Make backend key data optional (#296)

Author: rausnitz

Sources/PostgresNIO/Connection/PostgresConnection.swift

@@ -78,6 +78,12 @@ public final class PostgresConnection {
             /// - Default: 5432
             public var port: Int
 
+            /// Require connection to provide `BackendKeyData`.
+            /// For use with Amazon RDS Proxy, this must be set to false.
+            ///
+            /// - Default: true
+            public var requireBackendKeyData: Bool = true
+
             /// Specifies a timeout to apply to a connection attempt.
             ///
             /// - Default: 10 seconds
@@ -401,7 +407,8 @@ extension PostgresConnection {
                 connection: .resolved(address: socketAddress, serverName: serverHostname),
                 connectTimeout: .seconds(10),
                 authentication: nil,
-                tls: tls
+                tls: tls,
+                requireBackendKeyData: true
             )
 
             return PostgresConnection.connect(
@@ -764,6 +771,8 @@ extension PostgresConnection {
         var authentication: Configuration.Authentication?
 
         var tls: Configuration.TLS
+        
+        var requireBackendKeyData: Bool
     }
 }
 
@@ -773,6 +782,7 @@ extension PostgresConnection.InternalConfiguration {
         self.connection = .unresolved(host: config.connection.host, port: config.connection.port)
         self.connectTimeout = config.connection.connectTimeout
         self.tls = config.tls
+        self.requireBackendKeyData = config.connection.requireBackendKeyData
     }
 }
 

Sources/PostgresNIO/New/Connection State Machine/ConnectionStateMachine.swift

@@ -5,9 +5,7 @@ struct ConnectionStateMachine {
     typealias TransactionState = PostgresBackendMessage.TransactionState
 
     struct ConnectionContext {
-        let processID: Int32
-        let secretKey: Int32
-        
+        let backendKeyData: Optional<BackendKeyData>
         var parameters: [String: String]
         var transactionState: TransactionState
     }
@@ -113,17 +111,20 @@ struct ConnectionStateMachine {
     }
 
     private var state: State
+    private let requireBackendKeyData: Bool
     private var taskQueue = CircularBuffer<PSQLTask>()
     private var quiescingState: QuiescingState = .notQuiescing
 
-    init() {
+    init(requireBackendKeyData: Bool) {
         self.state = .initialized
+        self.requireBackendKeyData = requireBackendKeyData
     }
 
     #if DEBUG
     /// for testing purposes only
-    init(_ state: State) {
+    init(_ state: State, requireBackendKeyData: Bool = true) {
         self.state = state
+        self.requireBackendKeyData = requireBackendKeyData
     }
     #endif
 
@@ -543,14 +544,12 @@ struct ConnectionStateMachine {
     mutating func readyForQueryReceived(_ transactionState: PostgresBackendMessage.TransactionState) -> ConnectionAction {
         switch self.state {
         case .authenticated(let backendKeyData, let parameters):
-            guard let keyData = backendKeyData else {
-                // `backendKeyData` must have been received, before receiving the first `readyForQuery`
+            if self.requireBackendKeyData && backendKeyData == nil {
                 return self.closeConnectionAndCleanup(.unexpectedBackendMessage(.readyForQuery(transactionState)))
             }
 
             let connectionContext = ConnectionContext(
-                processID: keyData.processID,
-                secretKey: keyData.secretKey,
+                backendKeyData: backendKeyData,
                 parameters: parameters,
                 transactionState: transactionState)
 
@@ -1314,8 +1313,8 @@ extension ConnectionStateMachine.State: CustomDebugStringConvertible {
 extension ConnectionStateMachine.ConnectionContext: CustomDebugStringConvertible {
     var debugDescription: String {
         """
-        (processID: \(self.processID), \
-        secretKey: \(self.secretKey), \
+        (processID: \(self.backendKeyData?.processID != nil ? String(self.backendKeyData!.processID) : "nil")), \
+        secretKey: \(self.backendKeyData?.secretKey != nil ? String(self.backendKeyData!.secretKey) : "nil")), \
         parameters: \(String(reflecting: self.parameters)))
         """
     }

