mirror of https://github.com/mongodb/mongo
92 lines
3.0 KiB
JavaScript
92 lines
3.0 KiB
JavaScript
// Verify that speculative auth works with mongos.
|
|
// @tags: [requires_sharding]
|
|
|
|
(function() {
|
|
'use strict';
|
|
|
|
const CLIENT_NAME = 'CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US';
|
|
const CLIENT_CERT = 'jstests/libs/client.pem';
|
|
const SERVER_CERT = 'jstests/libs/server.pem';
|
|
const CLUSTER_CERT = 'jstests/libs/cluster_cert.pem';
|
|
const CA_CERT = 'jstests/libs/ca.pem';
|
|
|
|
const options = {
|
|
tlsMode: 'requireTLS',
|
|
tlsCertificateKeyFile: SERVER_CERT,
|
|
tlsCAFile: CA_CERT,
|
|
tlsClusterFile: CLUSTER_CERT,
|
|
tlsAllowInvalidHostnames: '',
|
|
clusterAuthMode: 'x509',
|
|
};
|
|
|
|
const st = new ShardingTest({
|
|
shards: 1,
|
|
other: {
|
|
enableBalancer: true,
|
|
configOptions: options,
|
|
mongosOptions: options,
|
|
rsOptions: options,
|
|
shardOptions: options,
|
|
shardAsReplicaSet: false,
|
|
}
|
|
});
|
|
|
|
const admin = st.s.getDB('admin');
|
|
admin.createUser({user: 'admin', pwd: 'pwd', roles: ['root']});
|
|
assert(admin.auth('admin', 'pwd'));
|
|
|
|
const external = st.s.getDB('$external');
|
|
external.createUser({user: CLIENT_NAME, roles: [{role: '__system', db: 'admin'}]});
|
|
|
|
const initialStats = assert.commandWorked(admin.runCommand({serverStatus: 1}))
|
|
.security.authentication.mechanisms['MONGODB-X509'];
|
|
jsTest.log('Initial stats: ' + tojson(initialStats));
|
|
|
|
const uri = 'mongodb://' + st.s.host + '/admin?authMechanism=MONGODB-X509';
|
|
jsTest.log('Connecting to: ' + uri);
|
|
assert.eq(runMongoProgram('mongo',
|
|
uri,
|
|
'--tls',
|
|
'--tlsCertificateKeyFile',
|
|
CLIENT_CERT,
|
|
'--tlsCAFile',
|
|
CA_CERT,
|
|
'--tlsAllowInvalidHostnames',
|
|
'--eval',
|
|
';'),
|
|
0);
|
|
|
|
const authStats = assert.commandWorked(admin.runCommand({serverStatus: 1}))
|
|
.security.authentication.mechanisms['MONGODB-X509'];
|
|
jsTest.log('Authenticated stats: ' + tojson(authStats));
|
|
|
|
// Got and succeeded an additional speculation.
|
|
const initSpec = initialStats.speculativeAuthenticate;
|
|
const authSpec = authStats.speculativeAuthenticate;
|
|
assert.eq(authSpec.received, initSpec.received + 1);
|
|
assert.eq(authSpec.successful, initSpec.successful + 1);
|
|
|
|
// Got and succeeded an additional auth.
|
|
const initAuth = initialStats.authenticate;
|
|
const authAuth = authStats.authenticate;
|
|
assert.eq(authAuth.received, initAuth.received + 1);
|
|
assert.eq(authAuth.successful, initAuth.successful + 1);
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
jsTest.log('Shutting down');
|
|
|
|
// Authenticate csrs so ReplSetTest.stopSet() can do db hash check.
|
|
if (st.configRS) {
|
|
st.configRS.nodes.forEach((node) => {
|
|
node.getDB('admin').auth('admin', 'pwd');
|
|
});
|
|
}
|
|
|
|
// Orphan checks needs a privileged user to auth as.
|
|
st.shard0.getDB('$external')
|
|
.createUser({user: CLIENT_NAME, roles: [{role: '__system', db: 'admin'}]});
|
|
|
|
st.stop();
|
|
}());
|