mongo 1.9.2 → 1.10.0.rc0

data/test/replica_set/refresh_test.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -69,7 +69,7 @@ class ReplicaSetRefreshTest < Test::Unit::TestCase
 
     old_refresh_version = client.refresh_version
     # Trigger synchronous refresh
-    client['foo']['bar'].find_one
+    client[TEST_DB]['rs-refresh-test'].find_one
 
     assert client.connected?
     assert client.refresh_version > old_refresh_version
@@ -83,7 +83,7 @@ class ReplicaSetRefreshTest < Test::Unit::TestCase
 
     old_refresh_version = client.refresh_version
     # Trigger synchronous refresh
-    client['foo']['bar'].find_one
+    client[TEST_DB]['rs-refresh-test'].find_one
 
     assert client.connected?
     assert client.refresh_version > old_refresh_version,
@@ -103,7 +103,7 @@ class ReplicaSetRefreshTest < Test::Unit::TestCase
       threads << Thread.new do
         # force a connection failure every couple of threads that causes a refresh
         if i % factor == 0
-          cursor = client['foo']['bar'].find
+          cursor = client[TEST_DB]['rs-refresh-test'].find
           cursor.stubs(:checkout_socket_from_connection).raises(ConnectionFailure)
           begin
             cursor.next
@@ -113,7 +113,7 @@ class ReplicaSetRefreshTest < Test::Unit::TestCase
           end
         else
           # synchronous refreshes will happen every couple of find_ones
-          cursor = client['foo']['bar'].find_one
+          cursor = client[TEST_DB]['rs-refresh-test'].find_one
         end
       end
     end
@@ -135,7 +135,7 @@ class ReplicaSetRefreshTest < Test::Unit::TestCase
     sleep(2)
 
     rescue_connection_failure do
-      client['foo']['bar'].find_one
+      client[TEST_DB]['rs-refresh-test'].find_one
     end
 
     assert client.refresh_version > old_refresh_version,
@@ -152,7 +152,7 @@ class ReplicaSetRefreshTest < Test::Unit::TestCase
 
     @rs.add_node
     sleep(4)
-    client['foo']['bar'].find_one
+    client[TEST_DB]['rs-refresh-test'].find_one
 
     @conn2 = MongoReplicaSetClient.new(build_seeds(3),
       :refresh_interval => 2, :refresh_mode => :sync)

data/test/replica_set/replication_ack_test.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,7 +26,7 @@ class ReplicaSetAckTest < Test::Unit::TestCase
 
     assert !@slave1.read_primary?
 
-    @db = @client.db(MONGO_TEST_DB)
+    @db = @client.db(TEST_DB)
     @db.drop_collection("test-sets")
     @col = @db.collection("test-sets")
   end
@@ -54,17 +54,17 @@ class ReplicaSetAckTest < Test::Unit::TestCase
     @col.insert({:baz => "bar"}, :w => 3, :wtimeout => 5000)
 
     assert @col.insert({:foo => "0" * 5000}, :w => 3, :wtimeout => 5000)
-    assert_equal 2, @slave1[MONGO_TEST_DB]["test-sets"].count
+    assert_equal 2, @slave1[TEST_DB]["test-sets"].count
 
     assert @col.update({:baz => "bar"}, {:baz => "foo"}, :w => 3, :wtimeout => 5000)
-    assert @slave1[MONGO_TEST_DB]["test-sets"].find_one({:baz => "foo"})
+    assert @slave1[TEST_DB]["test-sets"].find_one({:baz => "foo"})
 
     assert @col.insert({:foo => "bar"}, :w => "majority")
 
     assert @col.insert({:bar => "baz"}, :w => :majority)
 
     assert @col.remove({}, :w => 3, :wtimeout => 5000)
-    assert_equal 0, @slave1[MONGO_TEST_DB]["test-sets"].count
+    assert_equal 0, @slave1[TEST_DB]["test-sets"].count
   end
 
   def test_last_error_responses

data/test/replica_set/ssl_test.rb

@@ -1,114 +1,32 @@
-require 'test_helper'
+# Copyright (C) 2009-2013 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
-# Note: For testing with MongoReplicaSetClient you *MUST* use the
-# hostname 'server' for all members of the replica set.
+require 'test_helper'
+require 'shared/ssl_shared'
 
