mongo 2.12.4 → 2.13.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CONTRIBUTING.md +8 -36
- data/LICENSE +1 -1
- data/README.md +54 -54
- data/Rakefile +1 -1
- data/lib/mongo.rb +4 -1
- data/lib/mongo/active_support.rb +1 -1
- data/lib/mongo/address.rb +40 -13
- data/lib/mongo/address/ipv4.rb +32 -5
- data/lib/mongo/address/ipv6.rb +32 -5
- data/lib/mongo/address/unix.rb +3 -3
- data/lib/mongo/address/validator.rb +1 -1
- data/lib/mongo/auth.rb +36 -13
- data/lib/mongo/auth/aws.rb +37 -0
- data/lib/mongo/auth/aws/conversation.rb +128 -0
- data/lib/mongo/auth/aws/credentials_retriever.rb +219 -0
- data/lib/mongo/auth/aws/request.rb +257 -0
- data/lib/mongo/auth/base.rb +129 -0
- data/lib/mongo/auth/conversation_base.rb +52 -0
- data/lib/mongo/auth/cr.rb +9 -36
- data/lib/mongo/auth/cr/conversation.rb +24 -69
- data/lib/mongo/auth/credential_cache.rb +1 -1
- data/lib/mongo/auth/gssapi.rb +38 -0
- data/lib/mongo/auth/gssapi/conversation.rb +108 -0
- data/lib/mongo/auth/ldap.rb +9 -34
- data/lib/mongo/auth/ldap/conversation.rb +3 -43
- data/lib/mongo/auth/roles.rb +1 -1
- data/lib/mongo/auth/sasl_conversation_base.rb +111 -0
- data/lib/mongo/auth/scram.rb +39 -51
- data/lib/mongo/auth/scram/conversation.rb +12 -506
- data/lib/mongo/auth/scram256.rb +31 -0
- data/lib/mongo/auth/scram256/conversation.rb +63 -0
- data/lib/mongo/auth/scram_conversation_base.rb +402 -0
- data/lib/mongo/auth/stringprep.rb +5 -4
- data/lib/mongo/auth/stringprep/profiles/sasl.rb +2 -1
- data/lib/mongo/auth/stringprep/tables.rb +2 -1
- data/lib/mongo/auth/stringprep/unicode_normalize/normalize.rb +1 -0
- data/lib/mongo/auth/stringprep/unicode_normalize/tables.rb +1 -0
- data/lib/mongo/auth/user.rb +2 -2
- data/lib/mongo/auth/user/view.rb +1 -1
- data/lib/mongo/auth/x509.rb +14 -32
- data/lib/mongo/auth/x509/conversation.rb +15 -42
- data/lib/mongo/background_thread.rb +11 -2
- data/lib/mongo/bson.rb +1 -1
- data/lib/mongo/bulk_write.rb +61 -26
- data/lib/mongo/bulk_write/combineable.rb +20 -8
- data/lib/mongo/bulk_write/ordered_combiner.rb +1 -1
- data/lib/mongo/bulk_write/result.rb +1 -1
- data/lib/mongo/bulk_write/result_combiner.rb +1 -1
- data/lib/mongo/bulk_write/transformable.rb +9 -10
- data/lib/mongo/bulk_write/unordered_combiner.rb +1 -1
- data/lib/mongo/bulk_write/validatable.rb +5 -1
- data/lib/mongo/client.rb +38 -23
- data/lib/mongo/client_encryption.rb +1 -1
- data/lib/mongo/cluster.rb +126 -54
- data/lib/mongo/cluster/periodic_executor.rb +1 -1
- data/lib/mongo/cluster/reapers/cursor_reaper.rb +1 -1
- data/lib/mongo/cluster/reapers/socket_reaper.rb +1 -1
- data/lib/mongo/cluster/sdam_flow.rb +23 -7
- data/lib/mongo/cluster/topology.rb +19 -2
- data/lib/mongo/cluster/topology/base.rb +1 -1
- data/lib/mongo/cluster/topology/no_replica_set_options.rb +1 -1
- data/lib/mongo/cluster/topology/replica_set_no_primary.rb +1 -1
- data/lib/mongo/cluster/topology/replica_set_with_primary.rb +1 -1
- data/lib/mongo/cluster/topology/sharded.rb +1 -1
- data/lib/mongo/cluster/topology/single.rb +1 -1
- data/lib/mongo/cluster/topology/unknown.rb +1 -1
- data/lib/mongo/cluster_time.rb +1 -1
- data/lib/mongo/collection.rb +24 -8
- data/lib/mongo/collection/view.rb +6 -2
- data/lib/mongo/collection/view/aggregation.rb +6 -3
- data/lib/mongo/collection/view/builder.rb +1 -1
- data/lib/mongo/collection/view/builder/aggregation.rb +1 -1
- data/lib/mongo/collection/view/builder/find_command.rb +9 -1
- data/lib/mongo/collection/view/builder/flags.rb +1 -1
- data/lib/mongo/collection/view/builder/map_reduce.rb +1 -1
- data/lib/mongo/collection/view/builder/modifiers.rb +1 -1
- data/lib/mongo/collection/view/builder/op_query.rb +1 -1
- data/lib/mongo/collection/view/change_stream.rb +3 -6
- data/lib/mongo/collection/view/change_stream/retryable.rb +1 -1
- data/lib/mongo/collection/view/explainable.rb +1 -1
- data/lib/mongo/collection/view/immutable.rb +1 -1
- data/lib/mongo/collection/view/iterable.rb +8 -2
- data/lib/mongo/collection/view/map_reduce.rb +7 -4
- data/lib/mongo/collection/view/readable.rb +11 -5
- data/lib/mongo/collection/view/writable.rb +52 -8
- data/lib/mongo/crypt.rb +1 -1
- data/lib/mongo/crypt/auto_decryption_context.rb +1 -1
- data/lib/mongo/crypt/auto_encrypter.rb +1 -1
- data/lib/mongo/crypt/auto_encryption_context.rb +1 -1
- data/lib/mongo/crypt/binary.rb +1 -1
- data/lib/mongo/crypt/binding.rb +1 -1
- data/lib/mongo/crypt/context.rb +1 -1
- data/lib/mongo/crypt/data_key_context.rb +1 -1
- data/lib/mongo/crypt/encryption_io.rb +41 -24
- data/lib/mongo/crypt/explicit_decryption_context.rb +1 -1
- data/lib/mongo/crypt/explicit_encrypter.rb +1 -1
- data/lib/mongo/crypt/explicit_encryption_context.rb +1 -1
- data/lib/mongo/crypt/handle.rb +1 -1
- data/lib/mongo/crypt/hooks.rb +1 -1
- data/lib/mongo/crypt/kms_context.rb +1 -1
- data/lib/mongo/crypt/status.rb +1 -1
- data/lib/mongo/cursor.rb +3 -3
- data/lib/mongo/cursor/builder.rb +1 -1
- data/lib/mongo/cursor/builder/get_more_command.rb +1 -1
- data/lib/mongo/cursor/builder/kill_cursors_command.rb +1 -1
- data/lib/mongo/cursor/builder/op_get_more.rb +1 -1
- data/lib/mongo/cursor/builder/op_kill_cursors.rb +1 -1
- data/lib/mongo/database.rb +4 -1
- data/lib/mongo/database/view.rb +2 -2
- data/lib/mongo/dbref.rb +1 -1
- data/lib/mongo/error.rb +25 -2
- data/lib/mongo/error/auth_error.rb +1 -1
- data/lib/mongo/error/bulk_write_error.rb +1 -1
- data/lib/mongo/error/change_stream_resumable.rb +1 -1
- data/lib/mongo/error/closed_stream.rb +1 -1
- data/lib/mongo/error/connection_check_out_timeout.rb +1 -1
- data/lib/mongo/error/connection_perished.rb +23 -0
- data/lib/mongo/error/credential_check_error.rb +26 -0
- data/lib/mongo/error/extra_file_chunk.rb +1 -1
- data/lib/mongo/error/file_not_found.rb +1 -1
- data/lib/mongo/error/handshake_error.rb +1 -1
- data/lib/mongo/error/insufficient_iteration_count.rb +1 -1
- data/lib/mongo/error/invalid_address.rb +1 -1
- data/lib/mongo/error/invalid_application_name.rb +1 -1
- data/lib/mongo/error/invalid_bulk_operation.rb +1 -1
- data/lib/mongo/error/invalid_bulk_operation_type.rb +1 -1
- data/lib/mongo/error/invalid_collection_name.rb +1 -1
- data/lib/mongo/error/invalid_cursor_operation.rb +1 -1
- data/lib/mongo/error/invalid_database_name.rb +1 -1
- data/lib/mongo/error/invalid_document.rb +1 -1
- data/lib/mongo/error/invalid_file.rb +1 -1
- data/lib/mongo/error/invalid_file_revision.rb +1 -1
- data/lib/mongo/error/invalid_min_pool_size.rb +1 -1
- data/lib/mongo/error/invalid_nonce.rb +2 -2
- data/lib/mongo/error/invalid_read_option.rb +1 -1
- data/lib/mongo/error/invalid_replacement_document.rb +1 -1
- data/lib/mongo/error/invalid_server_auth_response.rb +23 -0
- data/lib/mongo/error/invalid_server_preference.rb +6 -1
- data/lib/mongo/error/invalid_session.rb +1 -1
- data/lib/mongo/error/invalid_signature.rb +1 -1
- data/lib/mongo/error/invalid_transaction_operation.rb +1 -1
- data/lib/mongo/error/invalid_txt_record.rb +1 -1
- data/lib/mongo/error/invalid_update_document.rb +1 -1
- data/lib/mongo/error/invalid_uri.rb +1 -1
- data/lib/mongo/error/invalid_write_concern.rb +1 -1
- data/lib/mongo/error/lint_error.rb +1 -1
- data/lib/mongo/error/max_bson_size.rb +1 -1
- data/lib/mongo/error/max_message_size.rb +1 -1
- data/lib/mongo/error/mismatched_domain.rb +1 -1
- data/lib/mongo/error/missing_file_chunk.rb +1 -1
- data/lib/mongo/error/missing_password.rb +1 -1
- data/lib/mongo/error/missing_resume_token.rb +1 -1
- data/lib/mongo/error/missing_scram_server_signature.rb +27 -0
- data/lib/mongo/error/multi_index_drop.rb +1 -1
- data/lib/mongo/error/need_primary_server.rb +1 -1
- data/lib/mongo/error/no_server_available.rb +1 -1
- data/lib/mongo/error/no_srv_records.rb +1 -1
- data/lib/mongo/error/notable.rb +18 -3
- data/lib/mongo/error/operation_failure.rb +62 -49
- data/lib/mongo/error/parser.rb +16 -5
- data/lib/mongo/error/pool_closed_error.rb +1 -1
- data/lib/mongo/error/raise_original_error.rb +29 -0
- data/lib/mongo/error/session_ended.rb +1 -1
- data/lib/mongo/error/socket_error.rb +1 -1
- data/lib/mongo/error/socket_timeout_error.rb +1 -1
- data/lib/mongo/error/unchangeable_collection_option.rb +1 -1
