diff options
author | Cheahuychou Mao <mao.cheahuychou@gmail.com> | 2020-12-16 17:09:45 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-01-05 05:58:56 +0000 |
commit | 1dfe8355a2b034ded045191f4e3d4be827365621 (patch) | |
tree | dc6342e153caa69d5c59c71a6d8f1fdbfae37267 /jstests | |
parent | 2640ec0b0d800bf0a1e761fdb9c249b5d1ffa86a (diff) | |
download | mongo-1dfe8355a2b034ded045191f4e3d4be827365621.tar.gz |
SERVER-52706 Make tenant migration donor use a separate NetworkInterface and x509 certificate to connect to recipient
Diffstat (limited to 'jstests')
25 files changed, 660 insertions, 41 deletions
diff --git a/jstests/libs/rs0.pem b/jstests/libs/rs0.pem new file mode 100644 index 00000000000..4bb116c73d8 --- /dev/null +++ b/jstests/libs/rs0.pem @@ -0,0 +1,57 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs0.pem +# +# General purpose server certificate file. +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIEcQJdNzANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAxMjA3MTkwMzI1WhcNNDAxMjA5MTkwMzI1WjBYMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxDDAKBgNVBAsMA3JzMDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAO/ytBKQAwioEpuruySPfT5/WtfcujzyYkhW8GVX +tJw07+Ek+sifcAdB8X/W6tm2h4bvflWNyoJXOjlQVC8pmyw2PHYdLkw2XMj4piRJ +LJgx209HNxjj1basAcIBrN41IrNZsI13Dx38dp/9mgo59YrhgWRzdTrs8kcN9fqZ +uus7fZhajg0B9rKoiJhLr3p8mtaw4dFDS33R2ySFkrcoC8UAp9SYKQ4Uf8IOmaTz +pJvzlW413ZEC8usR+PUmw6U6FYmSa03+jsY1BwTj/CjOc7eqM18gXHQT605/zDWL +8aEp2uMqfE9bZDtmabBy4eyyLepMQbnp0mbwkkRy+4lEW1cCAwEAAaOB3TCB2jAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNV +HQ4EFgQU5vUkxR4wudlIF8p+MdR4IEon4N4wgYsGA1UdIwSBgzCBgKF4pHYwdDEL +MAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9y +ayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxFzAVBgNV +BAMMDktlcm5lbCBUZXN0IENBggQZkSMSMA0GCSqGSIb3DQEBCwUAA4IBAQAY8M8k +qSX3UC9aCAIErB5ApcjuLWV4ACAbl1VtaRrVpgxqMs5wMJ80AnYFPdjQ4DZPbej4 +pNB+D5l4ecqyDSucYxar3cCB4vgs0DcQVfOnfWKUdMad9QVn+UrygCm7bEOyAgYU +kuQAsajbY6KTn4dRU4KwYj7KQDakw1xDY7FObGSH4TeezxAW9sp/TLVY6dmp+n/E +1+uTs3mXdDKxxoyoqpIUYSlFoF8G0yRFqV7+PP/YgP/IkdE5ByJ/E+NaikjhQHVu +2bfP9bbglGLcnQ4u3jXt5H7u4BnEC3rcnYrIO6EtRfdHogyfODQ6nU3DFUK9tPcf +ikh7HQRM0XhW1j6/ +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDv8rQSkAMIqBKb +q7skj30+f1rX3Lo88mJIVvBlV7ScNO/hJPrIn3AHQfF/1urZtoeG735VjcqCVzo5 +UFQvKZssNjx2HS5MNlzI+KYkSSyYMdtPRzcY49W2rAHCAazeNSKzWbCNdw8d/Haf +/ZoKOfWK4YFkc3U67PJHDfX6mbrrO32YWo4NAfayqIiYS696fJrWsOHRQ0t90dsk +hZK3KAvFAKfUmCkOFH/CDpmk86Sb85VuNd2RAvLrEfj1JsOlOhWJkmtN/o7GNQcE +4/woznO3qjNfIFx0E+tOf8w1i/GhKdrjKnxPW2Q7ZmmwcuHssi3qTEG56dJm8JJE +cvuJRFtXAgMBAAECggEALI3LY/r7pTrYIbG0kShXoCgzrQteRXzYRQhnoNm1PqAR +vqOIMYJxYdebyRoWB5D9/08vDSHD7YnW1NeWmh9GoeH8Pg5TD3G0rtiEuQ4hSq1P +RJw7ndKIV1/+/5AiEiyZoeXQg6QM2YuMV07WsHlsn3oZ9ZX+uY9PuWPdPcgXzh+k +tKoq+yfXW4SgboMhIV+n5IOUt9xHhIv7uThxeK0FidUFtogmicXbfJRuzIJnAPME +jnY/kAPIuNTm8Po5ujfJW7JEf/TptKGI5rk5hM2D7ZYO/K4rJLw+oL8/7UAShD7b +A4f229hlXaXSck+pTRGhgejyD6amuqRX/0U21KUsoQKBgQD9n3kR/ei5J0CXK18H +NKH3JqOVyKfJr5JT0gIXRA1IBNuaZxuCPORApv6CQ/H2200NubsnJXZYQt+qn7Ay +xtLmS1f8G3TL33KBNU3aS9VkQedsjrWFTv6sdM9pct4/vs//R0lWgIVgM4r8OIc9 +QchXuzSU11A5ihVeojkGfGdBxwKBgQDyMmt5YWY5qoqM0sYqwVM33oNJ+9aHcn63 +3x8vGoc0yShoK38cispGP8YzgbcHR2R2jLkxL9a5JdZ2hGSwyy93XncEWHAv95We +UEneKlNQptcxCSapulUwxtel1k5cHAF5x0eG4IB0HYAVLE+el/Xg9u9eckoG5sNf +0dQthEUZ8QKBgQCbkxxILhF4qhxT3pXvLJkBq2EDO0+5RwqighsoPGVNPTWcNA1K +yaFWC1npfFZLj+BnP/wOmktK/tKGrmf97bpm6+avzgPKH2n02kbEVmoykr6r96pf +eMJ99TVZwM2WGq0qMYdKGZI3HcbuypoiuFx1fG9XsfATK6HKKAaE9QC99wKBgFUb +7rSKy5d8HI/8CXNA2HOLl+tJukuCqpEGsTimQ9kCz1Y74sEu7IHfK1EyRhUiu2UF +cpacTwJlD4Y6Y//UhuuVoJFAWrwgbs1hPXP6v6hZ2Mj8hD+koQcw+NroAkVP+hzH +MJVvEvS64SWPmrMKh3b0j41K8ESYlxN28u7DylyhAoGAGlMA2j1J1HWVPz4sWEQq +uE5cZKjf6gFT5YTwHtQ6tbBVpJl2gAmwU9SD02aV19ntSuKu4MO1z3DXVluXQ26e +gcbg4Jpv0HdV37HF5gMfGWTOHfhtxtr5KzQTq0R6i0lnD8JIN9MoTQaFotAsKlhC +pZLDJr57HePBO4mMHXRUjuw= +-----END PRIVATE KEY----- diff --git a/jstests/libs/rs0_tenant_migration.pem b/jstests/libs/rs0_tenant_migration.pem new file mode 100644 index 00000000000..5c2bd303efc --- /dev/null +++ b/jstests/libs/rs0_tenant_migration.pem @@ -0,0 +1,56 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs0_tenant_migration.pem +# +# Client certificate file for tenant migration donor or recipient. +-----BEGIN CERTIFICATE----- +MIID8DCCAtigAwIBAgIEJJSiyDANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAxMjE1MjMzNTE4WhcNNDAxMjE3MjMzNTE4WjBpMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxHTAbBgNVBAsMFHJzMF90ZW5hbnRfbWlncmF0 +aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C6lDdSpY/A4yI3G +K6HpQkrQ813zMOMhf2BFZSU3zY6rbrXhdTQQpQxyRC2Ht48LceMidB/J/Q+HykIz +Ygm4BsvjcyR89Uznb5bd82DKftRIfA6LFk3sySZjNmzOf4ZRzItO+N1UZAP+9nfA +zOTIwblNdPuUeeRutK5RH/tgf7rXdKgOSEjxhinAOV0r50UOLLo0t2ApRjskA0dz +l61k1GIVrmLgj11+Zq1KaG3jETVjwFn2HwAt0/JI8tvkh9ebsAT7b68Ibz9iCp0Y ++nPFk3V/SbjpPYDjauPUAb9cjwyzYfnhrVOMKRnDBRN+Vll52UexqVAGLW5cxupA +46zNhwIDAQABo4GUMIGRMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQM +MAoGCCsGAQUFBwMCMB0GA1UdDgQWBBQOPwCeDPekwSX1+3pDbC2S8/IKqzBDBgsr +BgEEAYKOKQIBAQQ0MTIwDwwGYmFja3VwDAVhZG1pbjAfDBZhZHZhbmNlQ2x1c3Rl +clRpbWVSb2xlDAVhZG1pbjANBgkqhkiG9w0BAQsFAAOCAQEAddk36uq32JPv1ovY +IGH9c5BHq2iepkNxRbFAPbr1aA/Z+8uZMV9/sUoyXkjjSQYgrnzFmnHrkeMYq6C7 +ntIteUuPnZw5DpC7o1AEPckYxjUdCFcqwHz/7qt1b3fUJ8wuzMXLYeGzdK2x1nPo +TH8icFJf54tH3xHin6GHJAfaBus5BQwT3PD6OaLE9v7lVCbiUF9kqvP+2NRNkwUQ +4F/P+C8pZlnRtPgy/30c6fsbUSyzlZkQtzsQtKGbWbhoO5QqCQH7dSPKGqSsnd4o +Qmq8pgOgt9bi+Z70Ze/JzjviJ1MYgGiz8rEY5bXe6OQ9K3S9psEHvJ1lKOdSXTu9 +FQqLyw== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcLqUN1Klj8DjI +jcYroelCStDzXfMw4yF/YEVlJTfNjqtuteF1NBClDHJELYe3jwtx4yJ0H8n9D4fK +QjNiCbgGy+NzJHz1TOdvlt3zYMp+1Eh8DosWTezJJmM2bM5/hlHMi0743VRkA/72 +d8DM5MjBuU10+5R55G60rlEf+2B/utd0qA5ISPGGKcA5XSvnRQ4sujS3YClGOyQD +R3OXrWTUYhWuYuCPXX5mrUpobeMRNWPAWfYfAC3T8kjy2+SH15uwBPtvrwhvP2IK +nRj6c8WTdX9JuOk9gONq49QBv1yPDLNh+eGtU4wpGcMFE35WWXnZR7GpUAYtblzG +6kDjrM2HAgMBAAECggEAEAJAM/I7Yq3LoyFTwEZkbFJ+QMOa8/n/rIA2a3U6SnLO +Gh2VR+1CLI3sHPLmhD0dSumFzsWk7QZdDCKmE8G7JJtcbTnA8CDoTt+8QX7PGkua +/ZIdIMEHr1RgMEvW88SzW9jhJA0Lnr3/orHwTbVwt00eyZulHvux5OcrtNSVHpQ3 +nCniPc3F/WXHRi+klZR7GAK1M2k06mjnV+8YmCr71vPHx4Nu0Ip99yOEWAI/IJKp +lPrIRgeUKp0h4uCpDRlguKUL8AUgbNoh1m7z1LoVOEcVJrEjyYus2zh4ONMfREb8 +/qkZDvsj7TS2c18buhKEKe4n+KOstCJPnTdq7KxIoQKBgQD2I2mTnLRONGoXira4 +NxNCNVvT02IS/DNPrT4Gm3p5mG5DOMtVTNvwRXaQtNlrfv2qYSekwvqU9Y6YR3sz +nPSMfz0Kxy7JpgI95oVIGP3dqU0Skuv2pNK4pFxECD8MH4lIJBbvq+zDAyCbFCmx +gzZ3u8CA2dHr1hVWdOBRQoZysQKBgQDlAQGIfo7mhS0PkVIdqZU0pmpmy0HRHKSB +SSxD0UuUCrT6aj6cgccaGnjjhmtObW1jG85EowApDnUR9wwGMTCl42AqaLnQixpK +TyNaReCbVkpNWcluBRKchGBff7Af5oAuSFuggBMWR2jecM17UGkbV5Z0MVhQ1CZ7 +oLDMb0ghtwKBgByWqGCYxuh+dgQd/HMREo+SGwRTfQSvflY2zQl/bY5KAiSUqClU +MAeMSeUs3EP8EAKGHlCoxOogS1uskcbA6DaZYMGruOd6/K+r4rcpD/N7ApSxs+6F +3mPL01ujiY8i6pMSfgeAdJOB/XuFsAIKN31YtVdB9Xvq9beBA7zseSlBAoGBAIic +qQV8OlNabx8yWgJIADKAdEkOSB0vMRPPSxDJ8oRGPuCEMQW8hcIUuLlCnxESRocx +N0PK2XWkokItVob7IUJU+jFSeEboNK7Ptw9LUEpal8i9H2T6sbedYMCXs8HUB/OU +RtTgkoJf5zeLo4lE1u7wuVhnd4AAj1SA7/eFC0rRAoGBANEds+itR90vCI7by7I/ +1ttTCDm7rAFwoUSG0KvHvarpbFR3A41ssVmgkHFj4xP4MAgYUieRVSxrd55tifLK +6L0d4UhO/jfKKdaylv0Rf5VziBa6RtRd0tpPjpgvOdud0HglYxktg4heHVAbZHXh ++sJU2GNdsKpPnSOhM4JT3agf +-----END PRIVATE KEY----- diff --git a/jstests/libs/rs0_tenant_migration_expired.pem b/jstests/libs/rs0_tenant_migration_expired.pem new file mode 100644 index 00000000000..8996b1adf9c --- /dev/null +++ b/jstests/libs/rs0_tenant_migration_expired.pem @@ -0,0 +1,56 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs0_tenant_migration_expired.pem +# +# Client certificate file for tenant migration donor or recipient which has passed its expiration date. +-----BEGIN CERTIFICATE----- +MIID8DCCAtigAwIBAgIEQkaROTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAwODI5MDU0ODUzWhcNMjAxMjExMDk0ODUzWjBpMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxHTAbBgNVBAsMFHJzMF90ZW5hbnRfbWlncmF0 +aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFwzF0FyOPjnepos +strY4WUcqgDqh0f/Gyv/HIoetjzc/HYnIAwl6R60bIQ3cdPXRQu0GOZ6McoU10Sz +UiH+F3dtT8obdvrIpC1N2dwuHl4sOYeELAjeL6jyGua4dl9W17/n9IAJx6en2e0Y +K/ewcz253/fuVWEa2aBFGTIDfrr0b4z0GoRuvKBSfMqxb9cP4tESKxKfzYs46j/I +Xndsl5OwQ0ES9lkZ2ioopQqLMAlKKC9OzOrQMd2ZQNe07GPE2hcWGfLoRhbj0+5n +1X/DCLPK0RZE+HdIIGUhkm1hrnBGZBjf5XXUEl96WO4xBcAJeGsve07LsXGYbJhx +uvQkXQIDAQABo4GUMIGRMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQM +MAoGCCsGAQUFBwMCMB0GA1UdDgQWBBRGsYZqjSv40vNnZaEV3yCXgJ6TCDBDBgsr +BgEEAYKOKQIBAQQ0MTIwDwwGYmFja3VwDAVhZG1pbjAfDBZhZHZhbmNlQ2x1c3Rl +clRpbWVSb2xlDAVhZG1pbjANBgkqhkiG9w0BAQsFAAOCAQEAJaqf4wVucuyPbZjg +50AFXsFDMzfGZXzTuxjmgCbEdXfdt8DLHZW1hVtTFIPRwIMyeMZ0ugZzvqxtti82 +Txfb2xbUYzXagZKQmT2zXyUrPY5YisYu3qH9+PuZC9vqBmZYzqVWp0VKyMrb2iS7 +b8qpzVAEKgwodOjgoNjOnmPbvUN+/6P8ZB/xJshmFt0ehoixensW/TuHT40DvHPZ +L8vfe8xbgTc4R8h6b821a84xw3BYYpMzs9UX7z4iSpHxHUYG92vEg5sh/aXeayDK +9rmR/+xVI+lSQLaQRGgfu4ggPOS90EPC1/QtoKqZxD8QtPf6HBcb3icM6Dzf/uu5 +tCzCDA== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEXDMXQXI4+Od6 +miyy2tjhZRyqAOqHR/8bK/8cih62PNz8dicgDCXpHrRshDdx09dFC7QY5noxyhTX +RLNSIf4Xd21Pyht2+sikLU3Z3C4eXiw5h4QsCN4vqPIa5rh2X1bXv+f0gAnHp6fZ +7Rgr97BzPbnf9+5VYRrZoEUZMgN+uvRvjPQahG68oFJ8yrFv1w/i0RIrEp/Nizjq +P8hed2yXk7BDQRL2WRnaKiilCoswCUooL07M6tAx3ZlA17TsY8TaFxYZ8uhGFuPT +7mfVf8MIs8rRFkT4d0ggZSGSbWGucEZkGN/lddQSX3pY7jEFwAl4ay97TsuxcZhs +mHG69CRdAgMBAAECggEAHhvJFbrKSeQYklsLmY0nDkCTyZmEXKP0gPUZFAY1uVnR +xMBVNXvHYFx969nGKqUB8CtgPSUx/WpwEaYOHPzrWivMzhw+Y9sGYu4zbsFtLOjh +vRyDbsEZWJN+NBPGmxf5V/GsHnh3h260tRy+xRcgrjr7wlTg7aSLGm2RytA5avf4 +q70dyqPues3K638f0hLiW28qMOBCdRSeJKie8dZRQ4kfyUWNNhEPl8ughaXFbVVI +WwB/NoLegLXFdcVzwNuZGVfFzwXhAdK3Wv0UjYx+S7CA/Lzrz8AZisgsd7paE+IC +CZ+zF+st/97WEb94blTCVFMGnUBkJa3kR2BmHUf4HQKBgQD2izoEQVPKI6wAFAAw +HwyEGn3vhHawNLoidLFFpT82BkGSGFw9clINQOgibTfMsaXO4awS+iwZnYUgvGux +9kf/E2BVUXOG+j/URLd0CEX+yWOpRH9DcOLfiPCqBP9+jqgV8GwHiBxHMb1W7NHZ +AGEi3MIM/uc80rScaNOStR9XywKBgQDL5Do86r/cfyqkWwiHczc2TiHtR3+zcP9E +vZS8l2hIQEzChfWCCxcH47DVTHnig1ANSrhEfA0GBZNj+HAmkVhhDITk8AsCOwIO +7hk8CIFUjzvV6EB6cXGtruzBIJQUVhFBC6qv3mzwYdj86hjf6R0odZD12KzqtM4a +1TVocapfdwKBgQC/VJUVsE0CVmSpOtxae/4OlzCcrMQfQwwgqUbZscA4gOpqIpWS +6iFbP7/m17OyGzt+LgyIPbXzuxcRrKg3V9XP0o20KJ3rZlIavalRVwpbDJdXSV0q +TXUD3RZIG9DbuoIfZJGx1qN7bNJvnyHLskuv7np582go/6xCpedrtzw3uQKBgATg +0QPkGfMMl9iW1P1opEmIVQd4TnXcnj7mykg41yXjY/LDgbw6x7JIoFJ6IfBpc+Dd +iMsarLUYLQ6XQxepIpQv2H4hwCGth78Ts0bcbTu4sZXMmL5VOIMPTFrSjLhv1rnX +rZ3HlJOrw6VJdI7m5Ouy5GT9aiWzbbr2nvCAx7LBAoGBAOeT74xyNjmB/UzgfArj +sqRf/9RNAlmmjWyhhEwTT31dsGZXs4l19+mhELDZ18WrvjkS0sIjK1KllLol1uRn +WziP4rQX6yv6mVTEYtPPu6owUxhiAcYR2HRNi5pWoc8VzaeKRaZ6A/A9dONapkQU +H3OTS6zJ8U+i4V/NeViCNp0u +-----END PRIVATE KEY----- diff --git a/jstests/libs/rs1.pem b/jstests/libs/rs1.pem new file mode 100644 index 00000000000..8a210279554 --- /dev/null +++ b/jstests/libs/rs1.pem @@ -0,0 +1,57 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs1.pem +# +# General purpose server certificate file. +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIET0CxNTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAxMjA3MTkwMzMwWhcNNDAxMjA5MTkwMzMwWjBYMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxDDAKBgNVBAsMA3JzMTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALFZFac6NbjsVBecfY+By9K8cZzj4iTaGpZTZp9u ++0dzHVJd/0nL3ILj3nYdgrijwJJOv/CWZmv2b3dvkIpLtYfMBwQw3K6ZtUJ0RBLh +VtkZf5bdjoVlRgy9OobncJu31Q5pbeMWo+YCzlk3a9rnkHmQHHiM2ynpQPrw+ekU +mM2zRNHEB7GF2o3ax0jFBv26t+IP9OySSOyoKiVtwfSibH8nON6709s39m7Q/GKO +LwXAoJq+airswhkmvlNdK/8WdC4fA2E50xpRbOkP+Ke8dwEN3ewxvTZGvMRdylEg +p7+/JWvKNnwhT554kBP2GrSPl2dOYny8UjHNLmreQo///4sCAwEAAaOB3TCB2jAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNV +HQ4EFgQUP+BYmcvg1cT8XhgruFWZdN6FoEMwgYsGA1UdIwSBgzCBgKF4pHYwdDEL +MAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9y +ayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxFzAVBgNV +BAMMDktlcm5lbCBUZXN0IENBggQZkSMSMA0GCSqGSIb3DQEBCwUAA4IBAQBDgqcR +maZDrdpy+ziDZRlGP6XmvZItsHH9YxspR+FDiJCeFjM+RNfIxeb4RLigqrw235d5 +SoFerfkwGK9GeTWhsF8WGo+1VexaMzxZa9/kpZPbXDtd6ix7xdEsP1xBj2Cw7nzT +s9+78hMTbUI+bWVt2quONYAjx4/tXXmxf0IhAVVOst8UmgwjsWQuYIbACwlNrph9 +aDx9zSShi2JLZZmDjr5HPl8PSVJ8484achzckVXyNNXt13whqHwUUS7lh7rmr4yq +4WO/6wyAB5pkV6XbttkkXqKOGD4RbKicLE8oNtQ5o9TZEfPiEATMYlKxWZns2UKJ +7ku30sR7ArR/R75c +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxWRWnOjW47FQX +nH2PgcvSvHGc4+Ik2hqWU2afbvtHcx1SXf9Jy9yC4952HYK4o8CSTr/wlmZr9m93 +b5CKS7WHzAcEMNyumbVCdEQS4VbZGX+W3Y6FZUYMvTqG53Cbt9UOaW3jFqPmAs5Z +N2va55B5kBx4jNsp6UD68PnpFJjNs0TRxAexhdqN2sdIxQb9urfiD/TskkjsqCol +bcH0omx/Jzjeu9PbN/Zu0Pxiji8FwKCavmoq7MIZJr5TXSv/FnQuHwNhOdMaUWzp +D/invHcBDd3sMb02RrzEXcpRIKe/vyVryjZ8IU+eeJAT9hq0j5dnTmJ8vFIxzS5q +3kKP//+LAgMBAAECggEAETMmmnVWyHyDG1ceBlD8R4/nJOQlBpXwhivIhCXrUN6l +NVvQaoPO+xLGfIYYK3gWMRpaGyc6/7WC0f6L8h2tmWH8PDfQ704Q+kT0ZTBdj+id +KzCJpf5QcOPZTUQc8708eI1ZDvEfLCuRf62UVEKpDGEhob9ncgUhPDUqx6Qrvac/ +7M5oQ8CaA9Ss2XMVMEmfjvCvCVLVPQj7ESZXrPTQn8XCplrhViydj8o5jhCBNXyw +ptEK/FwC+G4kZNeHaTNwnL3LQRe4wvOJUP7e652xW+CY+UaLjaIK4MHFoueQyZf9 +NWEHcZmrmOqNI31yN8XvVKbm3zfPxZYgk3OumeA1AQKBgQDV5/hhbSbcbyOS3pDF +9jUrR9q96RD0ipfJpaae/NuzNaSy6kD4P4opiNiIZA0W5BBuERw7oDhDTVmUQCoi +CnanQYxT5Gu/TmhQGzg0J/VMz18PM8vUyYV+pSBvY7NVdvgrMy+HWvSJqHN6LKCk +yTJ+hbcNeMUpsi2yQ2OxbQePoQKBgQDUP2kraoTIIasYIqzRPv2UopNiHBRRU8wQ +LoXa0eVugnInYVO4mvSyyFXXYsqWrpS5FRWflTep9IRPfi2NEVkAT2VqGFCpMlzw +J+T7VjABsVzE+ni5X81OHrrsOCHveoc6IC/WLD8XYJYpJ4L8O+lMAl3/OIohCAEw +sTckKkSvqwKBgF4KGXxbjFYk1jLffi5Jy543fMc5C6c2tvyDwvjqmXvz/XBa5C0/ +YfJYozlzIv4JTd/Vzd+41INiIhu3Cc7lYrytaJAJQAVe5yUwkkj7uDAIivYYA2iN +IA9JcTUHU/Qi1X/IhQCw0Akk8X+o1wcbHQParVtS2Ps3xjc0wUNjd4uBAoGBAMd1 +X8whKe85VKQ10dpCK+PGdGK6qI1VBmwejEP7BHU5uTUwzZCqblKk2aazfFbmcXUN +T2jMvabF1qEtnnj3WIBmHJP7jbGzVouJsjJP6IVuvBOQnmr2kOVdE6Rxi9KVfwcs +wEexBQlfBz5dl0aatr9rahIye/xWnWe44mzmG+5JAoGAffY4PVDdtkbjs+acSSLA +h8CfAJkUSxMzQ3n8YKrxaF6cTp659CYgFn0sjQB3Cm+1+1afIfPqIzYinQQHimgz +UQ2NLNCnQWnxtOlr85AE9qub1+y6arep1z20V95jgRaIC5xGvu2MG9t2CitYYTI0 +Dela6zi1M2Nw2xtgzzmHJeg= +-----END PRIVATE KEY----- diff --git a/jstests/libs/rs1_tenant_migration.pem b/jstests/libs/rs1_tenant_migration.pem new file mode 100644 index 00000000000..c27df3a1a74 --- /dev/null +++ b/jstests/libs/rs1_tenant_migration.pem @@ -0,0 +1,56 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs1_tenant_migration.pem +# +# Client certificate file for tenant migration donor or recipient. +-----BEGIN CERTIFICATE----- +MIID8DCCAtigAwIBAgIEO9xRljANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAxMjE1MjMzNTIzWhcNNDAxMjE3MjMzNTIzWjBpMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxHTAbBgNVBAsMFHJzMV90ZW5hbnRfbWlncmF0 +aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsz3SKweyy9/qrNE +Ddr5QNypH+UVvoGilSjFn7n2imSDqV4yzAwZS9wraSEGQlPcgPlJOfDPs2Cllo44 +gt5iRoBSR1WPFGoWEq2OxLCGOjW5rMu6iF9uZodvMHc0xL2IzkwhGO8FI9Yycpb2 +pjUm+H9CBsRvH9JjGd7xzNgzcFKpWCnVgi4Oydhu0oflIegF7UN1yTaSv9LH1ZKL +8RkrLZ4iv88ISwE3QAAThkQokAvFKk08S9cInEuC4gXunZTpHrLV7cwMxyn+Om64 +6UfUfB9NDRhcdScrxFRX1jfRthgAEw3Ud7P3D27oVBlBhTrDF7BM46j9cv5Juzb4 +w3wVywIDAQABo4GUMIGRMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQM +MAoGCCsGAQUFBwMCMB0GA1UdDgQWBBQAAJhR5WYHSv9WN9eBnD5A9tUZ+zBDBgsr +BgEEAYKOKQIBAQQ0MTIwDwwGYmFja3VwDAVhZG1pbjAfDBZhZHZhbmNlQ2x1c3Rl +clRpbWVSb2xlDAVhZG1pbjANBgkqhkiG9w0BAQsFAAOCAQEANRu1l5gg4MNdCQ6J +htER4a1rM7DEpJAOLf/TqbRK9BbKuTko3yvJ4XMAvrAPzjgV7cdhLY2XZQYP6tuW +M1rmgk+KOQPh/35WGGPG7lhZW7hnCwv7yl2Rn1xHPqWODgIroBbZS8ONFeXMM9lO +PweCkib0s5KfBY7QrUNyILg+gYyuRgKrZg0n4hzXb8cKA+KDCO6DCL0UJgbqlxpy +5Piv5Qn3wl3k2+EhfStQJKj0xUYqATkyWnUs87xKt3PFO44nTinGrENLXC1zJaIH +3qqRiDIfbZxULrS81F0mvaWsyxPENC3Nm0tK7ob7WX40v/351M5eExX5zGpR9806 +Ql0dNw== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuzPdIrB7LL3+q +s0QN2vlA3Kkf5RW+gaKVKMWfufaKZIOpXjLMDBlL3CtpIQZCU9yA+Uk58M+zYKWW +jjiC3mJGgFJHVY8UahYSrY7EsIY6Nbmsy7qIX25mh28wdzTEvYjOTCEY7wUj1jJy +lvamNSb4f0IGxG8f0mMZ3vHM2DNwUqlYKdWCLg7J2G7Sh+Uh6AXtQ3XJNpK/0sfV +kovxGSstniK/zwhLATdAABOGRCiQC8UqTTxL1wicS4LiBe6dlOkestXtzAzHKf46 +brjpR9R8H00NGFx1JyvEVFfWN9G2GAATDdR3s/cPbuhUGUGFOsMXsEzjqP1y/km7 +NvjDfBXLAgMBAAECggEAfEaZIP/OPOMePzyIi9k9ENJRI635kaIU9zsvlene0HG5 +8bZZIx0O9xInguzJyGpbAQ868oi1AnEaCTpADzsQX9Nnq/O2b+skmk7ujAR8yfHc +em+1xLMkiJyNfsWhrKacFx+lAFcfLmVhJHsUDQMJG+9OAAW0g8lOT9xjySGFILtW +Sr4QHT7BzAY9aBkOD/JsLnHtx1fXaqyWFgCfhVnUEj4gG0+bT9hgX0c1xM6GlaQF +8ldja+buzEcFmjw3X8FZTIzp+WNXC0D1DpjgA81XxCK5dwh09CcmNeGeH9gjmOPr +BRIrI1vGG4uMFaiwOMQZE+JAuYxFFoGHE9Nudfl8wQKBgQDnd2RajHDQd3jmKqcJ +g0378tTsPefb/GTf726fwFzSchDm7hYSVGplJCU5lCo2CiP5o5dfFSRuBcESAaec +jhB0ZuVqaYCDOmXvpAJUXj2zrJ0PU4E8ZZSQTCWidUNo424XU+dcgjHdEG4AqyUv +d6UBEmzqrWUqURfXscMFG5NO8QKBgQDBVAGa2jrp5HzSRvInKQWM1gPhnD4u1+PU +p6I0nbDP03YwVAxT0cHclTFQfW819XUv091WFJv5gBpp1jzts9M3SueiwSdDAtwT +g03A2qex+NhOOFfzwz7n1YrCbNImd+xKmuzuc3b+vL6aI+OQ/uQ9KIHUAqhEeZXY +yIekRFeoewKBgQC5EKWFHErK8usQJEQfgANnEVWaeTibk+ZXgYlSYywT+q125h9x +klrq+QZmTged42e2Hk1V8YKKEUG4EuifbJrNZsPA3A+rXJLKErjmGd99e+KrsVlg +H9uzr55bkSRPhZ+tOSF/vnz9wjghgrUdiay8+a1pyS9csS+9/lvuBok2EQKBgEOr +wBQQJ2cPj5GbO8/xT/wIPbuPEUUcVKdvNhvsxqM4hbpM8TO1zIIFxwlBntfoX2iq +ZGNpO1+OM7CwSQt7UoecNJCHw9J1AcviviivYNuvGyfmGQM+aJqF6Ng9dyH4AEHt +ENo2mIR6VM1nmpR6ZDH0J92qQHQXixgiuTgKpBRZAoGAUxyIpK6IbUajxSWaBN1C +75yixyUlBYI0oxm6fMyc9//ihVWIp3J1f1QdhM9ea68IzfW8foWM647R2AutOlK5 +z76pP1gPSJ6cu4VFF+VvVfA6rvFSFZ5IwNdyL4R1ioY7uBldItdYiY4FWv+Im7j1 +Qr5pw9+r22voo8l2Q5RjAnA= +-----END PRIVATE KEY----- diff --git a/jstests/libs/rs2.pem b/jstests/libs/rs2.pem new file mode 100644 index 00000000000..1282992f5be --- /dev/null +++ b/jstests/libs/rs2.pem @@ -0,0 +1,57 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs2.pem +# +# General purpose server certificate file. +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIESyzPCDANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAxMjA3MTkwMzM1WhcNNDAxMjA5MTkwMzM1WjBYMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxDDAKBgNVBAsMA3JzMjCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOkk77SmkljKGV4U7nbQyLueAc5fJVe00Cp7/ZKU +/dDban7AG13RwO6u658HLxAlXrpC6vOQClGA6FIJygFGywOz2jR0jLoi5CG5zd5w +xfw95A0SJreih24fnWG0hO9+3dEF+9vrOodFQhs4yCcbK6tWTckwo7s8N3Jvdzll +f2V9yvWNXrb825FdW57bSV+AxLyjvqYeXOpLjCMnE0iHFSDLH1vS0glfXpfeUFVU +LQBEF7HPdkRMA+Ze7T5HxQ57ySA0KDveW8JEFUo6rCpAUo7DAeXxLDj77nRjkE2R +8fE7FW378VDnK4ug9dUm47Gvij7bdN2W/SQPwzScuiFZ5lECAwEAAaOB3TCB2jAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNV +HQ4EFgQUW56jsPf2w4EUoaanyRimr/NcH/AwgYsGA1UdIwSBgzCBgKF4pHYwdDEL +MAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9y +ayBDaXR5MRAwDgYDVQQKDAdNb25nb0RCMQ8wDQYDVQQLDAZLZXJuZWwxFzAVBgNV +BAMMDktlcm5lbCBUZXN0IENBggQZkSMSMA0GCSqGSIb3DQEBCwUAA4IBAQBP2Kl2 +BuWa3JpVljwjDEWh8emhv8lkYWMae5G/1VwfoyYok5d8oizN4szIQVcB1teMNcAl +xcua5Y6KoYmCv4MMqr2Fhuu0rgm0FwMxjZJ4E5upQgzW2ACMJdmcJ4aSw/7yfbR3 +vF1hLjD38QD2769WPIq90N2kKl5WgWyf02o45Zw56JbQZ5YeQjEW+Njp7wx2rFre +qOXhIj+yUf4+wlZMA9n/cBewsNefyviZGVTKYo8yMQKb4APGE39N8nLHJyglAXKg +xpAZOn0vVhuTWsR8346cwynSGkBW6MvSt7UYeu1BVUS7nOhupRaZnhL38f3spiIM +IGhFOAVjMIe3JiEL +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpJO+0ppJYyhle +FO520Mi7ngHOXyVXtNAqe/2SlP3Q22p+wBtd0cDuruufBy8QJV66QurzkApRgOhS +CcoBRssDs9o0dIy6IuQhuc3ecMX8PeQNEia3ooduH51htITvft3RBfvb6zqHRUIb +OMgnGyurVk3JMKO7PDdyb3c5ZX9lfcr1jV62/NuRXVue20lfgMS8o76mHlzqS4wj +JxNIhxUgyx9b0tIJX16X3lBVVC0ARBexz3ZETAPmXu0+R8UOe8kgNCg73lvCRBVK +OqwqQFKOwwHl8Sw4++50Y5BNkfHxOxVt+/FQ5yuLoPXVJuOxr4o+23Tdlv0kD8M0 +nLohWeZRAgMBAAECggEAb0FrCf/7ElfO5zCB4z0arT1niz2oKkRkmgF1Lf/fZ01t +cnLmHE0+Dih20/qvoLrUi3nneLch1Wb4dj2pohZQRsIKvMFpbmG8D8QE08NpF0fJ +jds9kqAClLCNf9SPI2KdI2QBnh6QXYDVXPwpt0+l9StID1wgpfbEVt2OPVuMAbeu +aieJYHJS9aifDrcSu+cYscRiuhzMnfZhaTE6TtB287NnMrYqjI+bWtod0MgeAca+ ++2VOBCYodzt9GUsHebATzq5yjG3DQ3l4cGlg1eyyJKS1XYkQ2co74SMQmpehji5e +/IuqRN8AfOWPx8mc/YjWHAbkXRFl7UOSA80t8zXGYQKBgQD6Algbskjo2z56rPt3 +3qv0cnAZqpB0gDJMbJEctQh6Ym20XmBcF9B9ufuG9+zEpPhLPCPuNqUBy5n4Rlml +7+noqzlG0OYeyKMKZYAHyN0HqVJSmHsk6t3SC9Goowh7wvtn6L8NkBhG1+NYFRoZ +WMj6zl7lprV8a3ywLY0ykjQqpQKBgQDuuyLlmmfbyqMvy4gF3hFmPrufGeksL5hp +L3/6/v/XqQvhgHkMTyb8aoVRD21o1Q+DS2m9UGWyk8EsIj/PBkc+W3Rx1uM4RDHl +y/oamqzhrrhLF1E0vsbi/8CZLzFVQl6s/TPL/mt5la6uD7wSqrXGwFrD/wYE8pUk +nZo/JSk5PQKBgQDcb96yJQPGVTIExqs/aRWjBpgy+UI/hp1S51MXxcOA7XKfW6uI +5/KMOMU/nzCjvnWzGIbxzjq1l4jd8WGwPxa2cOqitySANhYT36UAuCmzTKdqbkn+ +JhyJzKQDFiUvwp8bYou6cLgHFum8y3ZkrPUgt3/S66gP2VJqoO9jjKf0hQKBgFVx +ZOwId2OTAxT4I5b2BAQ0L7Kh83J9Fm+PMJ8E5UyqlDYBZVGigrGU7mI0w1Ph7ctw +EkhPnhZsC5dgKrZN6PHIicS0xF4/ChzVBI7BDV84yX0Wu1nFbimQn74zxdReDMSd +WwyH4q+BgyOJPibwMl8QOWwsulrK99ZDEhHHmxmBAoGBAMj8X7L8nL1hXa+e8KgG +VTFZx2GVOohPOxJGzt95TkS8HzPpoy3QSPoZHFQxrsnAcbh+LYhDFgv4kZ51a5ym +jMYiWQYtRTseYLLsSEadG9308zWBtz9KhPuEzyrDEFLSgEl29mv2Yg6wH7JClIKy +wJkq/RP8O+Z0zd9HofeFPoIx +-----END PRIVATE KEY----- diff --git a/jstests/libs/rs2_tenant_migration.pem b/jstests/libs/rs2_tenant_migration.pem new file mode 100644 index 00000000000..545741f45e2 --- /dev/null +++ b/jstests/libs/rs2_tenant_migration.pem @@ -0,0 +1,56 @@ +# Autogenerated file, do not edit. +# Generate using jstests/ssl/x509/mkcert.py --config jstests/ssl/x509/certs.yml rs2_tenant_migration.pem +# +# Client certificate file for tenant migration donor or recipient. +-----BEGIN CERTIFICATE----- +MIID8DCCAtigAwIBAgIEAZxBAjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJV +UzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENpdHkxEDAO +BgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5lbDEXMBUGA1UEAwwOS2VybmVs +IFRlc3QgQ0EwHhcNMjAxMjE1MjMzNTI2WhcNNDAxMjE3MjMzNTI2WjBpMQswCQYD +VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp +dHkxEDAOBgNVBAoMB01vbmdvREIxHTAbBgNVBAsMFHJzMl90ZW5hbnRfbWlncmF0 +aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8g9nUBxKuUz/4k8m +WJyfO+Ao2IOe2lJgPHa10KHIaDdIB2VpW+hHf98ckUpsB7vElssFGAfbgrlYNWGx +EP/ajueilVQyiUgcLVaQF8C16fjqQVbdOCffbWu/y3c5R781Rq2pS/WP6Sayh04l +tnvpbnK/UWJLOxYzB2AnSc3/sQwGxPgnWuFZBMaNC2rvCJ8wnZvVklYYe7oDp6BB +jTw2DC6WKq3Syn5iwxYaFr32M650b1vkor/yyCJL5AN9u5W+oEEb17qyZESjYeDX +KYwbNMtiG2Ny9G/dVQrXJMAThA9AazKqEJ4tV0ny/IDdMXOCMEnxW08+HGVDXGEb +RDEBBQIDAQABo4GUMIGRMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQM +MAoGCCsGAQUFBwMCMB0GA1UdDgQWBBRETiI/ygcC02rJrko5AnGM72fHQjBDBgsr +BgEEAYKOKQIBAQQ0MTIwDwwGYmFja3VwDAVhZG1pbjAfDBZhZHZhbmNlQ2x1c3Rl +clRpbWVSb2xlDAVhZG1pbjANBgkqhkiG9w0BAQsFAAOCAQEApQNRXHfJub+85buh +LAX0Trx9ZU2KdBaJHQMU8TWnJmQSxZrDENm3fa3p9CJFaClL3g/+kRej9dRImKJi +WVIlw+6aQ7AcY1GSlGSRnjR2VG5FN8NhulYmVxAxZhCrhtNnKmsEMYYn5sKGyqf4 +sJRYAXiLrqB67u3IZXKxFDDC78tMBnFt0zA2RMf4TR94XYttoQYqsa1tRPfbv4k7 +c1T2VeTLFGvF04Lyf/EUPt8fIYc324r3thxCWnzmOsdWWVScjpt3f0wLfGMtYodl +vp2mwEPljQ4T3VpHHItcId9SjvmloG9zWl7p3NMo4B3qNzoIODUqP9Mq8DVnTmgV +OZ/h/w== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDyD2dQHEq5TP/i +TyZYnJ874CjYg57aUmA8drXQochoN0gHZWlb6Ed/3xyRSmwHu8SWywUYB9uCuVg1 +YbEQ/9qO56KVVDKJSBwtVpAXwLXp+OpBVt04J99ta7/LdzlHvzVGralL9Y/pJrKH +TiW2e+lucr9RYks7FjMHYCdJzf+xDAbE+Cda4VkExo0Lau8InzCdm9WSVhh7ugOn +oEGNPDYMLpYqrdLKfmLDFhoWvfYzrnRvW+Siv/LIIkvkA327lb6gQRvXurJkRKNh +4NcpjBs0y2IbY3L0b91VCtckwBOED0BrMqoQni1XSfL8gN0xc4IwSfFbTz4cZUNc +YRtEMQEFAgMBAAECggEBAJCyNIfm4aQzKyMVPU7rESSxsrj6tRK8+1opfDXi//GM +WjpRnNGb4GHH9UPEwR8+Vx3s7naW+9kBAoGmjDolN3kFbmLlmfAGcxGHFUudnyDl +8uJsEoFnFGBMcLIn6s3AtxAw72rAt+4fe8j2JgUXvUqQvVzg7Se89XQLPnEX+yjR +Ze9tbQGTSPyLYlOH4Kd8WLIVxIpgU7flqWowNGjBdsVhiMp3trhNK4LtA9Lt0TkE +A1EBuG1uI0qeVGMXi3AQ2xxWipTO/F6gwNZk+2fh8ExwvIhkMByClAjFcZ9Ac4Zd +eSdXFdms0jX+paKrDSnPahGbm2Fb9VshDukpnn5inWECgYEA/cjDhvLUr8p4N5dp +IgbcZhe1I66BwblByuiWxPXIIbGFcqTZq6LqxvO8eX3eGxZj1yHnEGuUYvZ/2L9s +0PUWQuDEX39hAwUD1/HTa6D6Ix0S+kSfSGe4RMy8hjf69buD9vHWQKGIUOUkrvYd +goQ9FJA+LLXiWvVM5Y3WCU+0KzcCgYEA9CxvaLzx+6tnl0bgrqNeUE9Vh+khQCyv +8LWrPZd3oy6kPJbrg1GU8WL6BWMs4oudIaKHvmvtS5ezf6C4dJSLpKWZcVuvkXw7 +ujEgEjZ15S3TorICymhrX1805NZ8ibDNyU/Z/9RhbZm2rSUsuddRYLTDR56iN9jm +ODSIMnii66MCgYBAy+rIYOXXAG4TW5BXRMMvOexg8ORmbwOSaDJelZaEq8uzys1c +2lrxczfzGSUFa4EQY7KYaa9YWTGpSK7i50DI0JSzAVXmrHgfwbnGaDKVlo3K4ox8 +sybEQjX8Wvyzky4Ndg/LLrMcXHUyStqcAWGLB40oY0QpDyqUDdPRSs1onwKBgEJx +3RdZY1gi+puV9ApR9pZQIGxNqni2MGKGbUTjdPD4/kRmpUwk5S0SzAqvREWZzHac +refJotdRPs1aRRekXKO/VJQeaRZkAjTWrW2HWGm3IMJDQrMl2yIm3FPxcg5eCIHh +sucFOkYC8E0JsrQXvdNdHU7eAjLEWVGuKeniHiOVAoGBAKBuJWlof2bknYsEPaOl +mTp0GVuLcqbkp41qjvvirWpVop8K+LeUrW7eznSt5ZzmMq6UNYR8mbpkdQuUvSmB +T3ApNeYnKn9+TlfyJJTHtGOdGrNqFoNtg/S8W/p7rZU8316ETXxOFSpoLrjzYsCs +A4vlN5gooGeJP0v7yU8kIFOO +-----END PRIVATE KEY----- diff --git a/jstests/replsets/libs/tenant_migration_test.js b/jstests/replsets/libs/tenant_migration_test.js index 64b6d839faa..887c2d0590f 100644 --- a/jstests/replsets/libs/tenant_migration_test.js +++ b/jstests/replsets/libs/tenant_migration_test.js @@ -23,6 +23,7 @@ function TenantMigrationTest( const donorPassedIn = (donorRst !== undefined); const recipientPassedIn = (recipientRst !