mongo 2.11.6 → 2.12.0.rc0

data/spec/integration/srv_monitoring_spec.rb

@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe 'SRV Monitoring' do
+  clean_slate_for_all
+
   context 'with SRV lookups mocked at Resolver' do
     let(:srv_result) do
       double('srv result').tap do |result|
@@ -84,12 +86,16 @@ describe 'SRV Monitoring' do
 
     let(:client) do
       new_local_client(uri,
-        server_selection_timeout: 3.16,
-        resolv_options: {
-          nameserver: 'localhost',
-          nameserver_port: [['localhost', 5300], ['127.0.0.1', 5300]],
-        },
-        logger: logger,
+        SpecConfig.instance.ssl_options.merge(
+          server_selection_timeout: 3.16,
+          timeout: 8.11,
+          connect_timeout: 8.12,
+          resolv_options: {
+            nameserver: 'localhost',
+            nameserver_port: [['localhost', 5300], ['127.0.0.1', 5300]],
+          },
+          logger: logger,
+        ),
       )
     end
 
@@ -352,6 +358,8 @@ describe 'SRV Monitoring' do
           # Covers both NoPrimary and WithPrimary replica sets
           expect(client.cluster.topology).to be_a(Mongo::Cluster::Topology::ReplicaSetNoPrimary)
 
+          # give the thread another moment to stop
+          sleep 0.1
           expect(client.cluster.srv_monitor).not_to be_running
         end
       end

data/spec/lite_spec_helper.rb

@@ -20,11 +20,7 @@ TRANSACTIONS_API_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/transactions_
 CHANGE_STREAMS_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/change_streams/*.yml").sort
 CMAP_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/cmap/*.yml").sort
 AUTH_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/auth/*.yml").sort
-
-require 'mongo'
-require 'pp'
-
-autoload :Benchmark, 'benchmark'
+CLIENT_SIDE_ENCRYPTION_TESTS = Dir.glob("#{CURRENT_PATH}/spec_tests/data/client_side_encryption/*.yml").sort
 
 unless ENV['CI']
   begin
@@ -40,6 +36,13 @@ unless ENV['CI']
   end
 end
 
+require 'mongo'
+require 'pp'
+
+autoload :Benchmark, 'benchmark'
+autoload :Timecop, 'timecop'
+autoload :IceNine, 'ice_nine'
+
 if BSON::Environment.jruby?
   require 'concurrent-ruby'
   PossiblyConcurrentArray = Concurrent::Array
@@ -56,31 +59,30 @@ unless SpecConfig.instance.client_debug?
 end
 Encoding.default_external = Encoding::UTF_8
 
-autoload :Timecop, 'timecop'
-
-require 'ice_nine'
 require 'support/matchers'
 require 'support/lite_constraints'
 require 'support/event_subscriber'
-require 'support/server_discovery_and_monitoring'
-require 'support/server_selection_rtt'
-require 'support/server_selection'
-require 'support/sdam_monitoring'
-require 'support/crud'
-require 'support/command_monitoring'
-require 'support/cmap'
-require 'runners/connection_string'
-require 'support/connection_string'
-require 'support/gridfs'
-require 'support/transactions'
-require 'support/change_streams'
 require 'support/common_shortcuts'
 require 'support/client_registry'
 require 'support/client_registry_macros'
+require 'support/crypt'
 require 'support/json_ext_formatter'
 require 'support/sdam_formatter_integration'
 require 'support/background_thread_registry'
-require 'support/auth'
+
+require 'runners/server_discovery_and_monitoring'
+require 'runners/server_selection_rtt'
+require 'runners/server_selection'
+require 'runners/sdam_monitoring'
+require 'runners/crud'
+require 'runners/command_monitoring'
+require 'runners/cmap'
+require 'runners/connection_string'
+require 'runners/connection_string'
+require 'runners/gridfs'
+require 'runners/transactions'
+require 'runners/change_streams'
+require 'runners/auth'
 
 if SpecConfig.instance.mri?
   require 'timeout_interrupt'
@@ -122,7 +124,9 @@ RSpec.configure do |config|
 
   if SpecConfig.instance.ci?
     unless BSON::Environment.jruby?
-      Rfc::Rif.output_object_space_stats = true
+      if defined?(Rfc)
+        Rfc::Rif.output_object_space_stats = true
+      end
     end
   end
 
