Unit Testing Phase 2.2: MySQL/PgSQL Authentication Unit Tests

[renecannao]

Parent Issue

Part of #5472 — Unit Testing Framework: Milestone 2

Depends On

• Unit Testing Phase 2.1: Test Infrastructure Foundation (Glo* Stubs & Harness) #5473 — Phase 2.1: Test Infrastructure Foundation

Why Authentication First

MySQL_Authentication and PgSQL_Authentication have the lowest coupling of any interesting component:

• 72 references to GloMyAuth across the codebase (vs 403 for GloAdmin or 378 for GloMTH)
• Self-contained data structures: creds_group_t wraps a btree map + PtrArray with its own rwlock
• No dependency on GloAdmin for core add()/lookup()/del() operations (Admin only populates the auth store; it doesn't participate in lookups)
• Clear interface with well-defined behavior that is critical to test: authentication is a security boundary

Scope

Test File

test/tap/tests/unit/auth_unit-t.cpp

Test Cases

Core CRUD operations:

• add() a frontend user → lookup() returns correct account_details_t (username, password, default_hostgroup, default_schema, etc.)
• add() a backend user → lookup() with correct cred_username_type returns it; wrong type returns empty
• del() a user → subsequent lookup() returns empty
• exists() returns true for added users, false for unknown users
• Adding duplicate username → verify behavior (overwrite? error?)
• Adding user with empty username / very long username / special characters

Credential management:

• set_SHA1() → verify SHA1 hash is stored and retrievable
• set_clear_text_password() → verify password is stored correctly
• Lookup with PASSWORD_TYPE flag matching

Connection counting:

• increase_frontend_user_connections() increments counter
• decrease_frontend_user_connections() decrements counter
• Connection count respects max_connections — verify the enforcement behavior

Bulk operations:

• set_all_inactive() → all users marked inactive
• remove_inactives() → inactive users purged; active users remain
• set_all_inactive() + selectively re-add() + remove_inactives() → simulates config reload

Checksums:

• get_runtime_checksum() returns deterministic value for same user set
• Adding/removing a user changes the checksum
• Checksum is order-independent (adding users A,B gives same checksum as B,A)

Memory:

• memory_usage() returns non-zero after adds
• memory_usage() decreases after deleting users
• reset() brings memory usage to baseline

Frontend vs Backend separation:

• Users added as frontend are not visible in backend lookups and vice versa
• Same username can exist in both frontend and backend with different credentials

PgSQL equivalents:

• Mirror key test cases for PgSQL_Authentication to verify parity

Acceptance Criteria

• All test cases pass when run standalone (no running ProxySQL, no Docker)
• Tests complete in under 2 seconds total
• No memory leaks under ASAN
• Tests pass on both Linux and macOS
• Tests cover both MySQL_Authentication and PgSQL_Authentication
• Test file follows existing TAP conventions (plan(), ok(), is(), etc.)

[renecannao]

Closed by #5485