/mysql2/aws_rds_iam/errors.rb | 33 +++++ test/mysql2/auth_token/test_factory.rb | 63 ++++++++ test/mysql2/auth_token/test_generator.rb | 36 +++++ test/mysql2/auth_token/test_registry.rb | 37 +++++ .../aws_rds_iam/test_client_extension.rb | 137 ++++++++++++++++++ test/mysql2/aws_rds_iam/test_errors.rb | 83 +++++++++++ test/mysql2/test_aws_rds_iam.rb | 38 ++++- test/mysql2/test_mysql2_client.rb | 102 +++++++++++++ test/test_helper.rb | 23 ++- 23 files changed, 846 insertions(+), 30 deletions(-) create mode 100755 bin/rake create mode 100644 lib/mysql2-aws_rds_iam.rb create mode 100644 lib/mysql2/aws_rds_iam/auth_token/factory.rb create mode 100644 lib/mysql2/aws_rds_iam/auth_token/generator.rb create mode 100644 lib/mysql2/aws_rds_iam/auth_token/registry.rb create mode 100644 lib/mysql2/aws_rds_iam/client_extension.rb create mode 100644 lib/mysql2/aws_rds_iam/errors.rb create mode 100644 test/mysql2/auth_token/test_factory.rb create mode 100644 test/mysql2/auth_token/test_generator.rb create mode 100644 test/mysql2/auth_token/test_registry.rb create mode 100644 test/mysql2/aws_rds_iam/test_client_extension.rb create mode 100644 test/mysql2/aws_rds_iam/test_errors.rb create mode 100644 test/mysql2/test_mysql2_client.rb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cad646a..a2c40fa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,10 @@ name: CI -on: pull_request +on: + push: + branches: + - main + pull_request: jobs: lint: @@ -21,8 +25,9 @@ jobs: strategy: matrix: ruby: - - '3.0.0' - - '3.1.0' + - '3.1.4' + - '3.2.2' + - '3.3.0' steps: - uses: actions/checkout@v3 - name: Set up Ruby diff --git a/.rubocop.yml b/.rubocop.yml index 62767ee..6d8bd87 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -11,3 +11,19 @@ Layout/LineLength: Style/Documentation: Enabled: false + +Naming/FileName: + Exclude: + - lib/mysql2-aws_rds_iam.rb + +Metrics/MethodLength: + Max: 15 + Exclude: + - test/**/**.rb + +Metrics/AbcSize: + Max: 20 + +Metrics/ClassLength: + Exclude: + - test/**/**.rb diff --git a/.ruby-version b/.ruby-version index fd2a018..15a2799 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.1.0 +3.3.0 diff --git a/CHANGELOG.md b/CHANGELOG.md index 736e93b..6fb53be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,3 +7,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## Unreleased No notable changes. + +## [0.1.0] - 2024-01-14 + +### Added +* `Mysql2::AwsRdsIam` is an extension of [mysql2](https://github.com/brianmario/mysql2) gem that adds support of [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) when connecting to MySQL in Amazon RDS. +* ActiveRecord support. ([#3](https://github.com/haines/pg-aws_rds_iam/pull/3)) diff --git a/Gemfile b/Gemfile index ba4013a..024e2ae 100644 --- a/Gemfile +++ b/Gemfile @@ -8,11 +8,13 @@ gem 'bundler' gem 'commonmarker' gem 'minitest' gem 'minitest-reporters' +gem 'mocha' gem 'pry' +gem 'racc' gem 'rake' gem 'rubocop' gem 'rubocop-minitest' gem 'rubocop-rake' -gem 'timecop' +gem 'simplecov' gem 'webrick' gem 'yard' diff --git a/Gemfile.lock b/Gemfile.lock index 2d22108..65622fd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,6 +26,7 @@ GEM builder (3.2.4) coderay (1.1.3) commonmarker (0.23.9) + docile (1.4.0) jmespath (1.6.2) json (2.6.3) method_source (1.0.0) @@ -35,6 +36,8 @@ GEM builder minitest (>= 5.0) ruby-progressbar + mocha (2.0.2) + ruby2_keywords (>= 0.0.5) mysql2 (0.5.5) parallel (1.23.0) parser (3.2.2.1) @@ -42,11 +45,12 @@ GEM pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) + racc (1.7.3) rainbow (3.1.1) rake (13.0.6) regexp_parser (2.8.0) rexml (3.2.5) - rubocop (1.51.0) + rubocop (1.52.0) json (~> 2.3) parallel (~> 1.10) parser (>= 3.2.0.0) @@ -63,7 +67,13 @@ GEM rubocop-rake (0.6.0) rubocop (~> 1.0) ruby-progressbar (1.13.0) - timecop (0.9.6) + ruby2_keywords (0.0.5) + simplecov (0.22.0) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.12.3) + simplecov_json_formatter (0.1.4) unicode-display_width (2.4.2) webrick (1.8.1) yard (0.9.34) @@ -78,15 +88,17 @@ DEPENDENCIES commonmarker minitest minitest-reporters + mocha mysql2-aws_rds_iam! pry + racc rake rubocop rubocop-minitest rubocop-rake - timecop + simplecov webrick yard BUNDLED WITH - 2.4.13 + 2.5.3 diff --git a/README.md b/README.md index b278e46..a99c331 100644 --- a/README.md +++ b/README.md @@ -1,39 +1,127 @@ # Mysql2::AwsRdsIam -TODO: Delete this and the text below, and describe your gem +[![Gem](https://img.shields.io/gem/v/mysql2-aws_rds_iam)](https://rubygems.org/gems/mysql2-aws_rds_iam) +  +![CI](https://img.shields.io/github/actions/workflow/status/floor114/mysql2-aws_rds_iam/ci.yml) -Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/mysql2/aws_rds_iam`. To experiment with that code, run `bin/console` for an interactive prompt. +`Mysql2::AwsRdsIam` is an extension of [mysql2](https://github.com/brianmario/mysql2) gem that adds support of [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) when connecting to MySQL in Amazon RDS. + +This gem is a powerful tool that enables seamless connection to MySQL databases using the [mysql2](https://github.com/brianmario/mysql2) gem. It leverages the dynamic password generation feature of AWS RDS [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) for enhanced security and easy password management. -## Installation -TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org. +## Installation -Install the gem and add to the application's Gemfile by executing: +Install manually: - $ bundle add UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG +```console +$ gem install mysql2-aws_rds_iam +``` -If bundler is not being used to manage dependencies, install the gem by executing: +or with Bundler: - $ gem install UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG +```console +$ bundle add mysql2-aws_rds_iam +``` ## Usage -TODO: Write usage instructions here +To leverage [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) for your database connections, follow these steps: + +1. Enable [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) for your database through AWS +2. Add IAM credentials to your application. +3. Set up your application to generate authentication tokens. + + +### Application configurations + +The default algorithm is `Mysql2::AwsRdsIam`'s [default authentication token generator](https://github.com/floor114/mysql2-aws_rds_iam/blob/main/lib/mysql2/aws_rds_iam/auth_token/generator.rb). Credentials and region are extracted using [aws-sdk-rds](https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-rds) configurations. + + +#### Apply msql2 patch +To connect to your MySQL database, you need to create initializer file that applies the patch: + + ```ruby + # config/initializers/tcc_rds_iam_auth.rb + + Tcc::RdsIamAuth.apply_patch + + ``` + +#### Configure `database.yml` +New rds_iam_auth_host parameter must be added to the database.yml file: + + ```yaml + production: + # ... + aws_rds_iam_auth: true + ``` + +#### Custom token generator +If the default generator doesn't meet your needs, you can create a custom one + + ```ruby + # config/initializers/tcc_rds_iam_auth.rb + + Mysql2::AwsRdsIam.auth_token_registry.add(:custom, ->(host, port, username) { 'your custom logic' }) + + ``` + +and specify it in `database.yml` + + ```yaml + production: + # ... + aws_rds_iam_auth: true + aws_rds_iam_auth_token_generator: custom + ``` + +`Mysql2::AwsRdsIam.auth_token_registry` accepts two parameters: +1. Generator name. The same name should be specified in `database.yml` +2. Object that responds to `call` method and accepts 3 arguments (`host, port, username`) specified in `database.yml`. + +##### Possible generator types +* Lambda + ```ruby + Mysql2::AwsRdsIam.auth_token_registry.add(:custom, ->(host, port, username) { 'your custom logic' }) + + ``` +* Generator instance + ```ruby + class CustomGenerator + def call(host, port, username) + GenerateMyCode + end + end + + Mysql2::AwsRdsIam.auth_token_registry.add(:custom, CustomGenerator.new) + + ``` +* Generator class + ```ruby + class CustomGenerator + def self.call(host, port, username) + GenerateMyCode + end + end + + Mysql2::AwsRdsIam.auth_token_registry.add(:custom, CustomGenerator) + + ``` ## Development -After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. +After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake` to run the tests and linter. You can also run `bin/console` for an interactive prompt that will allow you to experiment. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing -Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/mysql2-aws_rds_iam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/mysql2-aws_rds_iam/blob/main/CODE_OF_CONDUCT.md). +Bug reports and pull requests are welcome on GitHub at https://github.com/floor114/mysql2-aws_rds_iam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/mysql2-aws_rds_iam/blob/main/CODE_OF_CONDUCT.md). ## License The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). -## Code of Conduct +## Special Thanks -Everyone interacting in the Mysql2::AwsRdsIam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/mysql2-aws_rds_iam/blob/main/CODE_OF_CONDUCT.md). +Inspired by [Andrew Haines'](https://github.com/haines) PG version [pg-aws_rds_iam](https://github.com/haines/pg-aws_rds_iam) diff --git a/bin/rake b/bin/rake new file mode 100755 index 0000000..ba3cd74 --- /dev/null +++ b/bin/rake @@ -0,0 +1,28 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rake' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require 'pathname' +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', Pathname.new(__FILE__).realpath) + +bundle_binstub = File.expand_path('bundle', __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require 'rubygems' +require 'bundler/setup' + +load Gem.bin_path('rake', 'rake') diff --git a/lib/mysql2-aws_rds_iam.rb b/lib/mysql2-aws_rds_iam.rb new file mode 100644 index 0000000..86193c6 --- /dev/null +++ b/lib/mysql2-aws_rds_iam.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +require 'mysql2/aws_rds_iam' diff --git a/lib/mysql2/aws_rds_iam.rb b/lib/mysql2/aws_rds_iam.rb index daa22a8..a80ef74 100644 --- a/lib/mysql2/aws_rds_iam.rb +++ b/lib/mysql2/aws_rds_iam.rb @@ -1,5 +1,6 @@ # frozen_string_literal: true +require 'aws-sdk-rds' require 'mysql2' require 'zeitwerk' @@ -8,5 +9,26 @@ module Mysql2 module AwsRdsIam + def self.auth_token_registry + @auth_token_registry ||= AuthToken::Registry.new + end + + def self.apply_patch + const = begin + Object.const_get('Mysql2::Client') + rescue StandardError + raise Errors::Mysql2ClientNotFoundError + end + + begin + const.instance_method(:initialize) + rescue StandardError + raise Errors::Mysql2ClientNotFoundError + end + + const.prepend(ClientExtension) + end end + + AwsRdsIam.apply_patch end diff --git a/lib/mysql2/aws_rds_iam/auth_token/factory.rb b/lib/mysql2/aws_rds_iam/auth_token/factory.rb new file mode 100644 index 0000000..56eb4ba --- /dev/null +++ b/lib/mysql2/aws_rds_iam/auth_token/factory.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module Mysql2 + module AwsRdsIam + module AuthToken + class Factory + DEFAULT_GENERATOR = :default + + def self.call(generator, host, port, username) + AwsRdsIam.auth_token_registry.fetch(generator&.to_sym || DEFAULT_GENERATOR).call( + host: host, + port: port, + username: username + ) + end + end + end + end +end diff --git a/lib/mysql2/aws_rds_iam/auth_token/generator.rb b/lib/mysql2/aws_rds_iam/auth_token/generator.rb new file mode 100644 index 0000000..87685f0 --- /dev/null +++ b/lib/mysql2/aws_rds_iam/auth_token/generator.