-class ReplicaSetSSLCertValidationTest < Test::Unit::TestCase
+class ReplicaSetSSLTest < Test::Unit::TestCase
   include Mongo
+  include SSLTests
 
-  CERT_PATH   = "#{Dir.pwd}/test/fixtures/certificates/"
-  CLIENT_CERT = "#{CERT_PATH}client.pem"
-  CA_CERT     = "#{CERT_PATH}ca.pem"
-  SEEDS       = ['server:3000','server:3001','server:3002']
-  BAD_SEEDS   = ['localhost:3000','localhost:3001','localhost:3002']
-
-  # This test doesn't connect, no server config required
-  def test_ssl_configuration
-    # raises when ssl=false and ssl opts specified
-    assert_raise MongoArgumentError do
-      MongoReplicaSetClient.new(SEEDS, :connect  => false,
-                                       :ssl      => false,
-                                       :ssl_cert => CLIENT_CERT)
-    end
-
-    # raises when ssl=nil and ssl opts specified
-    assert_raise MongoArgumentError do
-      MongoReplicaSetClient.new(SEEDS, :connect => false,
-                                       :ssl_key => CLIENT_CERT)
-    end
-
-    # raises when verify=true and no ca_cert
-    assert_raise MongoArgumentError do
-      MongoReplicaSetClient.new(SEEDS, :connect    => false,
-                                       :ssl        => true,
-                                       :ssl_key    => CLIENT_CERT,
-                                       :ssl_cert   => CLIENT_CERT,
-                                       :ssl_verify => true)
-    end
-  end
-
-  # Requires MongoDB built with SSL and the follow options:
-  #
-  # mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
-  # --sslPEMKeyFile /path/to/server.pem \
-  # --sslCAFile /path/to/ca.pem \
-  # --sslCRLFile /path/to/crl.pem \
-  # --sslWeakCertificateValidation
-  #
-  # Make sure you have 'server' as an alias for localhost in /etc/hosts
-  #
-  def test_ssl_basic
-    client = MongoReplicaSetClient.new(SEEDS, :connect => false,
-                                              :ssl     => true)
-    assert client.connect
-  end
-
-  # Requires MongoDB built with SSL and the follow options:
-  #
-  # mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
-  # --sslPEMKeyFile /path/to/server.pem \
-  # --sslCAFile /path/to/ca.pem \
-  # --sslCRLFile /path/to/crl.pem
-  #
-  # Make sure you have 'server' as an alias for localhost in /etc/hosts
-  #
-  def test_ssl_with_cert
-    client = MongoReplicaSetClient.new(SEEDS, :connect  => false,
-                                              :ssl      => true,
-                                              :ssl_cert => CLIENT_CERT,
-                                              :ssl_key  => CLIENT_CERT)
-    assert client.connect
-  end
-
-  def test_ssl_with_peer_cert_validation
-    client = MongoReplicaSetClient.new(SEEDS, :connect     => false,
-                                              :ssl         => true,
-                                              :ssl_key     => CLIENT_CERT,
-                                              :ssl_cert    => CLIENT_CERT,
-                                              :ssl_verify  => true,
-                                              :ssl_ca_cert => CA_CERT)
-    assert client.connect
-  end
-
-  def test_ssl_peer_cert_validation_hostname_fail
-    client = MongoReplicaSetClient.new(BAD_SEEDS, :connect     => false,
-                                                  :ssl         => true,
-                                                  :ssl_key     => CLIENT_CERT,
-                                                  :ssl_cert    => CLIENT_CERT,
-                                                  :ssl_verify  => true,
-                                                  :ssl_ca_cert => CA_CERT)
-    assert_raise ConnectionFailure do
-      client.connect
-    end
-  end
+  SEEDS     = ['server:3000','server:3001','server:3002']
+  BAD_SEEDS = ['localhost:3000','localhost:3001','localhost:3002']
 