Sources/PostgresNIO/New/PostgresChannelHandler.swift

@@ -32,7 +32,7 @@ final class PostgresChannelHandler: ChannelDuplexHandler {
          logger: Logger,
          configureSSLCallback: ((Channel) throws -> Void)?)
     {
-        self.state = ConnectionStateMachine()
+        self.state = ConnectionStateMachine(requireBackendKeyData: configuration.requireBackendKeyData)
         self.configuration = configuration
         self.configureSSLCallback = configureSSLCallback
         self.logger = logger

Tests/PostgresNIOTests/New/Connection State Machine/AuthenticationStateMachineTests.swift

@@ -7,7 +7,7 @@ class AuthenticationStateMachineTests: XCTestCase {
     func testAuthenticatePlaintext() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
 
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
 
         XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
@@ -17,7 +17,7 @@ class AuthenticationStateMachineTests: XCTestCase {
 
     func testAuthenticateMD5() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
         let salt: (UInt8, UInt8, UInt8, UInt8) = (0, 1, 2, 3)
 
@@ -28,7 +28,7 @@ class AuthenticationStateMachineTests: XCTestCase {
 
     func testAuthenticateMD5WithoutPassword() {
         let authContext = AuthContext(username: "test", password: nil, database: "test")
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
         let salt: (UInt8, UInt8, UInt8, UInt8) = (0, 1, 2, 3)
 
@@ -39,15 +39,15 @@ class AuthenticationStateMachineTests: XCTestCase {
 
     func testAuthenticateOkAfterStartUpWithoutAuthChallenge() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
         XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
         XCTAssertEqual(state.authenticationMessageReceived(.ok), .wait)
     }
 
     func testAuthenticationFailure() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
         let salt: (UInt8, UInt8, UInt8, UInt8) = (0, 1, 2, 3)
 
@@ -79,7 +79,7 @@ class AuthenticationStateMachineTests: XCTestCase {
 
         for (message, mechanism) in unsupported {
             let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-            var state = ConnectionStateMachine()
+            var state = ConnectionStateMachine(requireBackendKeyData: true)
             XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
             XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
             XCTAssertEqual(state.authenticationMessageReceived(message),
@@ -98,7 +98,7 @@ class AuthenticationStateMachineTests: XCTestCase {
 
         for message in unexpected {
             let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-            var state = ConnectionStateMachine()
+            var state = ConnectionStateMachine(requireBackendKeyData: true)
             XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
             XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
             XCTAssertEqual(state.authenticationMessageReceived(message),
@@ -125,7 +125,7 @@ class AuthenticationStateMachineTests: XCTestCase {
 
         for message in unexpected {
             let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-            var state = ConnectionStateMachine()
+            var state = ConnectionStateMachine(requireBackendKeyData: true)
             XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
             XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
             XCTAssertEqual(state.authenticationMessageReceived(.md5(salt: salt)), .sendPasswordMessage(.md5(salt: salt), authContext))

Tests/PostgresNIOTests/New/Connection State Machine/ConnectionStateMachineTests.swift

@@ -8,7 +8,7 @@ class ConnectionStateMachineTests: XCTestCase {
 
     func testStartup() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
         XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
         XCTAssertEqual(state.authenticationMessageReceived(.plaintext), .sendPasswordMessage(.cleartext, authContext))
@@ -17,7 +17,7 @@ class ConnectionStateMachineTests: XCTestCase {
 
     func testSSLStartupSuccess() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .require), .sendSSLRequest)
         XCTAssertEqual(state.sslSupportedReceived(), .establishSSLConnection)
         XCTAssertEqual(state.sslHandlerAdded(), .wait)
@@ -30,23 +30,23 @@ class ConnectionStateMachineTests: XCTestCase {
     func testSSLStartupFailHandler() {
         struct SSLHandlerAddError: Error, Equatable {}
 
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         XCTAssertEqual(state.connected(tls: .require), .sendSSLRequest)
         XCTAssertEqual(state.sslSupportedReceived(), .establishSSLConnection)
         let failError = PSQLError.failedToAddSSLHandler(underlying: SSLHandlerAddError())
         XCTAssertEqual(state.errorHappened(failError), .closeConnectionAndCleanup(.init(action: .close, tasks: [], error: failError, closePromise: nil)))
     }
 
     func testTLSRequiredStartupSSLUnsupported() {
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
 
         XCTAssertEqual(state.connected(tls: .require), .sendSSLRequest)
         XCTAssertEqual(state.sslUnsupportedReceived(),
                        .closeConnectionAndCleanup(.init(action: .close, tasks: [], error: PSQLError.sslUnsupported, closePromise: nil)))
     }
 
     func testTLSPreferredStartupSSLUnsupported() {
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
 
