Additional test coverage for order and group

mise.toml

@@ -31,7 +31,7 @@ CS_PROXY__HOST = "proxy"
 # Misc
 DOCKER_CLI_HINTS = "false" # Please don't show us What's Next.
 
-CS_EQL_VERSION = "eql-2.0.1"
+CS_EQL_VERSION = "eql-2.0.4"
 
 [tools]
 "cargo:cargo-binstall" = "latest"

packages/cipherstash-proxy-integration/Cargo.toml

@@ -29,4 +29,5 @@ cipherstash-config = "0.2.3"
 clap = "4.5.32"
 fake = { version = "4", features = ["chrono", "derive"] }
 hex = "0.4.3"
+tap = "1.0.1"
 uuid = { version = "1.11.0", features = ["serde", "v4"] }

packages/cipherstash-proxy-integration/src/common.rs

@@ -6,7 +6,7 @@ use rustls::{
     pki_types::CertificateDer, ClientConfig,
 };
 use std::sync::{Arc, Once};
-use tokio_postgres::{Client, NoTls};
+use tokio_postgres::{types::ToSql, Client, NoTls};
 use tracing_subscriber::{filter::Directive, EnvFilter, FmtSubscriber};
 
 pub const PROXY: u16 = 6432;
@@ -17,7 +17,7 @@ pub const TEST_SCHEMA_SQL: &str = include_str!(concat!("../../../tests/sql/schem
 
 static INIT: Once = Once::new();
 
-pub fn id() -> i64 {
+pub fn random_id() -> i64 {
     use rand::Rng;
     let mut rng = rand::rng();
     rng.random_range(1..=i64::MAX)
@@ -113,6 +113,52 @@ pub async fn connect(port: u16) -> Client {
     client
 }
 
+pub async fn insert(sql: &str, params: &[&(dyn ToSql + Sync)]) {
+    let client = connect_with_tls(PROXY).await;
+    client.query(sql, params).await.unwrap();
+}
+
+pub async fn query<T: for<'a> tokio_postgres::types::FromSql<'a> + Send + Sync>(
+    sql: &str,
+) -> Vec<T> {
+    let client = connect_with_tls(PROXY).await;
+    let rows = client.query(sql, &[]).await.unwrap();
+    rows.iter().map(|row| row.get(0)).collect::<Vec<T>>()
+}
+
+pub async fn simple_query<T: std::str::FromStr>(sql: &str) -> Vec<T>
+where
+    <T as std::str::FromStr>::Err: std::fmt::Debug,
+{
+    let client = connect_with_tls(PROXY).await;
+    let rows = client.simple_query(sql).await.unwrap();
+    rows.iter()
+        .filter_map(|row| {
+            if let tokio_postgres::SimpleQueryMessage::Row(r) = row {
+                r.get(0).and_then(|val| val.parse::<T>().ok())
+            } else {
+                None
+            }
+        })
+        .collect()
+}
+
+// Returns a vector of `Option<String>` for each row in the result set.
+// Nulls are represented as `None`, and non-null values are converted to `Some(String)`.
+pub async fn simple_query_with_null(sql: &str) -> Vec<Option<String>> {
+    let client = connect_with_tls(PROXY).await;
+    let rows = client.simple_query(sql).await.unwrap();
+    rows.iter()
+        .filter_map(|row| {
+            if let tokio_postgres::SimpleQueryMessage::Row(r) = row {
+                Some(r.get(0).map(|val| val.to_string()))
+            } else {
+                None
+            }
+        })
+        .collect()
+}
+
 ///
 /// Configure the client TLS settings.
 /// These are the settings for connecting to the database with TLS.

packages/cipherstash-proxy-integration/src/decrypt/insert_returning.rs

@@ -2,7 +2,7 @@
 mod tests {
     use chrono::NaiveDate;
 
-    use crate::common::{clear, connect_with_tls, id, trace, PROXY};
+    use crate::common::{clear, connect_with_tls, random_id, trace, PROXY};
 
     #[tokio::test]
     async fn decrypt_insert_returning_with_different_column_order() {
@@ -12,7 +12,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let plaintext = "plaintext";
         let plaintext_date: Option<NaiveDate> = None;
         let encrypted_text = "[email protected]";
@@ -61,7 +61,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let plaintext = "plaintext";
         let encrypted_text = "[email protected]";
 
@@ -103,7 +103,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let plaintext = "plaintext";
         let encrypted_text = "[email protected]";
 

packages/cipherstash-proxy-integration/src/extended_protocol_error_messages.rs

@@ -2,7 +2,7 @@
 mod tests {
     use tracing::{debug, info};
 
-    use crate::common::{clear, connect_with_tls, id, reset_schema, trace, PROXY};
+    use crate::common::{clear, connect_with_tls, random_id, reset_schema, trace, PROXY};
 
     struct Reset;
 