@@ -138,3 +142,8 @@ if SpecConfig.instance.active_support?
   require "active_support/time"
   require 'mongo/active_support'
 end
+
+if File.exist?('.env.private')
+  require 'dotenv'
+  Dotenv.load('.env.private')
+end

data/spec/mongo/auth/cr_spec.rb

@@ -12,6 +12,10 @@ describe Mongo::Auth::CR do
 
   describe '#login' do
 
+    before do
+      connection.connect!
+    end
+
     context 'when the user is not authorized' do
 
       let(:user) do
@@ -53,6 +57,10 @@ describe Mongo::Auth::CR do
   context 'when the user is authorized for the database' do
     max_server_fcv '2.6'
 
+    before do
+      connection.connect!
+    end
+
     let(:cr) do
       described_class.new(root_user)
     end

data/spec/mongo/auth/ldap_spec.rb

@@ -16,6 +16,10 @@ describe Mongo::Auth::LDAP do
 
   describe '#login' do
 
+    before do
+      connection.connect!
+    end
+
     context 'when the user is not authorized for the database' do
 
       let(:cr) do
@@ -26,7 +30,7 @@ describe Mongo::Auth::LDAP do
         cr.login(connection).documents[0]
       end
 
-      it 'logs the user into the connection' do
+      it 'attempts to log the user into the connection' do
         expect {
           cr.login(connection)
         }.to raise_error(Mongo::Auth::Unauthorized)

data/spec/mongo/auth/scram/conversation_spec.rb

@@ -1,7 +1,8 @@
 require 'spec_helper'
 
-# fails intermittently on jruby in Evergreen
-describe Mongo::Auth::SCRAM::Conversation, retry: 3 do
+describe Mongo::Auth::SCRAM::Conversation do
+  # Test uses global assertions
+  clean_slate
 
   let(:conversation) do
     described_class.new(user, mechanism)
@@ -35,8 +36,6 @@ describe Mongo::Auth::SCRAM::Conversation, retry: 3 do
     end
 
     describe '#start' do
-      # Test uses global assertions
-      clean_slate
 
       let(:query) do
         conversation.start(nil)
@@ -407,10 +406,10 @@ describe Mongo::Auth::SCRAM::Conversation, retry: 3 do
         end
 
         it 'raises an error' do
-          expect {
+          expect do
             conversation.continue(continue_reply, connection)
             conversation.finalize(reply, connection)
-          }.to raise_error(Mongo::Error::InvalidSignature)
+          end.to raise_error(Mongo::Error::InvalidSignature)
         end
       end
     end

data/spec/mongo/auth/scram/negotiation_spec.rb

@@ -1,20 +1,13 @@
 require 'spec_helper'
 
-# This test should set cleanup: false on all clients, because due to
-# https://jira.mongodb.org/browse/RUBY-1772 we may be getting connections
-# established after the client is closed which screws up our assertions on
-# the auth calls. When 1772 is fixed, the cleanup should happen on existing
-# connections and thus should no longer interfere with auth assertions.
+# max_pool_size is set to 1 to force a single connection being used for
+# all operations in a client.
 
 describe 'SCRAM-SHA auth mechanism negotiation' do
   min_server_fcv '4.0'
+  # Test uses global assertions
   clean_slate
 
-  URI_OPTION_MAP = {
-    :auth_source => 'authsource',
-    :replica_set => 'replicaSet',
-  }
-
   let(:create_user!) do
     root_authorized_admin_client.tap do |client|
       users = client.database.users
@@ -52,7 +45,7 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
 
       new_local_client(
         SpecConfig.instance.addresses,
-        SpecConfig.instance.test_options.merge(opts).update(cleanup: false)
+        SpecConfig.instance.test_options.merge(opts).update(max_pool_size: 1)
       )
     end
 
@@ -199,19 +192,25 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
             :scram
           end
 
-          it 'authenticates successfully' do
+          before do
             create_user!
+          end
 
-            mechanism = nil
-            expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
-              # copy mechanism here rather than whole user
-              # in case something mutates mechanism later
-              mechanism = user.mechanism
-              m.call(user)
+          it 'authenticates successfully' do
+            RSpec::Mocks.with_temporary_scope do
+              mechanism = nil
+              expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
+                # copy mechanism here rather than whole user
+                # in case something mutates mechanism later
+                mechanism = user.mechanism
+                m.call(user)
+              end
+
+              expect do
+                result
+              end.not_to raise_error
+              expect(mechanism).to eq(:scram)
             end
-
-            expect { result }.not_to raise_error
-            expect(mechanism).to eq(:scram)
           end
         end
 
@@ -221,19 +220,23 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
             :scram256
           end
 
-          it 'authenticates successfully with SCRAM-SHA-256' do
+          before do
             create_user!
+          end
 
