postgres container uses trust authentication

testcontainers / testcontainers-rs-modules-community

Community maintained modules for Testcontainers for Rust

https://docs.rs/crate/testcontainers-modules/

MIT License

75 stars 39 forks source link

postgres container uses trust authentication #79

Closed rbtcollins closed 9 months ago

rbtcollins commented 9 months ago

Describe the bug

It was a surprise to us when starting to use this that the postgres container is setting POSTGRES_HOST_AUTH_METHOD - this breaks negative path tests that expect to be able to fail to connect , and the example code uses a password when it doesn't need to!

What makes this a potential problem though is the apparenty lack of a mutable interface to remove the env vars in the testcontainers-modules interface - instead we need to reproduce everything to avoid this initial injection. (The absence of a variable is not the same as "" as the value)

To Reproduce

This does work in this particular case, but if the pg docker entrypoint were stricter about values rather than stringifying it wouldn't:

let pg = RunnableImage::from(Postgres::default())
    .with_tag("14-alpine")
    .with_env_var(("POSTGRES_HOST_AUTH_METHOD", ""))
    .with_env_var(("POSTGRES_PASSWORD", "postgres"));
docker.run(pg)

Expected behavior

No response

DDtKey commented 9 months ago

Agree, it should be explicitly enabled by user (i.e unspecified by default). With something like with_host_trust.

Postgres has been ported from core crate of testcontainers (before splitting) and it was intentionally AFAIR - pretty common for testing purposes. This enchantment and breaking change.

You actually can set another value to ENV variable to make it working as you want.

Based on https://hub.docker.com/_/postgres it defaults to:

If unspecified then scram-sha-256 password authentication is used (in 14+; md5 in older releases)

POSTGRES_HOST_AUTH_METHOD=md5
# or
POSTGRES_HOST_AUTH_METHOD=scram-sha-256

Should work for you(use RunnableImage to customize).

Hope it will help, and after releasing new version you will be able to switch (or even use as is, this way won't be broken)

DDtKey commented 9 months ago

mutable interface to remove the env vars in the testcontainers-modules interface

This is a good point, but should be supported in testcontainers To enrich RunnableImage with method to remove/skip ENV variable. Let's fill an issue there!

DDtKey commented 9 months ago

Hi @rbtcollins,

Thanks for filling the issue! New version with disabled host auth method by default and enriched builder methods has been merged and released!

https://github.com/testcontainers/testcontainers-rs-modules-community/releases/tag/v0.3.0