CASSGO-19 Don't restrict server authenticator in PasswordAuthenticator

[tolbertam]

Currently gocql will only allow authenticating with authenticators
defined in defaultApprovedAuthenticators in conn.go.

There have been multiple occurrences of implementers needing to update
this list, either when a vendor would like to add their authenticator,
or a new authenticator being added.

It would probably reduce friction to just accept any authenticator
provided by the server. From what I know, other drivers behave in this
way.

If a user wanted to restrict this, they could use the existing
configuration PasswordAuthenticator.AllowedAuthenticators.

patch by Andy Tolbert; reviewed by Joao Reis, Lukasz Antoniak for CASSGO-19

---

This is an alternative pr to #1800; since this is a behavioral change, it merits some discussion and may take longer to review.

[tolbertam]

alternatively, could test for nil, but felt would keep it this way for consistency.

[lukasz-antoniak]

Looks good to me. Indeed Java driver does not assert on authenticator returned by the server, but relies on client configuration.

[joao-r-reis]

I agree with this change, other drivers already work like this.

[joao-r-reis]

nit: Maybe a comment on the interface function itself could also be useful

[tolbertam]

Is the comment I changed at line 46 in conn.go ok or were you looking for documentation elsewhere (like on the AllowedAuthenticators field in PasswordAuthenticator?)

[joao-r-reis]

I was thinking about a comment on the type itself ( conn.go ) so that this information shows up on the docs section for the type (in pkg.go.dev) and when using an IDE:

type PasswordAuthenticator struct {
	Username                      string
	Password                       string

        // Setting this to nil or empty will allow any authenticator provided by the server
	AllowedAuthenticators []string
}

[tolbertam]

👍 sounds great, agree that this is the most appropriate place. Will make that change.

[joao-r-reis]

Maybe a comment on the type itself too.

// PasswordAuthenticator can be configured with an "allow list" of authenticators (can be set to nil or empty to allow all)
type PasswordAuthenticator struct {
	Username                      string
	Password                       string

        // Setting this to nil or empty will allow any authenticator provided by the server
	AllowedAuthenticators []string
}

[tolbertam]

made an attempt to document both. Thought it would be good to make it clear that the default behavior of other drivers is to allow any authenticator, generally I don't think people should configure this, and the presence of documentation may lead them to think they need to do so, so felt it was good to clarify that. Hopefully that looks ok.

[joao-r-reis]

lgtm 👍

[tolbertam]

Thanks, i'll squash the commits and update the patch by/reviewed by 👍

[tolbertam]

done, hopefully this is good to go!

[joao-r-reis]

I'd rather merge this instead of #1800 but if there's an objection to this one we can merge #1800

[tolbertam]

I'd rather merge this instead of #1800 but if there's an objection to this one we can merge #1800

I agree with that sentiment, would prefer it be consistent with other drivers.