mongo 1.10.2 → 1.11.1

data/test/shared/authentication/bulk_api_auth_shared.rb

@@ -17,19 +17,12 @@ module BulkAPIAuthTests
   include Mongo
 
   def init_auth_bulk
-    # enable authentication
-    @admin = @client["admin"]
-    @admin.add_user('admin', 'password', nil, :roles => ['readWriteAnyDatabase',
-                                                         'userAdminAnyDatabase',
-                                                         'dbAdminAnyDatabase'])
-    @admin.authenticate('admin', 'password')
-
     # Set up the test db
     @collection = @db["bulk-api-auth-tests"]
 
     # db user can insert but not remove
     res = BSON::OrderedHash.new
-    res[:db] = TEST_DB
+    res[:db] = @db.name
     res[:collection] = ""
 
     cmd = BSON::OrderedHash.new
@@ -47,31 +40,28 @@ module BulkAPIAuthTests
     @db.command(cmd)
     @db.add_user('insertAndRemove', 'password', nil, :roles => ['insertAndRemove'])
 
-    # for 2.4 cleanup etc.
-    @db.add_user('admin', 'password', nil, :roles => ['readWrite',
-                                                      'userAdmin',
-                                                      'dbAdmin'])
     @admin.logout
   end
 
-  def teardown_bulk
-    remove_all_users_and_roles(@db, 'admin', 'password')
-    remove_all_users_and_roles(@admin, 'admin', 'password')
-  end
-
   def clear_collection(collection)
-    @admin.authenticate('admin', 'password')
+    @admin.authenticate(TEST_USER, TEST_USER_PWD)
     collection.remove
     @admin.logout
   end
 
-  def remove_all_users_and_roles(database, username, password)
-    @admin.authenticate('admin', 'password')
+  def teardown_bulk
+    remove_all_users_and_roles(@db)
+    remove_all_users_and_roles(@admin)
+  end
+
+  def remove_all_users_and_roles(database)
+    @admin.authenticate(TEST_USER, TEST_USER_PWD)
     if @version < '2.5.3'
       database['system.users'].remove
     else
       database.command({:dropAllRolesFromDatabase => 1})
-      database.command({:dropAllUsersFromDatabase => 1})
+      # Don't delete the TEST_USER from the TEST_DB, it is needed for future tests
+      database.command({:dropAllUsersFromDatabase => 1}) unless database.name == TEST_DB
     end
     @admin.logout
   end

data/test/shared/authentication/gssapi_shared.rb

@@ -28,7 +28,8 @@ module GSSAPITests
   #   export MONGODB_GSSAPI_REALM='applicationuser@example.com'
   #   export MONGODB_GSSAPI_KDC='SERVER.DOMAIN.COM'
   #
-  # You must either use kinit or provide a config file that references a keytab file:
+  # You must use kinit when on MRI.
+  # You have the option of providing a config file that references a keytab file on JRuby:
   #
   #   export JAAS_LOGIN_CONFIG_FILE='file:///path/to/config/file'
   #
@@ -37,10 +38,12 @@ module GSSAPITests
   MONGODB_GSSAPI_REALM   = ENV['MONGODB_GSSAPI_REALM']
   MONGODB_GSSAPI_KDC     = ENV['MONGODB_GSSAPI_KDC']
   MONGODB_GSSAPI_PORT    = ENV['MONGODB_GSSAPI_PORT'] || '27017'
-  JAAS_LOGIN_CONFIG_FILE = ENV['JAAS_LOGIN_CONFIG_FILE']
+  MONGODB_GSSAPI_DB      = ENV['MONGODB_GSSAPI_DB']
+  JAAS_LOGIN_CONFIG_FILE = ENV['JAAS_LOGIN_CONFIG_FILE'] # only JRuby
 