== undefined); + const migrationX509Options = TenantMigrationUtil.makeX509OptionsForTest(); const migrationCertificates = TenantMigrationUtil.makeMigrationCertificatesForTest(); donorRst = donorPassedIn ? donorRst : performSetUp(true /* isDonor */); @@ -34,6 +35,8 @@ function TenantMigrationTest( recipientRst.getPrimary(); recipientRst.awaitReplication(); + createAdvanceClusterTimeRoleIfNotExist(donorRst); + /** * Creates a ReplSetTest instance. The repl set will have 2 nodes. */ @@ -49,7 +52,7 @@ function TenantMigrationTest( tojson({mode: 'alwaysOn'}); } - let nodeOptions = {}; + let nodeOptions = isDonor ? migrationX509Options.donor : migrationX509Options.recipient; nodeOptions["setParameter"] = setParameterOpts; const rstName = `${name}_${(isDonor ? "donor" : "recipient")}`; @@ -60,6 +63,22 @@ function TenantMigrationTest( return rst; } + function createAdvanceClusterTimeRoleIfNotExist(rst) { + const adminDB = rst.getPrimary().getDB("admin"); + const roles = + adminDB.getRoles({rolesInfo: 1, showPrivileges: false, showBuiltinRoles: false}); + + if (roles.filter(role => role._id == "admin.advanceClusterTimeRole").length > 0) { + return; + } + + assert.commandWorked(adminDB.runCommand({ + createRole: "advanceClusterTimeRole", + privileges: [{resource: {cluster: true}, actions: ["advanceClusterTime"]}], + roles: [] + })); + } + /** * Returns whether tenant migration commands are supported. */ diff --git a/jstests/replsets/libs/tenant_migration_util.js b/jstests/replsets/libs/tenant_migration_util.js index c4e52e26ca2..6beb630b39f 100644 --- a/jstests/replsets/libs/tenant_migration_util.js +++ b/jstests/replsets/libs/tenant_migration_util.js @@ -12,6 +12,22 @@ var TenantMigrationUtil = (function() { } /** + * Returns X509 options for ReplSetTest with the given certificate-key file and CA pem file. + */ + function makeX509Options(certPemFile, caPemFile = "jstests/libs/ca.pem") { + return { + // When the global sslMode is preferSSL or requireSSL, the transport layer would do the + // SSL handshake regardless of the specified sslMode for the connection. So we use a + // allowTLS to verify that the donor and recipient use SSL to authenticate to each other + // regardless of the global sslMode. + tlsMode: "allowTLS", + tlsCertificateKeyFile: certPemFile, + tlsCAFile: caPemFile, + tlsAllowInvalidHostnames: '' + }; + } + + /** * Returns an object containing the certificate and private key extracted from the given * pem file. */ @@ -25,13 +41,26 @@ var TenantMigrationUtil = (function() { } /** + * Returns an object containing the donor and recipient ReplSetTest X509 options for tenant + * migration testing. + */ + function makeX509OptionsForTest() { + return { + donor: makeX509Options("jstests/libs/rs0.pem"), + recipient: makeX509Options("jstests/libs/rs1.pem") + }; + } + + /** * Returns an object containing the donor and recipient's certificate and private key for * tenant migration testing. */ function makeMigrationCertificatesForTest() { return { - donorCertificateForRecipient: getCertificateAndPrivateKey("jstests/libs/client.pem"), - recipientCertificateForDonor: getCertificateAndPrivateKey("jstests/libs/client.pem") + donorCertificateForRecipient: + getCertificateAndPrivateKey("jstests/libs/rs0_tenant_migration.pem"), + recipientCertificateForDonor: + getCertificateAndPrivateKey("jstests/libs/rs1_tenant_migration.pem") }; } @@ -153,6 +182,8 @@ var TenantMigrationUtil = (function() { createRstArgs, isFeatureFlagEnabled, getCertificateAndPrivateKey, + makeX509Options, makeMigrationCertificatesForTest, + makeX509OptionsForTest, }; })(); diff --git a/jstests/replsets/tenant_migration_commit_transaction_retry.js b/jstests/replsets/tenant_migration_commit_transaction_retry.js index 77b21f97a90..af4007d19f0 100644 --- a/jstests/replsets/tenant_migration_commit_transaction_retry.js +++ b/jstests/replsets/tenant_migration_commit_transaction_retry.js @@ -15,10 +15,11 @@ load("jstests/replsets/libs/tenant_migration_util.js"); load("jstests/replsets/rslib.js"); load("jstests/libs/uuid_util.js"); +const migrationX509Options = TenantMigrationUtil.makeX509OptionsForTest(); const donorRst = new ReplSetTest({ nodes: 1, name: "donor", - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.donor, { setParameter: { // Set the delay before a donor state doc is garbage collected to be short to speed up // the test. @@ -27,10 +28,13 @@ const donorRst = new ReplSetTest({ // Set the TTL monitor to run at a smaller interval to speed up the test. ttlMonitorSleepSecs: 1, } - } + }) +}); +const recipientRst = new ReplSetTest({ + nodes: [{}, {rsConfig: {priority: 0}}, {rsConfig: {priority: 0}}], + name: "recipient", + nodeOptions: migrationX509Options.recipient }); -const recipientRst = new ReplSetTest( - {nodes: [{}, {rsConfig: {priority: 0}}, {rsConfig: {priority: 0}}], name: "recipient"}); donorRst.startSet(); donorRst.initiate(); diff --git a/jstests/replsets/tenant_migration_concurrent_bulk_writes.js b/jstests/replsets/tenant_migration_concurrent_bulk_writes.js index c2c109525c2..bc8b1e07a6f 100644 --- a/jstests/replsets/tenant_migration_concurrent_bulk_writes.js +++ b/jstests/replsets/tenant_migration_concurrent_bulk_writes.js @@ -28,27 +28,28 @@ const kBatchTypes = { remove: 3 }; +const migrationX509Options = TenantMigrationUtil.makeX509OptionsForTest(); const donorRst = new ReplSetTest({ nodes: 1, name: 'donor', - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.donor, { setParameter: { internalInsertMaxBatchSize: kMaxBatchSize /* Decrease internal max batch size so we can still show writes are batched without inserting hundreds of documents. */ } - } + }) }); const recipientRst = new ReplSetTest({ nodes: 1, name: 'recipient', - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.recipient, { setParameter: { internalInsertMaxBatchSize: kMaxBatchSize /* Decrease internal max batch size so we can still show writes are batched without inserting hundreds of documents. */ }, - } + }) }); const kRecipientConnString = recipientRst.getURL(); diff --git a/jstests/replsets/tenant_migration_concurrent_migrations.js b/jstests/replsets/tenant_migration_concurrent_migrations.js index eeda516b7d1..683e5e41400 100644 --- a/jstests/replsets/tenant_migration_concurrent_migrations.js +++ b/jstests/replsets/tenant_migration_concurrent_migrations.js @@ -18,9 +18,20 @@ load("jstests/libs/uuid_util.js"); load("jstests/replsets/libs/tenant_migration_test.js"); load("jstests/replsets/libs/tenant_migration_util.js"); -const rst0 = new ReplSetTest({nodes: 1, name: 'rst0'}); -const rst1 = new ReplSetTest({nodes: 1, name: 'rst1'}); -const rst2 = new ReplSetTest({nodes: 1, name: 'rst2'}); +const x509Options0 = TenantMigrationUtil.makeX509Options("jstests/libs/rs0.pem"); +const x509Options1 = TenantMigrationUtil.makeX509Options("jstests/libs/rs1.pem"); +const x509Options2 = TenantMigrationUtil.makeX509Options("jstests/libs/rs2.pem"); + +const migrationCertificate0 = + TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/rs0_tenant_migration.pem"); +const migrationCertificate1 = + TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/rs1_tenant_migration.pem"); +const migrationCertificate2 = + TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/rs2_tenant_migration.pem"); + +const rst0 = new ReplSetTest({nodes: 1, name: 'rst0', nodeOptions: x509Options0}); +const rst1 = new ReplSetTest({nodes: 1, name: 'rst1', nodeOptions: x509Options1}); +const rst2 = new ReplSetTest({nodes: 1, name: 'rst2', nodeOptions: x509Options2}); rst0.startSet(); rst0.initiate(); @@ -49,10 +60,14 @@ const kTenantIdPrefix = "testTenantId"; const migrationOpts0 = { migrationIdString: extractUUIDFromObject(UUID()), tenantId: tenantId0, + donorCertificateForRecipient: migrationCertificate0, + recipientCertificateForDonor: migrationCertificate1, }; const migrationOpts1 = { migrationIdString: extractUUIDFromObject(UUID()), tenantId: tenantId1, + donorCertificateForRecipient: migrationCertificate0, + recipientCertificateForDonor: migrationCertificate2, }; assert.commandWorked(tenantMigrationTest0.startMigration(migrationOpts0)); @@ -102,10 +117,14 @@ const kTenantIdPrefix = "testTenantId"; const migrationOpts0 = { migrationIdString: extractUUIDFromObject(UUID()), tenantId: tenantId0, + donorCertificateForRecipient: migrationCertificate0, + recipientCertificateForDonor: migrationCertificate2, }; const migrationOpts1 = { migrationIdString: extractUUIDFromObject(UUID()), tenantId: tenantId1, + donorCertificateForRecipient: migrationCertificate1, + recipientCertificateForDonor: migrationCertificate2, }; assert.commandWorked(tenantMigrationTest0.startMigration(migrationOpts0)); @@ -155,10 +174,14 @@ const kTenantIdPrefix = "testTenantId"; const migrationOpts0 = { migrationIdString: extractUUIDFromObject(UUID()), tenantId: tenantId0, + donorCertificateForRecipient: migrationCertificate0, + recipientCertificateForDonor: migrationCertificate1, }; const migrationOpts1 = { migrationIdString: extractUUIDFromObject(UUID()), tenantId: tenantId1, + donorCertificateForRecipient: migrationCertificate0, + recipientCertificateForDonor: migrationCertificate1, }; const donorPrimary = rst0.getPrimary(); diff --git a/jstests/replsets/tenant_migration_conflicting_donor_start_migration_cmds.js b/jstests/replsets/tenant_migration_conflicting_donor_start_migration_cmds.js index 3c09a07cb4f..6afbd0bb8fb 100644 --- a/jstests/replsets/tenant_migration_conflicting_donor_start_migration_cmds.js +++ b/jstests/replsets/tenant_migration_conflicting_donor_start_migration_cmds.js @@ -41,7 +41,8 @@ function generateUniqueTenantId() { return chars[charIndex++]; } -const donorRst = new ReplSetTest({nodes: 1, name: 'donorRst'}); +const donorRst = new ReplSetTest( + {nodes: 1, name: 'donorRst', nodeOptions: TenantMigrationUtil.makeX509OptionsForTest().donor}); donorRst.startSet(); donorRst.initiate(); diff --git a/jstests/replsets/tenant_migration_conflicting_recipient_sync_data_cmds.js b/jstests/replsets/tenant_migration_conflicting_recipient_sync_data_cmds.js index 8da6975fb0f..b8f8cae6486 100644 --- a/jstests/replsets/tenant_migration_conflicting_recipient_sync_data_cmds.js +++ b/jstests/replsets/tenant_migration_conflicting_recipient_sync_data_cmds.js @@ -10,7 +10,8 @@ load("jstests/libs/parallel_shell_helpers.js"); load("jstests/libs/curop_helpers.js"); // for waitForCurOpByFailPoint(). load("jstests/replsets/libs/tenant_migration_util.js"); -var rst = new ReplSetTest({nodes: 1}); +var rst = + new ReplSetTest({nodes: 1, nodeOptions: TenantMigrationUtil.makeX509OptionsForTest().donor}); rst.startSet(); rst.initiate(); if (!TenantMigrationUtil.isFeatureFlagEnabled(rst.getPrimary())) { diff --git a/jstests/replsets/tenant_migration_donor_resume_on_stepup_and_restart.js b/jstests/replsets/tenant_migration_donor_resume_on_stepup_and_restart.js index 37b007a540c..268d71f926f 100644 --- a/jstests/replsets/tenant_migration_donor_resume_on_stepup_and_restart.js +++ b/jstests/replsets/tenant_migration_donor_resume_on_stepup_and_restart.js @@ -22,6 +22,8 @@ const kGarbageCollectionDelayMS = 30 * 1000; // Set the TTL monitor to run at a smaller interval to speed up the test. const kTTLMonitorSleepSecs = 1; +const migrationX509Options = TenantMigrationUtil.makeX509OptionsForTest(); + /** * If the donor state doc for the migration 'migrationId' exists on the donor (i.e. the donor's * primary stepped down or shut down after inserting the doc), asserts that the migration @@ -45,7 +47,8 @@ function assertMigrationCommitsIfDurableStateExists(tenantMigrationTest, migrati * donor using the 'interruptFunc', and asserts that migration eventually commits. */ function testDonorStartMigrationInterrupt(interruptFunc) { - const donorRst = new ReplSetTest({nodes: 3, name: "donorRst"}); + const donorRst = + new ReplSetTest({nodes: 3, name: "donorRst", nodeOptions: migrationX509Options.donor}); donorRst.startSet(); donorRst.initiate(); @@ -98,17 +101,17 @@ function testDonorForgetMigrationInterrupt(interruptFunc) { const donorRst = new ReplSetTest({ nodes: 3, name: "donorRst", - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.donor, { setParameter: { tenantMigrationGarbageCollectionDelayMS: kGarbageCollectionDelayMS, ttlMonitorSleepSecs: kTTLMonitorSleepSecs, } - } + }) }); const recipientRst = new ReplSetTest({ nodes: 1, name: "recipientRst", - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.recipient, { setParameter: { // TODO SERVER-52719: Remove the failpoint // 'returnResponseOkForRecipientSyncDataCmd'. @@ -116,7 +119,7 @@ function testDonorForgetMigrationInterrupt(interruptFunc) { tenantMigrationGarbageCollectionDelayMS: kGarbageCollectionDelayMS, ttlMonitorSleepSecs: kTTLMonitorSleepSecs, } - } + }) }); donorRst.startSet(); diff --git a/jstests/replsets/tenant_migration_donor_retry.js b/jstests/replsets/tenant_migration_donor_retry.js index f50efa63fd8..5d8e619f0ac 100644 --- a/jstests/replsets/tenant_migration_donor_retry.js +++ b/jstests/replsets/tenant_migration_donor_retry.js @@ -21,14 +21,14 @@ let testNum = 0; const donorRst = new ReplSetTest({ name: "donorRst", nodes: 1, - nodeOptions: { + nodeOptions: Object.assign(TenantMigrationUtil.makeX509OptionsForTest().donor, { setParameter: { // Set the delay before a donor state doc is garbage collected to be short to speed // up the test. tenantMigrationGarbageCollectionDelayMS: kGarbageCollectionDelayMS, ttlMonitorSleepSecs: 1, } - } + }) }); donorRst.startSet(); diff --git a/jstests/replsets/tenant_migration_donor_rollback_recovery.js b/jstests/replsets/tenant_migration_donor_rollback_recovery.js index b81bff8b5cc..9eb1d2796f5 100644 --- a/jstests/replsets/tenant_migration_donor_rollback_recovery.js +++ b/jstests/replsets/tenant_migration_donor_rollback_recovery.js @@ -18,15 +18,17 @@ const kTenantId = "testTenantId"; const kMaxSleepTimeMS = 250; const kGarbageCollectionDelayMS = 5 * 1000; +const migrationX509Options = TenantMigrationUtil.makeX509OptionsForTest(); + const recipientRst = new ReplSetTest({ name: "recipientRst", nodes: 1, - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.recipient, { setParameter: { // TODO SERVER-52719: Remove the failpoint 'returnResponseOkForRecipientSyncDataCmd'. 'failpoint.returnResponseOkForRecipientSyncDataCmd': tojson({mode: 'alwaysOn'}) } - } + }) }); recipientRst.startSet(); recipientRst.initiate(); @@ -59,14 +61,14 @@ function testRollBack(setUpFunc, rollbackOpsFunc, steadyStateFunc) { nodes: 3, useBridge: true, settings: {chainingAllowed: false}, - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.donor, { setParameter: { // Set the delay before a donor state doc is garbage collected to be short to speed // up the test. tenantMigrationGarbageCollectionDelayMS: kGarbageCollectionDelayMS, ttlMonitorSleepSecs: 1, } - } + }) }); donorRst.startSet(); let config = donorRst.getReplSetConfig(); diff --git a/jstests/replsets/tenant_migration_donor_startup_recovery.js b/jstests/replsets/tenant_migration_donor_startup_recovery.js index 9dcfba5b2d2..1daee91c8be 100644 --- a/jstests/replsets/tenant_migration_donor_startup_recovery.js +++ b/jstests/replsets/tenant_migration_donor_startup_recovery.js @@ -18,10 +18,10 @@ load("jstests/replsets/libs/tenant_migration_test.js"); const donorRst = new ReplSetTest({ nodes: 1, name: 'donor', - nodeOptions: { + nodeOptions: Object.assign(TenantMigrationUtil.makeX509OptionsForTest().donor, { setParameter: {"failpoint.PrimaryOnlyServiceSkipRebuildingInstances": tojson({mode: "alwaysOn"})} - } + }) }); donorRst.startSet(); diff --git a/jstests/replsets/tenant_migration_donor_state_machine.js b/jstests/replsets/tenant_migration_donor_state_machine.js index cbff08be6cf..a58c1eaa5e3 100644 --- a/jstests/replsets/tenant_migration_donor_state_machine.js +++ b/jstests/replsets/tenant_migration_donor_state_machine.js @@ -59,7 +59,7 @@ function testDonorForgetMigrationAfterMigrationCompletes( const donorRst = new ReplSetTest({ nodes: [{}, {rsConfig: {priority: 0}}, {rsConfig: {priority: 0}}], name: "donor", - nodeOptions: { + nodeOptions: Object.assign(TenantMigrationUtil.makeX509OptionsForTest().donor, { setParameter: { // Set the delay before a donor state doc is garbage collected to be short to speed up // the test. @@ -68,7 +68,7 @@ const donorRst = new ReplSetTest({ // Set the TTL monitor to run at a smaller interval to speed up the test. ttlMonitorSleepSecs: 1, } - } + }) }); donorRst.startSet(); diff --git a/jstests/replsets/tenant_migration_drop_collection.js b/jstests/replsets/tenant_migration_drop_collection.js index 0cd25146a03..20360738073 100644 --- a/jstests/replsets/tenant_migration_drop_collection.js +++ b/jstests/replsets/tenant_migration_drop_collection.js @@ -25,8 +25,12 @@ if (!flagEnabled) { function runDropTest({failPointName, failPointData, expectedLog, createNew}) { // Configure batch size for recipient clone. - const recipientRst = new ReplSetTest( - {nodes: 1, name: "recipient", nodeOptions: {setParameter: {collectionClonerBatchSize: 1}}}); + const recipientRst = new ReplSetTest({ + nodes: 1, + name: "recipient", + nodeOptions: Object.assign(TenantMigrationUtil.makeX509OptionsForTest().recipient, + {setParameter: {collectionClonerBatchSize: 1}}) + }); recipientRst.startSet(); recipientRst.initiate(); diff --git a/jstests/replsets/tenant_migration_ensure_migration_outcome_visibility_for_blocked_writes.js b/jstests/replsets/tenant_migration_ensure_migration_outcome_visibility_for_blocked_writes.js index f51b8d68799..95b2215d2ae 100644 --- a/jstests/replsets/tenant_migration_ensure_migration_outcome_visibility_for_blocked_writes.js +++ b/jstests/replsets/tenant_migration_ensure_migration_outcome_visibility_for_blocked_writes.js @@ -26,12 +26,12 @@ const kTenantDefinedDbName = "0"; const donorRst = new ReplSetTest({ nodes: 1, name: 'donor', - nodeOptions: { + nodeOptions: Object.assign(TenantMigrationUtil.makeX509OptionsForTest().donor, { setParameter: { tenantMigrationGarbageCollectionDelayMS: kGarbageCollectionDelayMS, ttlMonitorSleepSecs: kTTLMonitorSleepSecs, } - } + }) }); function insertDocument(primaryHost, dbName, collName) { diff --git a/jstests/replsets/tenant_migration_resume_collection_cloner_after_recipient_failover.js b/jstests/replsets/tenant_migration_resume_collection_cloner_after_recipient_failover.js index 4d6bd760367..2a886485518 100644 --- a/jstests/replsets/tenant_migration_resume_collection_cloner_after_recipient_failover.js +++ b/jstests/replsets/tenant_migration_resume_collection_cloner_after_recipient_failover.js @@ -18,7 +18,8 @@ const recipientRst = new ReplSetTest({ name: jsTestName() + "_recipient", // Use a batch size of 1 so that collection cloner requires more than