- data/lib/mongo/error/unexpected_chunk_length.rb +1 -1
- data/lib/mongo/error/unexpected_response.rb +1 -1
- data/lib/mongo/error/unknown_payload_type.rb +1 -1
- data/lib/mongo/error/unsupported_array_filters.rb +7 -2
- data/lib/mongo/error/unsupported_collation.rb +7 -2
- data/lib/mongo/error/unsupported_features.rb +1 -1
- data/lib/mongo/error/unsupported_message_type.rb +1 -1
- data/lib/mongo/error/unsupported_option.rb +99 -0
- data/lib/mongo/error/write_retryable.rb +1 -1
- data/lib/mongo/event.rb +1 -1
- data/lib/mongo/event/base.rb +1 -1
- data/lib/mongo/event/listeners.rb +1 -1
- data/lib/mongo/event/publisher.rb +1 -1
- data/lib/mongo/event/subscriber.rb +1 -1
- data/lib/mongo/grid.rb +1 -1
- data/lib/mongo/grid/file.rb +1 -6
- data/lib/mongo/grid/file/chunk.rb +1 -3
- data/lib/mongo/grid/file/info.rb +1 -1
- data/lib/mongo/grid/fs_bucket.rb +20 -17
- data/lib/mongo/grid/stream.rb +1 -1
- data/lib/mongo/grid/stream/read.rb +1 -1
- data/lib/mongo/grid/stream/write.rb +4 -10
- data/lib/mongo/id.rb +1 -1
- data/lib/mongo/index.rb +2 -1
- data/lib/mongo/index/view.rb +58 -11
- data/lib/mongo/lint.rb +10 -0
- data/lib/mongo/loggable.rb +1 -1
- data/lib/mongo/logger.rb +1 -1
- data/lib/mongo/monitoring.rb +1 -1
- data/lib/mongo/monitoring/cmap_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/command_log_subscriber.rb +12 -5
- data/lib/mongo/monitoring/event.rb +1 -1
- data/lib/mongo/monitoring/event/cmap.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/base.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_check_out_failed.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_check_out_started.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_checked_in.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_checked_out.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_closed.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_created.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/connection_ready.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/pool_cleared.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/pool_closed.rb +1 -1
- data/lib/mongo/monitoring/event/cmap/pool_created.rb +1 -1
- data/lib/mongo/monitoring/event/command_failed.rb +1 -1
- data/lib/mongo/monitoring/event/command_started.rb +9 -3
- data/lib/mongo/monitoring/event/command_succeeded.rb +1 -1
- data/lib/mongo/monitoring/event/secure.rb +8 -2
- data/lib/mongo/monitoring/event/server_closed.rb +1 -1
- data/lib/mongo/monitoring/event/server_description_changed.rb +1 -1
- data/lib/mongo/monitoring/event/server_heartbeat_failed.rb +1 -1
- data/lib/mongo/monitoring/event/server_heartbeat_started.rb +1 -1
- data/lib/mongo/monitoring/event/server_heartbeat_succeeded.rb +1 -1
- data/lib/mongo/monitoring/event/server_opening.rb +1 -1
- data/lib/mongo/monitoring/event/topology_changed.rb +1 -1
- data/lib/mongo/monitoring/event/topology_closed.rb +1 -1
- data/lib/mongo/monitoring/event/topology_opening.rb +1 -1
- data/lib/mongo/monitoring/publishable.rb +5 -8
- data/lib/mongo/monitoring/sdam_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/server_closed_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/server_description_changed_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/server_opening_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/topology_changed_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/topology_closed_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/topology_opening_log_subscriber.rb +1 -1
- data/lib/mongo/monitoring/unified_sdam_log_subscriber.rb +1 -1
- data/lib/mongo/operation.rb +1 -0
- data/lib/mongo/operation/aggregate.rb +1 -1
- data/lib/mongo/operation/aggregate/command.rb +5 -5
- data/lib/mongo/operation/aggregate/op_msg.rb +1 -1
- data/lib/mongo/operation/aggregate/result.rb +1 -1
- data/lib/mongo/operation/collections_info.rb +3 -36
- data/lib/mongo/operation/collections_info/command.rb +40 -0
- data/lib/mongo/operation/collections_info/result.rb +1 -1
- data/lib/mongo/operation/command.rb +1 -1
- data/lib/mongo/operation/command/command.rb +3 -3
- data/lib/mongo/operation/command/op_msg.rb +1 -1
- data/lib/mongo/operation/count.rb +1 -1
- data/lib/mongo/operation/count/command.rb +3 -3
- data/lib/mongo/operation/count/op_msg.rb +1 -1
- data/lib/mongo/operation/create.rb +1 -1
- data/lib/mongo/operation/create/command.rb +3 -3
- data/lib/mongo/operation/create/op_msg.rb +1 -1
- data/lib/mongo/operation/create_index.rb +1 -1
- data/lib/mongo/operation/create_index/command.rb +4 -4
- data/lib/mongo/operation/create_index/op_msg.rb +6 -3
- data/lib/mongo/operation/create_user.rb +1 -1
- data/lib/mongo/operation/create_user/command.rb +4 -4
- data/lib/mongo/operation/create_user/op_msg.rb +2 -2
- data/lib/mongo/operation/delete.rb +1 -1
- data/lib/mongo/operation/delete/bulk_result.rb +1 -1
- data/lib/mongo/operation/delete/command.rb +4 -4
- data/lib/mongo/operation/delete/legacy.rb +2 -2
- data/lib/mongo/operation/delete/op_msg.rb +4 -4
- data/lib/mongo/operation/delete/result.rb +2 -2
- data/lib/mongo/operation/distinct.rb +1 -1
- data/lib/mongo/operation/distinct/command.rb +3 -3
- data/lib/mongo/operation/distinct/op_msg.rb +1 -1
- data/lib/mongo/operation/drop.rb +1 -1
- data/lib/mongo/operation/drop/command.rb +3 -3
- data/lib/mongo/operation/drop/op_msg.rb +1 -1
- data/lib/mongo/operation/drop_database.rb +1 -1
- data/lib/mongo/operation/drop_database/command.rb +3 -3
- data/lib/mongo/operation/drop_database/op_msg.rb +1 -1
- data/lib/mongo/operation/drop_index.rb +1 -1
- data/lib/mongo/operation/drop_index/command.rb +4 -4
- data/lib/mongo/operation/drop_index/op_msg.rb +2 -2
- data/lib/mongo/operation/explain.rb +1 -1
- data/lib/mongo/operation/explain/command.rb +3 -3
- data/lib/mongo/operation/explain/legacy.rb +3 -3
- data/lib/mongo/operation/explain/op_msg.rb +1 -1
- data/lib/mongo/operation/explain/result.rb +1 -1
- data/lib/mongo/operation/find.rb +1 -1
- data/lib/mongo/operation/find/command.rb +3 -3
- data/lib/mongo/operation/find/legacy.rb +3 -3
- data/lib/mongo/operation/find/legacy/result.rb +1 -1
- data/lib/mongo/operation/find/op_msg.rb +2 -12
- data/lib/mongo/operation/find/result.rb +1 -1
- data/lib/mongo/operation/get_more.rb +1 -1
- data/lib/mongo/operation/get_more/command.rb +3 -3
- data/lib/mongo/operation/get_more/legacy.rb +2 -2
- data/lib/mongo/operation/get_more/op_msg.rb +2 -12
- data/lib/mongo/operation/get_more/result.rb +1 -1
- data/lib/mongo/operation/indexes.rb +1 -1
- data/lib/mongo/operation/indexes/command.rb +3 -3
- data/lib/mongo/operation/indexes/legacy.rb +4 -4
- data/lib/mongo/operation/indexes/op_msg.rb +1 -1
- data/lib/mongo/operation/indexes/result.rb +1 -1
- data/lib/mongo/operation/insert.rb +3 -2
- data/lib/mongo/operation/insert/bulk_result.rb +6 -2
- data/lib/mongo/operation/insert/command.rb +7 -7
- data/lib/mongo/operation/insert/legacy.rb +9 -5
- data/lib/mongo/operation/insert/op_msg.rb +6 -6
- data/lib/mongo/operation/insert/result.rb +7 -4
- data/lib/mongo/operation/kill_cursors.rb +1 -1
- data/lib/mongo/operation/kill_cursors/command.rb +3 -3
- data/lib/mongo/operation/kill_cursors/legacy.rb +2 -2
- data/lib/mongo/operation/kill_cursors/op_msg.rb +1 -1
- data/lib/mongo/operation/list_collections.rb +1 -1
- data/lib/mongo/operation/list_collections/command.rb +4 -4
- data/lib/mongo/operation/list_collections/op_msg.rb +2 -2
- data/lib/mongo/operation/list_collections/result.rb +1 -1
- data/lib/mongo/operation/map_reduce.rb +1 -1
- data/lib/mongo/operation/map_reduce/command.rb +3 -3
- data/lib/mongo/operation/map_reduce/op_msg.rb +1 -1
- data/lib/mongo/operation/map_reduce/result.rb +1 -1
- data/lib/mongo/operation/op_msg_base.rb +3 -3
- data/lib/mongo/operation/parallel_scan.rb +1 -1
- data/lib/mongo/operation/parallel_scan/command.rb +5 -5
- data/lib/mongo/operation/parallel_scan/op_msg.rb +2 -2
- data/lib/mongo/operation/parallel_scan/result.rb +1 -1
- data/lib/mongo/operation/remove_user.rb +1 -1
- data/lib/mongo/operation/remove_user/command.rb +4 -4
- data/lib/mongo/operation/remove_user/op_msg.rb +2 -2