   if ENV.key?('MONGODB_GSSAPI_HOST') && ENV.key?('MONGODB_GSSAPI_USER') &&
-     ENV.key?('MONGODB_GSSAPI_REALM') && ENV.key?('MONGODB_GSSAPI_KDC') && RUBY_PLATFORM =~ /java/
+     ENV.key?('MONGODB_GSSAPI_REALM') && ENV.key?('MONGODB_GSSAPI_KDC') &&
+     ENV.key?('MONGODB_GSSAPI_DB')
     def test_gssapi_authenticate
       client = Mongo::MongoClient.new(MONGODB_GSSAPI_HOST, MONGODB_GSSAPI_PORT)
       if client['admin'].command(:isMaster => 1)['setName']
@@ -48,7 +51,7 @@ module GSSAPITests
       end
 
       set_system_properties
-      db = client['kerberos']
+      db = client[MONGODB_GSSAPI_DB]
       db.authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI')
       assert db.command(:dbstats => 1)
 
@@ -68,7 +71,7 @@ module GSSAPITests
       uri = "mongodb://#{username}@#{ENV['MONGODB_GSSAPI_HOST']}:#{ENV['MONGODB_GSSAPI_PORT']}/?" +
          "authMechanism=GSSAPI"
       client = @client.class.from_uri(uri)
-      assert client['kerberos'].command(:dbstats => 1)
+      assert client[MONGODB_GSSAPI_DB].command(:dbstats => 1)
     end
 
     def test_wrong_service_name_fails
@@ -79,8 +82,8 @@ module GSSAPITests
       end
 
       set_system_properties
-      assert_raise_error Java::OrgMongodbSasl::MongoSecurityException do
-        client['kerberos'].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
+      assert_raise_error Mongo::AuthenticationError do
+        client[MONGODB_GSSAPI_DB].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
       end
     end
 
@@ -92,8 +95,8 @@ module GSSAPITests
       uri = "mongodb://#{username}@#{ENV['MONGODB_GSSAPI_HOST']}:#{ENV['MONGODB_GSSAPI_PORT']}/?" +
          "authMechanism=GSSAPI&gssapiServiceName=example"
       client = @client.class.from_uri(uri)
-      assert_raise_error Java::OrgMongodbSasl::MongoSecurityException do
-        client['kerberos'].command(:dbstats => 1)
+      assert_raise_error Mongo::AuthenticationError do
+        client[MONGODB_GSSAPI_DB].command(:dbstats => 1)
       end
     end
 
@@ -103,10 +106,11 @@ module GSSAPITests
       set_system_properties
 
       Mongo::Sasl::GSSAPI.expects(:authenticate).with do |username, client, socket, opts|
-        opts[:gssapi_service_name] == extra_opts[:gssapi_service_name]
-        opts[:canonicalize_host_name] == extra_opts[:canonicalize_host_name]
+        assert_equal opts[:gssapi_service_name], extra_opts[:gssapi_service_name]
+        assert_equal opts[:canonicalize_host_name], extra_opts[:canonicalize_host_name]
+        [ username, client, socket, opts ]
       end.returns('ok' => true )
-      client['kerberos'].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
+      client[MONGODB_GSSAPI_DB].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
     end
 
     def test_extra_opts_uri
@@ -114,8 +118,9 @@ module GSSAPITests
       set_system_properties
 
       Mongo::Sasl::GSSAPI.expects(:authenticate).with do |username, client, socket, opts|
-        opts[:gssapi_service_name] == extra_opts[:gssapi_service_name]
-        opts[:canonicalize_host_name] == extra_opts[:canonicalize_host_name]
+        assert_equal opts[:gssapi_service_name], extra_opts[:gssapi_service_name]
+        assert_equal opts[:canonicalize_host_name], extra_opts[:canonicalize_host_name]
+        [ username, client, socket, opts ]
       end.returns('ok' => true)
 
       require 'cgi'
@@ -124,7 +129,7 @@ module GSSAPITests
          "authMechanism=GSSAPI&gssapiServiceName=example&canonicalizeHostName=true"
       client = @client.class.from_uri(uri)
       client.expects(:receive_message).returns([[{ 'ok' => 1 }], 1, 1])
-      client['kerberos'].command(:dbstats => 1)
+      client[MONGODB_GSSAPI_DB].command(:dbstats => 1)
     end
 
