diff options
author | Cheahuychou Mao <mao.cheahuychou@gmail.com> | 2021-04-23 07:03:56 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-04-27 00:59:41 +0000 |
commit | 04f0ee2221ac8123d26f6707f92ae25c074bb43c (patch) | |
tree | 2e4fbaef4b36c53053832818e2cd629c43e5b353 | |
parent | 78ea6746c775828ee796998a6480397a39677b75 (diff) | |
download | mongo-04f0ee2221ac8123d26f6707f92ae25c074bb43c.tar.gz |
SERVER-56308 Enable auth in tenant migration jscore passhthrough suites
(cherry picked from commit 2052c20502d8fb3efe9cae53cd8b2b0cb011c70b)
8 files changed, 241 insertions, 14 deletions
diff --git a/buildscripts/resmokeconfig/suites/tenant_migration_causally_consistent_jscore_passthrough.yml b/buildscripts/resmokeconfig/suites/tenant_migration_causally_consistent_jscore_passthrough.yml index cd7febc189d..c7d263c9732 100644 --- a/buildscripts/resmokeconfig/suites/tenant_migration_causally_consistent_jscore_passthrough.yml +++ b/buildscripts/resmokeconfig/suites/tenant_migration_causally_consistent_jscore_passthrough.yml @@ -1,3 +1,12 @@ +config_variables: +- &keyFile jstests/libs/authTestsKey +- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly +- &authOptions + authenticationDatabase: admin + authenticationMechanism: SCRAM-SHA-1 + password: *keyFileData + username: __system + test_kind: js_test selector: @@ -9,6 +18,10 @@ selector: # - jstests/core/txns/**/*.js + # Skip any tests that run with auth explicitly. + - jstests/core/*[aA]uth*.js + # Commands using UUIDs are not compatible with name-based auth. + - jstests/core/commands_with_uuid.js # These tests depend on hardcoded database name equality. - jstests/core/json_schema/misc_validation.js - jstests/core/list_databases.js @@ -163,20 +176,34 @@ executor: load('jstests/libs/override_methods/inject_tenant_prefix.js'); load('jstests/libs/override_methods/enable_causal_consistency.js'); load('jstests/libs/override_methods/enable_sessions.js'); + jsTest.authenticate(db.getMongo()); global_vars: TestData: &TestData tenantId: "tenantMigrationTenantId" + auth: true + authMechanism: SCRAM-SHA-1 + keyFile: *keyFile + keyFileData: *keyFileData + roleGraphInvalidationIsFatal: true readMode: commands hooks: - class: ContinuousTenantMigration shell_options: global_vars: - TestData: *TestData + TestData: + <<: *TestData + authOptions: *authOptions # The CheckReplDBHash hook waits until all operations have replicated to and have been applied # on the secondaries, so we run the ValidateCollections hook after it to ensure we're # validating the entire contents of the collection. - class: CheckReplOplogs + shell_options: + global_vars: + TestData: *TestData - class: CheckReplDBHash + shell_options: + global_vars: + TestData: *TestData - class: ValidateCollections - class: CleanEveryN n: 20 @@ -206,6 +233,8 @@ executor: tlsMode: allowTLS tlsCAFile: jstests/libs/ca.pem tlsAllowInvalidHostnames: '' + auth: '' + keyFile: *keyFile per_mongod_options: # Each entry is for a different replica set's extra mongod options. - tlsCertificateKeyFile: jstests/libs/rs0.pem @@ -213,3 +242,4 @@ executor: num_replica_sets: 2 num_nodes_per_replica_set: 3 use_replica_set_connection_string: true + auth_options: *authOptions diff --git a/buildscripts/resmokeconfig/suites/tenant_migration_jscore_passthrough.yml b/buildscripts/resmokeconfig/suites/tenant_migration_jscore_passthrough.yml index cb062c735ea..63f42a43f8e 100644 --- a/buildscripts/resmokeconfig/suites/tenant_migration_jscore_passthrough.yml +++ b/buildscripts/resmokeconfig/suites/tenant_migration_jscore_passthrough.yml @@ -1,3 +1,12 @@ +config_variables: +- &keyFile jstests/libs/authTestsKey +- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly +- &authOptions + authenticationDatabase: admin + authenticationMechanism: SCRAM-SHA-1 + password: *keyFileData + username: __system + test_kind: js_test selector: @@ -5,6 +14,10 @@ selector: - jstests/core/**/*.js