roachtest: add ldap conn. latency test via roachtest

No test previously existed to compute and monitor LDAP connection latency Created a roachtest which leverages the workload to get the stats for LDAP connection latency The test provisions an openLDAP service and it's user `jdoe` which is authenticated on the CRDB via LDAP. The test * provisions openLDAP with TLS connection * Creates a user named jdoe into CRDB * Sets the HBA conf and custom CA into the cluster settings * runs the workload binary to compute the connection latency Epic: CRDB-40412 Fixes: #127358 Release note: None
cockroachdb · Dec 17, 2024 · 69b8862 · 69b8862
1 parent a653b4e
commit 69b8862
Show file tree

Hide file tree

Showing 5 changed files with 482 additions and 0 deletions.
diff --git a/pkg/cmd/roachtest/testdata/ldap_authentication_hba_conf b/pkg/cmd/roachtest/testdata/ldap_authentication_hba_conf
@@ -0,0 +1,3 @@
+host    all           roachprod           0.0.0.0/0          password
+host    all           all            all                 ldap ldapserver=%s ldapport=636 "ldapbasedn=OU=Users,DC=example,DC=com" "ldapbinddn=CN=John Doe,OU=Users,DC=example,DC=com" ldapbindpasswd=%s ldapsearchattribute=uid "ldapsearchfilter=(mail=*)"
+host    all           root           0.0.0.0/0          password
diff --git a/pkg/cmd/roachtest/testdata/ldap_base_structure.ldif b/pkg/cmd/roachtest/testdata/ldap_base_structure.ldif
@@ -0,0 +1,11 @@
+# Organizational Unit: Users
+dn: ou=Users,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Users
+
+# Organizational Unit: Groups
+dn: ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Groups
diff --git a/pkg/cmd/roachtest/testdata/ldap_user_group.ldif b/pkg/cmd/roachtest/testdata/ldap_user_group.ldif
@@ -0,0 +1,63 @@
+# User 1: John Doe
+dn: cn=John Doe,ou=Users,dc=example,dc=com
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: jdoe
+cn: John Doe
+sn: Doe
+givenName: John
+displayName: John Doe
+mail: [email protected]
+uidNumber: 1001
+gidNumber: 5000
+homeDirectory: /home/jdoe
+loginShell: /bin/bash
+userPassword: {SSHA}UweAl2O1Zh95nijbT+SaQB5FuaHi7xnE
+
+# User 2: Alice Smith
+dn: cn=Alice Smith,ou=Users,dc=example,dc=com
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: asmith
+cn: Alice Smith
+sn: Smith
+givenName: Alice
+displayName: Alice Smith
+mail: [email protected]
+uidNumber: 1002
+gidNumber: 5000
+homeDirectory: /home/asmith
+loginShell: /bin/bash
+userPassword: {SSHA}PK9Mq7jpwPR4hslWym9zFpGDyz92iiSs
+
+# User 3: Robert Brown
+dn: cn=Robert Brown,ou=Users,dc=example,dc=com
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: rbrown
+cn: Robert Brown
+sn: Brown
+givenName: Robert
+displayName: Robert Brown
+mail: [email protected]
+uidNumber: 1003
+gidNumber: 5000
+homeDirectory: /home/rbrown
+loginShell: /bin/bash
+userPassword: {SSHA}WA/veP8/qFKW74DrCjTw+6DEGxm6Pqb9
+
+# Group: Developers
+dn: cn=Developers,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Developers
+description: Group for software development team members
+uniqueMember: cn=John Doe,ou=Users,dc=example,dc=com
+uniqueMember: cn=Alice Smith,ou=Users,dc=example,dc=com
+uniqueMember: cn=Robert Brown,ou=Users,dc=example,dc=com