diff options
author | Cheahuychou Mao <mao.cheahuychou@gmail.com> | 2021-01-21 01:25:10 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-01-28 02:11:41 +0000 |
commit | e9360bd8e7cb8f1447ffd513149d284c394bb4a0 (patch) | |
tree | 7404bfc08bba640c65cbaf1aed551a6428aedf06 /jstests/ssl/x509 | |
parent | 96fe72c36d370a4067240738f051021d4daf72ce (diff) | |
download | mongo-e9360bd8e7cb8f1447ffd513149d284c394bb4a0.tar.gz |
SERVER-53404 Make tenant migration donor copy the recipient's cluster time signing keys before sending recipientSyncData
Diffstat (limited to 'jstests/ssl/x509')
-rw-r--r-- | jstests/ssl/x509/certs.yml | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/jstests/ssl/x509/certs.yml b/jstests/ssl/x509/certs.yml index 2953a0448db..1141b36636b 100644 --- a/jstests/ssl/x509/certs.yml +++ b/jstests/ssl/x509/certs.yml @@ -322,7 +322,7 @@ certs: extendedKeyUsage: [clientAuth] mongoRoles: - {role: backup, db: admin} - - {role: advanceClusterTimeRole, db: admin} + - {role: findInternalClusterTimeKeysRole, db: admin} - name: 'rs0_tenant_migration_expired.pem' description: @@ -339,7 +339,21 @@ certs: extendedKeyUsage: [clientAuth] mongoRoles: - {role: backup, db: admin} - - {role: advanceClusterTimeRole, db: admin} + - {role: findInternalClusterTimeKeysRole, db: admin} + +- name: 'rs0_tenant_migration_no_find_cluster_time_keys_role.pem' + description: + Client certificate file for tenant migration donor or recipient without role to run find command + against admin.system.keys. + Subject: + OU: 'rs0_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} - name: 'rs1.pem' description: General purpose server certificate file. @@ -363,7 +377,7 @@ certs: extendedKeyUsage: [clientAuth] mongoRoles: - {role: backup, db: admin} - - {role: advanceClusterTimeRole, db: admin} + - {role: findInternalClusterTimeKeysRole, db: admin} - name: 'rs1_tenant_migration_expired.pem' description: @@ -380,7 +394,7 @@ certs: extendedKeyUsage: [clientAuth] mongoRoles: - {role: backup, db: admin} - - {role: advanceClusterTimeRole, db: admin} + - {role: findInternalClusterTimeKeysRole, db: admin} - name: 'rs1_tenant_migration_no_backup_role.pem' description: @@ -393,12 +407,12 @@ certs: keyUsage: [digitalSignature, keyEncipherment] extendedKeyUsage: [clientAuth] mongoRoles: - - {role: advanceClusterTimeRole, db: admin} + - {role: findInternalClusterTimeKeysRole, db: admin} -- name: 'rs1_tenant_migration_no_advance_cluster_time_role.pem' +- name: 'rs1_tenant_migration_no_find_cluster_time_keys_role.pem' description: - Client certificate file for tenant migration donor or recipient without role to advance - cluster time. + Client certificate file for tenant migration donor or recipient without role to run find command + against admin.system.keys. Subject: OU: 'rs1_tenant_migration' extensions: @@ -431,7 +445,7 @@ certs: extendedKeyUsage: [clientAuth] mongoRoles: - {role: backup, db: admin} - - {role: advanceClusterTimeRole, db: admin} + - {role: findInternalClusterTimeKeysRole, db: admin} ### # Certificates not based on the primary root ca.pem |