mongo 2.11.0 → 2.11.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d27047092172489df2f36b02e09050990a7aae2685a055bf4a30d33a43b86325
-  data.tar.gz: 0f14e016a1dbae9ccda55d77927a773d58a10967b959b9480b052c2df9410386
+  metadata.gz: 8c345d3cf6aa92723002548f8e1e14be65bdfb0969eb05756d510f51a7a6b4ec
+  data.tar.gz: 306c19eafbaee190b5f865beedc5a149b46c5d45aeae509f85390c6e554c25e2
 SHA512:
-  metadata.gz: 3cf2e4bfd5860003b7131c72fae1b58a0a56906a73d67e9e08c465cd5cf0b79f99af431e55597733f3baf9d68a9617cec47647d4bb7b9c8e84eedeeff96509b9
-  data.tar.gz: 190be385cbcfdae0293448281010b8d6c4ca785b37236fe57362921eaeb7cfdb5115dd0159e51622946b97170fa105a375fd0a73ceb4600b268e599aa687dcf1
+  metadata.gz: 80389668e920fe61e0aedad8ae4bf6973cc3f3f150a7e6a49514aee5aec7e062e00851abcabd273efacffc2c080373d0036cc74e49f3fab8607ab133f901e1b8
+  data.tar.gz: 41c28e98cef6df75eb38e4a043c3c4bfce8623a3f68a10522a02d22984a31d0283af5113d8dd8c4ba37aa7df373ff400a9a1359acb9731c1a433c370976b2aa7

data/Rakefile

@@ -34,6 +34,30 @@ namespace :spec do
     SpecSetup.new.run
   end
 
+  desc 'Waits for sessions to be available in the deployment'
+  task :wait_for_sessions do
+    $: << File.join(File.dirname(__FILE__), 'spec')
+
+    require 'support/utils'
+    require 'support/spec_config'
+    require 'support/client_registry'
+
+    client = ClientRegistry.instance.global_client('authorized')
+    client.database.command(ping: 1)
+    deadline = Time.now + 300
+    while Time.now < deadline
+      if client.cluster.send(:sessions_supported?)
+        break
+      end
+      sleep 1
+      client.close
+      client.reconnect
+    end
+    unless client.cluster.send(:sessions_supported?)
+      raise "Sessions did not become supported in the allowed time"
+    end
+  end
+
   desc 'Prints configuration used by the test suite'
   task :config do
     $: << File.join(File.dirname(__FILE__), 'spec')

data/lib/mongo/address.rb

@@ -66,6 +66,8 @@ module Mongo
     # @param [ String ] seed The provided address.
     # @param [ Hash ] options The address options.
     #
+    # @option options [ Float ] :connect_timeout Connect timeout.
+    #
     # @since 2.0.0
     def initialize(seed, options = {})
       if seed.nil?
@@ -85,6 +87,9 @@ module Mongo
     # @return [ Integer ] port The port.
     attr_reader :port
 
+    # @api private
+    attr_reader :options
+
     # Check equality of the address to another.
     #
     # @example Check address equality.
@@ -138,13 +143,30 @@ module Mongo
       "#<Mongo::Address:0x#{object_id} address=#{to_s}>"
     end
 
