dbshell crashes on django-cockroachdb 3.1

Using:

python 3.7.x
cockroachdb 20.1.6
django 3.1.2
django-cockroachdb 3.1

DATABASE settings:

DATABASES = {
    'cockroach': {
        'ENGINE': 'django_cockroachdb',
        [some params]
    },
    'cockroach-pg': {
        'ENGINE': 'django.db.backends.postgresql',
        [equivalent params]
    },
}

I get:

$ ./manage.py dbshell --database=cockroach-pg
psql (11.9 (Debian 11.9-0+deb10u1), server 9.5.0)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256, bits: 128, compression: off)
Type "help" for help.
...

but

$ ./manage.py dbshell --database=cockroach
Traceback (most recent call last):
  File "./manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/home/me/python37/lib/python3.7/site-packages/django/core/management/__init__.py", line 401, in execute_from_command_line
    utility.execute()
  File "/home/me/python37/lib/python3.7/site-packages/django/core/management/__init__.py", line 395, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/home/me/python37/lib/python3.7/site-packages/django/core/management/base.py", line 330, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/home/me/python37/lib/python3.7/site-packages/django/core/management/base.py", line 371, in execute
    output = self.handle(*args, **options)
  File "/home/me/python37/lib/python3.7/site-packages/django/core/management/commands/dbshell.py", line 26, in handle
    connection.client.runshell(options['parameters'])
TypeError: runshell() takes 1 positional argument but 2 were given

If I'm not mistaken DatabaseClient.runshell does not have the right signature for some reason.

Thanks for the report. An update is required for django/django@5b884d4.

Technically, this issue is indeed resolved. However, the solution has side-effects.

In my case the CockroachDB connection itself (that is, outside of Django) works via "cockroachdb sql --certs-dir=[...]" with a client key+certificate in [CERTSDIR].

If I specify user, database, password, ... in the Django settings, then:

$ manage.py dbshell
Usage:
  cockroach sql [options] [flags]
[...]

ERROR: unknown flag: --password
Failed running "sql"
CommandError: "cockroach sql --database=[DATABASE] --certs-dir=[CERTSDIR] --user=[USER] --password=[PASSWORD] --host=[HOST] --port=[PORT]" returned non-zero exit status 1.

However, if the password or other parameters are missing then I get a 500 via the app:

OperationalError at /[URL]
fe_sendauth: no password supplied

or

OperationalError at /[URL]
ERROR:  password authentication failed for user [USER]
ERROR:  node is running secure mode, SSL connection required

Meaning either dbshell doesn't work or the app doesn't. I can't seem to make both of it work at the same time, unless I maintain two entries in DB settings.

Thanks. That looks to be a separate issue. It also affects django-cockroachdb 3.0.x and 2.2.x I believe. Could you try removing these lines:

django-cockroachdb/django_cockroachdb/client.py

Lines 31 to 32 in 2468e5c

    
           if passwd: 
        
               args += ["--password=%s" % passwd]

(Those lines came from e8c559a and may have never been tested.)

After removing those lines, I see a password prompt:

$ python manage.py dbshell
#
# Welcome to the CockroachDB SQL shell.
# All statements must be terminated by a semicolon.
# To exit, type: \q.
#
Enter password:

Is that what you would expect? I don't see a way to automatically provide a password to cockroach sql besides the --url postgresql://[user[:passwd]@]host[:port]/[db][?parameters...] option, however, that could be a security issue since the password would be viewable by other system users if they invoke ps aux | grep cockroach.

[...]

Enter password:
Is that what you would expect?

No, it isn't. As I mentioned above, I am using a client key+certificate. I belive the username is in the certificate as Subject Name and there is no password at all.

I don't see a way to automatically provide a password to cockroach sql besides the --url postgresql://[user[:passwd]@]host[:port]/[db][?parameters...] option, however, that could be a security issue since the password would be viewable by other system users if they invoke ps aux | grep cockroach.

I agree that's not a good way forward. I'll go ahead and open a different issue instead as you advised.