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module Mysql2 + module AwsRdsIam + module AuthToken + class Generator + def initialize + aws_config = Aws::RDS::Client.new.config + + @generator = Aws::RDS::AuthTokenGenerator.new(credentials: aws_config.credentials) + @region = aws_config.region + end + + def call(host:, port:, username:) + generator.auth_token( + region: region, + endpoint: "#{host}:#{port}", + user_name: username.to_s + ) + end + + private + + attr_reader :generator, :region + end + end + end +end diff --git a/lib/mysql2/aws_rds_iam/auth_token/registry.rb b/lib/mysql2/aws_rds_iam/auth_token/registry.rb new file mode 100644 index 0000000..b79d4ff --- /dev/null +++ b/lib/mysql2/aws_rds_iam/auth_token/registry.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module Mysql2 + module AwsRdsIam + module AuthToken + class Registry < Hash + def initialize + add(:default, Generator.new) + + super + end + + def add(name, generator) + self[name] = generator + end + end + end + end +end diff --git a/lib/mysql2/aws_rds_iam/client_extension.rb b/lib/mysql2/aws_rds_iam/client_extension.rb new file mode 100644 index 0000000..8e812e7 --- /dev/null +++ b/lib/mysql2/aws_rds_iam/client_extension.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +module Mysql2 + module AwsRdsIam + module ClientExtension + def initialize(opts = {}) + opts = opts.dup + aws_rds_iam_auth = opts.delete(:aws_rds_iam_auth) + + if aws_rds_iam_auth + raise Errors::ReconnectConfigEnabledError if opts[:reconnect] + + username = opts[:username] + host = opts[:host] + port = opts[:port] + + raise Errors::UsernameNotFoundError if username.nil? + raise Errors::HostNotFoundError if host.nil? + + opts.delete(:password) + + aws_rds_iam_auth_token_generator = opts.delete(:aws_rds_iam_auth_token_generator) + + opts[:password] = AuthToken::Factory.call(aws_rds_iam_auth_token_generator, host, port, username) + opts[:enable_cleartext_plugin] = true + end + + super(opts) + end + end + end +end diff --git a/lib/mysql2/aws_rds_iam/errors.rb b/lib/mysql2/aws_rds_iam/errors.rb new file mode 100644 index 0000000..b479d73 --- /dev/null +++ b/lib/mysql2/aws_rds_iam/errors.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +module Mysql2 + module AwsRdsIam + module Errors + class Error < StandardError; end + + class Mysql2ClientNotFoundError < Error + def initialize + super('Could not find class or method when patching Mysql2::Client. Please investigate.') + end + end + + class ReconnectConfigEnabledError < Error + def initialize + super('reconnect config must be false if using AWS RDS IAM authentication.') + end + end + + class UsernameNotFoundError < Error + def initialize + super('username must be present.') + end + end + + class HostNotFoundError < Error + def initialize + super('host must be present.') + end + end + end + end +end diff --git a/test/mysql2/auth_token/test_factory.rb b/test/mysql2/auth_token/test_factory.rb new file mode 100644 index 0000000..33ce0b8 --- /dev/null +++ b/test/mysql2/auth_token/test_factory.rb @@ -0,0 +1,63 @@ +# frozen_string_literal: true + +require 'test_helper' + +module Mysql2 + module AwsRdsIam + module AuthToken + class TestFactory < Minitest::Test + def setup + @default_generator = ->(host:, port:, username:) { "default(#{username}@#{host}:#{port})" } + @custom_generator = ->(host:, port:, username:) { "custom(#{username}@#{host}:#{port})" } + + Mysql2::AwsRdsIam.expects(:auth_token_registry).once.returns( + { + default: @default_generator, + custom: @custom_generator + } + ) + end + + def test_that_default_generator_is_called_when_nothing_passed + @default_generator.expects(:call).with( + host: 