diff options
| author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2021-06-16 10:41:25 -0400 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-06-16 19:47:04 +0000 |
| commit | fc66d558802ecb1cd403d45225d0d77cc47a5d93 (patch) | |
| tree | 5454d1123fe4e7e5f6d33d5b0c8d57b6b3fccc3c /jstests | |
| parent | 310e87ab2810e9c1b3e1e7976a5db1cefd30601f (diff) | |
| download | mongo-fc66d558802ecb1cd403d45225d0d77cc47a5d93.tar.gz | |
SERVER-55792 Verify credentials when clusterAuthMode is set via setParameter
(cherry picked from commit c73b1c09eb5ce2053577abac0a4ba360e3845de8)
Diffstat (limited to 'jstests')
| -rw-r--r-- | jstests/ssl/set_parameter_ssl.js | 39 | ||||
| -rw-r--r-- | jstests/sslSpecial/set_parameter_nossl.js | 2 |
2 files changed, 34 insertions, 7 deletions
diff --git a/jstests/ssl/set_parameter_ssl.js b/jstests/ssl/set_parameter_ssl.js index 1a39cbd22a2..ce4143d0996 100644 --- a/jstests/ssl/set_parameter_ssl.js +++ b/jstests/ssl/set_parameter_ssl.js @@ -51,19 +51,46 @@ function testTransportTransition(scheme, oldMode, newMode, shouldSucceed) { } function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) { - var conn = MongoRunner.runMongod({ + const keyFile = 'jstests/libs/key1'; + + let config = { sslMode: sslMode, sslPEMKeyFile: SERVER_CERT, sslCAFile: CA_CERT, clusterAuthMode: oldMode - }); + }; - var adminDB = conn.getDB("admin"); - adminDB.createUser({user: "root", pwd: "pwd", roles: ['root']}); - adminDB.auth("root", "pwd"); - var res = adminDB.runCommand({"setParameter": 1, "clusterAuthMode": newMode}); + if (oldMode != 'x509') { + config.keyFile = keyFile; + } + + const conn = MongoRunner.runMongod(config); + const adminDB = conn.getDB("admin"); + let authAsKeyFileCluster = function() { + const authParams = { + user: '__system', + mechanism: 'SCRAM-SHA-1', + pwd: cat(keyFile).replace(/[\011-\015\040]/g, '') + }; + return adminDB.auth(authParams); + }; + + if (oldMode != 'x509') { + assert(authAsKeyFileCluster()); + } + + var res = adminDB.runCommand({"setParameter": 1, "clusterAuthMode": newMode}); assert(res["ok"] == shouldSucceed, tojson(res)); + + if (shouldSucceed && oldMode != 'x509') { + if (newMode == 'x509') { + assert(!authAsKeyFileCluster(), "Key file cluster auth should no longer work"); + } else { + assert(authAsKeyFileCluster(), "Key file cluster auth should still work"); + } + } + MongoRunner.stopMongod(conn); } diff --git a/jstests/sslSpecial/set_parameter_nossl.js b/jstests/sslSpecial/set_parameter_nossl.js index 95b66bc274f..94f4337fb80 100644 --- a/jstests/sslSpecial/set_parameter_nossl.js +++ b/jstests/sslSpecial/set_parameter_nossl.js @@ -5,7 +5,7 @@ // cannot be used to transition from disabled/keyFile modes function testTransition(newSSLMode, newClusterAuthMode) { // If no parameters are given sslMode defaults to disabled - var conn = MongoRunner.runMongod({clusterAuthMode: "keyFile"}); + var conn = MongoRunner.runMongod({clusterAuthMode: "keyFile", keyFile: 'jstests/libs/key1'}); var adminDB = conn.getDB("admin"); adminDB.createUser({user: "root", pwd: "pwd", roles: ["root"]}); adminDB.auth("root", "pwd"); |