-    # Get a socket for the provided address, given the options.
+    # Get a socket for the address stored in this object, given the options.
+    #
+    # If the address stored in this object looks like a Unix path, this method
+    # returns a Unix domain socket for this path.
     #
-    # The address the socket connects to is determined by the algorithm described in the
-    # #intialize_resolver! documentation. Each time this method is called, #initialize_resolver!
-    # will be called, meaning that a new hostname lookup will occur. This is done so that any
-    # changes to which addresses the hostname resolves to will be picked up even if a socket has
-    # been connected to it before.
+    # Otherwise, this method attempts to resolve the address stored in
+    # this object to IPv4 and IPv6 addresses using +Socket#getaddrinfo+, then
+    # connects to the resulting addresses and returns the socket of the first
+    # successful connection. The order in which address families (IPv4/IPV6)
+    # are tried is the same order in which the addresses are returned by
+    # +getaddrinfo+, and is determined by the host system.
+    #
+    # Name resolution is performed on each +socket+ call. This is done so that
+    # any changes to which addresses the host names used as seeds or in
+    # server configuration resolve to are immediately noticed by the driver,
+    # even if a socket has been connected to the affected host name/address
+    # before. However, note that DNS TTL values may still affect when a change
+    # to a host address is noticed by the driver.
+    #
+    # This method propagates any exceptions raised during DNS resolution and
+    # subsequent connection attempts. In case of a host name resolving to
+    # multiple IP addresses, the error raised by the last attempt is propagated
+    # to the caller. This method does not map exceptions to Mongo::Error
+    # subclasses, and may raise any subclass of Exception.
     #
     # @example Get a socket.
     #   address.socket(5, :ssl => true)
@@ -155,11 +177,34 @@ module Mongo
     #
     # @option options [ Float ] :connect_timeout Connect timeout.
     #
-    # @return [ Mongo::Socket::SSL, Mongo::Socket::TCP, Mongo::Socket::Unix ] The socket.
+    # @return [ Mongo::Socket::SSL | Mongo::Socket::TCP | Mongo::Socket::Unix ]
+    #   The socket.
+    #
+    # @raise [ Exception ] If network connection failed.
     #
     # @since 2.0.0
     def socket(socket_timeout, ssl_options = {}, options = {})
-      create_resolver(ssl_options).socket(socket_timeout, ssl_options, options)
+      if seed.downcase =~ Unix::MATCH
+        specific_address = Unix.new(seed.downcase)
+        return specific_address.socket(socket_timeout, ssl_options, options)
+      end
+
+      options = {
+        connect_timeout: Server::CONNECT_TIMEOUT,
+      }.update(options)
+
+      family = (host == LOCALHOST) ? ::Socket::AF_INET : ::Socket::AF_UNSPEC
+      error = nil
+      ::Socket.getaddrinfo(host, nil, family, ::Socket::SOCK_STREAM).each do |info|
+        begin
+          specific_address = FAMILY_MAP[info[4]].new(info[3], port, host)
+          socket = specific_address.socket(socket_timeout, ssl_options, options)
+          return socket
+        rescue IOError, SystemCallError, Error::SocketTimeoutError, Error::SocketError => e
+          error = e
+        end
+      end
+      raise error
     end
 
     # Get the address as a string.
@@ -182,37 +227,8 @@ module Mongo
       end
     end
 
-    # @api private
-    def connect_timeout
-      @connect_timeout ||= @options[:connect_timeout] || Server::CONNECT_TIMEOUT
-    end
-
     private
 
-    # To determine which address the socket will connect to, the driver will
-    # attempt to connect to each IP address returned by Socket::getaddrinfo in
-    # sequence. Once a successful connection is made, a resolver with that
-    # IP address specified is returned. If no successful connection is
-    # made, the error made by the last connection attempt is raised.
-    def create_resolver(ssl_options)
-      return Unix.new(seed.downcase) if seed.downcase =~ Unix::MATCH
-
-      family = (host == LOCALHOST) ? ::Socket::AF_INET : ::Socket::AF_UNSPEC
-      error = nil
-      ::Socket.getaddrinfo(host, nil, family, ::Socket::SOCK_STREAM).each do |info|
-        begin
-          specific_address = FAMILY_MAP[info[4]].new(info[3], port, host)
-          socket = specific_address.socket(
-            connect_timeout, ssl_options, connect_timeout: connect_timeout)
-          socket.close
-          return specific_address
-        rescue IOError, SystemCallError, Error::SocketTimeoutError, Error::SocketError => e
-          error = e
-        end
-      end
-      raise error
-    end
-
     def parse_host_port
       address = seed.downcase
       case address