     # In order to run this test, you must set the following environment variable:
@@ -137,7 +142,7 @@ module GSSAPITests
         set_system_properties
         client = Mongo::MongoClient.new(ENV['MONGODB_GSSAPI_HOST_IP'], MONGODB_GSSAPI_PORT)
 
-        db = client['kerberos']
+        db = client[MONGODB_GSSAPI_DB]
         db.authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
         assert db.command(:dbstats => 1)
       end
@@ -148,16 +153,18 @@ module GSSAPITests
       client = Mongo::MongoClient.new(MONGODB_GSSAPI_HOST)
 
       assert_raise Mongo::MongoArgumentError do
-        client['kerberos'].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
+        client[MONGODB_GSSAPI_DB].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
       end
     end
 
     private
     def set_system_properties
-      java.lang.System.set_property 'javax.security.auth.useSubjectCredsOnly', 'false'
-      java.lang.System.set_property "java.security.krb5.realm", MONGODB_GSSAPI_REALM
-      java.lang.System.set_property "java.security.krb5.kdc", MONGODB_GSSAPI_KDC
-      java.lang.System.set_property "java.security.auth.login.config", JAAS_LOGIN_CONFIG_FILE if JAAS_LOGIN_CONFIG_FILE
+      if RUBY_PLATFORM =~ /java/
+        java.lang.System.set_property 'javax.security.auth.useSubjectCredsOnly', 'false'
+        java.lang.System.set_property "java.security.krb5.realm", MONGODB_GSSAPI_REALM
+        java.lang.System.set_property "java.security.krb5.kdc", MONGODB_GSSAPI_KDC
+        java.lang.System.set_property "java.security.auth.login.config", JAAS_LOGIN_CONFIG_FILE if JAAS_LOGIN_CONFIG_FILE
+      end
     end
   end
 

data/test/test_helper.rb

@@ -43,6 +43,11 @@ require 'mocha/setup'
 # cluster manager
 require 'tools/mongo_config'
 
+# For kerberos testing.
+begin
+  require 'mongo_kerberos'
+rescue LoadError; end
+
 # test helpers
 require 'helpers/general'
 require 'helpers/test_unit'

data/test/tools/mongo_config.rb

@@ -83,9 +83,11 @@ module Mongo
                 make_config(opts)
               when :routers
                 make_router(config, opts)
+              when :shards
+                make_standalone_shard(kind, opts)
               else
                 make_mongod(kind, opts)
-            end
+              end
 
             replica_count += 1 if [:replicas, :arbiters].member?(kind)
             node
@@ -130,25 +132,37 @@ module Mongo
                    :ipv6       => ipv6)
     end
 
+    def self.key_file(opts)
+      keyFile = opts[:key_file] || '/test/fixtures/auth/keyfile'
+      keyFile = Dir.pwd << keyFile
+      system "chmod 600 #{keyFile}"
+      keyFile
+    end
+
+    # A regular mongod minus --auth and plus --keyFile.
+    def self.make_standalone_shard(kind, opts)
+      params = make_mongod(kind, opts)
+      params.delete(:auth)
+      params.merge(:keyFile => key_file(opts))
+    end
+
     def self.make_replica(opts, id)
       params     = make_mongod('replicas', opts)
 
       replSet    = opts[:replSet]    || 'ruby-driver-test'
       oplogSize  = opts[:oplog_size] || 5
-      keyFile    = opts[:key_file]   || '/test/fixtures/auth/keyfile'
-
-      keyFile    = Dir.pwd << keyFile
-      system "chmod 600 #{keyFile}"
 
       params.merge(:_id       => id,
                    :replSet   => replSet,
                    :oplogSize => oplogSize,
-                   :keyFile   => keyFile)
+                   :keyFile   => key_file(opts))
     end
 
     def self.make_config(opts)
       params = make_mongod('configs', opts)
-      params.merge(:configsvr => nil)
+      params.delete(:auth)
+      params.merge(:configsvr => true,
+                   :keyFile => key_file(opts))
     end
 
     def self.make_router(config, opts)
@@ -156,8 +170,9 @@ module Mongo
       mongos = ENV['MONGOS'] || 'mongos'
 
       params.merge(
-        :command => mongos,
-        :configdb => self.configdb(config)
+        :command  => mongos,
+        :configdb => self.configdb(config),
+        :keyFile  => key_file(opts)
       )
     end
 