-  # Requires mongod built with SSL and the follow options:
-  #
-  # mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
-  # --sslPEMKeyFile /path/to/server.pem \
-  # --sslCAFile /path/to/ca.pem \
-  # --sslCRLFile /path/to/crl_client_revoked.pem
-  #
-  # Make sure you have 'server' as an alias for localhost in /etc/hosts
-  #
-  def test_ssl_with_invalid_cert
-    assert_raise ConnectionFailure do
-      MongoReplicaSetClient.new(SEEDS, :ssl         => true,
-                                       :ssl_key     => CLIENT_CERT,
-                                       :ssl_cert    => CLIENT_CERT,
-                                       :ssl_verify  => true,
-                                       :ssl_ca_cert => CA_CERT)
-    end
+  def setup
+    @client_class     = MongoReplicaSetClient
+    @uri_info         = SEEDS.join(',')
+    @connect_info     = SEEDS
+    @bad_connect_info = BAD_SEEDS
   end
 
 end

data/test/sharded_cluster/basic_test.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,12 +19,12 @@ class Cursor
   public :construct_query_spec
 end
 
-class BasicTest < Test::Unit::TestCase
+class ShardedClusterBasicTest < Test::Unit::TestCase
 
   def setup
     ensure_cluster(:sc)
     @document = { "name" => "test_user" }
-    @seeds = @sc.mongos_seeds
+    @seeds    = @sc.mongos_seeds
   end
 
   # TODO member.primary? ==> true
@@ -49,39 +49,39 @@ class BasicTest < Test::Unit::TestCase
     tags = [{:dc => "mongolia"}]
     @client = MongoClient.new(host, port, {:read => :secondary, :tag_sets => tags})
     assert @client.connected?
-    cursor = Cursor.new(@client[MONGO_TEST_DB]['whatever'], {})
+    cursor = Cursor.new(@client[TEST_DB]['whatever'], {})
     assert_equal cursor.construct_query_spec['$readPreference'], {:mode => 'secondary', :tags => tags}
   end
 
   def test_find_one_with_read_secondary
     @client = MongoShardedClient.new(@seeds, { :read => :secondary })
-    @client[MONGO_TEST_DB]["users"].insert([ @document ])
-    assert_equal @client[MONGO_TEST_DB]['users'].find_one["name"], "test_user"
+    @client[TEST_DB]["users"].insert([ @document ])
+    assert_equal @client[TEST_DB]['users'].find_one["name"], "test_user"
   end
 
   def test_find_one_with_read_secondary_preferred
     @client = MongoShardedClient.new(@seeds, { :read => :secondary_preferred })
-    @client[MONGO_TEST_DB]["users"].insert([ @document ])
-    assert_equal @client[MONGO_TEST_DB]['users'].find_one["name"], "test_user"
+    @client[TEST_DB]["users"].insert([ @document ])
+    assert_equal @client[TEST_DB]['users'].find_one["name"], "test_user"
   end
 
   def test_find_one_with_read_primary
     @client = MongoShardedClient.new(@seeds, { :read => :primary })
-    @client[MONGO_TEST_DB]["users"].insert([ @document ])
-    assert_equal @client[MONGO_TEST_DB]['users'].find_one["name"], "test_user"
+    @client[TEST_DB]["users"].insert([ @document ])
+    assert_equal @client[TEST_DB]['users'].find_one["name"], "test_user"
   end
 
   def test_find_one_with_read_primary_preferred
     @client = MongoShardedClient.new(@seeds, { :read => :primary_preferred })
-    @client[MONGO_TEST_DB]["users"].insert([ @document ])
-    assert_equal @client[MONGO_TEST_DB]['users'].find_one["name"], "test_user"
+    @client[TEST_DB]["users"].insert([ @document ])
+    assert_equal @client[TEST_DB]['users'].find_one["name"], "test_user"
   end
 
   def test_read_from_sharded_client
     tags = [{:dc => "mongolia"}]
     @client = MongoShardedClient.new(@seeds, {:read => :secondary, :tag_sets => tags})
     assert @client.connected?
-    cursor = Cursor.new(@client[MONGO_TEST_DB]['whatever'], {})
+    cursor = Cursor.new(@client[TEST_DB]['whatever'], {})
     assert_equal cursor.construct_query_spec['$readPreference'], {:mode => 'secondary', :tags => tags}
   end
 