- data/lib/mongo/operation/result.rb +28 -4
- data/lib/mongo/operation/shared/bypass_document_validation.rb +10 -4
- data/lib/mongo/operation/shared/causal_consistency_supported.rb +3 -3
- data/lib/mongo/operation/shared/collections_info_or_list_collections.rb +56 -0
- data/lib/mongo/operation/shared/executable.rb +46 -28
- data/lib/mongo/operation/shared/executable_no_validate.rb +3 -3
- data/lib/mongo/operation/shared/executable_transaction_label.rb +1 -1
- data/lib/mongo/operation/shared/idable.rb +1 -1
- data/lib/mongo/operation/shared/limited.rb +10 -2
- data/lib/mongo/operation/shared/object_id_generator.rb +1 -1
- data/lib/mongo/operation/shared/op_msg_or_command.rb +7 -5
- data/lib/mongo/operation/shared/op_msg_or_find_command.rb +8 -6
- data/lib/mongo/operation/shared/op_msg_or_list_indexes_command.rb +8 -6
- data/lib/mongo/operation/shared/polymorphic_lookup.rb +1 -1
- data/lib/mongo/operation/shared/polymorphic_result.rb +1 -1
- data/lib/mongo/operation/shared/read_preference_supported.rb +19 -16
- data/lib/mongo/operation/shared/response_handling.rb +83 -8
- data/lib/mongo/operation/shared/result/aggregatable.rb +1 -1
- data/lib/mongo/operation/shared/result/use_legacy_error_parser.rb +1 -1
- data/lib/mongo/operation/shared/sessions_supported.rb +50 -27
- data/lib/mongo/operation/shared/specifiable.rb +32 -20
- data/lib/mongo/operation/shared/write.rb +25 -19
- data/lib/mongo/operation/shared/write_concern_supported.rb +6 -6
- data/lib/mongo/operation/update.rb +1 -1
- data/lib/mongo/operation/update/bulk_result.rb +1 -1
- data/lib/mongo/operation/update/command.rb +4 -4
- data/lib/mongo/operation/update/legacy.rb +2 -2
- data/lib/mongo/operation/update/legacy/result.rb +1 -1
- data/lib/mongo/operation/update/op_msg.rb +4 -4
- data/lib/mongo/operation/update/result.rb +2 -2
- data/lib/mongo/operation/update_user.rb +1 -1
- data/lib/mongo/operation/update_user/command.rb +4 -4
- data/lib/mongo/operation/update_user/op_msg.rb +2 -2
- data/lib/mongo/operation/users_info.rb +1 -1
- data/lib/mongo/operation/users_info/command.rb +4 -4
- data/lib/mongo/operation/users_info/op_msg.rb +2 -2
- data/lib/mongo/operation/users_info/result.rb +1 -1
- data/lib/mongo/options.rb +1 -1
- data/lib/mongo/options/mapper.rb +1 -1
- data/lib/mongo/options/redacted.rb +1 -1
- data/lib/mongo/protocol/bit_vector.rb +1 -1
- data/lib/mongo/protocol/compressed.rb +1 -1
- data/lib/mongo/protocol/delete.rb +1 -1
- data/lib/mongo/protocol/get_more.rb +1 -1
- data/lib/mongo/protocol/insert.rb +1 -1
- data/lib/mongo/protocol/kill_cursors.rb +1 -1
- data/lib/mongo/protocol/message.rb +5 -14
- data/lib/mongo/protocol/msg.rb +5 -24
- data/lib/mongo/protocol/query.rb +1 -37
- data/lib/mongo/protocol/registry.rb +1 -1
- data/lib/mongo/protocol/reply.rb +1 -1
- data/lib/mongo/protocol/serializers.rb +3 -6
- data/lib/mongo/protocol/update.rb +1 -1
- data/lib/mongo/retryable.rb +23 -10
- data/lib/mongo/semaphore.rb +1 -1
- data/lib/mongo/server.rb +32 -7
- data/lib/mongo/server/app_metadata.rb +17 -4
- data/lib/mongo/server/connection.rb +35 -131
- data/lib/mongo/server/connection_base.rb +31 -42
- data/lib/mongo/server/connection_common.rb +75 -1
- data/lib/mongo/server/connection_pool.rb +20 -1
- data/lib/mongo/server/connection_pool/populator.rb +1 -1
- data/lib/mongo/server/context.rb +1 -1
- data/lib/mongo/server/description.rb +44 -2
- data/lib/mongo/server/description/features.rb +12 -3
- data/lib/mongo/server/monitor.rb +116 -72
- data/lib/mongo/server/monitor/app_metadata.rb +1 -1
- data/lib/mongo/server/monitor/connection.rb +62 -80
- data/lib/mongo/server/pending_connection.rb +205 -3
- data/lib/mongo/server/round_trip_time_averager.rb +12 -3
- data/lib/mongo/server_selector.rb +2 -1
- data/lib/mongo/server_selector/base.rb +40 -0
- data/lib/mongo/server_selector/nearest.rb +25 -15
- data/lib/mongo/server_selector/primary.rb +23 -22
- data/lib/mongo/server_selector/primary_preferred.rb +25 -15
- data/lib/mongo/server_selector/secondary.rb +25 -15
- data/lib/mongo/server_selector/secondary_preferred.rb +28 -27
- data/lib/mongo/server_selector/selectable.rb +30 -15
- data/lib/mongo/session.rb +12 -1
- data/lib/mongo/session/server_session.rb +1 -1
- data/lib/mongo/session/session_pool.rb +1 -1
- data/lib/mongo/socket.rb +103 -35
- data/lib/mongo/socket/ssl.rb +97 -34
- data/lib/mongo/socket/tcp.rb +39 -31
- data/lib/mongo/socket/unix.rb +14 -6
- data/lib/mongo/srv.rb +1 -1
- data/lib/mongo/srv/monitor.rb +1 -1
- data/lib/mongo/srv/resolver.rb +1 -1
- data/lib/mongo/srv/result.rb +1 -1
- data/lib/mongo/timeout.rb +9 -9
- data/lib/mongo/topology_version.rb +80 -0
- data/lib/mongo/uri.rb +61 -47
- data/lib/mongo/uri/srv_protocol.rb +9 -1
- data/lib/mongo/version.rb +2 -2
- data/lib/mongo/write_concern.rb +1 -1
- data/lib/mongo/write_concern/acknowledged.rb +1 -1
- data/lib/mongo/write_concern/base.rb +1 -1
- data/lib/mongo/write_concern/unacknowledged.rb +1 -1
- data/mongo.gemspec +1 -1
- data/spec/NOTES.aws-auth.md +291 -0
- data/spec/README.aws-auth.md +318 -0
- data/spec/README.md +64 -17
- data/spec/integration/auth_spec.rb +29 -9
- data/spec/integration/aws_auth_request_spec.rb +74 -0
- data/spec/integration/aws_credentials_retriever_spec.rb +103 -0
- data/spec/integration/change_stream_spec.rb +123 -51
- data/spec/integration/client_authentication_options_spec.rb +0 -37
- data/spec/integration/client_construction_aws_auth_spec.rb +191 -0
- data/spec/integration/client_construction_spec.rb +1 -1
- data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +5 -9
- data/spec/integration/collection_indexes_prose_spec.rb +55 -0
- data/spec/integration/command_monitoring_spec.rb +30 -6
- data/spec/integration/command_spec.rb +11 -9
- data/spec/integration/connect_single_rs_name_spec.rb +5 -3
- data/spec/integration/connection_spec.rb +1 -0
- data/spec/integration/crud_spec.rb +28 -0
- data/spec/integration/cursor_reaping_spec.rb +14 -10
- data/spec/integration/fork_reconnect_spec.rb +143 -0
- data/spec/integration/get_more_spec.rb +10 -3
- data/spec/integration/heartbeat_events_spec.rb +1 -1
- data/spec/integration/read_preference_spec.rb +41 -11
- data/spec/integration/reconnect_spec.rb +2 -3
- data/spec/integration/retryable_errors_spec.rb +33 -14
- data/spec/integration/{retryable_writes_spec.rb → retryable_writes/retryable_writes_36_and_older_spec.rb} +55 -51
- data/spec/integration/retryable_writes/retryable_writes_40_and_newer_spec.rb +401 -0
- data/spec/integration/retryable_writes/shared/adds_diagnostics.rb +15 -0
- data/spec/integration/retryable_writes/shared/does_not_support_retries.rb +24 -0
- data/spec/integration/retryable_writes/shared/only_supports_legacy_retries.rb +25 -0
- data/spec/integration/retryable_writes/shared/performs_legacy_retries.rb +215 -0
- data/spec/integration/retryable_writes/shared/performs_modern_retries.rb +232 -0
- data/spec/integration/retryable_writes/shared/performs_no_retries.rb +110 -0
- data/spec/integration/retryable_writes/shared/supports_legacy_retries.rb +19 -0
- data/spec/integration/retryable_writes/shared/supports_modern_retries.rb +25 -0
- data/spec/integration/retryable_writes/shared/supports_retries.rb +16 -0
- data/spec/integration/sdam_error_handling_spec.rb +116 -18
- data/spec/integration/sdam_events_spec.rb +1 -0
- data/spec/integration/server_spec.rb +42 -26
- data/spec/integration/size_limit_spec.rb +2 -20
- data/spec/integration/step_down_spec.rb +15 -15
- data/spec/integration/transactions_api_examples_spec.rb +59 -0
- data/spec/integration/transactions_examples_spec.rb +5 -2
- data/spec/integration/x509_auth_spec.rb +109 -0
- data/spec/kerberos/kerberos_spec.rb +10 -6
- data/spec/lite_spec_helper.rb +21 -19
- data/spec/mongo/address/ipv4_spec.rb +1 -1
- data/spec/mongo/address_spec.rb +2 -2
- data/spec/mongo/auth/cr_spec.rb +7 -7
- data/spec/mongo/auth/gssapi/conversation_spec.rb +121 -0
- data/spec/mongo/auth/invalid_mechanism_spec.rb +1 -1
- data/spec/mongo/auth/ldap/conversation_spec.rb +1 -1
- data/spec/mongo/auth/ldap_spec.rb +3 -3
- data/spec/mongo/auth/scram/conversation_spec.rb +119 -334
