diff options
author | Andrew Shuvalov <andrew.shuvalov@mongodb.com> | 2020-11-13 02:15:23 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-11-13 03:47:27 +0000 |
commit | 8b195f11cbb144685baa20486b497528c8dde667 (patch) | |
tree | c51515f4e97990ca2ca863a19c81c521d99fd817 /jstests/ssl | |
parent | 84fc14dc5ca94a09a1926ca897f0547c124f2813 (diff) | |
download | mongo-8b195f11cbb144685baa20486b497528c8dde667.tar.gz |
SERVER-51599: Allow creating an SSLConnectionContext from in-memory certificates
Diffstat (limited to 'jstests/ssl')
-rw-r--r-- | jstests/ssl/tenant_migration_donor_ssl.js | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/jstests/ssl/tenant_migration_donor_ssl.js b/jstests/ssl/tenant_migration_donor_ssl.js new file mode 100644 index 00000000000..70bc3d5d584 --- /dev/null +++ b/jstests/ssl/tenant_migration_donor_ssl.js @@ -0,0 +1,115 @@ +/** + * Shows that a tenant migration donor and recipient + * are able to use their cluster certificates (normally used to talk to their own + * replica set nodes) to talk to each other. + * + * @tags: [requires_fcv_47, requires_majority_read_concern, incompatible_with_eft] + */ + +(function() { +"use strict"; + +load("jstests/libs/uuid_util.js"); +load("jstests/replsets/libs/tenant_migration_util.js"); +load('jstests/ssl/libs/ssl_helpers.js'); + +const donorRst = new ReplSetTest({ + nodes: [{}, {rsConfig: {priority: 0}}, {rsConfig: {priority: 0}}], + name: "donor", + nodeOptions: { + setParameter: { + enableTenantMigrations: true, + + // Set the delay before a donor state doc is garbage collected to be short to speed up + // the test. + tenantMigrationGarbageCollectionDelayMS: 3 * 1000, + + // Set the TTL monitor to run at a smaller interval to speed up the test. + ttlMonitorSleepSecs: 1, + } + } +}); +const recipientRst = new ReplSetTest( + {nodes: 1, name: "recipient", nodeOptions: {setParameter: {enableTenantMigrations: true}}}); + +donorRst.startSet({ + sslMode: "requireSSL", + sslPEMKeyFile: "jstests/libs/server.pem", + sslCAFile: "jstests/libs/ca.pem", + sslClusterFile: "jstests/libs/client.pem", + sslAllowInvalidHostnames: "", +}); +donorRst.initiate(); + +recipientRst.startSet({ + sslMode: "requireSSL", + sslPEMKeyFile: "jstests/libs/server.pem", + sslCAFile: "jstests/libs/ca.pem", + sslClusterFile: "jstests/libs/client.pem", + sslAllowInvalidHostnames: "", +}); +recipientRst.initiate(); + +const donorPrimary = donorRst.getPrimary(); +const recipientPrimary = recipientRst.getPrimary(); +const kRecipientConnString = recipientRst.getURL(); + +const kTenantId = "testDb"; +const kConfigDonorsNS = "config.tenantMigrationDonors"; + +let configDonorsColl = donorPrimary.getCollection(kConfigDonorsNS); +configDonorsColl.createIndex({expireAt: 1}, {expireAfterSeconds: 0}); + +jsTest.log("Test the case where the migration commits"); +const migrationId = UUID(); +const migrationOpts = { + migrationIdString: extractUUIDFromObject(migrationId), + recipientConnString: recipientRst.getURL(), + tenantId: kTenantId, + readPreference: {mode: "primary"}, +}; + +const res = + assert.commandWorked(TenantMigrationUtil.startMigration(donorPrimary.host, migrationOpts)); +assert.eq(res.state, "committed"); + +let donorDoc = configDonorsColl.findOne({tenantId: kTenantId}); +let commitOplogEntry = + donorPrimary.getDB("local").oplog.rs.findOne({ns: kConfigDonorsNS, op: "u", o: donorDoc}); +assert.eq(donorDoc.state, "committed"); +assert.eq(donorDoc.commitOrAbortOpTime.ts, commitOplogEntry.ts); + +let mtab; +assert.soon(() => { + mtab = donorPrimary.adminCommand({serverStatus: 1}).tenantMigrationAccessBlocker; + return mtab[kTenantId].access === TenantMigrationUtil.accessState.kReject; +}); +assert(mtab[kTenantId].commitOrAbortOpTime); + +// Runs the donorForgetMigration command and asserts that the TenantMigrationAccessBlocker and donor +// state document are eventually removed from the donor. + +jsTest.log("Test donorForgetMigration after the migration completes"); + +assert.commandWorked( + donorPrimary.adminCommand({donorForgetMigration: 1, migrationId: migrationId})); + +const recipientForgetMigrationMetrics = + recipientPrimary.adminCommand({serverStatus: 1}).metrics.commands.recipientForgetMigration; +assert.eq(recipientForgetMigrationMetrics.failed, 0); + +donorRst.nodes.forEach((node) => { + assert.soon(() => null == node.adminCommand({serverStatus: 1}).tenantMigrationAccessBlocker); +}); + +assert.soon(() => 0 === donorPrimary.getCollection(kConfigDonorsNS).count({tenantId: kTenantId})); +assert.soon(() => 0 === + donorPrimary.adminCommand({serverStatus: 1}) + .repl.primaryOnlyServices.TenantMigrationDonorService); + +const donorRecipientMonitorPoolStats = donorPrimary.adminCommand({connPoolStats: 1}).replicaSets; +assert.eq(Object.keys(donorRecipientMonitorPoolStats).length, 0); + +donorRst.stopSet(); +recipientRst.stopSet(); +})(); |