| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 |
- # Copyright Materialize, Inc. and contributors. All rights reserved.
- #
- # Use of this software is governed by the Business Source License
- # included in the LICENSE file at the root of this repository.
- #
- # As of the Change Date specified in that file, in accordance with
- # the Business Source License, use of this software will be governed
- # by the Apache License, Version 2.0.
- #
- # Test SSH key generation and management for SSH connections
- $ postgres-execute connection=postgres://mz_system:materialize@${testdrive.materialize-internal-sql-addr}
- ALTER SYSTEM SET enable_connection_validation_syntax = true
- > SELECT * FROM mz_ssh_tunnel_connections;
- id public_key_1 public_key_2
- ----------------------------
- ! CREATE CONNECTION louisoix TO SSH TUNNEL (
- HOST 'chaos.example.com',
- USER 'louisoix',
- PORT 22,
- PUBLIC KEY 1 = 'bad'
- );
- contains:the PUBLIC KEY 1 option cannot be explicitly specified
- ! CREATE CONNECTION louisoix TO SSH TUNNEL (
- HOST 'chaos.example.com',
- USER 'louisoix',
- PORT 22,
- PUBLIC KEY 2 = 'bad'
- );
- contains:the PUBLIC KEY 2 option cannot be explicitly specified
- > CREATE CONNECTION louisoix TO SSH TUNNEL (
- HOST 'chaos.example.com',
- USER 'louisoix',
- PORT 22
- );
- # mz_ssh_tunnel_connections is properly populated, and SSH public keys look like keys
- > SELECT name, public_key_1 LIKE 'ssh-ed25519%' pkey1, public_key_2 LIKE 'ssh-ed25519%' pkey2
- FROM mz_ssh_tunnel_connections
- JOIN mz_connections USING (id);
- name pkey1 pkey2
- --------------------
- louisoix true true
- > CREATE CONNECTION omega TO SSH TUNNEL (
- HOST 'chaos.example.com',
- USER 'omega',
- PORT 22
- );
- > SELECT name, public_key_1 LIKE 'ssh-ed25519%' pkey1, public_key_2 LIKE 'ssh-ed25519%' pkey2
- FROM mz_ssh_tunnel_connections
- JOIN mz_connections USING (id);
- name pkey1 pkey2
- --------------------
- louisoix true true
- omega true true
- > DROP CONNECTION louisoix;
- # SSH connections can be normally dropped
- > SELECT name, public_key_1 LIKE 'ssh-ed25519%' pkey1, public_key_2 LIKE 'ssh-ed25519%' pkey2
- FROM mz_ssh_tunnel_connections
- JOIN mz_connections USING (id);
- name pkey1 pkey2
- --------------------
- omega true true
- # Key rotation doesn't fail
- > ALTER CONNECTION omega ROTATE KEYS;
- > SELECT name, public_key_1 LIKE 'ssh-ed25519%' pkey1, public_key_2 LIKE 'ssh-ed25519%' pkey2
- FROM mz_ssh_tunnel_connections
- JOIN mz_connections USING (id);
- name pkey1 pkey2
- --------------------
- omega true true
- > DROP CONNECTION omega;
- # Connections can still be dropped after rotating keys
- > SELECT name, public_key_1 LIKE 'ssh-ed25519%' pkey1, public_key_2 LIKE 'ssh-ed25519%' pkey2
- FROM mz_ssh_tunnel_connections
- JOIN mz_connections USING (id);
- name pkey1 pkey2
- --------------------
- > CREATE CONNECTION phoenix TO SSH TUNNEL (
- HOST 'light.example.com',
- USER 'phoenix',
- PORT 22
- );
- > CREATE CONNECTION yshtola TO POSTGRES (
- HOST 'linsa.example.com',
- PORT 5432,
- DATABASE 'source',
- USER 'yshtola',
- SSH TUNNEL phoenix
- ) WITH (VALIDATE = false);
- ! CREATE CONNECTION papalymo TO POSTGRES (
- HOST 'gridania.example.com',
- PORT 5432,
- DATABASE 'source',
- USER 'yshtola',
- SSH TUNNEL johto
- );
- contains: unknown catalog item 'johto'
- ! CREATE CONNECTION papalymo TO POSTGRES (
- HOST 'gridania.example.com',
- PORT 5432,
- DATABASE 'source',
- USER 'yshtola',
- SSH TUNNEL yshtola
- );
- contains: yshtola is not an SSH connection
- > SELECT name, type from mz_connections WHERE id LIKE 'u%';
- name type
- ----------------
- phoenix ssh-tunnel
- yshtola postgres
- # SSH tunnel dependencies are properly tracked
- ! DROP CONNECTION phoenix;
- contains: still depended upon
- > DROP CONNECTION phoenix CASCADE;
- > SELECT name, type from mz_connections WHERE id LIKE 'u%';
- name type
- ----------------
- $ postgres-execute connection=postgres://mz_system:materialize@${testdrive.materialize-internal-sql-addr}
- ALTER SYSTEM SET storage_enforce_external_addresses = true
- > CREATE CONNECTION omega TO SSH TUNNEL (
- HOST 'chaos.example.com',
- USER 'omega',
- PORT 22
- );
- # error is not consistent
- ! VALIDATE CONNECTION omega;
- contains:failed to
- > CREATE CONNECTION local TO SSH TUNNEL (
- HOST 'ssh-bastion-host',
- USER 'omega',
- PORT 22
- );
- ! VALIDATE CONNECTION local;
- contains:Address resolved to a private IP
- $ postgres-execute connection=postgres://mz_system:materialize@${testdrive.materialize-internal-sql-addr}
- ALTER SYSTEM SET storage_enforce_external_addresses = false
|