'host', + port: 'port', + username: 'username' + ) + + Mysql2::AwsRdsIam::AuthToken::Factory.call(nil, 'host', 'port', 'username') + end + + def test_that_default_generator_is_called_when_string_is_passed + @default_generator.expects(:call).with( + host: 'host', + port: 'port', + username: 'username' + ) + + Mysql2::AwsRdsIam::AuthToken::Factory.call('default', 'host', 'port', 'username') + end + + def test_that_custom_generator_is_called_when_it_is_passed + @custom_generator.expects(:call).with( + host: 'host', + port: 'port', + username: 'username' + ) + + Mysql2::AwsRdsIam::AuthToken::Factory.call(:custom, 'host', 'port', 'username') + end + + def test_that_custom_generator_is_called_when_it_is_passed_as_string + @custom_generator.expects(:call).with( + host: 'host', + port: 'port', + username: 'username' + ) + + Mysql2::AwsRdsIam::AuthToken::Factory.call('custom', 'host', 'port', 'username') + end + end + end + end +end diff --git a/test/mysql2/auth_token/test_generator.rb b/test/mysql2/auth_token/test_generator.rb new file mode 100644 index 0000000..e8a0a50 --- /dev/null +++ b/test/mysql2/auth_token/test_generator.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'test_helper' + +module Mysql2 + module AwsRdsIam + module AuthToken + class TestGenerator < Minitest::Test + def setup + @aws_rds_client_config = stub(credentials: { at: :at, st: :st }, region: 'region') + @aws_rds_client = stub(config: @aws_rds_client_config) + end + + def test_that_it_calls_aws_libraries_and_generates_token + aws_generator = mock('generator') + aws_generator.expects(:auth_token).with(region: 'region', endpoint: 'host:port', user_name: 'username') + + Aws::RDS::Client.expects(:new).once.returns(@aws_rds_client) + Aws::RDS::AuthTokenGenerator.expects(:new).with(credentials: { at: :at, st: :st }).once.returns(aws_generator) + + Mysql2::AwsRdsIam::AuthToken::Generator.new.call(host: 'host', port: 'port', username: 'username') + end + + def test_that_when_username_passed_as_symbol + aws_generator = mock('generator') + aws_generator.expects(:auth_token).with(region: 'region', endpoint: 'host:port', user_name: 'username') + + Aws::RDS::Client.expects(:new).once.returns(@aws_rds_client) + Aws::RDS::AuthTokenGenerator.expects(:new).with(credentials: { at: :at, st: :st }).once.returns(aws_generator) + + Mysql2::AwsRdsIam::AuthToken::Generator.new.call(host: 'host', port: 'port', username: :username) + end + end + end + end +end diff --git a/test/mysql2/auth_token/test_registry.rb b/test/mysql2/auth_token/test_registry.rb new file mode 100644 index 0000000..7f9dfb2 --- /dev/null +++ b/test/mysql2/auth_token/test_registry.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +require 'test_helper' + +module Mysql2 + module AwsRdsIam + module AuthToken + class TestRegistry < Minitest::Test + def setup + @default_generator = ->(host:, port:, username:) { "default(#{username}@#{host}:#{port})" } + + Mysql2::AwsRdsIam::AuthToken::Generator.expects(:new).once.returns(@default_generator) + + @registry = Mysql2::AwsRdsIam::AuthToken::Registry.new + end + + def test_that_it_initializes_with_default_generator + assert_equal @default_generator, @registry[:default] + end + + def test_that_it_adds_custom_generator + custom_generator = ->(host:, port:, username:) { "custom(#{username}@#{host}:#{port})" } + + @registry.add(:custom, custom_generator) + + assert_equal custom_generator, @registry[:custom] + end + + def test_that_it_removes_generator + @registry.delete(:default) + + assert_nil @registry[:default] + end + end + end + end +end diff --git a/test/mysql2/aws_rds_iam/test_client_extension.rb b/test/mysql2/aws_rds_iam/test_client_extension.rb new file mode 100644 index 0000000..cc1873a --- /dev/null +++ b/test/mysql2/aws_rds_iam/test_client_extension.rb @@ -0,0 +1,137 @@ +# frozen_string_literal: true + +require 'test_helper' + +module Mysql2 + module AwsRdsIam + class TestClientExtension < Minitest::Test + def setup + @client_class = Class.new do + prepend Mysql2::AwsRdsIam::ClientExtension + + def initialize(opts = {}) + connect(opts) + end + + def connect(_opts); end + end + end + + def test_when_config_aws_rds_iam_auth_is_not_set + @client_class.any_instance.expects(:connect).with( + { + host: 'host', + port: 'port', + username: 'username', + password: 'password', + database: 'database' + } + ) + AuthToken::Factory.expects(:call).never + + @client_class.new(host: 'host', port: 'port', username: 'username', password: 'password', database: 'database') + end + + def test_when_config_aws_rds_iam_auth_is_set_to_true + AuthToken::Factory.expects(:call).once.with(nil, 'host', 'port', 'username').returns('generator_password') + @client_class.any_instance.expects(:connect).with( + { + host: 'host', + port: 'port', + username: 'username', + database: 'database', + password: 'generator_password', + enable_cleartext_plugin: true + } + ) + + @client_class.new(host: 'host', port: 'port', username: 'username', database: 'database', + aws_rds_iam_auth: true) + end + + def test_when_config_aws_rds_iam_auth_and_reconnect_are_set_to_true + AuthToken::Factory.expects(:call).never + @client_class.any_instance.expects(:connect).never + + assert_raises( + Mysql2::AwsRdsIam::Errors::ReconnectConfigEnabledError, + 'reconnect config must be false if using AWS RDS IAM authentication.' + ) do + @client_class.new( + host: 'host', + port: 'port', + username: 'username', + database: 'database', + aws_rds_iam_auth: true, + reconnect: true + ) + end + end + + def test_when_username_is_not_set + AuthToken::Factory.expects(:call).never + @client_class.any_instance.expects(:connect).never + + assert_raises(Mysql2::AwsRdsIam::Errors::UsernameNotFoundError, 'username must be present.') do + @client_class.new(host: 'host', port: 'port', database: 'database', aws_rds_iam_auth: true) + end + end + + def test_when_host_is_not_set + AuthToken::Factory.expects(:call).never + @client_class.any_instance.expects(:connect).never + + assert_raises(Mysql2::AwsRdsIam::Errors::HostNotFoundError, 'host must be present.') do + @client_class.new(port: 'port', username: 'username', database: 'database', aws_rds_iam_auth: true) + end + end + + def test_that_it_removes_provided_password_and_connects_with_the_generated_one + AuthToken::Factory.expects(:call).once.with(nil, 'host', 'port', 'username').returns('generator_password') + @client_class.any_instance.expects(:connect).with( + { + host: 'host', + port: 'port', + username: 'username', + database: 'database', + password: 'generator_password', + enable_cleartext_plugin: true + } + ) + + @client_class.new( + host: 'host', + port: 'port', + username: 'username', + password: 'password', + database: 'database', + aws_rds_iam_auth: true + ) + end + + def test_that_it_removes_provided_password_and_connects_with_the_generated_one_using_custom_token_generator + AuthToken::Factory.expects(:call).once.with(:custom, 'host', 'port', 'username').returns('generator_password') + @client_class.any_instance.expects(:connect).with( + { + host: 'host', + port: 'port', + username: 'username', + database: 'database', + password: 'generator_password', + enable_cleartext_plugin: true + } + ) + + @client_class.new( + host: 'host', + port: 'port', + username: 'username', + password: 'password', + database: 'database', + aws_rds_iam_auth: true, + aws_rds_iam_auth_token_generator: :custom + ) + end + end + end +end diff --git a/test/mysql2/aws_rds_iam/test_errors.rb b/test/mysql2/aws_rds_iam/test_errors.rb new file mode 100644 index 0000000..fc3b095 --- /dev/null +++ b/test/mysql2/aws_rds_iam/test_errors.rb @@ -0,0 +1,83 @@ +# frozen_string_literal: true + +require 'test_helper' + +module Mysql2 + module AwsRdsIam + module Errors + class TestError < Minitest::Test + def setup + @error = Mysql2::AwsRdsIam::Errors::Error.new + end + + def test_that_it_has_correct_inheritance + assert_equal StandardError, @error.class.superclass + end + + def test_that_it_has_correct_error_message + assert_equal 'Mysql2::AwsRdsIam::Errors::Error', @error.message + end + end + + class TestMysql2ClientNotFoundError < Minitest::Test + def setup + @error = Mysql2::AwsRdsIam::Errors::Mysql2ClientNotFoundError.new + end + + def test_that_it_has_correct_inheritance + assert_equal Mysql2::AwsRdsIam::Errors::Error, @error.class.superclass + end + + def test_that_it_has_correct_error_message + assert_equal 'Could not find class or method when patching Mysql2::Client. Please investigate.', + @error.message + end + end + + class TestReconnectConfigEnabledError < Minitest::Test + def setup + @error = Mysql2::AwsRdsIam::Errors::ReconnectConfigEnabledError.new + end + + def test_that_it_has_correct_inheritance + assert_equal Mysql2::AwsRdsIam::Errors::Error, @error.class.superclass + end + + def test_that_it_has_correct_error_message + assert_equal 'reconnect config must be false if using AWS RDS IAM authentication.', + @error.message + end + end + + class TestUsernameNotFoundError < Minitest::Test + def setup + @error = Mysql2::AwsRdsIam::Errors::UsernameNotFoundError.new + end + + def test_that_it_has_correct_inheritance + assert_equal Mysql2::AwsRdsIam::Errors::Error, @error.class.superclass + end + + def test_that_it_has_correct_error_message + assert_equal 'username must be present.', + @error.message + end + end + + class TestHostNotFoundError < Minitest::Test + def setup + @error = Mysql2::AwsRdsIam::Errors::HostNotFoundError.new + end + + def test_that_it_has_correct_inheritance + assert_equal Mysql2::AwsRdsIam::Errors::Error, @error.class.superclass + end + + def test_that_it_has_correct_error_message + assert_equal 'host must be present.', + @error.message + end + end + end + end +end diff --git a/test/mysql2/test_aws_rds_iam.rb b/test/mysql2/test_aws_rds_iam.rb index ddac522..c1e8862 100644 --- a/test/mysql2/test_aws_rds_iam.rb +++ b/test/mysql2/test_aws_rds_iam.rb @@ -4,12 +4,42 @@ module Mysql2 class TestAwsRdsIam < Minitest::Test - def test_that_it_has_a_version_number - refute_nil ::Mysql2::AwsRdsIam::VERSION + def teardown + Mysql2::AwsRdsIam.instance_variable_set(:@auth_token_registry, nil) end - def test_it_does_something_useful - assert 'false' # rubocop:disable Minitest/UselessAssertion + def test_that_it_has_an_auth_token_registry + Mysql2::AwsRdsIam::AuthToken::Registry.expects(:new).returns('test') + + assert_equal 'test', Mysql2::AwsRdsIam.auth_token_registry + end + + def test_that_it_raises_error_when_there_is_no_mysql2 + Object.stub :const_get, -> { raise ArgumentError } do + assert_raises( + Mysql2::AwsRdsIam::Errors::Mysql2ClientNotFoundError, + 'Could not find class or method when patching Mysql2::Client. Please investigate.' + ) do + Mysql2::AwsRdsIam.apply_patch + end + end + end + + def test_that_it_raises_error_when_there_is_no_method + Mysql2::Client.stub :instance_method, -> { raise ArgumentError } do + assert_raises( + Mysql2::AwsRdsIam::Errors::Mysql2ClientNotFoundError, + 'Could not find class or method when patching Mysql2::Client. Please investigate.' + ) do + Mysql2::AwsRdsIam.apply_patch + end + end + end + + def test_that_mysql2_client_receives_prepend + Mysql2::Client.expects(:prepend).with(Mysql2::AwsRdsIam::ClientExtension) + + Mysql2::AwsRdsIam.apply_patch end end end diff --git a/test/mysql2/test_mysql2_client.rb b/test/mysql2/test_mysql2_client.rb new file mode 100644 index 0000000..b945e00 --- /dev/null +++ b/test/mysql2/test_mysql2_client.rb @@ -0,0 +1,102 @@ +# frozen_string_literal: true + +require 'test_helper' + +module Mysql2 + class TestMysql2Client < Minitest::Test + def setup + Mysql2::AwsRdsIam::AuthToken::Generator.expects(:new).once.returns( + ->(host:, port:, username:) { "default(#{username}@#{host}:#{port})" } + ) + Mysql2::AwsRdsIam.auth_token_registry.add( + :custom, + ->(host:, port:, username:) { "custom(#{username}@#{host}:#{port})" } + ) + end + + def teardown + Mysql2::AwsRdsIam.instance_variable_set(:@auth_token_registry, nil) + end + + def test_when_config_aws_rds_iam_auth_is_not_set + Mysql2::Client.any_instance.expects(:connect).with( + 'username', 'password', 'host', 0, 'database', nil, anything, anything + ) + + Mysql2::Client.new(host: 'host', port: 'port', username: 'username', password: 'password', database: 'database') + end + + def test_when_config_aws_rds_iam_auth_is_set_to_true + Mysql2::Client.any_instance.expects(:connect).with( + 'username', 'default(username@host:port)', 'host', 0, 'database', nil, anything, anything + ) + + Mysql2::Client.new(host: 'host', port: 'port', username: 'username', database: 'database', aws_rds_iam_auth: true) + end + + def test_when_config_aws_rds_iam_auth_and_reconnect_are_set_to_true + Mysql2::Client.any_instance.expects(:connect).never + + assert_raises( + Mysql2::AwsRdsIam::Errors::ReconnectConfigEnabledError, + 'reconnect config must be false if using AWS RDS IAM authentication.' + ) do + Mysql2::Client.new( + host: 'host', + port: 'port', + username: 'username', + database: 'database', + aws_rds_iam_auth: true, + reconnect: true + ) + end + end + + def test_when_username_is_not_set + Mysql2::Client.any_instance.expects(:connect).never + + assert_raises(Mysql2::AwsRdsIam::Errors::UsernameNotFoundError, 'username must be present.') do + Mysql2::Client.new(host: 'host', port: 'port', database: 'database', aws_rds_iam_auth: true) + end + end + + def test_when_host_is_not_set + Mysql2::Client.any_instance.expects(:connect).never + + assert_raises(Mysql2::AwsRdsIam::Errors::HostNotFoundError, 'host must be present.') do + Mysql2::Client.new(port: 'port', username: 'username', database: 'database', aws_rds_iam_auth: true) + end + end + + def test_that_it_removes_provided_password_and_connects_with_the_generated_one + Mysql2::Client.any_instance.expects(:connect).with( + 'username', 'default(username@host:port)', 'host', 0, 'database', nil, anything, anything + ) + + Mysql2::Client.new( + host: 'host', + port: 'port', + username: 'username', + password: 'password', + database: 'database', + aws_rds_iam_auth: true + ) + end + + def test_that_it_removes_provided_password_and_connects_with_the_generated_one_using_custom_token_generator + Mysql2::Client.any_instance.expects(:connect).with( + 'username', 'custom(username@host:port)', 'host', 0, 'database', nil, anything, anything + ) + + Mysql2::Client.new( + host: 'host', + port: 'port', + username: 'username', + password: 'password', + database: 'database', + aws_rds_iam_auth: true, + aws_rds_iam_auth_token_generator: :custom + ) + end + end +end diff --git a/test/test_helper.rb b/test/test_helper.rb index 3ff1983..196f83a 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,12 +1,27 @@ # frozen_string_literal: true +require 'pry' + $LOAD_PATH.unshift File.expand_path('../lib', __dir__) -require 'mysql2/aws_rds_iam' + +require 'simplecov' +SimpleCov.start do + load_profile 'test_frameworks' + + enable_coverage :branch + + add_filter 'lib/mysql2-aws_rds_iam.rb' + add_filter 'lib/mysql2/aws_rds_iam/version.rb' + + track_files '**/*.rb' + + minimum_coverage line: 100, branch: 100 +end + +require 'mysql2-aws_rds_iam' require 'minitest/reporters' Minitest::Reporters.use!(Minitest::Reporters::SpecReporter.new) -require 'timecop' -Timecop.safe_mode = true - require 'minitest/autorun' +require 'mocha/minitest'