Added the ability to reload credentials for vtgate.

Signed-off-by: Saif Alharthi <saif@saifalharthi.me>

go/mysql/auth_server_static.go

@@ -26,6 +26,7 @@ import (
 	"os/signal"
 	"sync"
 	"syscall"
+	"time"
 
 	"vitess.io/vitess/go/vt/log"
 	querypb "vitess.io/vitess/go/vt/proto/query"
@@ -34,8 +35,9 @@ import (
 )
 
 var (
-	mysqlAuthServerStaticFile   = flag.String("mysql_auth_server_static_file", "", "JSON File to read the users/passwords from.")
-	mysqlAuthServerStaticString = flag.String("mysql_auth_server_static_string", "", "JSON representation of the users/passwords config.")
+	mysqlAuthServerStaticFile           = flag.String("mysql_auth_server_static_file", "", "JSON File to read the users/passwords from.")
+	mysqlAuthServerStaticString         = flag.String("mysql_auth_server_static_string", "", "JSON representation of the users/passwords config.")
+	mysqlAuthServerStaticReloadInterval = flag.Duration("mysql_auth_static_reload_interval", 0, "Ticker to reload credentials")
 )
 
 const (
@@ -153,6 +155,19 @@ func (a *AuthServerStatic) installSignalHandlers() {
 			a.loadConfigFromParams(*mysqlAuthServerStaticFile, "")
 		}
 	}()
+
+	// If duration is set, it will reload configuration every interval
+	if *mysqlAuthServerStaticReloadInterval > 0 {
+		ticker := time.NewTicker(*mysqlAuthServerStaticReloadInterval)
+		go func() {
+			for {
+				select {
+				case <-ticker.C:
+					sigChan <- syscall.SIGHUP
+				}
+			}
+		}()
+	}
 }
 
 func parseConfig(jsonConfig []byte, config *map[string][]*AuthServerStaticEntry) error {

go/mysql/auth_server_static_test.go

@@ -91,12 +91,12 @@ func TestValidateHashGetter(t *testing.T) {
 		t.Fatalf("error validating password: %v", err)
 	}
 
-	callerId := getter.Get()
-	if callerId.Username != "user.name" {
-		t.Fatalf("getter username incorrect, expected \"user.name\", got %v", callerId.Username)
+	callerID := getter.Get()
+	if callerID.Username != "user.name" {
+		t.Fatalf("getter username incorrect, expected \"user.name\", got %v", callerID.Username)
 	}
-	if len(callerId.Groups) != 1 || callerId.Groups[0] != "user_group" {
-		t.Fatalf("getter groups incorrect, expected [\"user_group\"], got %v", callerId.Groups)
+	if len(callerID.Groups) != 1 || callerID.Groups[0] != "user_group" {
+		t.Fatalf("getter groups incorrect, expected [\"user_group\"], got %v", callerID.Groups)
 	}
 }
 
@@ -127,7 +127,6 @@ func TestStaticConfigHUP(t *testing.T) {
 	}
 	defer os.Remove(tmpFile.Name())
 	*mysqlAuthServerStaticFile = tmpFile.Name()
-
 	oldStr := "str1"
 	jsonConfig := fmt.Sprintf("{\"%s\":[{\"Password\":\"%s\"}]}", oldStr, oldStr)
 	if err := ioutil.WriteFile(tmpFile.Name(), []byte(jsonConfig), 0600); err != nil {
@@ -143,6 +142,10 @@ func TestStaticConfigHUP(t *testing.T) {
 
 	hupTest(t, tmpFile, oldStr, "str2")
 	hupTest(t, tmpFile, "str2", "str3") // still handling the signal
+
+	// Invoke a SIGHUP every second to reload configurations
+	hupTestWithRotation(t, tmpFile, "str3", "str4")
+	hupTestWithRotation(t, tmpFile, "str4", "str5")
 }
 
 func hupTest(t *testing.T, tmpFile *os.File, oldStr, newStr string) {
@@ -168,6 +171,29 @@ func hupTest(t *testing.T, tmpFile *os.File, oldStr, newStr string) {
 	}
 }
 
+func hupTestWithRotation(t *testing.T, tmpFile *os.File, oldStr, newStr string) {
+	*mysqlAuthServerStaticReloadInterval = time.Millisecond * 1
+	aStatic := GetAuthServer("static").(*AuthServerStatic)
+
+	jsonConfig := fmt.Sprintf("{\"%s\":[{\"Password\":\"%s\"}]}", newStr, newStr)
+	if err := ioutil.WriteFile(tmpFile.Name(), []byte(jsonConfig), 0600); err != nil {
+		t.Fatalf("couldn't overwrite temp file: %v", err)
+	}
+
+	if aStatic.Entries[oldStr][0].Password != oldStr {
+		t.Fatalf("%s's Password should still be '%s'", oldStr, oldStr)
+	}
+
+	time.Sleep(20 * time.Millisecond) // wait for signal handler
+
+	if aStatic.Entries[oldStr] != nil {
+		t.Fatalf("Should not have old %s after config reload", oldStr)
+	}
+	if aStatic.Entries[newStr][0].Password != newStr {
+		t.Fatalf("%s's Password should be '%s'", newStr, newStr)
+	}
+}
+
 func TestStaticPasswords(t *testing.T) {
 	jsonConfig := `
 {