- data/spec/mongo/auth/scram256/conversation_spec.rb +171 -0
- data/spec/mongo/auth/{scram/negotiation_spec.rb → scram_negotiation_spec.rb} +13 -8
- data/spec/mongo/auth/scram_spec.rb +28 -68
- data/spec/mongo/auth/user_spec.rb +1 -1
- data/spec/mongo/auth/x509/conversation_spec.rb +1 -1
- data/spec/mongo/auth/x509_spec.rb +8 -8
- data/spec/mongo/auth_spec.rb +4 -4
- data/spec/mongo/bulk_write_spec.rb +206 -2
- data/spec/mongo/client_construction_spec.rb +290 -86
- data/spec/mongo/client_spec.rb +21 -2
- data/spec/mongo/cluster_spec.rb +4 -2
- data/spec/mongo/collection/view/aggregation_spec.rb +6 -2
- data/spec/mongo/collection/view/builder/find_command_spec.rb +17 -6
- data/spec/mongo/collection/view/change_stream_resume_spec.rb +392 -0
- data/spec/mongo/collection/view/change_stream_spec.rb +0 -318
- data/spec/mongo/collection/view/iterable_spec.rb +38 -0
- data/spec/mongo/collection/view/map_reduce_spec.rb +6 -2
- data/spec/mongo/collection/view/readable_spec.rb +15 -1
- data/spec/mongo/collection/view/writable_spec.rb +208 -1
- data/spec/mongo/collection_spec.rb +31 -67
- data/spec/mongo/cursor/builder/get_more_command_spec.rb +6 -1
- data/spec/mongo/cursor/builder/op_get_more_spec.rb +6 -1
- data/spec/mongo/cursor/builder/op_kill_cursors_spec.rb +6 -1
- data/spec/mongo/cursor_spec.rb +9 -1
- data/spec/mongo/database_spec.rb +6 -2
- data/spec/mongo/error/operation_failure_heavy_spec.rb +58 -0
- data/spec/mongo/error/operation_failure_spec.rb +130 -72
- data/spec/mongo/error/unsupported_option_spec.rb +54 -0
- data/spec/mongo/grid/fs_bucket_spec.rb +18 -0
- data/spec/mongo/grid/stream/write_spec.rb +32 -0
- data/spec/mongo/index/view_spec.rb +166 -0
- data/spec/mongo/operation/aggregate/result_spec.rb +6 -1
- data/spec/mongo/operation/delete/bulk_spec.rb +18 -6
- data/spec/mongo/operation/delete/op_msg_spec.rb +22 -14
- data/spec/mongo/operation/find/legacy_spec.rb +27 -7
- data/spec/mongo/operation/get_more_spec.rb +6 -1
- data/spec/mongo/operation/insert/bulk_spec.rb +21 -7
- data/spec/mongo/operation/insert/command_spec.rb +4 -0
- data/spec/mongo/operation/insert/op_msg_spec.rb +22 -14
- data/spec/mongo/operation/limited_spec.rb +5 -3
- data/spec/mongo/operation/read_preference_legacy_spec.rb +16 -4
- data/spec/mongo/operation/read_preference_op_msg_spec.rb +115 -5
- data/spec/mongo/operation/result_spec.rb +6 -1
- data/spec/mongo/operation/update/bulk_spec.rb +18 -6
- data/spec/mongo/operation/update/command_spec.rb +4 -0
- data/spec/mongo/operation/update/op_msg_spec.rb +22 -14
- data/spec/mongo/retryable_spec.rb +71 -70
- data/spec/mongo/server/app_metadata_shared.rb +56 -0
- data/spec/mongo/server/app_metadata_spec.rb +8 -1
- data/spec/mongo/server/connection_auth_spec.rb +31 -12
- data/spec/mongo/server/connection_pool_spec.rb +0 -31
- data/spec/mongo/server/connection_spec.rb +118 -71
- data/spec/mongo/server/monitor/app_metadata_spec.rb +8 -1
- data/spec/mongo/server/monitor/connection_spec.rb +1 -82
- data/spec/mongo/server/monitor_spec.rb +76 -17
- data/spec/mongo/server/round_trip_time_averager_spec.rb +5 -3
- data/spec/mongo/server_selector/nearest_spec.rb +1 -0
- data/spec/mongo/server_selector/primary_preferred_spec.rb +1 -0
- data/spec/mongo/server_selector/primary_spec.rb +18 -0
- data/spec/mongo/server_selector/secondary_preferred_spec.rb +18 -1
- data/spec/mongo/server_selector/secondary_spec.rb +1 -0
- data/spec/mongo/server_selector_spec.rb +0 -1
- data/spec/mongo/session/session_pool_spec.rb +7 -3
- data/spec/mongo/socket/ssl_spec.rb +2 -2
- data/spec/mongo/socket/tcp_spec.rb +2 -2
- data/spec/mongo/socket/unix_spec.rb +2 -2
- data/spec/mongo/socket_spec.rb +9 -9
- data/spec/mongo/timeout_spec.rb +22 -68
- data/spec/mongo/uri_spec.rb +21 -6
- data/spec/runners/auth.rb +5 -6
- data/spec/runners/change_streams/outcome.rb +42 -0
- data/spec/runners/change_streams/spec.rb +57 -0
- data/spec/runners/change_streams/test.rb +229 -0
- data/spec/runners/cmap/verifier.rb +1 -1
- data/spec/runners/command_monitoring.rb +1 -1
- data/spec/runners/connection_string.rb +3 -2
- data/spec/runners/crud.rb +2 -2
- data/spec/runners/crud/context.rb +1 -1
- data/spec/runners/crud/operation.rb +120 -30
- data/spec/runners/crud/outcome.rb +1 -1
- data/spec/runners/crud/spec.rb +1 -0
- data/spec/runners/crud/test.rb +8 -26
- data/spec/runners/crud/test_base.rb +47 -0
- data/spec/runners/crud/verifier.rb +21 -3
- data/spec/runners/gridfs.rb +1 -1
- data/spec/runners/{server_discovery_and_monitoring.rb → sdam.rb} +41 -22
- data/spec/runners/sdam/verifier.rb +26 -8
- data/spec/runners/sdam_monitoring.rb +1 -1
- data/spec/runners/transactions.rb +1 -2
- data/spec/runners/transactions/context.rb +1 -1
- data/spec/runners/transactions/operation.rb +5 -1
- data/spec/runners/transactions/spec.rb +1 -1
- data/spec/runners/transactions/test.rb +48 -54
- data/spec/spec_tests/auth_spec.rb +2 -0
- data/spec/spec_tests/change_streams_spec.rb +39 -4
- data/spec/spec_tests/client_side_encryption_spec.rb +3 -0
- data/spec/spec_tests/cmap_spec.rb +5 -0
- data/spec/spec_tests/command_monitoring_spec.rb +3 -0
- data/spec/spec_tests/connection_string_spec.rb +2 -0
- data/spec/spec_tests/crud_spec.rb +2 -0
- data/spec/spec_tests/data/auth/connection-string.yml +57 -1
- data/spec/spec_tests/data/change_streams/change-streams-errors.yml +30 -0
- data/spec/spec_tests/data/change_streams/change-streams-resume-errorLabels.yml +1105 -0
- data/spec/spec_tests/data/change_streams/change-streams-resume-whitelist.yml +1107 -0
- data/spec/spec_tests/data/change_streams/change-streams.yml +5 -4
- data/spec/spec_tests/data/crud_v2/aggregate-merge.yml +1 -1
- data/spec/spec_tests/data/crud_v2/bulkWrite-arrayFilters.yml +33 -11
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-clientError.yml +63 -0
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint-serverError.yml +92 -0
- data/spec/spec_tests/data/crud_v2/bulkWrite-delete-hint.yml +103 -0
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-clientError.yml +90 -0
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint-serverError.yml +147 -0
- data/spec/spec_tests/data/crud_v2/bulkWrite-update-hint.yml +164 -0
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-clientError.yml +43 -0
- data/spec/spec_tests/data/crud_v2/deleteMany-hint-serverError.yml +62 -0
- data/spec/spec_tests/data/crud_v2/deleteMany-hint.yml +58 -0
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-clientError.yml +41 -0
- data/spec/spec_tests/data/crud_v2/deleteOne-hint-serverError.yml +60 -0
- data/spec/spec_tests/data/crud_v2/deleteOne-hint.yml +57 -0
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-clientError.yml +28 -0
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse-serverError.yml +44 -0
- data/spec/spec_tests/data/crud_v2/find-allowdiskuse.yml +50 -0
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-clientError.yml +45 -0
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint-serverError.yml +60 -0
- data/spec/spec_tests/data/crud_v2/findOneAndDelete-hint.yml +56 -0
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint-serverError.yml +59 -0
- data/spec/spec_tests/data/crud_v2/findOneAndReplace-hint.yml +55 -0
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint-serverError.yml +58 -0
- data/spec/spec_tests/data/crud_v2/findOneAndUpdate-hint.yml +55 -0
- data/spec/spec_tests/data/crud_v2/replaceOne-hint.yml +61 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-delete-hint-clientError.yml +60 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-bulkWrite-update-hint-clientError.yml +88 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteMany-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-deleteOne-hint-clientError.yml +38 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndDelete-hint-clientError.yml +42 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndReplace-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-findOneAndUpdate-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-replaceOne-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateMany-hint-clientError.yml +43 -0