-            mechanism = nil
-            expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
-              # copy mechanism here rather than whole user
-              # in case something mutates mechanism later
-              mechanism = user.mechanism
-              m.call(user)
+          it 'authenticates successfully with SCRAM-SHA-256' do
+            RSpec::Mocks.with_temporary_scope do
+              mechanism = nil
+              expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
+                # copy mechanism here rather than whole user
+                # in case something mutates mechanism later
+                mechanism = user.mechanism
+                m.call(user)
+              end
+
+              expect { result }.not_to raise_error
+              expect(mechanism).to eq(:scram256)
             end
-
-            expect { result }.not_to raise_error
-            expect(mechanism).to eq(:scram256)
           end
         end
       end
@@ -312,30 +315,18 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
   context 'when the configuration is specified in the URI' do
 
     let(:uri) do
-      "mongodb://#{user.name}:#{password}@#{SpecConfig.instance.addresses.join(',')}/admin".tap do |uri|
-        first = true
-
-        if SpecConfig.instance.uri_options
-          SpecConfig.instance.uri_options.each do |k, v|
-            uri << (first ? '?' : '&')
-            first = false
-
-            k = URI_OPTION_MAP[k] || k
-
-            uri << "#{k}=#{v}"
-          end
-        end
-
-        if auth_mech
-          uri << (first ? '?' : '&')
-
-          uri << "authMechanism=#{Mongo::URI::AUTH_MECH_MAP.key(auth_mech)}"
-        end
-      end
+      Utils.create_mongodb_uri(
+        SpecConfig.instance.addresses,
+        username: user.name,
+        password: password,
+        uri_options: SpecConfig.instance.uri_options.merge(
+          auth_mech: auth_mech,
+        ),
+      )
     end
 
     let(:client) do
-      new_local_client(uri, SpecConfig.instance.ssl_options.merge(cleanup: false))
+      new_local_client(uri, SpecConfig.instance.ssl_options.merge(max_pool_size: 1))
     end
 
     context 'when the user exists' do
@@ -350,7 +341,7 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
           Mongo::Auth::User.new(
             user: 'sha1',
             password: 'sha1',
-            auth_mech: auth_mech
+            auth_mech: auth_mech,
           )
         end
 
@@ -403,7 +394,7 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
           Mongo::Auth::User.new(
             user: 'sha256',
             password: 'sha256',
-            auth_mech: auth_mech
+            auth_mech: auth_mech,
           )
         end
 
@@ -457,7 +448,7 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
           Mongo::Auth::User.new(
             user: 'both',
             password: 'both',
-            auth_mech: auth_mech
+            auth_mech: auth_mech,
           )
         end
 
@@ -480,20 +471,24 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
             :scram
           end
 
-          it 'authenticates successfully' do
+          before do
             create_user!
             expect(user.mechanism).to eq(:scram)
+          end
 
-            mechanism = nil
-            expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
-              # copy mechanism here rather than whole user
-              # in case something mutates mechanism later
-              mechanism = user.mechanism
-              m.call(user)
+          it 'authenticates successfully' do
+            RSpec::Mocks.with_temporary_scope do
+              mechanism = nil
+              expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
+                # copy mechanism here rather than whole user
+                # in case something mutates mechanism later
+                mechanism = user.mechanism
+                m.call(user)
+              end
+
+              expect { result }.not_to raise_error
+              expect(mechanism).to eq(:scram)
             end
-
-            expect { result }.not_to raise_error
-            expect(mechanism).to eq(:scram)
           end
         end
 
@@ -503,19 +498,23 @@ describe 'SCRAM-SHA auth mechanism negotiation' do
             :scram256
           end
 
-          it 'authenticates successfully with SCRAM-SHA-256' do
+          before do
             create_user!
+          end
 
-            mechanism = nil
-            expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
-              # copy mechanism here rather than whole user
-              # in case something mutates mechanism later
-              mechanism = user.mechanism
-              m.call(user)
+          it 'authenticates successfully with SCRAM-SHA-256' do
+            RSpec::Mocks.with_temporary_scope do
+              mechanism = nil
+              expect(Mongo::Auth).to receive(:get).and_wrap_original do |m, user|
+                # copy mechanism here rather than whole user
+                # in case something mutates mechanism later
+                mechanism = user.mechanism
+                m.call(user)
+              end
+
+              expect { result }.not_to raise_error
+              expect(mechanism).to eq(:scram256)
             end
-
-            expect { result }.not_to raise_error
-            expect(mechanism).to eq(:scram256)
           end
         end
       end

data/spec/mongo/auth/scram_spec.rb

@@ -11,9 +11,31 @@ describe Mongo::Auth::SCRAM do
     Mongo::Server::Connection.new(server, SpecConfig.instance.test_options)
   end
 
