jstests/ssl/sharding_with_x509.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

// Tests basic sharding with x509 cluster auth. The purpose is to verify the connectivity between
// mongos and the shards.
(function() {
'use strict';

var x509_options = {
    sslMode: "requireSSL",
    sslPEMKeyFile: "jstests/libs/server.pem",
    sslCAFile: "jstests/libs/ca.pem",
    sslClusterFile: "jstests/libs/cluster_cert.pem",
    sslAllowInvalidHostnames: "",
    clusterAuthMode: "x509"
};

// Start ShardingTest with enableBalancer because ShardingTest attempts to turn off the balancer
// otherwise, which it will not be authorized to do. Once SERVER-14017 is fixed the
// "enableBalancer" line could be removed.
// TODO: SERVER-43899 Make sharding_with_x509.js and mixed_mode_sharded_transition.js start shards
// as replica sets.
var st = new ShardingTest({
    shards: 2,
    mongos: 1,
    other: {
        enableBalancer: true,
        configOptions: x509_options,
        mongosOptions: x509_options,
        rsOptions: x509_options,
        shardOptions: x509_options,
        shardAsReplicaSet: false
    }
});

st.s.getDB('admin').createUser({user: 'admin', pwd: 'pwd', roles: ['root']});
st.s.getDB('admin').auth('admin', 'pwd');

var coll = st.s.getCollection("test.foo");

st.shardColl(coll, {insert: 1}, false);

print("starting insertion phase");

// Insert a bunch of data
var toInsert = 2000;
var bulk = coll.initializeUnorderedBulkOp();
for (var i = 0; i < toInsert; i++) {
    bulk.insert({my: "test", data: "to", insert: i});
}
assert.commandWorked(bulk.execute());

print("starting updating phase");

// Update a bunch of data
var toUpdate = toInsert;
bulk = coll.initializeUnorderedBulkOp();
for (var i = 0; i < toUpdate; i++) {
    var id = coll.findOne({insert: i})._id;
    bulk.find({insert: i, _id: id}).update({$inc: {counter: 1}});
}
assert.commandWorked(bulk.execute());

print("starting deletion");

// Remove a bunch of data
var toDelete = toInsert / 2;
bulk = coll.initializeUnorderedBulkOp();
for (var i = 0; i < toDelete; i++) {
    bulk.find({insert: i}).removeOne();
}
assert.commandWorked(bulk.execute());

// Make sure the right amount of data is there
assert.eq(coll.find().itcount({my: 'test'}), toInsert / 2);

// Authenticate csrs so ReplSetTest.stopSet() can do db hash check.
if (st.configRS) {
    st.configRS.nodes.forEach((node) => {
        node.getDB('admin').auth('admin', 'pwd');
    });
}

// Index consistency check during shutdown needs a privileged user to auth as.
const x509User = 'CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US';
st.s.getDB('$external').createUser({user: x509User, roles: [{role: '__system', db: 'admin'}]});

// Orphan checks needs a privileged user to auth as.
st.shard0.getDB('$external').createUser({user: x509User, roles: [{role: '__system', db: 'admin'}]});
st.shard1.getDB('$external').createUser({user: x509User, roles: [{role: '__system', db: 'admin'}]});

st.stop();
})();