exclude_files: - jstests/core/txns/**/*.js + # Skip any tests that run with auth explicitly. + - jstests/core/*[aA]uth*.js + # Commands using UUIDs are not compatible with name-based auth. + - jstests/core/commands_with_uuid.js # These tests depend on hardcoded database name equality. - jstests/core/json_schema/misc_validation.js - jstests/core/list_databases.js @@ -92,20 +105,34 @@ executor: eval: >- testingReplication = true; load('jstests/libs/override_methods/inject_tenant_prefix.js'); + jsTest.authenticate(db.getMongo()); global_vars: TestData: &TestData tenantId: "tenantMigrationTenantId" + auth: true + authMechanism: SCRAM-SHA-1 + keyFile: *keyFile + keyFileData: *keyFileData + roleGraphInvalidationIsFatal: true readMode: commands hooks: - class: ContinuousTenantMigration shell_options: global_vars: - TestData: *TestData + TestData: + <<: *TestData + authOptions: *authOptions # The CheckReplDBHash hook waits until all operations have replicated to and have been applied # on the secondaries, so we run the ValidateCollections hook after it to ensure we're # validating the entire contents of the collection. - class: CheckReplOplogs + shell_options: + global_vars: + TestData: *TestData - class: CheckReplDBHash + shell_options: + global_vars: + TestData: *TestData - class: ValidateCollections - class: CleanEveryN n: 20 @@ -129,6 +156,8 @@ executor: tlsMode: allowTLS tlsCAFile: jstests/libs/ca.pem tlsAllowInvalidHostnames: '' + auth: '' + keyFile: *keyFile per_mongod_options: # Each entry is for a different replica set's extra mongod options. - tlsCertificateKeyFile: jstests/libs/rs0.pem @@ -136,3 +165,4 @@ executor: num_replica_sets: 2 num_nodes_per_replica_set: 3 use_replica_set_connection_string: true + auth_options: *authOptions diff --git a/buildscripts/resmokeconfig/suites/tenant_migration_kill_primary_jscore_passthrough.yml b/buildscripts/resmokeconfig/suites/tenant_migration_kill_primary_jscore_passthrough.yml index 37072afb156..1a1a7cb9b38 100644 --- a/buildscripts/resmokeconfig/suites/tenant_migration_kill_primary_jscore_passthrough.yml +++ b/buildscripts/resmokeconfig/suites/tenant_migration_kill_primary_jscore_passthrough.yml @@ -1,3 +1,12 @@ +config_variables: +- &keyFile jstests/libs/authTestsKey +- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly +- &authOptions + authenticationDatabase: admin + authenticationMechanism: SCRAM-SHA-1 + password: *keyFileData + username: __system + test_kind: js_test # This suite starts two 3-node replica sets and uses the ContinuousTenantMigration hook and the # ContinuousStepdown hook to run background tenant migrations and periodically kill the primary @@ -8,6 +17,10 @@ selector: - jstests/core/**/*.js exclude_files: - jstests/core/txns/**/*.js + # Skip any tests that run with auth explicitly. + - jstests/core/*[aA]uth*.js + # Commands using UUIDs are not compatible with name-based auth. + - jstests/core/commands_with_uuid.js # These tests depend on hardcoded database name equality. - jstests/core/json_schema/misc_validation.js - jstests/core/list_databases.js @@ -193,11 +206,17 @@ executor: load('jstests/libs/override_methods/inject_tenant_prefix.js'); load("jstests/libs/override_methods/enable_sessions.js"); load("jstests/libs/override_methods/set_read_and_write_concerns.js"); - # TODO SERVER-52713: Add libraries to automatically fail commands incompatible with - # unclean shutdowns. + jsTest.authenticate(db.getMongo()); + // TODO SERVER-52713: Add libraries to automatically fail commands incompatible with + // unclean shutdowns. global_vars: TestData: &TestData tenantId: "tenantMigrationTenantId" + auth: true + authMechanism: SCRAM-SHA-1 + keyFile: *keyFile + keyFileData: *keyFileData + roleGraphInvalidationIsFatal: true alwaysInjectTransactionNumber: true defaultReadConcernLevel: "majority" logRetryAttempts: true @@ -221,12 +240,20 @@ executor: - class: ContinuousTenantMigration shell_options: global_vars: - TestData: *TestData + TestData: + <<: *TestData + authOptions: *authOptions # The CheckReplDBHash hook waits until all operations have replicated to and have been applied # on the secondaries, so we run the ValidateCollections hook after it to ensure we're # validating the entire contents of the collection. - class: CheckReplOplogs + shell_options: + global_vars: + TestData: *TestData - class: CheckReplDBHash + shell_options: + global_vars: + TestData: *TestData - class: ValidateCollections - class: CleanEveryN n: 1 @@ -253,6 +280,8 @@ executor: tlsMode: allowTLS tlsCAFile: jstests/libs/ca.pem tlsAllowInvalidHostnames: '' + auth: '' + keyFile: *keyFile per_mongod_options: # Each entry is for a different replica set's extra mongod options. - tlsCertificateKeyFile: jstests/libs/rs0.pem @@ -264,3 +293,4 @@ executor: replset_config_options: settings: catchUpTimeoutMillis: 0 + auth_options: *authOptions diff --git a/buildscripts/resmokeconfig/suites/tenant_migration_multi_stmt_txn_jscore_passthrough.yml b/buildscripts/resmokeconfig/suites/tenant_migration_multi_stmt_txn_jscore_passthrough.yml index d87b8bc0695..3cf14b5433f 100644 --- a/buildscripts/resmokeconfig/suites/tenant_migration_multi_stmt_txn_jscore_passthrough.yml +++ b/buildscripts/resmokeconfig/suites/tenant_migration_multi_stmt_txn_jscore_passthrough.yml @@ -1,3 +1,12 @@ +config_variables: +- &keyFile jstests/libs/authTestsKey +- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly +- &authOptions + authenticationDatabase: admin + authenticationMechanism: SCRAM-SHA-1 + password: *keyFileData + username: __system + test_kind: js_test # This suite starts two 3-node replica sets and uses the ContinuousTenantMigration hook to run # background tenant migrations. It also wraps all CRUD commands in transactions and asserts that @@ -14,6 +23,8 @@ selector: # These tests already run with transactions. - jstests/core/txns/**/*.js + # Skip any tests that run with auth explicitly. + - jstests/core/*[aA]uth*.js # These tests depend on hardcoded database name equality. - jstests/core/json_schema/misc_validation.js - jstests/core/list_databases.js @@ -350,9 +361,15 @@ executor: load('jstests/libs/override_methods/enable_sessions.js'); load('jstests/libs/override_methods/txn_passthrough_cmd_massage.js'); load('jstests/libs/override_methods/network_error_and_txn_override.js'); + jsTest.authenticate(db.getMongo()); global_vars: TestData: &TestData tenantId: "tenantMigrationTenantId" + auth: true + authMechanism: SCRAM-SHA-1 + keyFile: *keyFile + keyFileData: *keyFileData + roleGraphInvalidationIsFatal: true networkErrorAndTxnOverrideConfig: wrapCRUDinTransactions: true sessionOptions: @@ -364,12 +381,20 @@ executor: - class: ContinuousTenantMigration shell_options: global_vars: - TestData: *TestData + TestData: + <<: *TestData + authOptions: *authOptions # The CheckReplDBHash hook waits until all operations have replicated to and have been applied # on the secondaries, so we run the ValidateCollections hook after it to ensure we're # validating the entire contents of the collection. - class: CheckReplOplogs + shell_options: + global_vars: + TestData: *TestData - class: CheckReplDBHash + shell_options: + global_vars: + TestData: *TestData - class: ValidateCollections - class: CleanEveryN n: 1 @@ -398,6 +423,8 @@ executor: tlsMode: allowTLS tlsCAFile: jstests/libs/ca.pem tlsAllowInvalidHostnames: '' + auth: '' + keyFile: *keyFile per_mongod_options: # Each entry is for a different replica set's extra mongod options. - tlsCertificateKeyFile: jstests/libs/rs0.pem @@ -405,3 +432,4 @@ executor: num_replica_sets: 2 num_nodes_per_replica_set: 3 use_replica_set_connection_string: true + auth_options: *authOptions diff --git a/buildscripts/resmokeconfig/suites/tenant_migration_stepdown_jscore_passthrough.yml