         XCTAssertEqual(state.connected(tls: .prefer), .sendSSLRequest)
         XCTAssertEqual(state.sslUnsupportedReceived(), .provideAuthenticationContext)
@@ -92,7 +92,7 @@ class ConnectionStateMachineTests: XCTestCase {
     }
 
     func testReadyForQueryReceivedWithoutBackendKeyAfterAuthenticated() {
-        var state = ConnectionStateMachine(.authenticated(nil, [:]))
+        var state = ConnectionStateMachine(.authenticated(nil, [:]), requireBackendKeyData: true)
 
         XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "DateStyle", value: "ISO, MDY")), .wait)
         XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "application_name", value: "")), .wait)
@@ -110,6 +110,24 @@ class ConnectionStateMachineTests: XCTestCase {
                        .closeConnectionAndCleanup(.init(action: .close, tasks: [], error: PSQLError.unexpectedBackendMessage(.readyForQuery(.idle)), closePromise: nil)))
     }
 
+    func testReadyForQueryReceivedWithoutUnneededBackendKeyAfterAuthenticated() {
+        var state = ConnectionStateMachine(.authenticated(nil, [:]), requireBackendKeyData: false)
+        
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "DateStyle", value: "ISO, MDY")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "application_name", value: "")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "server_encoding", value: "UTF8")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "integer_datetimes", value: "on")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "client_encoding", value: "UTF8")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "TimeZone", value: "Etc/UTC")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "is_superuser", value: "on")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "server_version", value: "13.1 (Debian 13.1-1.pgdg100+1)")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "session_authorization", value: "postgres")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "IntervalStyle", value: "postgres")), .wait)
+        XCTAssertEqual(state.parameterStatusReceived(.init(parameter: "standard_conforming_strings", value: "on")), .wait)
+        
+        XCTAssertEqual(state.readyForQueryReceived(.idle), .fireEventReadyForQuery)
+    }
+    
     func testErrorIsIgnoredWhenClosingConnection() {
         // test ignore unclean shutdown when closing connection
         var stateIgnoreChannelError = ConnectionStateMachine(.closing)
@@ -133,7 +151,7 @@ class ConnectionStateMachineTests: XCTestCase {
 
         let queryPromise = eventLoopGroup.next().makePromise(of: PSQLRowStream.self)
 
-        var state = ConnectionStateMachine()
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
         let extendedQueryContext = ExtendedQueryContext(
             query: "Select version()",
             logger: .psqlTest,

Tests/PostgresNIOTests/New/Extensions/ConnectionAction+TestUtils.swift

@@ -75,6 +75,8 @@ extension ConnectionStateMachine {
     }
 
     static func createConnectionContext(transactionState: PostgresBackendMessage.TransactionState = .idle) -> ConnectionContext {
+        let backendKeyData = BackendKeyData(processID: 2730, secretKey: 882037977)
+        
         let paramaters = [
             "DateStyle": "ISO, MDY",
             "application_name": "",
@@ -90,8 +92,7 @@ extension ConnectionStateMachine {
         ]
 
         return ConnectionContext(
-            processID: 2730,
-            secretKey: 882037977,
+            backendKeyData: backendKeyData,
             parameters: paramaters,
             transactionState: transactionState
         )

Tests/PostgresNIOTests/New/PostgresChannelHandlerTests.swift

@@ -174,7 +174,8 @@ class PostgresChannelHandlerTests: XCTestCase {
         database: String = "postgres",
         password: String = "password",
         tls: PostgresConnection.Configuration.TLS = .disable,
-        connectTimeout: TimeAmount = .seconds(10)
+        connectTimeout: TimeAmount = .seconds(10),
+        requireBackendKeyData: Bool = true
     ) -> PostgresConnection.InternalConfiguration {
         let authentication = PostgresConnection.Configuration.Authentication(
             username: username,
@@ -186,7 +187,8 @@ class PostgresChannelHandlerTests: XCTestCase {
             connection: .unresolved(host: host, port: port),
             connectTimeout: connectTimeout,
             authentication: authentication,
-            tls: tls
+            tls: tls,
+            requireBackendKeyData: requireBackendKeyData
         )
     }
 }