@@ -107,13 +107,13 @@ class BasicTest < Test::Unit::TestCase
     @client = MongoShardedClient.new(@seeds, :refresh_interval => 5, :refresh_mode => :sync)
     assert @client.connected?
     # do a find to pin a pool
-    @client['MONGO_TEST_DB']['test'].find_one
+    @client[TEST_DB]['test'].find_one
     original_primary = @client.manager.primary
     # stop the pinned member
     @sc.member_by_name("#{original_primary[0]}:#{original_primary[1]}").stop
     # assert that the client fails over to the next available mongos
     assert_nothing_raised do
-      @client['MONGO_TEST_DB']['test'].find_one
+      @client[TEST_DB]['test'].find_one
     end
 
     assert_not_equal original_primary, @client.manager.primary
@@ -161,6 +161,34 @@ class BasicTest < Test::Unit::TestCase
     @client.close
   end
 
+  def test_wire_version_not_in_range
+    [
+      [Mongo::MongoClient::MAX_WIRE_VERSION+1, Mongo::MongoClient::MAX_WIRE_VERSION+1],
+      [Mongo::MongoClient::MIN_WIRE_VERSION-1, Mongo::MongoClient::MIN_WIRE_VERSION-1]
+    ].each do |min_wire_version_value, max_wire_version_value|
+      Mongo.module_eval <<-EVAL
+        class ShardingPoolManager
+          def max_wire_version
+            return #{max_wire_version_value}
+          end
+          def min_wire_version
+            return #{min_wire_version_value}
+          end
+        end
+      EVAL
+      @client = MongoShardedClient.new(@seeds, :connect => false)
+      assert !@client.connected?
+      assert_raises Mongo::ConnectionFailure do
+        @client.connect
+      end
+    end
+    Mongo.module_eval <<-EVAL
+      class ShardingPoolManager
+        attr_reader :max_wire_version, :min_wire_version
+      end
+    EVAL
+  end
+
   private
 
   def probe(size)

