mirror
/
mongo
mirror of https://github.com/mongodb/mongo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mongo/jstests/ssl/shell_option_parsing.js

226 lines
6.8 KiB
JavaScript
Raw Permalink Blame History

// Test mongo shell connect strings.
import {ReplSetTest} from "jstests/libs/replsettest.js";
const SERVER_CERT = "jstests/libs/server.pem";
const CAFILE = "jstests/libs/ca.pem";
let opts = {
tlsMode: "allowTLS",
tlsCertificateKeyFile: SERVER_CERT,
tlsAllowInvalidCertificates: "",
tlsAllowConnectionsWithoutCertificates: "",
tlsCAFile: CAFILE,
setParameter: "authenticationMechanisms=MONGODB-X509,SCRAM-SHA-1",
};
let rst = new ReplSetTest({name: "tlsSet", nodes: 3, nodeOptions: opts});
rst.startSet();
rst.initiate();
const mongod = rst.getPrimary();
const host = mongod.host;
const username = "user";
const usernameNotTest = "userNotTest";
const usernameX509 = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client";
const password = username;
const passwordNotTest = usernameNotTest;
mongod.getDB("test").createUser({user: username, pwd: username, roles: []});
mongod.getDB("notTest").createUser({user: usernameNotTest, pwd: usernameNotTest, roles: []});
mongod.getDB("$external").createUser({user: usernameX509, roles: []});
let i = 0;
function testConnect(expectPasswordPrompt, expectSuccess, ...args) {
const command = [
"mongo",
"--setShellParameter",
"newLineAfterPasswordPromptForTest=true",
"--eval",
";",
"--tls",
"--tlsAllowInvalidHostnames",
"--tlsCAFile",
CAFILE,
...args,
];
print(
"=========================================> The command (" +
i++ +
") I am going to run is: " +
command.join(" "),
);
clearRawMongoProgramOutput();
let clientPID = _startMongoProgram({args: command});
assert.soon(function () {
const output = rawMongoProgramOutput(".*");
if (expectPasswordPrompt) {
if (output.includes("Enter password:")) {
stopMongoProgramByPid(clientPID);
return true;
}
return false;
}
let childStatus = checkProgram(clientPID);
if (!childStatus.alive) {
if (expectSuccess) {
assert.eq(childStatus.exitCode, 0);
} else {
assert.eq(childStatus.exitCode, 1);
}
return true;
}
return false;
});
}
const testSuccessfulConnect = function (expectPasswordPrompt, ...args) {
testConnect(expectPasswordPrompt, true, ...args);
};
const testFailedConnect = function (expectPasswordPrompt, ...args) {
testConnect(expectPasswordPrompt, false, ...args);
};
testSuccessfulConnect(true, `mongodb://${username}@${host}/test`);
testSuccessfulConnect(true, `mongodb://${username}@${host}/test`, "--password");
testSuccessfulConnect(true, `mongodb://${username}@${host}/test`, "--username", username);
testSuccessfulConnect(true, `mongodb://${username}@${host}/test`, "--password", "--username", username);
testSuccessfulConnect(
true,
`mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
"--password",
"--username",
usernameNotTest,
);
testSuccessfulConnect(true, `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`);
testSuccessfulConnect(
true,
`mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
"--password",
"--username",
usernameNotTest,
"--authenticationDatabase",
"notTest",
);
testSuccessfulConnect(
true,
`mongodb://${usernameNotTest}@${host}/test`,
"--password",
"--username",
usernameNotTest,
"--authenticationDatabase",
"notTest",
);
testSuccessfulConnect(true, `mongodb://${host}/test?authSource=notTest`, "--username", usernameNotTest);
testSuccessfulConnect(true, `mongodb://${host}/test`, "--username", username);
testSuccessfulConnect(true, `mongodb://${host}/test`, "--password", "--username", username);
testSuccessfulConnect(false, `mongodb://${host}/test`, "--password", password, "--username", username);
testSuccessfulConnect(false, `mongodb://${username}:${password}@${host}/test`);
testSuccessfulConnect(false, `mongodb://${username}:${password}@${host}/test`, "--password");
testSuccessfulConnect(false, `mongodb://${username}:${password}@${host}/test`, "--password", password);
testSuccessfulConnect(false, `mongodb://${username}@${host}/test`, "--password", password);
testSuccessfulConnect(
false,
`mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
"--username",
usernameNotTest,
"--password",
passwordNotTest,
"--authenticationDatabase",
"notTest",
);
testSuccessfulConnect(
false,
`mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
"--username",
usernameNotTest,
"--password",
passwordNotTest,
);
testSuccessfulConnect(
false,
`mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
"--password",
passwordNotTest,
);
testSuccessfulConnect(
false,
`mongodb://${host}/test?authSource=notTest`,
"--username",
usernameNotTest,
"--password",
passwordNotTest,
);
// TODO: Enable this set of tests in the future -- needs proper encoding for X509 username in
// URI
// testSuccessfulConnect(
// false,
// `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`);
// testSuccessfulConnect(
// false,
// `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
// '--username',
// usernameX509);
// testSuccessfulConnect(false,
// `mongodb://${usernameX509}@${host}/test?authSource=$external`,
// '--authenticationMechanism',
// 'MONGODB-X509');
// testSuccessfulConnect(
// false,
// `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
// '--authenticationMechanism',
// 'MONGODB-X509');
// testSuccessfulConnect(
// false,
// `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
// '--authenticationMechanism',
// 'MONGODB-X509',
// '--username',
// usernameX509);
// testSuccessfulConnect(false,
// `mongodb://${usernameX509}@${host}/test?authSource=$external`,
// '--authenticationMechanism',
// 'MONGODB-X509');
/* */
testFailedConnect(false, `mongodb://${host}/test?authMechanism=MONGODB-X509&authSource=$external`);
testFailedConnect(
false,
`mongodb://${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
"--username",
usernameX509,
);
testFailedConnect(false, `mongodb://${host}/test?authSource=$external`, "--authenticationMechanism", "MONGODB-X509");
testFailedConnect(
false,
`mongodb://${host}/test?authSource=$external`,
"--username",
usernameX509,
"--authenticationMechanism",
"MONGODB-X509",
);
rst.stopSet();
Reference in New Issue View Git Blame Copy Permalink