#33009: ./manage.py test --keepdb fails when DB permissions are not sufficient
-------------------------------------+-------------------------------------
Reporter: Jed | Owner: nobody
Laundry |
Type: Bug | Status: new
Component: Database | Version: 3.2
layer (models, ORM) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Background:
- I'm using Django==3.1.13, and mssql-django==1.0
- I have created Azure SQL Server, using Service Principal authentication,
with two databases: **[db]** and **[test_db]**
- the Service Principal has been configured with db_owner on both
databases (i.e., `CREATE USER [app] FROM EXTERNAL PROVIDER; EXEC
sp_addrolemember 'db_owner', [app];`)
- I have updated DATABASES in settings.py with
`Authentication=ActiveDirectoryServicePrincipal`
I can use Django with no issues.
However, when I run `./manage.py test --keepdb`, I get the following
error:
`pyodbc.InterfaceError: ('28000', "[28000] [Microsoft][ODBC Driver 17 for
SQL Server][SQL Server]Login failed for user '<token-identified
principal>'. (18456) (SQLDriverConnect)")`
This is because the test runner first connects to **[dbo].[master]**,
verifies **[test_db]** exists, and then reconnects to **[test_db]**.
However, by default Service Principals do not have permission to access
**[dbo].[master]** (and ideally shouldn't, when using the same server for
multiple applications).
This appears to be an intentional design decision to try connecting
without the DB name even when using keepdb, as per
django/db/backends/base/creation.py:50-55:
{{{
# We could skip this call if keepdb is True, but we instead
# give it the keepdb param. This is to handle the case
# where the test DB doesn't exist, in which case we need to
# create it, then just not destroy it. If we instead skip
# this, we will get an exception.
self._create_test_db(verbosity, autoclobber, keepdb)
}}}
If I comment out this line, it works without issue.
I'm happy to create a patch, but would like guidance on which is more
acceptable fix:
1. create a new flag, along the lines of "keepdb_dont_create", to skip
_create_test_db
2. reuse the keepdb flag, and only call _create_test_db if it is False
3. put _create_test_db into a try: and except: pass, to avoid DB
permission issues entirely
--
Ticket URL: <https://code.djangoproject.com/ticket/33009>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/051.c8edfbbdb44a6a268de9f48745cb8521%40djangoproject.com.
