Adds IT tests for different versions of MSSQL servers

This test extends the MSSQL integration tests by adding test for
running the existing test suite against the following MSSQL server
versions:
- 2019-latest
- 2017-CU1-ubuntu
in addition to the `2017-latest` version that is used in the existing
test.

The integration tests for each new server version have been added in their
own subdirectory in the MSSQL test directory. This will allow for
different server versions to be incrementally added/removed over time
without affecting the default testing that uses MSSQL server version
2017-latest.

Each MSSQL server version test subdirectory has its own versions of
docker-compose.yml and secretless.yml that use different values of
host ports for the various services so that they can run concurrently.
Each subdirectory also has versions of the 'start', 'stop', 'test',
'test-local', and 'wait_for_mssql' scripts, but these scripts mostly
delegate to their counterparts in the parent test directory (so that any
changes to scripts in the parent directory will not have to be duplicated
in the subdirectories).

Addresses serverless-broker Issue #1017.

go.sum

@@ -27,6 +27,7 @@ github.com/cyberark/conjur-authn-k8s-client v0.13.0/go.mod h1:JTeGIeRO59J7mMEc5y
 github.com/cyberark/secretless-broker v1.4.1-0.20191211191712-251c5ec034af/go.mod h1:+GueI3WCJL5gDYaYa38ZokAR8ceEyCVet7MkuZyjf80=
 github.com/cyberark/summon v0.7.0/go.mod h1:S7grcxHeUxfL1vRTQUyq9jGK8yG6V/tSlLPQ6tHRO4k=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dominikh/go-tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
@@ -165,8 +166,10 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -206,6 +209,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=

test/connector/tcp/mssql/mssql-2017-CU1/dev

@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+./start -d

test/connector/tcp/mssql/mssql-2017-CU1/docker-compose.yml

@@ -0,0 +1,48 @@
+version: '3.0'
+
+services:
+
+  mssql-2017-CU1:
+    image: mcr.microsoft.com/mssql/server:2017-CU1-ubuntu
+    ports:
+      - 1434:1433
+    environment:
+      # This hardcoded password must match the one in secretless.yml.
+      SA_PASSWORD: "yourStrong()Password"
+      ACCEPT_EULA: Y
+
+  secretless-2017-CU1:
+    image: secretless-broker
+    ports:
+      - 2224:2223
+    volumes:
+      - ./secretless.yml:/secretless.yml
+    depends_on:
+      - mssql-2017-CU1
+
+  secretless-2017-CU1-dev:
+    image: secretless-dev
+    command: ./bin/reflex
+    ports:
+      - 2224:2223
+    volumes:
+      - ../../../../..:/secretless
+      - ./secretless.yml:/secretless.yml
+    depends_on:
+      - mssql-2017-CU1
+
+  test:
+    build:
+      context: ..
+    command: sleep 999d
+    environment:
+      TEST_ROOT: /secretless/test/connector/tcp/mssql
+      DB_PROTOCOL: mssql
+      DB_HOST_TLS: mssql-2017-CU1
+      DB_HOST_NO_TLS: mssql-2017-CU1 # TODO: configure a non-ssl container?
+      DB_PORT: 1433
+      DB_USER: sa
+      DB_PASSWORD: yourStrong()Password
+      SECRETLESS_HOST:
+    volumes:
+      - ../../../../..:/secretless

test/connector/tcp/mssql/mssql-2017-CU1/secretless.yml

@@ -0,0 +1,12 @@
+version: 2
+
+services:
+  mssql:
+    connector: mssql
+    listenOn: tcp://0.0.0.0:2223
+    credentials:
+      username: sa
+      # This hardcoded password must match the one in the docker-compose.
+      password: yourStrong()Password
+      host: mssql-2017-CU1
+      port: 1433

test/connector/tcp/mssql/mssql-2017-CU1/start

@@ -0,0 +1,12 @@
+#!/bin/bash -ex
+
+mssql_host="mssql-2017-CU1"
+secretless_host="secretless-2017-CU1"
+while getopts ":d" opt; do
+    case $opt in
+        d) secretless_host=secretless-2017-CU1-dev;;
+        *) echo "Unknown option -$OPTARG"; exit 1;;
+    esac
+done
+
+../start -m $mssql_host -s $secretless_host