a single batch to // complete. This is needed to make the failpoint tenantMigrationHangDuringCollectionClone work. - nodeOptions: {setParameter: {collectionClonerBatchSize: 1}} + nodeOptions: Object.assign(TenantMigrationUtil.makeX509OptionsForTest().recipient, + {setParameter: {collectionClonerBatchSize: 1}}) }); recipientRst.startSet(); diff --git a/jstests/replsets/tenant_migration_retryable_write_retry.js b/jstests/replsets/tenant_migration_retryable_write_retry.js index 2b217d4ec16..926f8e027a7 100644 --- a/jstests/replsets/tenant_migration_retryable_write_retry.js +++ b/jstests/replsets/tenant_migration_retryable_write_retry.js @@ -12,10 +12,11 @@ load("jstests/replsets/libs/tenant_migration_test.js"); load("jstests/replsets/libs/tenant_migration_util.js"); load("jstests/libs/uuid_util.js"); +const migrationX509Options = TenantMigrationUtil.makeX509OptionsForTest(); const donorRst = new ReplSetTest({ nodes: 1, name: "donor", - nodeOptions: { + nodeOptions: Object.assign(migrationX509Options.donor, { setParameter: { // Set the delay before a donor state doc is garbage collected to be short to speed up // the test. @@ -24,9 +25,10 @@ const donorRst = new ReplSetTest({ // Set the TTL monitor to run at a smaller interval to speed up the test. ttlMonitorSleepSecs: 1, } - } + }) }); -const recipientRst = new ReplSetTest({nodes: 1, name: "recipient"}); +const recipientRst = + new ReplSetTest({nodes: 1, name: "recipient", nodeOptions: migrationX509Options.recipient}); donorRst.startSet(); donorRst.initiate(); diff --git a/jstests/replsets/tenant_migration_x509.js b/jstests/replsets/tenant_migration_x509.js index 9645b476cef..754a1f8e690 100644 --- a/jstests/replsets/tenant_migration_x509.js +++ b/jstests/replsets/tenant_migration_x509.js @@ -23,9 +23,9 @@ if (!tenantMigrationTest.isFeatureFlagEnabled()) { } const kDonorCertificateAndPrivateKey = - TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/client.pem"); + TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/rs0_tenant_migration.pem"); const kRecipientCertificateAndPrivateKey = - TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/client.pem"); + TenantMigrationUtil.getCertificateAndPrivateKey("jstests/libs/rs1_tenant_migration.pem"); (() => { jsTest.log("Test valid donor and recipient certificates"); @@ -135,6 +135,48 @@ const kRecipientCertificateAndPrivateKey = })(); (() => { + jsTest.log("Test invalid donor certificate and private key pair"); + const migrationId = UUID(); + const tenantId = "invalidDonorCertificatePrivateKeyPair"; + const migrationOpts = { + migrationIdString: extractUUIDFromObject(migrationId), + tenantId: tenantId, + donorCertificateForRecipient: { + certificate: kDonorCertificateAndPrivateKey.certificate, + privateKey: kRecipientCertificateAndPrivateKey.privateKey + }, + recipientCertificateForDonor: kRecipientCertificateAndPrivateKey, + }; + const {dbName, collName} = makeTestNs(tenantId); + + tenantMigrationTest.insertDonorDB(dbName, collName); + assert.commandFailedWithCode(tenantMigrationTest.runMigration(migrationOpts), + ErrorCodes.InvalidSSLConfiguration); + tenantMigrationTest.verifyRecipientDB( + tenantId, dbName, collName, false /* migrationCommitted */); +})(); + +(() => { + jsTest.log("Test expired donor certificate and key"); + const migrationId = UUID(); + const tenantId = "expiredDonorCertificate"; + const migrationOpts = { + migrationIdString: extractUUIDFromObject(migrationId), + tenantId: tenantId, + donorCertificateForRecipient: TenantMigrationUtil.getCertificateAndPrivateKey( + "jstests/libs/rs0_tenant_migration_expired.pem"), + recipientCertificateForDonor: kRecipientCertificateAndPrivateKey, + }; + const {dbName, collName} = makeTestNs(tenantId); + + tenantMigrationTest.insertDonorDB(dbName, collName); + assert.commandFailedWithCode(tenantMigrationTest.runMigration(migrationOpts), + ErrorCodes.InvalidSSLConfiguration); + tenantMigrationTest.verifyRecipientDB( + tenantId, dbName, collName, false /* migrationCommitted */); +})(); + +(() => { jsTest.log("Test invalid recipient certificate, no header and trailer"); const migrationId = UUID(); const tenantId = "invalidRecipientCertificateNoHeaderAndTrailer"; diff --git a/jstests/ssl/x509/certs.yml b/jstests/ssl/x509/certs.yml index 6b071dc883f..eaf9f690a10 100644 --- a/jstests/ssl/x509/certs.yml +++ b/jstests/ssl/x509/certs.yml @@ -299,6 +299,96 @@ certs: subjectAltName: DNS: ['localhost', '127.0.0.1', '::1'] +# For tenant migration testing. +- name: 'rs0.pem' + description: General purpose server certificate file. + Subject: + OU: 'rs0' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth] + authorityKeyIdentifier: issuer + +- name: 'rs0_tenant_migration.pem' + description: Client certificate file for tenant migration donor or recipient. + Subject: + OU: 'rs0_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs0_tenant_migration_expired.pem' + description: + Client certificate file for tenant migration donor or recipient which has passed its expiration + date. + not_before: -10000000 + not_after: -1000000 + Subject: + OU: 'rs0_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs1.pem' + description: General purpose server certificate file. + Subject: + OU: 'rs1' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth] + authorityKeyIdentifier: issuer + +- name: 'rs1_tenant_migration.pem' + description: Client certificate file for tenant migration donor or recipient. + Subject: + OU: 'rs1_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + +- name: 'rs2.pem' + description: General purpose server certificate file. + Subject: + OU: 'rs2' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [serverAuth] + authorityKeyIdentifier: issuer + +- name: 'rs2_tenant_migration.pem' + description: Client certificate file for tenant migration donor or recipient. + Subject: + OU: 'rs2_tenant_migration' + extensions: + basicConstraints: {CA: false} + subjectKeyIdentifier: hash + keyUsage: [digitalSignature, keyEncipherment] + extendedKeyUsage: [clientAuth] + mongoRoles: + - {role: backup, db: admin} + - {role: advanceClusterTimeRole, db: admin} + ### # Certificates not based on the primary root ca.pem ### |