@@ -339,6 +354,35 @@ module Mongo
         @servers.collect{|k,v| (!key || key == k) ? v : nil}.flatten.compact
       end
 
+      def ensure_authenticated(client)
+        begin
+          client[TEST_DB].authenticate(TEST_USER, TEST_USER_PWD)
+        rescue Mongo::MongoArgumentError => ex
+          # client is already authenticated
+          raise ex unless ex.message =~ /already authenticated/
+        rescue Mongo::AuthenticationError => ex
+          # 1) The creds are wrong
+          # 2) Or the user doesn't exist
+          roles = [ 'dbAdminAnyDatabase',
+                    'userAdminAnyDatabase',
+                    'readWriteAnyDatabase',
+                    'clusterAdmin' ]
+          begin
+            # Try to add the user for case (2)
+            client[TEST_DB].add_user(TEST_USER, TEST_USER_PWD, nil, :roles => roles)
+            client[TEST_DB].authenticate(TEST_USER, TEST_USER_PWD)
+          rescue Mongo::ConnectionFailure, Mongo::OperationFailure => ex
+            # Maybe not master, so try to authenticate
+            # 2.2 throws an OperationFailure if add_user fails
+            begin
+              client[TEST_DB].authenticate(TEST_USER, TEST_USER_PWD)
+            rescue => ex
+              # Maybe creds are wrong, nothing we can do
+            end
+          end
+        end
+      end
+
       def command( cmd_servers, db_name, cmd, opts = {} )
         ret = []
         cmd = cmd.class == Array ? cmd : [ cmd ]
@@ -348,6 +392,7 @@ module Mongo
           debug 3, cmd_server.inspect
           cmd_server = cmd_server.config if cmd_server.is_a?(DbServer)
           client = Mongo::MongoClient.new(cmd_server[:host], cmd_server[:port])
+          ensure_authenticated(client)
           cmd.each do |c|
             debug 3,  "ClusterManager.command c:#{c.inspect}"
             response = client[db_name].command( c, opts )
@@ -361,6 +406,10 @@ module Mongo
         ret.size == 1 ? ret.first : ret
       end
 
+      def replica_set?
+        !!config[:replicas]
+      end
+
       def repl_set_get_status
         command( @config[:replicas], 'admin', { :replSetGetStatus => 1 }, {:check_response => false } )
       end
@@ -368,6 +417,7 @@ module Mongo
       def repl_set_get_config
         host, port = primary_name.split(":")
         client = Mongo::MongoClient.new(host, port)
+        ensure_authenticated(client)
         client['local']['system.replset'].find_one
       end
 
@@ -389,7 +439,7 @@ module Mongo
         states     = nil
         healthy    = false
 
-        60.times do
+        80.times do
           # enter the thunderdome...
           states  = repl_set_get_status.zip(repl_set_is_master)
           healthy = states.all? do |status, is_master|
@@ -442,6 +492,11 @@ module Mongo
         repl_set_seeds.join(',')
       end
 
+      def members_uri
+        members = @config[:replicas] || @config[:routers]
+        members.collect{|node| "#{node[:host]}:#{node[:port]}"}.join(',')
+      end
+
       def repl_set_name
         @config[:replicas].first[:replSet]
       end
@@ -553,7 +608,15 @@ module Mongo
       end
 
       def addshards(shards = @config[:shards])
-        command( @config[:routers].first, 'admin', Array(shards).collect{|s| { :addshard => "#{s[:host]}:#{s[:port]}" } } )
+        begin
+          command( @config[:routers].first, 'admin', Array(shards).collect{|s| { :addshard => "#{s[:host]}:#{s[:port]}" } } )
+        rescue Mongo::OperationFailure => ex
+          # Because we cannot run the listshards command under the localhost
+          # exception in > 2.7.1, we run the risk of attempting to add the same shard twice.
+          # Our tests may add a local db to a shard, if the cluster is still up,
+          # then we can ignore this.
+          raise ex unless ex.message =~ /host already used/
+        end
       end
 
       def listshards
@@ -593,7 +656,29 @@ module Mongo
       end
       alias :restart :start
 