test/connector/tcp/mssql/mssql-2017-CU1/stop

@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+../stop

test/connector/tcp/mssql/mssql-2017-CU1/test

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+# Automatically detect if we're devmode based on the existence
+# of the secretless-dev container.  We assume that you started
+# your workflow using `./dev` if you are developing, and this
+# command will use the secretless-dev container.
+secretless_host="secretless-2017-CU1"
+if [[ ! -z $(docker-compose ps -q secretless-2017-CU1-dev) ]]; then
+  secretless_host=secretless-2017-CU1-dev
+fi
+
+../test -s $secretless_host

test/connector/tcp/mssql/mssql-2017-CU1/test-local

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# this is for local testing
+
+export TEST_ROOT="/secretless/test/connector/tcp/mssql"
+export DB_PROTOCOL="mssql"
+export DB_HOST_TLS="mssql-2017-CU1"
+export DB_HOST_NO_TLS="mssql-2017-CU1"
+export DB_PORT="1434"
+export DB_USER="sa"
+export DB_PASSWORD="yourStrong()Password"
+export SECRETLESS_HOST="127.0.0.1"
+export SECRETLESS_PORT="2224"
+
+cd ..
+go test -v

test/connector/tcp/mssql/mssql-2017-CU1/wait_for_mssql

@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+../wait_for_mssql -m mssql-2017-CU1

test/connector/tcp/mssql/mssql-2019/dev

@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+./start -d

test/connector/tcp/mssql/mssql-2019/docker-compose.yml

@@ -0,0 +1,48 @@
+version: '3.0'
+
+services:
+
+  mssql-2019:
+    image: mcr.microsoft.com/mssql/server:2019-latest
+    ports:
+      - 1435:1433
+    environment:
+      # This hardcoded password must match the one in secretless.yml.
+      SA_PASSWORD: "yourStrong()Password"
+      ACCEPT_EULA: Y
+
+  secretless-2019:
+    image: secretless-broker
+    ports:
+      - 2225:2223
+    volumes:
+      - ./secretless.yml:/secretless.yml
+    depends_on:
+      - mssql-2019
+
+  secretless-2019-dev:
+    image: secretless-dev
+    command: ./bin/reflex
+    ports:
+      - 2225:2223
+    volumes:
+      - ../../../../..:/secretless
+      - ./secretless.yml:/secretless.yml
+    depends_on:
+      - mssql-2019
+
+  test:
+    build:
+      context: ..
+    command: sleep 999d
+    environment:
+      TEST_ROOT: /secretless/test/connector/tcp/mssql
+      DB_PROTOCOL: mssql
+      DB_HOST_TLS: mssql-2019
+      DB_HOST_NO_TLS: mssql-2019 # TODO: configure a non-ssl container?
+      DB_PORT: 1433
+      DB_USER: sa
+      DB_PASSWORD: yourStrong()Password
+      SECRETLESS_HOST:
+    volumes:
+      - ../../../../..:/secretless

test/connector/tcp/mssql/mssql-2019/secretless.yml

@@ -0,0 +1,12 @@
+version: 2
+
+services:
+  mssql:
+    connector: mssql
+    listenOn: tcp://0.0.0.0:2223
+    credentials:
+      username: sa
+      # This hardcoded password must match the one in the docker-compose.
+      password: yourStrong()Password
+      host: mssql-2019
+      port: 1433

test/connector/tcp/mssql/mssql-2019/start

@@ -0,0 +1,12 @@
+#!/bin/bash -ex
+
+mssql_host="mssql-2019"
+secretless_host="secretless-2019"
+while getopts ":d" opt; do
+    case $opt in
+        d) secretless_host=secretless-2019-dev;;
+        *) echo "Unknown option -$OPTARG"; exit 1;;
+    esac
+done
+
+../start -m $mssql_host -s $secretless_host

test/connector/tcp/mssql/mssql-2019/stop

@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+../stop

test/connector/tcp/mssql/mssql-2019/test

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+# Automatically detect if we're devmode based on the existence
+# of the secretless-dev container.  We assume that you started
+# your workflow using `./dev` if you are developing, and this
+# command will use the secretless-dev container.
+secretless_host="secretless-2019"
+if [[ ! -z $(docker-compose ps -q secretless-2019-dev) ]]; then
+  secretless_host=secretless-2019-dev
+fi
+
+../test -s $secretless_host