data/lib/mongo/auth.rb

@@ -110,25 +110,45 @@ module Mongo
       # @param [ String ] used_mechanism Auth mechanism actually used for
       #   authentication. This is a full string like SCRAM-SHA-256.
       # @param [ String ] message The error message returned by the server.
+      # @param [ Server ] server The server instance that authentication
+      #   was attempted against.
       #
       # @since 2.0.0
-      def initialize(user, used_mechanism: nil, message: nil)
-        specified_mechanism = if user.mechanism
-          " (mechanism: #{user.mechanism})"
-        else
-          ''
+      def initialize(user, used_mechanism: nil, message: nil,
+        server: nil
+      )
+        configured_bits = []
+        used_bits = [
+          "auth source: #{user.auth_source}",
+        ]
+
+        if user.mechanism
+          configured_bits << "mechanism: #{user.mechanism}"
         end
-        used_mechanism = if used_mechanism
-          " (used mechanism: #{used_mechanism})"
-        else
-          ''
+
+        if used_mechanism
+          used_bits << "used mechanism: #{used_mechanism}"
+        end
+
+        if server
+          used_bits << "used server: #{server.address} (#{server.status})"
         end
+
         used_user = if user.mechanism == :mongodb_x509
           'Client certificate'
         else
           "User #{user.name}"
         end
-        msg = "#{used_user}#{specified_mechanism} is not authorized to access #{user.database} (auth source: #{user.auth_source})#{used_mechanism}"
+
+        if configured_bits.empty?
+          configured_bits = ''
+        else
+          configured_bits = " (#{configured_bits.join(', ')})"
+        end
+
+        used_bits = " (#{used_bits.join(', ')})"
+
+        msg = "#{used_user}#{configured_bits} is not authorized to access #{user.database}#{used_bits}"
         if message
           msg += ': ' + message
         end

data/lib/mongo/auth/cr.rb

@@ -23,6 +23,7 @@ module Mongo
     # @deprecated MONGODB-CR authentication mechanism is deprecated
     #   as of MongoDB 3.6. Support for it in the Ruby driver will be
     #   removed in driver version 3.0. Please use SCRAM instead.
+    # @api private
     class CR
 
       # The authentication mechinism string.

data/lib/mongo/auth/cr/conversation.rb

@@ -52,13 +52,14 @@ module Mongo
         #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Mongo::Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def continue(reply, connection = nil)
-          validate!(reply)
+        def continue(reply, connection)
+          validate!(reply, connection.server)
           if connection && connection.features.op_msg_enabled?
             selector = LOGIN.merge(user: user.name, nonce: nonce, key: user.auth_key(nonce))
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
@@ -78,29 +79,28 @@ module Mongo
         # Finalize the CR conversation. This is meant to be iterated until
         # the provided reply indicates the conversation is finished.
         #
-        # @example Finalize the conversation.
-        #   conversation.finalize(reply)
-        #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply, connection = nil)
-          validate!(reply)
+        def finalize(reply, connection)
+          validate!(reply, connection.server)
         end
 
         # Start the CR conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The first CR conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           if connection && connection.features.op_msg_enabled?
             selector = Auth::GET_NONCE.merge(Protocol::Msg::DATABASE_IDENTIFIER => user.auth_source)
             cluster_time = connection.mongos? && connection.cluster_time
@@ -129,9 +129,9 @@ module Mongo
 
         private
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
-            raise Unauthorized.new(user, used_mechanism: MECHANISM)
+            raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server)
           end
           @nonce = reply.documents[0][Auth::NONCE]
           @reply = reply

data/lib/mongo/auth/ldap.rb

@@ -20,6 +20,7 @@ module Mongo
     # Defines behavior for LDAP Proxy authentication.
     #
     # @since 2.0.0
+    # @api private
     class LDAP
 
       # The authentication mechinism string.
@@ -56,7 +57,7 @@ module Mongo
         conversation = Conversation.new(user)
         reply = connection.dispatch([ conversation.start(connection) ])
         connection.update_cluster_time(Operation::Result.new(reply))
-        conversation.finalize(reply)
+        conversation.finalize(reply, connection)
       end
     end
   end

data/lib/mongo/auth/ldap/conversation.rb

@@ -37,31 +37,28 @@ module Mongo
         # Finalize the PLAIN conversation. This is meant to be iterated until
         # the provided reply indicates the conversation is finished.
         #
-        # @example Finalize the conversation.
-        #   conversation.finalize(reply)
-        #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply)
-          validate!(reply)
+        def finalize(reply, connection)
+          validate!(reply, connection.server)
         end
 
         # Start the PLAIN conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
-        #
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The first PLAIN conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           if connection && connection.features.op_msg_enabled?
             selector = LOGIN.merge(payload: payload, mechanism: LDAP::MECHANISM)
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = Auth::EXTERNAL
@@ -96,9 +93,9 @@ module Mongo
           BSON::Binary.new("\x00#{user.name}\x00#{user.password}")
         end
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
-            raise Unauthorized.new(user, used_mechanism: MECHANISM)
+            raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server)
           end
           @reply = reply
         end

data/lib/mongo/auth/scram.rb

@@ -20,6 +20,7 @@ module Mongo
     # Defines behavior for SCRAM authentication.
     #
     # @since 2.0.0
+    # @api private
     class SCRAM
 