- data/spec/spec_tests/data/crud_v2/unacknowledged-updateOne-hint-clientError.yml +40 -0
- data/spec/spec_tests/data/crud_v2/updateMany-hint-clientError.yml +45 -0
- data/spec/spec_tests/data/crud_v2/updateMany-hint-serverError.yml +66 -0
- data/spec/spec_tests/data/crud_v2/updateMany-hint.yml +65 -0
- data/spec/spec_tests/data/crud_v2/updateOne-hint-clientError.yml +43 -0
- data/spec/spec_tests/data/crud_v2/updateOne-hint-serverError.yml +62 -0
- data/spec/spec_tests/data/crud_v2/updateOne-hint.yml +61 -0
- data/spec/spec_tests/data/crud_v2/updateWithPipelines.yml +65 -0
- data/spec/spec_tests/data/dns_seedlist_discovery/direct-connection-false.yml +10 -0
- data/spec/spec_tests/data/dns_seedlist_discovery/direct-connection-true.yml +5 -0
- data/spec/spec_tests/data/read_write_concern/operation/default-write-concern-2.6.yml +215 -0
- data/spec/spec_tests/data/read_write_concern/operation/default-write-concern-3.2.yml +58 -0
- data/spec/spec_tests/data/read_write_concern/operation/default-write-concern-3.4.yml +95 -0
- data/spec/spec_tests/data/read_write_concern/operation/default-write-concern-4.2.yml +36 -0
- data/spec/spec_tests/data/retryable_writes/bulkWrite-errorLabels.yml +77 -0
- data/spec/spec_tests/data/retryable_writes/bulkWrite-serverErrors.yml +37 -0
- data/spec/spec_tests/data/retryable_writes/deleteOne-errorLabels.yml +48 -0
- data/spec/spec_tests/data/retryable_writes/deleteOne-serverErrors.yml +22 -0
- data/spec/spec_tests/data/retryable_writes/findOneAndDelete-errorLabels.yml +49 -0
- data/spec/spec_tests/data/retryable_writes/findOneAndDelete-serverErrors.yml +23 -0
- data/spec/spec_tests/data/retryable_writes/findOneAndReplace-errorLabels.yml +52 -0
- data/spec/spec_tests/data/retryable_writes/findOneAndReplace-serverErrors.yml +25 -0
- data/spec/spec_tests/data/retryable_writes/findOneAndUpdate-errorLabels.yml +52 -0
- data/spec/spec_tests/data/retryable_writes/findOneAndUpdate-serverErrors.yml +24 -0
- data/spec/spec_tests/data/retryable_writes/insertMany-errorLabels.yml +54 -0
- data/spec/spec_tests/data/retryable_writes/insertMany-serverErrors.yml +24 -0
- data/spec/spec_tests/data/retryable_writes/insertOne-errorLabels.yml +44 -0
- data/spec/spec_tests/data/retryable_writes/insertOne-serverErrors.yml +69 -0
- data/spec/spec_tests/data/retryable_writes/replaceOne-errorLabels.yml +53 -0
- data/spec/spec_tests/data/retryable_writes/replaceOne-serverErrors.yml +23 -0
- data/spec/spec_tests/data/retryable_writes/updateOne-errorLabels.yml +53 -0
- data/spec/spec_tests/data/retryable_writes/updateOne-serverErrors.yml +23 -0
- data/spec/spec_tests/data/sdam/errors/error_handling_handshake.yml +54 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-network-error.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-network-timeout-error.yml +37 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-InterruptedAtShutdown.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-InterruptedDueToReplStateChange.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-NotMaster.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-NotMasterNoSlaveOk.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-NotMasterOrSecondary.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-PrimarySteppedDown.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-greater-ShutdownInProgress.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-InterruptedAtShutdown.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-InterruptedDueToReplStateChange.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-NotMaster.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-NotMasterNoSlaveOk.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-NotMasterOrSecondary.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-PrimarySteppedDown.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-missing-ShutdownInProgress.yml +51 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-InterruptedAtShutdown.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-InterruptedDueToReplStateChange.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-NotMaster.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-NotMasterNoSlaveOk.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-NotMasterOrSecondary.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-PrimarySteppedDown.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/non-stale-topologyVersion-proccessId-changed-ShutdownInProgress.yml +60 -0
- data/spec/spec_tests/data/sdam/errors/post-42-InterruptedAtShutdown.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/post-42-InterruptedDueToReplStateChange.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/post-42-NotMaster.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/post-42-NotMasterNoSlaveOk.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/post-42-NotMasterOrSecondary.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/post-42-PrimarySteppedDown.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/post-42-ShutdownInProgress.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-InterruptedAtShutdown.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-InterruptedDueToReplStateChange.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-NotMaster.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-NotMasterNoSlaveOk.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-NotMasterOrSecondary.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-PrimarySteppedDown.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/pre-42-ShutdownInProgress.yml +46 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-InterruptedAtShutdown.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-InterruptedDueToReplStateChange.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-NotMaster.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-NotMasterNoSlaveOk.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-NotMasterOrSecondary.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-PrimarySteppedDown.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-ShutdownInProgress.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-InterruptedAtShutdown.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-InterruptedDueToReplStateChange.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-NotMaster.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-NotMasterNoSlaveOk.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-NotMasterOrSecondary.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-PrimarySteppedDown.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-ShutdownInProgress.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-network.yml +80 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-afterHandshakeCompletes-timeout.yml +80 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-InterruptedAtShutdown.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-InterruptedDueToReplStateChange.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-NotMaster.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-NotMasterNoSlaveOk.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-NotMasterOrSecondary.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-PrimarySteppedDown.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-ShutdownInProgress.yml +89 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-network.yml +80 -0
- data/spec/spec_tests/data/sdam/errors/stale-generation-beforeHandshakeCompletes-timeout.yml +80 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-InterruptedAtShutdown.yml +64 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-InterruptedDueToReplStateChange.yml +64 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-NotMaster.yml +64 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-NotMasterNoSlaveOk.yml +64 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-NotMasterOrSecondary.yml +64 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-PrimarySteppedDown.yml +64 -0
- data/spec/spec_tests/data/sdam/errors/stale-topologyVersion-ShutdownInProgress.yml +64 -0
- data/spec/spec_tests/data/sdam/rs/compatible.yml +2 -0
- data/spec/spec_tests/data/sdam/rs/compatible_unknown.yml +2 -0
