chore: add docker-compose for launching test database

pgjdbc · Feb 13, 2020 · ccf7eef · ccf7eef
1 parent 89c8ecf
commit ccf7eef
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 17 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -41,21 +41,15 @@ jobs:
       with:
         fetch-depth: 50
     - name: Start PostgreSQL
-      uses: docker://docker
-      with:
-        args: >-
-          docker run -d --rm --name pgdb -p 5432:5432
-          --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-          -v ${{ github.workspace }}/.github/workflows/init-user-db.sh:/docker-entrypoint-initdb.d/init-user-db.sh
-          -v ${{ github.workspace }}/.travis/travis_ssl_users.sh:/home/scripts/travis_ssl_users.sh
-          -e "POSTGRES_USER=postgres" -e "POSTGRES_PASSWORD=" -e "POSTGRES_DB=postgres" -e GITHUB_ACTIONS=true
-          postgres:latest
+      working-directory: docker
+      run: docker-compose up -d
     - name: 'Set up JDK 8'
       uses: actions/setup-java@v1
       with:
         java-version: 8
     - name: 'Test'
       run: |
         # TODO: run SlowTests as well
+        echo enable_ssl_tests=true > ssltest.local.properties
         ./gradlew '-PincludeTestTags=!org.postgresql.test.SlowTests' --no-parallel --no-daemon -PskipReplicationTests -Pport=${{ job.services.postgres.ports['5432'] }} test
         # test javadoc -Pport=${{ job.services.postgres.ports['5432'] }}
diff --git a/docker/README.md b/docker/README.md
@@ -0,0 +1,12 @@
+This Docker Compose script helps to start a PostgreSQL instance for tests
+
+Typical usage:
+
+    docker-compose up # starts the database
+
+    ...
+    Ctrl+C
+
+    docker-compose up -d # launch the container in background
+
+    docker-compose rm # removes the container (e.g. to recreate the db)
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -0,0 +1,27 @@
+version: "3"
+services:
+  pgdb:
+    image: postgres:latest
+    ports:
+      - 5432:5432
+    volumes:
+      - ./scripts/chmod_ssl.sh:/home/certdir/chmod_ssl.sh
+      - ./scripts/init-user-db.sh:/docker-entrypoint-initdb.d/init-user-db.sh
+      - ../.travis/travis_ssl_users.sh:/home/scripts/travis_ssl_users.sh
+      - ../certdir/server:/home/certdir
+    entrypoint:
+      - bash
+      - /home/certdir/chmod_ssl.sh
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=
+      - POSTGRES_DB=postgres
+      - GITHUB_ACTIONS=true
+    command: >-
+      postgres
+      -c 'hba_file=/home/pg_hba.conf'
+      -c 'ssl=on'
+      -c 'ssl_cert_file=/home/certdir/server.crt'
+      -c 'ssl_key_file=/home/certdir/server.key'
+      -c 'ssl_ca_file=/home/certdir/root.crt'
+      -c 'max_prepared_transactions=64'
diff --git a/docker/scripts/chmod_ssl.sh b/docker/scripts/chmod_ssl.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+whoami
+chown postgres:postgres /home/certdir/*.key
+chmod 0600 /home/certdir/*.key
+
+cp /home/certdir/pg_hba.conf /home/pg_hba.conf
+sed -i 's/127.0.0.1\/32/0.0.0.0\/0/g' /home/pg_hba.conf
+
+docker-entrypoint.sh $@
diff --git a/.github/workflows/init-user-db.sh → docker/scripts/init-user-db.sh b/.github/workflows/init-user-db.sh → docker/scripts/init-user-db.sh
@@ -1,14 +1,10 @@
 #!/bin/bash
 set -e
 
-whoami
-
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
     SET password_encryption='scram-sha-256';
     CREATE USER test with password 'test';
     CREATE DATABASE test OWNER test;
-    CREATE USER root;
-    CREATE DATABASE root OWNER root;
 EOSQL
 
 /home/scripts/travis_ssl_users.sh
diff --git a/pgjdbc/src/test/java/org/postgresql/test/ssl/SslTest.java b/pgjdbc/src/test/java/org/postgresql/test/ssl/SslTest.java
@@ -212,6 +212,11 @@ private void assertClientCertRequired(SQLException e, String caseName) {
   }
 
   private void checkErrorCodes(SQLException e) {
+    if (e != null && e.getCause() instanceof FileNotFoundException
+        && clientRootCertificate != ClientRootCertificate.EMPTY) {
+      Assert.fail("FileNotFoundException => it looks like a configuration failure");
+    }
+
     if (e == null && sslmode == SslMode.ALLOW && !db.requiresSsl()) {
       // allowed to connect with plain connection
       return;
@@ -426,6 +431,9 @@ private boolean assertClientCertificate(SQLException e) {
     // SSLHandshakeException: Received fatal alert: unknown_ca
     // SocketException: broken pipe (write failed)
 
+    // decrypt_error does not look to be a valid case, however, we allow it for now
+    // SSLHandshakeException: Received fatal alert: decrypt_error
+
     SocketException brokenPipe = findCause(e, SocketException.class);
     SSLHandshakeException handshakeException = findCause(e, SSLHandshakeException.class);
 
@@ -438,10 +446,15 @@ private boolean assertClientCertificate(SQLException e) {
           caseName + " ==> server should have terminated the connection (broken pipe expected)"
               + ", actual exception was " + brokenPipe.getMessage());
     }
-    if (handshakeException != null && !handshakeException.getMessage().contains("unknown_ca")) {
-      Assert.fail(
-          caseName + " ==> server should have terminated the connection (expected 'unknown_ca')"
-              + ", actual exception was " + handshakeException.getMessage());
+
+    if (handshakeException != null) {
+      final String handshakeMessage = handshakeException.getMessage();
+      if (!handshakeMessage.contains("unknown_ca") && !handshakeMessage.contains("decrypt_error")) {
+        Assert.fail(
+            caseName
+                + " ==> server should have terminated the connection (expected 'unknown_ca' or 'decrypt_error')"
+                + ", actual exception was " + handshakeMessage);
+      }
     }
     return true;
   }