       # The authentication mechanism string for SCRAM-SHA-1.

data/lib/mongo/auth/scram/conversation.rb

@@ -20,6 +20,7 @@ module Mongo
       # the client and server.
       #
       # @since 2.0.0
+      # @api private
       class Conversation
 
         # The base client continue message.
@@ -103,13 +104,14 @@ module Mongo
         #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
-        # @return [ Protocol::Query ] The next message to send.
+        # @return [ Protocol::Message ] The next message to send.
         #
         # @since 2.0.0
-        def continue(reply, connection = nil)
-          validate_first_message!(reply)
+        def continue(reply, connection)
+          validate_first_message!(reply, connection.server)
 
           # The salted password needs to be calculated now; otherwise, if the
           # client key is cached from a previous authentication, the salt in the
@@ -118,7 +120,10 @@ module Mongo
           salted_password
 
           if connection && connection.features.op_msg_enabled?
-            selector = CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id)
+            selector = CLIENT_CONTINUE_MESSAGE.merge(
+              payload: client_final_message,
+              conversationId: id,
+            )
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
             cluster_time = connection.mongos? && connection.cluster_time
             selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
@@ -127,8 +132,11 @@ module Mongo
             Protocol::Query.new(
               user.auth_source,
               Database::COMMAND,
-              CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id),
-              limit: -1
+              CLIENT_CONTINUE_MESSAGE.merge(
+                payload: client_final_message,
+                conversationId: id,
+              ),
+              limit: -1,
             )
           end
         end
@@ -136,20 +144,20 @@ module Mongo
         # Finalize the SCRAM conversation. This is meant to be iterated until
         # the provided reply indicates the conversation is finished.
         #
-        # @example Finalize the conversation.
-        #   conversation.finalize(reply)
-        #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply, connection = nil)
-          validate_final_message!(reply)
+        def finalize(reply, connection)
+          validate_final_message!(reply, connection.server)
           if connection && connection.features.op_msg_enabled?
-            selector = CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id)
+            selector = CLIENT_CONTINUE_MESSAGE.merge(
+              payload: client_empty_message,
+              conversationId: id,
+            )
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
             cluster_time = connection.mongos? && connection.cluster_time
             selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
@@ -158,8 +166,11 @@ module Mongo
             Protocol::Query.new(
               user.auth_source,
               Database::COMMAND,
-              CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id),
-              limit: -1
+              CLIENT_CONTINUE_MESSAGE.merge(
+                payload: client_empty_message,
+                conversationId: id,
+              ),
+              limit: -1,
             )
           end
         end
@@ -167,15 +178,12 @@ module Mongo
         # Start the SCRAM conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
-        #
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being authenticated.
         #
         # @return [ Protocol::Query ] The first SCRAM conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           if connection && connection.features.op_msg_enabled?
             selector = CLIENT_FIRST_MESSAGE.merge(
               payload: client_first_message, mechanism: full_mechanism)
@@ -189,7 +197,7 @@ module Mongo
               Database::COMMAND,
               CLIENT_FIRST_MESSAGE.merge(
                 payload: client_first_message, mechanism: full_mechanism),
-              limit: -1
+              limit: -1,
             )
           end
         end
@@ -505,23 +513,24 @@ module Mongo
           check == 0
         end
 
-        def validate_final_message!(reply)
-          validate!(reply)
+        def validate_final_message!(reply, server)
+          validate!(reply, server)
           unless compare_digest(verifier, server_signature)
             raise Error::InvalidSignature.new(verifier, server_signature)
           end
         end
 
-        def validate_first_message!(reply)
-          validate!(reply)
+        def validate_first_message!(reply, server)
+          validate!(reply, server)
           raise Error::InvalidNonce.new(nonce, rnonce) unless rnonce.start_with?(nonce)
         end
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
             raise Unauthorized.new(user,
               used_mechanism: full_mechanism,
               message: reply.documents[0]['errmsg'],
+              server: server,
             )
           end
           @reply = reply