- data/spec/spec_tests/data/sdam/rs/discover_arbiters.yml +2 -2
- data/spec/spec_tests/data/sdam/rs/discover_arbiters_replicaset.yml +43 -0
- data/spec/spec_tests/data/sdam/rs/discover_ghost.yml +35 -0
- data/spec/spec_tests/data/sdam/rs/{ghost_discovered.yml → discover_ghost_replicaset.yml} +1 -1
- data/spec/spec_tests/data/sdam/rs/discover_hidden.yml +50 -0
- data/spec/spec_tests/data/sdam/rs/discover_hidden_replicaset.yml +50 -0
- data/spec/spec_tests/data/sdam/rs/discover_passives.yml +2 -2
- data/spec/spec_tests/data/sdam/rs/discover_passives_replicaset.yml +81 -0
- data/spec/spec_tests/data/sdam/rs/discover_primary.yml +2 -2
- data/spec/spec_tests/data/sdam/rs/discover_primary_replicaset.yml +42 -0
- data/spec/spec_tests/data/sdam/rs/discover_rsother.yml +49 -0
- data/spec/spec_tests/data/sdam/rs/{rsother_discovered.yml → discover_rsother_replicaset.yml} +1 -1
- data/spec/spec_tests/data/sdam/rs/discover_secondary.yml +2 -2
- data/spec/spec_tests/data/sdam/rs/discover_secondary_replicaset.yml +43 -0
- data/spec/spec_tests/data/sdam/rs/incompatible_arbiter.yml +2 -0
- data/spec/spec_tests/data/sdam/rs/incompatible_ghost.yml +2 -0
- data/spec/spec_tests/data/sdam/rs/incompatible_other.yml +2 -0
- data/spec/spec_tests/data/sdam/rs/primary_mismatched_me.yml +23 -27
- data/spec/spec_tests/data/sdam/rs/primary_to_no_primary_mismatched_me.yml +79 -55
- data/spec/spec_tests/data/sdam/rs/replicaset_rsnp.yml +20 -0
- data/spec/spec_tests/data/sdam/rs/secondary_mismatched_me.yml +3 -2
- data/spec/spec_tests/data/sdam/rs/too_new.yml +2 -0
- data/spec/spec_tests/data/sdam/rs/topology_version_equal.yml +66 -0
- data/spec/spec_tests/data/sdam/rs/topology_version_greater.yml +189 -0
- data/spec/spec_tests/data/sdam/rs/topology_version_less.yml +62 -0
- data/spec/spec_tests/data/sdam/sharded/discover_single_mongos.yml +23 -0
- data/spec/spec_tests/data/sdam/single/direct_connection_external_ip.yml +1 -1
- data/spec/spec_tests/data/sdam/single/direct_connection_mongos.yml +2 -2
- data/spec/spec_tests/data/sdam/single/direct_connection_replicaset.yml +22 -0
- data/spec/spec_tests/data/sdam/single/direct_connection_rsarbiter.yml +2 -2
- data/spec/spec_tests/data/sdam/single/direct_connection_rsprimary.yml +2 -2
- data/spec/spec_tests/data/sdam/single/direct_connection_rssecondary.yml +2 -2
- data/spec/spec_tests/data/sdam/single/direct_connection_slave.yml +1 -1
- data/spec/spec_tests/data/sdam/single/direct_connection_standalone.yml +2 -2
- data/spec/spec_tests/data/sdam/single/{unavailable_seed.yml → direct_connection_unavailable_seed.yml} +2 -2
- data/spec/spec_tests/data/sdam/single/direct_connection_wrong_set_name.yml +38 -0
- data/spec/spec_tests/data/sdam/single/discover_standalone.yml +34 -0
- data/spec/spec_tests/data/sdam/single/discover_unavailable_seed.yml +28 -0
- data/spec/spec_tests/data/sdam/single/too_old_then_upgraded.yml +46 -0
- data/spec/spec_tests/data/transactions/create-collection.yml +131 -0
- data/spec/spec_tests/data/transactions/create-index.yml +152 -0
- data/spec/spec_tests/data/transactions/error-labels.yml +87 -21
- data/spec/spec_tests/data/transactions/mongos-recovery-token.yml +1 -0
- data/spec/spec_tests/data/transactions/retryable-abort-errorLabels.yml +124 -0
- data/spec/spec_tests/data/transactions/retryable-abort.yml +17 -2
- data/spec/spec_tests/data/transactions/retryable-commit-errorLabels.yml +132 -0
- data/spec/spec_tests/data/transactions/retryable-commit.yml +24 -9
- data/spec/spec_tests/data/uri_options/connection-options.yml +43 -0
- data/spec/spec_tests/data/uri_options/ruby-auth-options.yml +12 -0
- data/spec/spec_tests/data/uri_options/ruby-connection-options.yml +57 -0
- data/spec/spec_tests/dns_seedlist_discovery_spec.rb +3 -1
- data/spec/spec_tests/gridfs_spec.rb +2 -0
- data/spec/spec_tests/max_staleness_spec.rb +3 -1
- data/spec/spec_tests/read_write_concern_connection_string_spec.rb +2 -0
- data/spec/spec_tests/read_write_concern_operaton_spec.rb +10 -0
- data/spec/spec_tests/retryable_reads_spec.rb +2 -0
- data/spec/spec_tests/retryable_writes_spec.rb +8 -1
- data/spec/spec_tests/sdam_monitoring_spec.rb +3 -1
- data/spec/spec_tests/sdam_spec.rb +70 -1
- data/spec/spec_tests/server_selection_rtt_spec.rb +2 -0
- data/spec/spec_tests/server_selection_spec.rb +2 -0
- data/spec/spec_tests/transactions_api_spec.rb +5 -0
- data/spec/spec_tests/transactions_spec.rb +5 -0
- data/spec/spec_tests/uri_options_spec.rb +2 -0
- data/spec/stress/cleanup_spec.rb +43 -0
- data/spec/stress/connection_pool_stress_spec.rb +1 -5
- data/spec/stress/connection_pool_timing_spec.rb +3 -6
- data/spec/stress/fork_reconnect_stress_spec.rb +109 -0
- data/spec/support/authorization.rb +1 -11
- data/spec/support/aws_utils.rb +62 -0
- data/spec/support/aws_utils/base.rb +134 -0
- data/spec/support/aws_utils/inspector.rb +224 -0
- data/spec/support/aws_utils/orchestrator.rb +370 -0
- data/spec/support/aws_utils/provisioner.rb +360 -0
- data/spec/support/background_thread_registry.rb +6 -2
- data/spec/support/client_registry.rb +5 -24
- data/spec/support/cluster_config.rb +1 -0
- data/spec/support/common_shortcuts.rb +43 -0
- data/spec/support/constraints.rb +27 -7
- data/spec/support/crypt.rb +1 -1
- data/spec/support/event_subscriber.rb +94 -84
- data/spec/support/lite_constraints.rb +47 -0
- data/spec/support/shared/scram_conversation.rb +100 -0
- data/spec/support/shared/server_selector.rb +81 -1
- data/spec/support/shared/session.rb +29 -21
- data/spec/support/spec_config.rb +39 -9
- data/spec/support/spec_setup.rb +8 -4
- data/spec/support/utils.rb +115 -24
- metadata +1134 -744
- metadata.gz.sig +0 -0
- data/lib/mongo/server/connectable.rb +0 -107
- data/spec/integration/bulk_write_spec.rb +0 -19
- data/spec/integration/grid_fs_bucket_spec.rb +0 -48
- data/spec/integration/zlib_compression_spec.rb +0 -25
- data/spec/runners/change_streams.rb +0 -262
- data/spec/runners/change_streams/operation.rb +0 -89
- data/spec/spec_tests/data/sdam/sharded/ruby_discovered_single_mongos.yml +0 -27
data/lib/mongo/address/unix.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (C) 2014-
|
|
1
|
+
# Copyright (C) 2014-2020 MongoDB Inc.
|
|
2
2
|
#
|
|
3
3
|
# Licensed under the Apache License, Version 2.0 (the 'License');
|
|
4
4
|
# you may not use this file except in compliance with the License.
|
|
@@ -63,7 +63,6 @@ module Mongo
|
|
|
63
63
|
# address.socket(5)
|
|
64
64
|
#
|
|
65
65
|
# @param [ Float ] socket_timeout The socket timeout.
|
|
66
|
-
# @param [ Hash ] ssl_options SSL options - ignored.
|
|
67
66
|
# @param [ Hash ] options The options.
|
|
68
67
|
#
|
|
69
68
|
# @option options [ Float ] :connect_timeout Connect timeout.
|
|
@@ -71,7 +70,8 @@ module Mongo
|
|
|
71
70
|
# @return [ Mongo::Socket::Unix ] The socket.
|
|
72
71
|
#
|
|
73
72
|
# @since 2.0.0
|
|
74
|
-
|
|
73
|
+
# @api private
|
|
74
|
+
def socket(socket_timeout, options = {})
|
|
75
75
|
Socket::Unix.new(host, socket_timeout, options)
|
|
76
76
|
end
|
|
77
77
|
end
|
data/lib/mongo/auth.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (C) 2014-
|
|
1
|
+
# Copyright (C) 2014-2020 MongoDB Inc.
|
|
2
2
|
#
|
|
3
3
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
4
|
# you may not use this file except in compliance with the License.
|
|
@@ -13,13 +13,20 @@
|
|
|
13
13
|
# limitations under the License.
|
|
14
14
|
|
|
15
15
|
require 'mongo/auth/credential_cache'
|
|
16
|
+
require 'mongo/auth/stringprep'
|
|
17
|
+
require 'mongo/auth/conversation_base'
|
|
18
|
+
require 'mongo/auth/sasl_conversation_base'
|
|
19
|
+
require 'mongo/auth/scram_conversation_base'
|
|
20
|
+
require 'mongo/auth/user'
|
|
21
|
+
require 'mongo/auth/roles'
|
|
22
|
+
require 'mongo/auth/base'
|
|
23
|
+
require 'mongo/auth/aws'
|
|
16
24
|
require 'mongo/auth/cr'
|
|
25
|
+
require 'mongo/auth/gssapi'
|
|
17
26
|
require 'mongo/auth/ldap'
|
|
18
27
|
require 'mongo/auth/scram'
|
|
19
|
-
require 'mongo/auth/
|
|
28
|
+
require 'mongo/auth/scram256'
|
|
20
29
|
require 'mongo/auth/x509'
|
|
21
|
-
require 'mongo/auth/roles'
|
|
22
|
-
require 'mongo/auth/stringprep'