@@ -24,7 +24,7 @@ mod tests {
 
         let _reset = Reset;
 
-        let id = id();
+        let id = random_id();
 
         let client = connect_with_tls(PROXY).await;
 
@@ -55,7 +55,7 @@ mod tests {
 
         // Create a record
         // If select returns no results, no configuration is required
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
 
         let sql = "INSERT INTO unconfigured (id, encrypted_unconfigured) VALUES ($1, $2)";
@@ -82,7 +82,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         // let encrypted_date = NaiveDate::parse_from_str("2025-01-01", "%Y-%m-%d").unwrap();
         let encrypted_date: i32 = 2025;
 
@@ -111,7 +111,7 @@ mod tests {
 
         // Create a record
         // If select returns no results, no configuration is required
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
 
         let sql = "INSERT INTO encrypted id, encrypted_text VALUES ($1, $2)";

packages/cipherstash-proxy-integration/src/lib.rs

@@ -14,4 +14,5 @@ mod migrate;
 mod passthrough;
 mod pipeline;
 mod schema_change;
+mod select;
 mod simple_protocol;

packages/cipherstash-proxy-integration/src/map_concat.rs

@@ -1,14 +1,14 @@
 #[cfg(test)]
 mod tests {
-    use crate::common::{clear, connect_with_tls, id, PROXY};
+    use crate::common::{clear, connect_with_tls, random_id, PROXY};
 
     #[tokio::test]
     async fn map_concat_regression() {
         let client = connect_with_tls(PROXY).await;
 
         clear().await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
 
         let sql = "INSERT INTO encrypted (id, encrypted_text) VALUES ($1, $2)";

packages/cipherstash-proxy-integration/src/map_literals.rs

@@ -1,14 +1,14 @@
 #[cfg(test)]
 mod tests {
-    use crate::common::{clear, connect_with_tls, id, PROXY};
+    use crate::common::{clear, connect_with_tls, random_id, PROXY};
 
     #[tokio::test]
     async fn map_literal() {
         clear().await;
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
 
         let sql =
@@ -28,7 +28,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
         let int2: i16 = 1;
 
@@ -51,7 +51,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_jsonb = serde_json::json!({"key": "value"});
 
         let sql = format!(
@@ -80,7 +80,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
 
         let sql =
             format!("INSERT INTO encrypted (id, encrypted_int8) VALUES ({id}, {id}) RETURNING id, encrypted_int8");
@@ -103,7 +103,7 @@ mod tests {
         let client = connect_with_tls(PROXY).await;
 
         let sql =
-            format!("INSERT INTO encrypted (id, encrypted_text) VALUES ({}, 'a'), ({}, 'a') RETURNING encrypted_text", id(), id());
+            format!("INSERT INTO encrypted (id, encrypted_text) VALUES ({}, 'a'), ({}, 'a') RETURNING encrypted_text", random_id(), random_id());
         let rows = client.query(&sql, &[]).await.unwrap();
 
         let actual = rows.iter().map(|row| row.get(0)).collect::<Vec<&str>>();

packages/cipherstash-proxy-integration/src/map_match_index.rs

@@ -1,6 +1,6 @@
 #[cfg(test)]
 mod tests {
-    use crate::common::{clear, connect_with_tls, id, trace, PROXY};
+    use crate::common::{clear, connect_with_tls, random_id, trace, PROXY};
 
     #[tokio::test]
     async fn map_match_index_text() {
@@ -10,7 +10,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
 
         let sql = "INSERT INTO encrypted (id, encrypted_text) VALUES ($1, $2)";

packages/cipherstash-proxy-integration/src/map_nulls.rs

@@ -1,16 +1,15 @@
 #[cfg(test)]
 mod tests {
+    use crate::common::{clear, connect_with_tls, random_id, trace, PROXY};
     use chrono::NaiveDate;
 
-    use crate::common::{clear, connect_with_tls, id, trace, PROXY};
-
     #[tokio::test]
     async fn map_insert_null_param() {
         trace();
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_text: Option<String> = None;
 
         let sql = "INSERT INTO encrypted (id, encrypted_text) VALUES ($1, $2)";
@@ -33,7 +32,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_text = "[email protected]";
 
         let sql = "INSERT INTO encrypted (id, encrypted_text) VALUES ($1, $2)";
@@ -71,7 +70,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
 
         let sql = "INSERT INTO encrypted (id, encrypted_text) VALUES ($1, NULL)";
         client.query(sql, &[&id]).await.unwrap();
@@ -96,7 +95,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let encrypted_int2: i16 = 42;
 
         let sql =
@@ -128,7 +127,7 @@ mod tests {
 
         let client = connect_with_tls(PROXY).await;
 
-        let id = id();
+        let id = random_id();
         let plaintext: Option<String> = None;
         let plaintext_date: Option<NaiveDate> = None;
         let encrypted_text: Option<String> = None;