+  let(:cache_mod) { Mongo::Auth::CredentialCache }
+
+  shared_examples_for 'caches scram credentials' do |cache_key|
+
+    it 'caches scram credentials' do
+      cache_mod.clear
+      expect(cache_mod.store).to be_empty
+
+      expect(login['ok']).to eq(1)
+
+      expect(cache_mod.store).not_to be_empty
+      client_key_entry = cache_mod.store.keys.detect do |key|
+        key.include?(test_user.password) && key.include?(cache_key)
+      end
+      expect(client_key_entry).not_to be nil
+    end
+  end
+
   context 'when SCRAM-SHA-1 is used' do
     min_server_fcv '3.0'
 
+    before do
+      connection.connect!
+    end
+
     describe '#login' do
 
       context 'when the user is not authorized' do
@@ -27,13 +49,13 @@ describe Mongo::Auth::SCRAM do
           )
         end
 
-        let(:cr) do
+        let(:authenticator) do
           described_class.new(user)
         end
 
         it 'raises an exception' do
           expect {
-            cr.login(connection)
+            authenticator.login(connection)
           }.to raise_error(Mongo::Auth::Unauthorized)
         end
 
@@ -44,7 +66,7 @@ describe Mongo::Auth::SCRAM do
           it 'does not compress the message' do
             expect(Mongo::Protocol::Compressed).not_to receive(:new)
             expect {
-              cr.login(connection)
+              authenticator.login(connection)
             }.to raise_error(Mongo::Auth::Unauthorized)
           end
         end
@@ -52,29 +74,21 @@ describe Mongo::Auth::SCRAM do
 
       context 'when the user is authorized for the database' do
 
-        let(:cr) do
-          described_class.new(root_user)
+        let(:authenticator) do
+          described_class.new(test_user)
         end
 
         let(:login) do
-          cr.login(connection).documents[0]
+          authenticator.login(connection).documents[0]
         end
 
-        after do
-          root_user.instance_variable_set(:@client_key, nil)
-        end
-
-        it 'logs the user into the connection and caches the client key' do
+        it 'logs the user into the connection' do
           expect(login['ok']).to eq(1)
-          expect(root_user.send(:client_key)).not_to be_nil
         end
 
-        it 'raises an exception when an incorrect client key is set' do
-          root_user.instance_variable_set(:@client_key, "incorrect client key")
-          expect {
-            cr.login(connection)
-          }.to raise_error(Mongo::Auth::Unauthorized)
-        end
+        it_behaves_like 'caches scram credentials', :salted_password
+        it_behaves_like 'caches scram credentials', :client_key
+        it_behaves_like 'caches scram credentials', :server_key
       end
     end
   end
@@ -82,6 +96,10 @@ describe Mongo::Auth::SCRAM do
   context 'when SCRAM-SHA-256 is used' do
     min_server_fcv '4.0'
 
+    before do
+      connection.connect!
+    end
+
     describe '#login' do
 
       context 'when the user is not authorized' do
@@ -95,13 +113,13 @@ describe Mongo::Auth::SCRAM do
           )
         end
 
-        let(:cr) do
+        let(:authenticator) do
           described_class.new(user)
         end
 
         it 'raises an exception' do
           expect {
-            cr.login(connection)
+            authenticator.login(connection)
           }.to raise_error(Mongo::Auth::Unauthorized)
         end
 
@@ -112,7 +130,7 @@ describe Mongo::Auth::SCRAM do
           it 'does not compress the message' do
             expect(Mongo::Protocol::Compressed).not_to receive(:new)
             expect {
-              cr.login(connection)
+              authenticator.login(connection)
             }.to raise_error(Mongo::Auth::Unauthorized)
           end
         end
@@ -120,29 +138,21 @@ describe Mongo::Auth::SCRAM do
 
       context 'when the user is authorized for the database' do
 
-        let(:cr) do
+        let(:authenticator) do
           described_class.new(test_user)
         end
 
         let(:login) do
-          cr.login(connection).documents[0]
+          authenticator.login(connection).documents[0]
         end
 
-        after do
-          test_user.instance_variable_set(:@client_key, nil)
-        end
-
-        it 'logs the user into the connection and caches the client key' do
+        it 'logs the user into the connection' do
           expect(login['ok']).to eq(1)
-          expect(test_user.send(:client_key)).not_to be_nil
         end
 
-        it 'raises an exception when an incorrect client key is set' do
-          test_user.instance_variable_set(:@client_key, "incorrect client key")
-          expect {
-            cr.login(connection)
-          }.to raise_error(Mongo::Auth::Unauthorized)
-        end
+        it_behaves_like 'caches scram credentials', :salted_password
+        it_behaves_like 'caches scram credentials', :client_key
+        it_behaves_like 'caches scram credentials', :server_key
       end
     end
   end