|
|
23
30
|
|
|
24
31
|
module Mongo
|
|
25
32
|
|
|
@@ -32,43 +39,59 @@ module Mongo
|
|
|
32
39
|
# The external database name.
|
|
33
40
|
#
|
|
34
41
|
# @since 2.0.0
|
|
42
|
+
# @api private
|
|
35
43
|
EXTERNAL = '$external'.freeze
|
|
36
44
|
|
|
37
45
|
# Constant for the nonce command.
|
|
38
46
|
#
|
|
39
47
|
# @since 2.0.0
|
|
48
|
+
# @api private
|
|
40
49
|
GET_NONCE = { getnonce: 1 }.freeze
|
|
41
50
|
|
|
42
51
|
# Constant for the nonce field.
|
|
43
52
|
#
|
|
44
53
|
# @since 2.0.0
|
|
54
|
+
# @api private
|
|
45
55
|
NONCE = 'nonce'.freeze
|
|
46
56
|
|
|
47
57
|
# Map the symbols parsed from the URI connection string to strategies.
|
|
48
58
|
#
|
|
59
|
+
# @note This map is not frozen because when mongo_kerberos is loaded,
|
|
60
|
+
# it mutates this map by adding the Kerberos authenticator.
|
|
61
|
+
#
|
|
49
62
|
# @since 2.0.0
|
|
50
63
|
SOURCES = {
|
|
64
|
+
aws: Aws,
|
|
65
|
+
gssapi: Gssapi,
|
|
51
66
|
mongodb_cr: CR,
|
|
52
67
|
mongodb_x509: X509,
|
|
53
68
|
plain: LDAP,
|
|
54
|
-
scram:
|
|
55
|
-
scram256:
|
|
69
|
+
scram: Scram,
|
|
70
|
+
scram256: Scram256,
|
|
56
71
|
}
|
|
57
72
|
|
|
58
|
-
# Get
|
|
73
|
+
# Get an authenticator for the provided user to authenticate over the
|
|
74
|
+
# provided connection.
|
|
59
75
|
#
|
|
60
|
-
# @
|
|
61
|
-
#
|
|
76
|
+
# @param [ Auth::User ] user The user to authenticate.
|
|
77
|
+
# @param [ Mongo::Connection ] connection The connection to authenticate over.
|
|
62
78
|
#
|
|
63
|
-
# @
|
|
79
|
+
# @option opts [ String | nil ] speculative_auth_client_nonce The client
|
|
80
|
+
# nonce used in speculative auth on the specified connection that
|
|
81
|
+
# produced the specified speculative auth result.
|
|
82
|
+
# @option opts [ BSON::Document | nil ] speculative_auth_result The
|
|
83
|
+
# value of speculativeAuthenticate field of ismaster response of
|
|
84
|
+
# the handshake on the specified connection.
|
|
64
85
|
#
|
|
65
|
-
# @return [
|
|
86
|
+
# @return [ Auth::Aws | Auth::CR | Auth::Gssapi | Auth::LDAP |
|
|
87
|
+
# Auth::Scram | Auth::Scram256 | Auth::X509 ] The authenticator.
|
|
66
88
|
#
|
|
67
89
|
# @since 2.0.0
|
|
68
|
-
|
|
90
|
+
# @api private
|
|
91
|
+
def get(user, connection, **opts)
|
|
69
92
|
mechanism = user.mechanism
|
|
70
93
|
raise InvalidMechanism.new(mechanism) if !SOURCES.has_key?(mechanism)
|
|
71
|
-
SOURCES[mechanism].new(user)
|
|
94
|
+
SOURCES[mechanism].new(user, connection, **opts)
|
|
72
95
|
end
|
|
73
96
|
|
|
74
97
|
# Raised when trying to authorize with an invalid configuration
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# Copyright (C) 2020 MongoDB Inc.
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License at
|
|
6
|
+
#
|
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module Mongo
|
|
16
|
+
module Auth
|
|
17
|
+
class Aws < Base
|
|
18
|
+
MECHANISM = 'MONGODB-AWS'.freeze
|
|
19
|
+
|
|
20
|
+
# Log the user in on the current connection.
|
|
21
|
+
#
|
|
22
|
+
# @return [ BSON::Document ] The document of the authentication response.
|
|
23
|
+
def login
|
|
24
|
+
converse_2_step(connection, conversation)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# The AWS credential set.
|
|
28
|
+
#
|
|
29
|
+
# @api private
|
|
30
|
+
Credentials = Struct.new(:access_key_id, :secret_access_key, :session_token)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
require 'mongo/auth/aws/conversation'
|
|
36
|
+
require 'mongo/auth/aws/credentials_retriever'
|
|
37
|
+
require 'mongo/auth/aws/request'
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
# Copyright (C) 2020 MongoDB Inc.
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License at
|
|
6
|
+
#
|
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module Mongo
|
|
16
|
+
module Auth
|
|
17
|
+
class Aws
|
|
18
|
+
|
|
19
|
+
# Defines behavior around a single MONGODB-AWS conversation between the
|
|
20
|
+
# client and server.
|
|
21
|
+
#
|
|
22
|
+
# @see https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#mongodb-aws
|
|
23
|
+
#
|
|
24
|
+
# @api private
|
|
25
|
+
class Conversation < SaslConversationBase
|
|
26
|
+
|
|
27
|
+
# Continue the AWS conversation. This sends the client final message
|
|
28
|
+
# to the server after setting the reply from the previous server
|
|
29
|
+
# communication.
|
|
30
|
+
#
|
|
31
|
+
# @param [ BSON::Document ] reply_document The reply document of the
|
|
32
|
+
# previous message.
|
|
33
|
+
# @param [ Server::Connection ] connection The connection being
|
|
34
|
+
# authenticated.
|
|
35
|
+
#
|
|
36
|
+
# @return [ Protocol::Message ] The next message to send.
|
|
37
|
+
def continue(reply_document, connection)
|
|
38
|
+
@conversation_id = reply_document[:conversationId]
|
|
39
|
+
payload = reply_document[:payload].data
|
|
40
|
+
payload = BSON::Document.from_bson(BSON::ByteBuffer.new(payload))
|
|
41
|
+
@server_nonce = payload[:s].data
|
|
42
|
+
validate_server_nonce!
|
|
43
|
+
@sts_host = payload[:h]
|
|
44
|
+
unless (1..255).include?(@sts_host.bytesize)
|
|
45
|
+
raise Error::InvalidServerAuthConfiguration, "STS host name length is not in 1..255 bytes range: #{@sts_host}"
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
selector = CLIENT_CONTINUE_MESSAGE.merge(
|
|
49
|
+
payload: BSON::Binary.new(client_final_payload),
|
|
50
|
+
conversationId: conversation_id,
|
|
51
|
+
)
|
|
52
|
+
selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
|
|
53
|
+
cluster_time = connection.mongos? && connection.cluster_time
|
|
54
|
+
selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
|
|
55
|
+
Protocol::Msg.new([], {}, selector)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
private
|
|
59
|
+
|
|
60
|
+
# @return [ String ] The server nonce.
|
|
61
|
+
attr_reader :server_nonce
|
|
62
|
+
|
|
63
|
+
# Get the id of the conversation.
|
|
64
|
+
#
|
|
65
|
+
# @return [ Integer ] The conversation id.
|
|
66
|
+
attr_reader :conversation_id
|
|
67
|
+
|
|
68
|
+
def client_first_payload
|
|
69
|
+
{payload: client_first_message}
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def client_first_data
|
|
73
|
+
{
|
|
74
|
+
r: BSON::Binary.new(client_nonce),
|
|
75
|
+
p: 110,
|
|
76
|
+
}
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def client_first_payload
|
|
80
|
+
client_first_data.to_bson.to_s
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def wrap_data(data)
|
|
84
|
+
BSON::Binary.new(data.to_bson.to_s)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def client_nonce
|
|
88
|
+
@client_nonce ||= SecureRandom.random_bytes(32)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def client_final_payload
|
|
92
|
+
credentials = CredentialsRetriever.new(user).credentials
|
|
93
|
+
request = Request.new(
|
|
94
|
+
access_key_id: credentials.access_key_id,
|
|
95
|
+
secret_access_key: credentials.secret_access_key,
|
|
96
|
+
session_token: credentials.session_token,
|
|
97
|
+
host: @sts_host,
|
|
98
|
+
server_nonce: server_nonce,
|
|
99
|
+
)
|
|
100
|
+
|
|
101
|
+
# Uncomment this line to validate obtained credentials on the
|
|
102
|
+
# client side prior to sending them to the server.
|
|
103
|
+
# This generally produces informative diagnostics as to why
|
|
104
|
+
# the credentials are not valid (e.g., they could be expired)
|
|
105
|
+
# whereas the server normally does not elaborate on why
|
|
106
|
+
# authentication failed (but the reason usually is logged into
|
|
107
|
+
# the server logs).
|
|
108
|
+
#
|
|
109
|
+
# Note that credential validation requires that the client is
|
|
110
|
+
# able to access AWS STS. If this is not permitted by firewall
|
|
111
|
+
# rules, validation will fail but credentials may be perfectly OK
|
|
112
|
+
# and the server may be able to authenticate using them just fine
|
|
113
|
+
# (provided the server is allowed to communicate with STS).
|
|
114
|
+
#request.validate!