data/test/shared/authentication/basic_auth_shared.rb

@@ -0,0 +1,215 @@
+# Copyright (C) 2009-2013 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module BasicAuthTests
+
+  def init_auth
+    # enable authentication by creating and logging in as admin user
+    @admin = @client['admin']
+    @admin.add_user('admin', 'password', nil, :roles => ['readAnyDatabase',
+                                                         'readWriteAnyDatabase',
+                                                         'userAdminAnyDatabase',
+                                                         'dbAdminAnyDatabase',
+                                                         'clusterAdmin'])
+    @admin.authenticate('admin', 'password')
+
+    # db user for cleanup (for pre-2.4)
+    @db.add_user('admin', 'cleanup', nil, :roles => [])
+  end
+
+  def teardown
+    remove_all_users(@db, 'admin', 'cleanup')
+    remove_all_users(@admin, 'admin', 'password') if has_auth?(@admin.name)
+  end
+
+  def remove_all_users(database, username, password)
+    database.authenticate(username, password) unless has_auth?(database.name)
+    if @client.server_version < '2.5'
+      database['system.users'].remove
+    else
+      database.command(:dropAllUsersFromDatabase => 1)
+    end
+    database.logout
+  end
+
+  def has_auth?(db_name)
+    @client.auths.any? { |a| a[:source] == db_name }
+  end
+
+  def test_add_remove_user
+    # add user
+    silently { @db.add_user('bob','user') }
+    assert @db.authenticate('bob', 'user')
+
+    # remove user
+    assert @db.remove_user('bob')
+  end
+
+  def test_update_user
+    # add user
+    silently { @db.add_user('bob', 'user') }
+    assert @db.authenticate('bob', 'user')
+    @db.logout
+
+    # update user
+    silently { @db.add_user('bob', 'updated') }
+    assert_raise Mongo::AuthenticationError do
+      @db.authenticate('bob', 'user')
+    end
+    assert @db.authenticate('bob', 'updated')
+  end
+
+  def test_remove_non_existent_user
+    if @client.server_version < '2.5'
+      assert_equal false, @db.remove_user('joe')
+    else
+      assert_raise Mongo::OperationFailure do
+        assert @db.remove_user('joe')
+      end
+    end
+  end
+
+  def test_authenticate
+    silently { @db.add_user('peggy', 'user') }
+    assert @db.authenticate('peggy', 'user')
+    @db.remove_user('peggy')
+  end
+
+  def test_authenticate_non_existent_user
+    assert_raise Mongo::AuthenticationError do
+      @db.authenticate('frank', 'thetank')
+    end
+  end
+
+  def test_logout
+    silently { @db.add_user('peggy', 'user') }
+    assert @db.authenticate('peggy', 'user')
+    assert @db.logout
+  end
+
+  def test_authenticate_with_special_characters
+    silently { assert @db.add_user('foo:bar','@foo') }
+    assert @db.authenticate('foo:bar','@foo')
+  end
+
+  def test_authenticate_read_only
+    silently { @db.add_user('randy', 'readonly', true) }
+    assert @db.authenticate('randy', 'readonly')
+  end
+
+  def test_authenticate_with_connection_uri
+    silently { @db.add_user('eunice', 'uritest') }
+
+    uri    = "mongodb://eunice:uritest@#{@host_info}/#{@db.name}"
+    client = Mongo::URIParser.new(uri).connection
+
+    assert client
+    assert_equal client.auths.size, 1
+    assert client[TEST_DB]['auth_test'].count
+
+    auth = client.auths.first
+    assert_equal @db.name, auth[:db_name]
+    assert_equal 'eunice', auth[:username]
+    assert_equal 'uritest', auth[:password]
+  end
+
+  def test_socket_auths
+    # setup
+    db_a = @client[TEST_DB + '_a']
+    silently { db_a.add_user('user_a', 'password') }
+    assert db_a.authenticate('user_a', 'password')
+
+    db_b = @client[TEST_DB + '_b']
+    silently { db_b.add_user('user_b', 'password') }
+    assert db_b.authenticate('user_b', 'password')
+
+    db_c = @client[TEST_DB + '_c']
+    silently { db_c.add_user('user_c', 'password') }
+    assert db_c.authenticate('user_c', 'password')
+
+    # client auths should be applied to socket on checkout
+    socket = @client.checkout_reader(:mode => :primary)
+    assert_equal 4, socket.auths.size
+    assert_equal @client.auths, socket.auths
+    @client.checkin(socket)
+
+    # logout should remove saved auth on socket and client
+    assert db_b.logout
+    socket = @client.checkout_reader(:mode => :primary)
+    assert_equal 3, socket.auths.size
+    assert_equal @client.auths, socket.auths
+    @client.checkin(socket)
+
+    # clean-up
+    db_b.authenticate('user_b', 'password')
+    remove_all_users(db_a, 'user_a', 'password')
+    remove_all_users(db_b, 'user_b', 'password')
+    remove_all_users(db_c, 'user_c', 'password')
+  end
+
+  def test_delegated_authentication
+    return unless @client.server_version >= '2.4' && @client.server_version < '2.5'
+
+    # create user in test databases
+    accounts = @client[TEST_DB + '_accounts']
+    silently do
+      accounts.add_user('debbie', 'delegate')
+      @db.add_user('debbie', nil, nil, :roles => ['read'], :userSource => accounts.name)
+    end
+    @admin.logout
+
+    # validate that direct authentication is not allowed
+    assert_raise Mongo::AuthenticationError do
+      @db.authenticate('debbie', 'delegate')
+    end
+
+    # validate delegated authentication
+    assert accounts.authenticate('debbie', 'delegate')
+    assert @db.collection_names
+    accounts.logout
+    assert_raise Mongo::OperationFailure do
+      @db.collection_names
+    end
+
+    # validate auth using source database
+    @db.authenticate('debbie', 'delegate', nil, accounts.name)
+    assert @db.collection_names
+    accounts.logout
+    assert_raise Mongo::OperationFailure do
+      @db.collection_names
+    end
+
+    # clean-up
+    @admin.authenticate('admin', 'password')
+    remove_all_users(accounts, 'debbie', 'delegate')
+  end
+
+  def test_non_admin_default_roles
+    return if @client.server_version < '2.5'
+
+    # add read-only user and verify that role is 'read'
+    @db.add_user('randy', 'password', nil, :roles => ['read'])
+    @db.authenticate('randy', 'password')
+    users = @db.command(:usersInfo => 'randy')['users']
+    assert_equal 'read', users.first['roles'].first['role']
+    @db.logout
+
+    # add dbOwner (default) user and verify role
+    silently { @db.add_user('emily', 'password') }
+    @db.authenticate('emily', 'password')
+    users = @db.command(:usersInfo => 'emily')['users']
+    assert_equal 'dbOwner', users.first['roles'].first['role']
+  end
+
+end