-
Notifications
You must be signed in to change notification settings - Fork 5.6k
/
Copy pathshell_x509_system_user.js
59 lines (46 loc) · 1.8 KB
/
shell_x509_system_user.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
// Check that the shell can authenticate as the __system user using X509, which is a use case for
// our auth performance tests (through the dbhash hook).
import {ReplSetTest} from "jstests/libs/replsettest.js";
const x509Options = {
clusterAuthMode: 'x509',
tlsMode: 'requireTLS',
tlsCertificateKeyFile: 'jstests/libs/server.pem',
tlsCAFile: 'jstests/libs/ca.pem',
tlsAllowInvalidCertificates: '',
};
const rst = new ReplSetTest({nodes: 1, nodeOptions: x509Options, waitForKeys: false});
rst.startSet();
rst.initiate();
const primaryConnString = rst.getPrimary().host;
const subShellCommands = async function() {
TestData = {
authUser: 'C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=server',
authenticationDatabase: '$external',
keyFile: 'dummyKeyFile',
clusterAuthMode: 'x509',
};
// Explicitly check asCluster can succeed.
authutil.asCluster(db.getMongo(), 'dummyKeyFile', function() {
// No need to do anything here. We just need to check we don't error out in the
// previous auth step.
});
// Indirectly check that ReplSetTest can successfully call asCluster.
new ReplSetTest(db.getMongo().host);
// Directly check that the use case for our auth perf tests can succeed.
await import("jstests/hooks/run_check_repl_dbhash.js");
};
const subShellArgs = [
'mongo',
'--ssl',
'--tlsCAFile=jstests/libs/ca.pem',
'--tlsCertificateKeyFile=jstests/libs/server.pem',
'--tlsAllowInvalidHostnames',
'--authenticationDatabase=$external',
'--authenticationMechanism=MONGODB-X509',
primaryConnString,
'--eval',
`(${subShellCommands.toString()})();`
];
const retVal = _runMongoProgram(...subShellArgs);
assert.eq(retVal, 0, 'mongo shell did not succeed with exit code 0');
rst.stopSet();