|
|
115
|
+
|
|
116
|
+
payload = {
|
|
117
|
+
a: request.authorization,
|
|
118
|
+
d: request.formatted_time,
|
|
119
|
+
}
|
|
120
|
+
if credentials.session_token
|
|
121
|
+
payload[:t] = credentials.session_token
|
|
122
|
+
end
|
|
123
|
+
payload.to_bson.to_s
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
end
|
|
127
|
+
end
|
|
128
|
+
end
|
|
@@ -0,0 +1,219 @@
|
|
|
1
|
+
# Copyright (C) 2020 MongoDB Inc.
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License at
|
|
6
|
+
#
|
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module Mongo
|
|
16
|
+
module Auth
|
|
17
|
+
class Aws
|
|
18
|
+
|
|
19
|
+
# Retrieves AWS credentials from a variety of sources.
|
|
20
|
+
#
|
|
21
|
+
# This class provides for AWS credentials retrieval from:
|
|
22
|
+
# - the passed user (which receives the credentials passed to the
|
|
23
|
+
# client via URI options and Ruby options)
|
|
24
|
+
# - AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
|
|
25
|
+
# environment variables (commonly used by AWS SDKs and various tools,
|
|
26
|
+
# as well as AWS Lambda)
|
|
27
|
+
# - EC2 metadata endpoint
|
|
28
|
+
# - ECS metadata endpoint
|
|
29
|
+
#
|
|
30
|
+
# The sources listed above are consulted in the order specified.
|
|
31
|
+
# The first source that contains any of the three credential components
|
|
32
|
+
# (access key id, secret access key or session token) is used.
|
|
33
|
+
# The credential components must form a valid set if any of the components
|
|
34
|
+
# is specified; meaning, access key id and secret access key must
|
|
35
|
+
# always be provided together, and if a session token is provided
|
|
36
|
+
# the key id and secret key must also be provided. If a source provides
|
|
37
|
+
# partial credentials, credential retrieval fails with an exception.
|
|
38
|
+
#
|
|
39
|
+
# @api private
|
|
40
|
+
class CredentialsRetriever
|
|
41
|
+
|
|
42
|
+
# Timeout for metadata operations, in seconds.
|
|
43
|
+
#
|
|
44
|
+
# The auth spec suggests a 10 second timeout but this seems
|
|
45
|
+
# excessively long given that the endpoint is essentially local.
|
|
46
|
+
METADATA_TIMEOUT = 5
|
|
47
|
+
|
|
48
|
+
def initialize(user = nil)
|
|
49
|
+
@user = user
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# @return [ Auth::User | nil ] The user object, if one was provided.
|
|
53
|
+
attr_reader :user
|
|
54
|
+
|
|
55
|
+
# Retrieves a valid set of credentials, if possible, or raises
|
|
56
|
+
# Auth::InvalidConfiguration.
|
|
57
|
+
#
|
|
58
|
+
# @return [ Auth::Aws::Credentials ] A valid set of credentials.
|
|
59
|
+
#
|
|
60
|
+
# @raise Auth::InvalidConfiguration if credentials could not be
|
|
61
|
+
# retrieved for any reason, or if a source contains an invalid set
|
|
62
|
+
# of credentials.
|
|
63
|
+
def credentials
|
|
64
|
+
if user
|
|
65
|
+
credentials = Credentials.new(
|
|
66
|
+
user.name,
|
|
67
|
+
user.password,
|
|
68
|
+
user.auth_mech_properties['aws_session_token'],
|
|
69
|
+
)
|
|
70
|
+
|
|
71
|
+
if credentials_valid?(credentials, 'Mongo::Client URI or Ruby options')
|
|
72
|
+
return credentials
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
credentials = Credentials.new(
|
|
77
|
+
ENV['AWS_ACCESS_KEY_ID'],
|
|
78
|
+
ENV['AWS_SECRET_ACCESS_KEY'],
|
|
79
|
+
ENV['AWS_SESSION_TOKEN'],
|
|
80
|
+
)
|
|
81
|
+
|
|
82
|
+
if credentials_valid?(credentials, 'environment variables')
|
|
83
|
+
return credentials
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
credentials = ecs_metadata_credentials
|
|
87
|
+
|
|
88
|
+
if credentials && credentials_valid?(credentials, 'ECS task metadata')
|
|
89
|
+
return credentials
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
credentials = ec2_metadata_credentials
|
|
93
|
+
|
|
94
|
+
if credentials && credentials_valid?(credentials, 'EC2 instance metadata')
|
|
95
|
+
return credentials
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
raise Auth::InvalidConfiguration,
|
|
99
|
+
"Could not locate AWS credentials (checked Client URI and Ruby options, environment variables, ECS and EC2 metadata)"
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
private
|
|
103
|
+
|
|
104
|
+
# Returns credentials from the EC2 metadata endpoint. The credentials
|
|
105
|
+
# could be empty, partial or invalid.
|
|
106
|
+
#
|
|
107
|
+
# @return [ Auth::Aws::Credentials | nil ] A set of credentials, or nil
|
|
108
|
+
# if retrieval failed.
|
|
109
|
+
def ec2_metadata_credentials
|
|
110
|
+
http = Net::HTTP.new('169.254.169.254')
|
|
111
|
+
req = Net::HTTP::Put.new('/latest/api/token',
|
|
112
|
+
# The TTL is required in order to obtain the metadata token.
|
|
113
|
+
{'x-aws-ec2-metadata-token-ttl-seconds' => '30'})
|
|
114
|
+
resp = ::Timeout.timeout(METADATA_TIMEOUT) do
|
|
115
|
+
http.request(req)
|
|
116
|
+
end
|
|
117
|
+
if resp.code != '200'
|
|
118
|
+
return nil
|
|
119
|
+
end
|
|
120
|
+
metadata_token = resp.body
|
|
121
|
+
resp = ::Timeout.timeout(METADATA_TIMEOUT) do
|
|
122
|
+
http_get(http, '/latest/meta-data/iam/security-credentials', metadata_token)
|
|
123
|
+
end
|
|
124
|
+
if resp.code != '200'
|
|
125
|
+
return nil
|
|
126
|
+
end
|
|
127
|
+
role_name = resp.body
|
|
128
|
+
escaped_role_name = CGI.escape(role_name).gsub('+', '%20')
|
|
129
|
+
resp = ::Timeout.timeout(METADATA_TIMEOUT) do
|
|
130
|
+
http_get(http, "/latest/meta-data/iam/security-credentials/#{escaped_role_name}", metadata_token)
|
|
131
|
+
end
|
|
132
|
+
if resp.code != '200'
|
|
133
|
+
return nil
|
|
134
|
+
end
|
|
135
|
+
payload = JSON.parse(resp.body)
|
|
136
|
+
unless payload['Code'] == 'Success'
|
|
137
|
+
return nil
|
|
138
|
+
end
|
|
139
|
+
Credentials.new(
|
|
140
|
+
payload['AccessKeyId'],
|
|
141
|
+
payload['SecretAccessKey'],
|
|
142
|
+
payload['Token'],
|
|
143
|
+
)
|
|
144
|
+
# When trying to use the EC2 metadata endpoint on ECS:
|
|
145
|
+
# Errno::EINVAL: Failed to open TCP connection to 169.254.169.254:80 (Invalid argument - connect(2) for "169.254.169.254" port 80)
|
|
146
|
+
rescue ::Timeout::Error, IOError, SystemCallError
|
|
147
|
+
return nil
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def ecs_metadata_credentials
|
|
151
|
+
relative_uri = ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
|
|
152
|
+
if relative_uri.nil? || relative_uri.empty?
|
|
153
|
+
return nil
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
http = Net::HTTP.new('169.254.170.2')
|
|
157
|
+
# Per https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
|
|
158
|
+
# the value in AWS_CONTAINER_CREDENTIALS_RELATIVE_URI includes
|
|
159
|
+
# the leading slash.
|
|
160
|
+
# The current language in MONGODB-AWS specification implies that
|
|
161
|
+
# a leading slash must be added by the driver, but this is not
|
|
162
|
+
# in fact needed.
|
|
163
|
+
req = Net::HTTP::Get.new(relative_uri)
|
|
164
|
+
resp = ::Timeout.timeout(METADATA_TIMEOUT) do
|
|
165
|
+
http.request(req)
|
|
166
|
+
end
|
|
167
|
+
if resp.code != '200'
|
|
168
|
+
return nil
|
|
169
|
+
end
|
|
170
|
+
payload = JSON.parse(resp.body)
|
|
171
|
+
Credentials.new(
|
|
172
|
+
payload['AccessKeyId'],
|
|
173
|
+
payload['SecretAccessKey'],
|
|
174
|
+
payload['Token'],
|
|
175
|
+
)
|
|
176
|
+
rescue ::Timeout::Error, IOError, SystemCallError
|
|
177
|
+
return nil
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
def http_get(http, uri, metadata_token)
|
|
181
|
+
req = Net::HTTP::Get.new(uri,
|
|
182
|
+
{'x-aws-ec2-metadata-token' => metadata_token})
|
|
183
|
+
http.request(req)
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
# Checks whether the credentials provided are valid.
|
|
187
|
+
#
|
|
188
|
+
# Returns true if they are valid, false if they are empty, and
|
|
189
|
+
# raises Auth::InvalidConfiguration if the credentials are
|
|
190
|
+
# incomplete (i.e. some of the components are missing).
|
|
191
|
+
def credentials_valid?(credentials, source)
|
|
192
|
+
unless credentials.access_key_id || credentials.secret_access_key ||
|
|
193
|
+
credentials.session_token
|
|
194
|
+
then
|
|
195
|
+
return false
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
if credentials.access_key_id || credentials.secret_access_key
|
|
199
|
+
if credentials.access_key_id && !credentials.secret_access_key
|
|
200
|
+
raise Auth::InvalidConfiguration,
|
|
201
|
+
"Access key ID is provided without secret access key (source: #{source})"
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
if credentials.secret_access_key && !credentials.access_key_id
|
|
205
|
+
raise Auth::InvalidConfiguration,
|
|
206
|
+
"Secret access key is provided without access key ID (source: #{source})"
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
elsif credentials.session_token
|
|
210
|
+
raise Auth::InvalidConfiguration,
|
|
211
|
+
"Session token is provided without access key ID or secret access key (source: #{source})"
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
true
|
|
215
|
+
end
|
|
216
|
+
end
|
|
217
|
+
end
|
|
218
|
+
end
|
|
219
|
+
end
|