b/buildscripts/resmokeconfig/suites/tenant_migration_stepdown_jscore_passthrough.yml index a6c9a598184..e6d8b3930b2 100644 --- a/buildscripts/resmokeconfig/suites/tenant_migration_stepdown_jscore_passthrough.yml +++ b/buildscripts/resmokeconfig/suites/tenant_migration_stepdown_jscore_passthrough.yml @@ -1,3 +1,12 @@ +config_variables: +- &keyFile jstests/libs/authTestsKey +- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly +- &authOptions + authenticationDatabase: admin + authenticationMechanism: SCRAM-SHA-1 + password: *keyFileData + username: __system + test_kind: js_test # This suite starts two 3-node replica sets and uses the ContinuousTenantMigration hook and the # ContinuousStepdown hook to run background tenant migrations and periodically step down the @@ -8,6 +17,10 @@ selector: - jstests/core/**/*.js exclude_files: - jstests/core/txns/**/*.js + # Skip any tests that run with auth explicitly. + - jstests/core/*[aA]uth*.js + # Commands using UUIDs are not compatible with name-based auth. + - jstests/core/commands_with_uuid.js # These tests depend on hardcoded database name equality. - jstests/core/json_schema/misc_validation.js - jstests/core/list_databases.js @@ -191,9 +204,15 @@ executor: load('jstests/libs/override_methods/inject_tenant_prefix.js'); load("jstests/libs/override_methods/enable_sessions.js"); load("jstests/libs/override_methods/set_read_and_write_concerns.js"); + jsTest.authenticate(db.getMongo()); global_vars: TestData: &TestData tenantId: "tenantMigrationTenantId" + auth: true + authMechanism: SCRAM-SHA-1 + keyFile: *keyFile + keyFileData: *keyFileData + roleGraphInvalidationIsFatal: true alwaysInjectTransactionNumber: true defaultReadConcernLevel: "majority" logRetryAttempts: true @@ -216,12 +235,20 @@ executor: - class: ContinuousTenantMigration shell_options: global_vars: - TestData: *TestData + TestData: + <<: *TestData + authOptions: *authOptions # The CheckReplDBHash hook waits until all operations have replicated to and have been applied # on the secondaries, so we run the ValidateCollections hook after it to ensure we're # validating the entire contents of the collection. - class: CheckReplOplogs + shell_options: + global_vars: + TestData: *TestData - class: CheckReplDBHash + shell_options: + global_vars: + TestData: *TestData - class: ValidateCollections - class: CleanEveryN n: 1 @@ -248,6 +275,8 @@ executor: tlsMode: allowTLS tlsCAFile: jstests/libs/ca.pem tlsAllowInvalidHostnames: '' + auth: '' + keyFile: *keyFile per_mongod_options: # Each entry is for a different replica set's extra mongod options. - tlsCertificateKeyFile: jstests/libs/rs0.pem @@ -259,3 +288,4 @@ executor: replset_config_options: settings: catchUpTimeoutMillis: 0 + auth_options: *authOptions diff --git a/buildscripts/resmokeconfig/suites/tenant_migration_terminate_primary_jscore_passthrough.yml b/buildscripts/resmokeconfig/suites/tenant_migration_terminate_primary_jscore_passthrough.yml index 08702a8cbbc..1c02bc8d8ef 100644 --- a/buildscripts/resmokeconfig/suites/tenant_migration_terminate_primary_jscore_passthrough.yml +++ b/buildscripts/resmokeconfig/suites/tenant_migration_terminate_primary_jscore_passthrough.yml @@ -1,3 +1,12 @@ +config_variables: +- &keyFile jstests/libs/authTestsKey +- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly +- &authOptions + authenticationDatabase: admin + authenticationMechanism: SCRAM-SHA-1 + password: *keyFileData + username: __system + test_kind: js_test # This suite starts two 3-node replica sets and uses the ContinuousTenantMigration hook and the # ContinuousStepdown hook to run background tenant migrations and periodically terminate the primary @@ -8,6 +17,10 @@ selector: - jstests/core/**/*.js exclude_files: - jstests/core/txns/**/*.js + # Skip any tests that run with auth explicitly. + - jstests/core/*[aA]uth*.js + # Commands using UUIDs are not compatible with name-based auth. + - jstests/core/commands_with_uuid.js # These tests depend on hardcoded database name equality. - jstests/core/json_schema/misc_validation.js - jstests/core/list_databases.js @@ -191,9 +204,15 @@ executor: load('jstests/libs/override_methods/inject_tenant_prefix.js'); load("jstests/libs/override_methods/enable_sessions.js"); load("jstests/libs/override_methods/set_read_and_write_concerns.js"); + jsTest.authenticate(db.getMongo()); global_vars: TestData: &TestData tenantId: "tenantMigrationTenantId" + auth: true + authMechanism: SCRAM-SHA-1 + keyFile: *keyFile + keyFileData: *keyFileData + roleGraphInvalidationIsFatal: true alwaysInjectTransactionNumber: true defaultReadConcernLevel: "majority" logRetryAttempts: true @@ -218,11 +237,18 @@ executor: shell_options: global_vars: TestData: *TestData + authOptions: *authOptions # The CheckReplDBHash hook waits until all operations have replicated to and have been applied # on the secondaries, so we run the ValidateCollections hook after it to ensure we're # validating the entire contents of the collection. - class: CheckReplOplogs + shell_options: + global_vars: + TestData: *TestData - class: CheckReplDBHash + shell_options: + global_vars: + TestData: *TestData - class: ValidateCollections - class: CleanEveryN n: 1 @@ -249,6 +275,8 @@ executor: tlsMode: allowTLS tlsCAFile: jstests/libs/ca.pem tlsAllowInvalidHostnames: '' + auth: '' + keyFile: *keyFile per_mongod_options: # Each entry is for a different replica set's extra mongod options. - tlsCertificateKeyFile: jstests/libs/rs0.pem @@ -260,3 +288,4 @@ executor: replset_config_options: settings: catchUpTimeoutMillis: 0 + auth_options: *authOptions diff --git a/buildscripts/resmokelib/testing/fixtures/tenant_migration.py b/buildscripts/resmokelib/testing/fixtures/tenant_migration.py index e06ea907efe..5fbd20440fe 100644 --- a/buildscripts/resmokelib/testing/fixtures/tenant_migration.py +++ b/buildscripts/resmokelib/testing/fixtures/tenant_migration.py @@ -91,6 +91,7 @@ class TenantMigrationFixture(interface.Fixture): # pylint: disable=too-many-ins # Start up each of the replica sets for replica_set in self.replica_sets: replica_set.setup() + self._create_tenant_migration_donor_and_recipient_roles(replica_set) def await_ready(self): """Block until the fixture can be used for testing.""" @@ -155,3 +156,47 @@ class TenantMigrationFixture(interface.Fixture): # pylint: disable=too-many-ins for replica_set in self.replica_sets: output += replica_set.get_node_info() return output + + @staticmethod + def auth(client, auth_options=None): + """Auth a client connection.""" + if auth_options is not None: + auth_db = client[auth_options["authenticationDatabase"]] + auth_db.authenticate(auth_options["username"], password=auth_options["password"], + mechanism=auth_options["authenticationMechanism"]) + + return client + + def _create_tenant_migration_donor_and_recipient_roles(self, rs): + """Create a role for tenant migration donor and recipient.""" + primary = rs.get_primary() + primary_client = self.auth(primary.mongo_client(), self.auth_options) + + try: + primary_client.admin.command({ + "createRole": "tenantMigrationDonorRole", "privileges": [{ + "resource": {"cluster": True}, "actions": ["runTenantMigration"] + }, {"resource": {"db": "admin", "collection": "system.keys"}, "actions": ["find"]}], + "roles": [] + }) + except: + self.logger.exception( + "Error creating tenant migration donor role on primary on port %d of replica" + + " set '%s'.", primary.port, rs.replset_name) + raise + + try: + primary_client.admin.command({ + "createRole": "tenantMigrationRecipientRole", "privileges": + [{"resource": {"cluster": True}, "actions": ["listDatabases", "useUUID"]}, + {"resource": {"db": "", "collection": ""}, "actions": ["listCollections"]}, + { + "resource": {"anyResource": True}, + "actions": ["dbStats", "collStats", "find", "listIndexes"] + }], "roles": [] + }) + except: + self.logger.exception( + "Error creating tenant migration recipient role on primary on port %d of replica" + + " set '%s'.", primary.port, rs.replset_name) + raise diff --git a/buildscripts/resmokelib/testing/hooks/tenant_migration.py b/buildscripts/resmokelib/testing/hooks/tenant_migration.py index 3f05f8f05dc..7ed63ddba40 100644 --- a/buildscripts/resmokelib/testing/hooks/tenant_migration.py +++ b/buildscripts/resmokelib/testing/hooks/tenant_migration.py @@ -221,6 +221,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst self.logger = logger self._tenant_migration_fixture = tenant_migration_fixture self._tenant_id = shell_options["global_vars"]["TestData"]["tenantId"] + self._auth_options = shell_options["global_vars"]["TestData"]["authOptions"] self._test_report = test_report self._shell_options = shell_options @@ -360,8 +361,12 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst read_preference = {"mode": "primary"} if random.randint(0, 1) else {"mode": "secondary"} return _TenantMigrationOptions(donor_rs, recipient_rs, self._tenant_id, read_preference) + def _create_client(self, node): + return self._tenant_migration_fixture.auth(node.mongo_client(), self._auth_options) + def _check_tenant_migration_dbhash(self, migration_opts): - # Set the donor connection string, recipient connection string, and migration uuid string for the tenant migration dbhash check script. + # Set the donor connection string, recipient connection string, and migration uuid string + # for the tenant migration dbhash check script. self._shell_options[ "global_vars"]["TestData"]["donorConnectionString"] = migration_opts.get_donor_primary( ).get_internal_connection_string() @@ -461,7 +466,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst while True: try: # Keep polling the migration state until the migration completes. - donor_primary_client = donor_primary.mongo_client() + donor_primary_client = self._create_client(donor_primary) res = donor_primary_client.admin.command( cmd_obj, bson.codec_options.CodecOptions(uuid_representation=bson.binary.UUID_SUBTYPE)) @@ -508,7 +513,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst while True: try: - donor_primary_client = donor_primary.mongo_client() + donor_primary_client = self._create_client(donor_primary) donor_primary_client.admin.command( cmd_obj, bson.codec_options.CodecOptions(uuid_representation=bson.binary.UUID_SUBTYPE)) @@ -547,7 +552,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst migration_opts.get_donor_name()) while True: try: - donor_primary_client = donor_primary.mongo_client() + donor_primary_client = self._create_client(donor_primary) res = donor_primary_client.config.command({ "count": "tenantMigrationDonors", "query": {"tenantId": migration_opts.tenant_id} @@ -570,7 +575,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst recipient_primary.port, migration_opts.get_recipient_name()) while True: try: - recipient_primary_client = recipient_primary.mongo_client() + recipient_primary_client = self._create_client(recipient_primary) res = recipient_primary_client.config.command({ "count": "tenantMigrationRecipients", "query": {"tenantId": migration_opts.tenant_id} @@ -605,7 +610,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst while not self.__lifecycle.is_test_finished(): try: - donor_primary_client = donor_primary.mongo_client() + donor_primary_client = self._create_client(donor_primary) doc = donor_primary_client["testTenantMigration"]["rerouted"].find_one( {"_id": bson.Binary(migration_opts.migration_id.bytes, 4)}) if doc is not None: @@ -636,7 +641,7 @@ class _TenantMigrationThread(threading.Thread): # pylint: disable=too-many-inst while True: try: - primary_client = primary.mongo_client() + primary_client = self._create_client(primary) res = primary_client.admin.command({"listDatabases": 1}) for database in res["databases"]: db_name = database["name"] |