+      def delete_users
+        cmd_servers = replica_set? ? [ primary ] : routers
+
+        cmd_servers.each do |cmd_server|
+          begin
+            client = Mongo::MongoClient.new(cmd_server.config[:host],
+                                            cmd_server.config[:port])
+            ensure_authenticated(client)
+            db = client[TEST_DB]
+
+            if client.server_version < '2.5'
+              db['system.users'].remove
+            else
+              db.command(:dropAllUsersFromDatabase => 1)
+            end
+            break
+          rescue Mongo::ConnectionFailure
+          end
+        end
+      end
+
       def stop
+        delete_users
         servers.each{|server| server.stop}
         self
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongo
 version: !ruby/object:Gem::Version
-  version: 1.10.2
+  version: 1.11.1
 platform: ruby
 authors:
 - Emily Stolfo
@@ -34,7 +34,7 @@ cert_chain:
   JrZM8w8wGbIOeLtoQqa7HB/jOYbTahH7KMNh2LHAbOR93hNIJxVRa4iwxiMQ75tN
   9WUIAJ4AEtjwRg1Bz0OwDo3aucPCBpx77+/FWhv7JYY=
   -----END CERTIFICATE-----
-date: 2014-06-16 00:00:00.000000000 Z
+date: 2014-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bson
@@ -42,14 +42,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: 1.11.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: 1.11.1
 description: A Ruby driver for MongoDB. For more information about Mongo, see http://www.mongodb.org.
 email: mongodb-dev@googlegroups.com
 executables:
@@ -83,7 +83,6 @@ files:
 - lib/mongo/functional/authentication.rb
 - lib/mongo/functional/logging.rb
 - lib/mongo/functional/read_preference.rb
-- lib/mongo/functional/sasl_java.rb
 - lib/mongo/functional/uri_parser.rb
 - lib/mongo/functional/write_concern.rb
 - lib/mongo/gridfs.rb

data/lib/mongo/functional/sasl_java.rb

@@ -1,48 +0,0 @@
-# Copyright (C) 2009-2013 MongoDB, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'jruby'
-
-include Java
-
-jar_dir = File.expand_path(File.join(File.dirname(__FILE__), '../../../ext/jsasl'))
-require File.join(jar_dir, 'target/jsasl.jar')
-
-module Mongo
-  module Sasl
-
-    module GSSAPI
-
-      def self.authenticate(username, client, socket, opts={})
-        db            = client.db('$external')
-        hostname      = socket.pool.host
-        servicename   = opts[:gssapi_service_name] || 'mongodb'
-        canonicalize  = opts[:canonicalize_host_name] ? opts[:canonicalize_host_name] : false
-
-        authenticator = org.mongodb.sasl.GSSAPIAuthenticator.new(JRuby.runtime, username, hostname, servicename, canonicalize)
-        token         = BSON::Binary.new(authenticator.initialize_challenge)
-        cmd           = BSON::OrderedHash['saslStart', 1, 'mechanism', 'GSSAPI', 'payload', token, 'autoAuthorize', 1]
-        response      = db.command(cmd, :check_response => false, :socket => socket)
-
-        until response['done'] do
-          token    = BSON::Binary.new(authenticator.evaluate_challenge(response['payload'].to_s))
-          cmd      = BSON::OrderedHash['saslContinue', 1, 'conversationId', response['conversationId'], 'payload', token]
-          response = db.command(cmd, :check_response => false, :socket => socket)
-        end
-        response
-      end
-    end
-
-  end
-end