test/connector/tcp/mssql/mssql-2019/test-local

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# this is for local testing
+
+export TEST_ROOT="/secretless/test/connector/tcp/mssql"
+export DB_PROTOCOL="mssql"
+export DB_HOST_TLS="mssql-2019"
+export DB_HOST_NO_TLS="mssql-2019"
+export DB_PORT="1435"
+export DB_USER="sa"
+export DB_PASSWORD="yourStrong()Password"
+export SECRETLESS_HOST="127.0.0.1"
+export SECRETLESS_PORT="2225"
+
+cd ..
+go test -v

test/connector/tcp/mssql/mssql-2019/wait_for_mssql

@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+../wait_for_mssql -m mssql-2019

test/connector/tcp/mssql/mssql_connector_test.go

@@ -2,6 +2,7 @@ package mssqltest
 
 import (
 	"fmt"
+	"strconv"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -37,17 +38,22 @@ func RunTests(t *testing.T, queryExec dbQueryExecutor) {
 	})
 
 	t.Run("Cannot connect directly to MSSQL", func(t *testing.T) {
+		// Set Host and Port to $DB_HOST_TLS and $DB_PORT environment
+		// variables, respectively.
+		envCfg := testutil.NewDbConfigFromEnv()
 		cfg := defaultSecretlessDbConfig()
-		cfg.Port = 1433
-		cfg.Host = "mssql"
+		cfg.Host = envCfg.HostWithTLS
+		var err error
+		cfg.Port, err = strconv.Atoi(envCfg.Port)
+		assert.NoError(t, err)
 
 		// This is for local testing. Locally, Secretless and and the target service
 		// are exposed on 127.0.0.1 via port mappings
 		if testutil.SecretlessHost == "127.0.0.1" {
 			cfg.Host = "127.0.0.1"
 		}
 
-		_, err := queryExec(
+		_, err = queryExec(
 			cfg,
 			"",
 		)

test/connector/tcp/mssql/mssql_query.go

@@ -8,14 +8,12 @@ import (
 	"os/exec"
 	"text/tabwriter"
 
-	_ "github.com/denisenkom/go-mssqldb"
-
 	"github.com/cyberark/secretless-broker/test/util/testutil"
 )
 
 type dbConfig struct {
-	Host string
-	Port int
+	Host     string
+	Port     int
 	Username string
 	Password string
 	Database string
@@ -26,7 +24,7 @@ type dbQueryExecutor func(cfg dbConfig, query string) (string, error)
 func defaultSecretlessDbConfig() dbConfig {
 	return dbConfig{
 		Host:     testutil.SecretlessHost,
-		Port:     2223,
+		Port:     testutil.SecretlessPort,
 		Username: "dummy",
 		Password: "dummy",
 	}
@@ -50,7 +48,7 @@ func sqlcmdExec(
 
 	out, err := exec.Command(
 		"sqlcmd",
-		args...
+		args...,
 	).Output()
 
 	if err != nil {
@@ -99,7 +97,6 @@ func gomssqlExec(
 	}
 	defer rows.Close()
 
-
 	// Execute the query
 	cols, err := rows.Columns()
 	if err != nil {

test/connector/tcp/mssql/start

@@ -1,21 +1,33 @@
 #!/bin/bash -ex
 
-SECRETLESS_HOST=secretless
-while getopts :d opt; do
+mssql_host=mssql
+while getopts :dm:s: opt; do
     case $opt in
-        d) SECRETLESS_HOST=secretless-dev;;
+        d) dev_mode=true;;
+        m) mssql_host=${OPTARG};;
+        s) secretless_host=${OPTARG};;
        \?) echo "Unknown option -$OPTARG"; exit 1;;
     esac
 done
+# If the secretless host is not explicitly set on the command line,
+# then use one of the default names (either secretless or
+# secretless-dev, depending on whether testing is being done in
+# development mode) for the secretless host.
+if [[ -z $secretless_host ]]; then
+    secretless_host=secretless
+    if [[ "$dev_mode" = true ]]; then
+        secretless_host=secretless-dev
+    fi
+fi
 
 ./stop
 
 docker-compose build
 
 # the order of the services is important. mssql must be up before we start secretless
-docker-compose up -d mssql
+docker-compose up -d $secretless_host
 
-time ./wait_for_mssql
-docker-compose logs mssql
+time ./wait_for_mssql -m $mssql_host
+docker-compose logs $mssql_host
 
-docker-compose up -d $SECRETLESS_HOST
+docker-compose up -d $secretless_host