diff options
Diffstat (limited to 'jstests/ssl/ssl_ingress_conn_metrics.js')
-rw-r--r-- | jstests/ssl/ssl_ingress_conn_metrics.js | 129 |
1 files changed, 79 insertions, 50 deletions
diff --git a/jstests/ssl/ssl_ingress_conn_metrics.js b/jstests/ssl/ssl_ingress_conn_metrics.js index 3ba574b2967..333d3015a90 100644 --- a/jstests/ssl/ssl_ingress_conn_metrics.js +++ b/jstests/ssl/ssl_ingress_conn_metrics.js @@ -20,14 +20,21 @@ if (determineSSLProvider() === "openssl" && detectDefaultTLSProtocol() !== "TLS1 // openSSL is being used. This can be different on Windows/OSX implementations. let cipherSuite = "TLS_AES_256_GCM_SHA384"; -const tlsOptions = { - tlsMode: "requireTLS", - tlsCertificateKeyFile: "jstests/libs/server.pem", - tlsCAFile: "jstests/libs/ca.pem", - setParameter: {opensslCipherSuiteConfig: cipherSuite}, +const mongodOptions = (connectionHealthLoggingOn) => { + let options = { + tlsMode: "requireTLS", + tlsCertificateKeyFile: "jstests/libs/server.pem", + tlsCAFile: "jstests/libs/ca.pem", + setParameter: { + opensslCipherSuiteConfig: cipherSuite, + enableDetailedConnectionHealthMetricLogLines: connectionHealthLoggingOn + }, + }; + + return options; }; -function testConn() { +function testConn(mongod) { const mongo = runMongoProgram('mongo', '--host', 'localhost', @@ -43,49 +50,71 @@ function testConn() { return mongo === 0; } -jsTestLog("Establishing connection to mongod"); -const mongod = MongoRunner.runMongod(Object.merge(tlsOptions)); -let ssNetworkMetrics = mongod.adminCommand({serverStatus: 1}).metrics.network; -let initialHandshakeTimeMillis = ssNetworkMetrics.totalIngressTLSHandshakeTimeMillis; -jsTestLog(`totalTLSHandshakeTimeMillis: ${initialHandshakeTimeMillis}`); -checkLog.containsJson(mongod, 6723804, {durationMillis: Number(initialHandshakeTimeMillis)}); -assert.commandWorked(mongod.adminCommand({clearLog: 'global'})); -assert.eq(1, ssNetworkMetrics.totalIngressTLSConnections, ssNetworkMetrics); - -// Get the logId that corresponds to the implementation of TLS being used. -let logId; -switch (determineSSLProvider()) { - case "openssl": - logId = 6723801; - break; - case "windows": - logId = 6723802; - // This cipher is chosen to represent the cipher negotiated by Windows Server 2019 by - // default. - cipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; - break; - case "apple": - logId = 6723803; - // We log only the cipher represented as its enum value in this code path. This corresponds - // to the hex value 0xC030 which maps to the cipher suite - // "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384". This cipher is chosen by OSX 12.1 by default. - cipherSuite = 49200; - break; - default: - assert(false, "Failed to determine that we are using a supported SSL provider"); -} +let runTest = (connectionHealthLoggingOn) => { + jsTestLog("Establishing connection to mongod"); + let mongod = MongoRunner.runMongod(Object.merge(mongodOptions(connectionHealthLoggingOn))); + let ssNetworkMetrics = mongod.adminCommand({serverStatus: 1}).metrics.network; + let initialHandshakeTimeMillis = ssNetworkMetrics.totalIngressTLSHandshakeTimeMillis; + jsTestLog(`totalTLSHandshakeTimeMillis: ${initialHandshakeTimeMillis}`); + + if (connectionHealthLoggingOn) { + checkLog.containsJson( + mongod, 6723804, {durationMillis: Number(initialHandshakeTimeMillis)}); + } else { + assert.eq(checkLog.checkContainsOnceJson(mongod, 6723804, {}), false); + } + + assert.commandWorked(mongod.adminCommand({clearLog: 'global'})); + assert.eq(1, ssNetworkMetrics.totalIngressTLSConnections, ssNetworkMetrics); + + // Get the logId that corresponds to the implementation of TLS being used. + let logId; + switch (determineSSLProvider()) { + case "openssl": + logId = 6723801; + break; + case "windows": + logId = 6723802; + // This cipher is chosen to represent the cipher negotiated by Windows Server 2019 + // by default. + cipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; + break; + case "apple": + logId = 6723803; + // We log only the cipher represented as its enum value in this code path. This + // corresponds to the hex value 0xC030 which maps to the cipher suite + // "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384". This cipher is chosen by OSX 12.1 by + // default. + cipherSuite = 49200; + break; + default: + assert(false, "Failed to determine that we are using a supported SSL provider"); + } + + // Start a new connection to check that 'durationMicros' is cumulatively measured in server + // status. + assert.soon(() => testConn(mongod), "Couldn't connect to mongod"); + ssNetworkMetrics = mongod.adminCommand({serverStatus: 1}).metrics.network; + let totalTLSHandshakeTimeMillis = ssNetworkMetrics.totalIngressTLSHandshakeTimeMillis; + jsTestLog(`totalTLSHandshakeTimeMillis: ${totalTLSHandshakeTimeMillis}`); + let secondHandshakeDuration = totalTLSHandshakeTimeMillis - initialHandshakeTimeMillis; + + if (connectionHealthLoggingOn) { + checkLog.containsJson(mongod, 6723804, {durationMillis: Number(secondHandshakeDuration)}); + assert.soon(() => checkLog.checkContainsOnceJson(mongod, logId, {"cipher": cipherSuite}), + "failed waiting for log line with negotiated cipher info"); + } else { + assert.eq(checkLog.checkContainsOnceJson(mongod, 6723804, {}), false); + assert.eq(checkLog.checkContainsOnceJson(mongod, logId, {}), false); + } + + assert.gt(totalTLSHandshakeTimeMillis, initialHandshakeTimeMillis); + assert.eq(2, ssNetworkMetrics.totalIngressTLSConnections, ssNetworkMetrics); + + MongoRunner.stopMongod(mongod); +}; -// Start a new connection to check that 'durationMicros' is cumulatively measured in server status. -assert.soon(testConn, "Couldn't connect to mongod"); -ssNetworkMetrics = mongod.adminCommand({serverStatus: 1}).metrics.network; -let totalTLSHandshakeTimeMillis = ssNetworkMetrics.totalIngressTLSHandshakeTimeMillis; -jsTestLog(`totalTLSHandshakeTimeMillis: ${totalTLSHandshakeTimeMillis}`); -let secondHandshakeDuration = totalTLSHandshakeTimeMillis - initialHandshakeTimeMillis; -checkLog.containsJson(mongod, 6723804, {durationMillis: Number(secondHandshakeDuration)}); -assert.soon(() => checkLog.checkContainsOnceJson(mongod, logId, {"cipher": cipherSuite}), - "failed waiting for log line with negotiated cipher info"); -assert.gt(totalTLSHandshakeTimeMillis, initialHandshakeTimeMillis); -assert.eq(2, ssNetworkMetrics.totalIngressTLSConnections, ssNetworkMetrics); - -MongoRunner.stopMongod(mongod); +// Parameterized on turning connection health logging on/off. +runTest(true); +runTest(false); }());
\ No newline at end of file |