mongo 2.13.0.beta1 → 2.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (339) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +1 -5
  4. data/Rakefile +50 -9
  5. data/lib/mongo.rb +13 -2
  6. data/lib/mongo/address.rb +1 -1
  7. data/lib/mongo/address/ipv4.rb +1 -1
  8. data/lib/mongo/address/ipv6.rb +1 -1
  9. data/lib/mongo/auth/aws/request.rb +31 -5
  10. data/lib/mongo/bulk_write.rb +18 -0
  11. data/lib/mongo/caching_cursor.rb +74 -0
  12. data/lib/mongo/client.rb +238 -31
  13. data/lib/mongo/cluster.rb +56 -20
  14. data/lib/mongo/cluster/sdam_flow.rb +13 -10
  15. data/lib/mongo/cluster/topology/replica_set_no_primary.rb +3 -2
  16. data/lib/mongo/cluster/topology/sharded.rb +1 -1
  17. data/lib/mongo/cluster/topology/single.rb +2 -2
  18. data/lib/mongo/collection.rb +66 -24
  19. data/lib/mongo/collection/view.rb +24 -20
  20. data/lib/mongo/collection/view/aggregation.rb +25 -4
  21. data/lib/mongo/collection/view/builder/find_command.rb +38 -18
  22. data/lib/mongo/collection/view/explainable.rb +27 -8
  23. data/lib/mongo/collection/view/iterable.rb +72 -12
  24. data/lib/mongo/collection/view/readable.rb +19 -3
  25. data/lib/mongo/collection/view/writable.rb +55 -5
  26. data/lib/mongo/crypt/encryption_io.rb +6 -6
  27. data/lib/mongo/cursor.rb +16 -3
  28. data/lib/mongo/database.rb +37 -4
  29. data/lib/mongo/database/view.rb +18 -3
  30. data/lib/mongo/distinguishing_semaphore.rb +55 -0
  31. data/lib/mongo/error.rb +5 -0
  32. data/lib/mongo/error/invalid_read_concern.rb +28 -0
  33. data/lib/mongo/error/invalid_server_auth_host.rb +22 -0
  34. data/lib/mongo/error/invalid_session.rb +2 -1
  35. data/lib/mongo/error/operation_failure.rb +11 -5
  36. data/lib/mongo/error/server_certificate_revoked.rb +22 -0
  37. data/lib/mongo/error/sessions_not_supported.rb +35 -0
  38. data/lib/mongo/error/unsupported_option.rb +14 -12
  39. data/lib/mongo/event/base.rb +6 -0
  40. data/lib/mongo/grid/file.rb +5 -0
  41. data/lib/mongo/grid/file/chunk.rb +2 -0
  42. data/lib/mongo/grid/fs_bucket.rb +15 -13
  43. data/lib/mongo/grid/stream/write.rb +9 -3
  44. data/lib/mongo/index/view.rb +3 -0
  45. data/lib/mongo/lint.rb +2 -1
  46. data/lib/mongo/logger.rb +3 -3
  47. data/lib/mongo/monitoring.rb +38 -0
  48. data/lib/mongo/monitoring/command_log_subscriber.rb +10 -2
  49. data/lib/mongo/monitoring/event/command_failed.rb +11 -0
  50. data/lib/mongo/monitoring/event/command_started.rb +37 -2
  51. data/lib/mongo/monitoring/event/command_succeeded.rb +11 -0
  52. data/lib/mongo/monitoring/event/server_closed.rb +1 -1
  53. data/lib/mongo/monitoring/event/server_description_changed.rb +27 -4
  54. data/lib/mongo/monitoring/event/server_heartbeat_failed.rb +9 -2
  55. data/lib/mongo/monitoring/event/server_heartbeat_started.rb +9 -2
  56. data/lib/mongo/monitoring/event/server_heartbeat_succeeded.rb +9 -2
  57. data/lib/mongo/monitoring/event/server_opening.rb +1 -1
  58. data/lib/mongo/monitoring/event/topology_changed.rb +1 -1
  59. data/lib/mongo/monitoring/event/topology_closed.rb +1 -1
  60. data/lib/mongo/monitoring/event/topology_opening.rb +1 -1
  61. data/lib/mongo/monitoring/publishable.rb +6 -3
  62. data/lib/mongo/monitoring/server_description_changed_log_subscriber.rb +9 -1
  63. data/lib/mongo/monitoring/topology_changed_log_subscriber.rb +1 -1
  64. data/lib/mongo/operation.rb +2 -0
  65. data/lib/mongo/operation/aggregate/result.rb +9 -8
  66. data/lib/mongo/operation/collections_info/command.rb +5 -0
  67. data/lib/mongo/operation/collections_info/result.rb +18 -1
  68. data/lib/mongo/operation/delete/bulk_result.rb +2 -0
  69. data/lib/mongo/operation/delete/result.rb +3 -0
  70. data/lib/mongo/operation/explain/command.rb +4 -0
  71. data/lib/mongo/operation/explain/legacy.rb +4 -0
  72. data/lib/mongo/operation/explain/op_msg.rb +6 -0
  73. data/lib/mongo/operation/explain/result.rb +3 -0
  74. data/lib/mongo/operation/find/legacy/result.rb +2 -0
  75. data/lib/mongo/operation/find/result.rb +13 -0
  76. data/lib/mongo/operation/get_more/result.rb +3 -0
  77. data/lib/mongo/operation/indexes/result.rb +5 -0
  78. data/lib/mongo/operation/insert/bulk_result.rb +5 -0
  79. data/lib/mongo/operation/insert/result.rb +5 -0
  80. data/lib/mongo/operation/list_collections/result.rb +5 -0
  81. data/lib/mongo/operation/map_reduce/result.rb +10 -0
  82. data/lib/mongo/operation/parallel_scan/result.rb +4 -0
  83. data/lib/mongo/operation/result.rb +35 -6
  84. data/lib/mongo/operation/shared/bypass_document_validation.rb +1 -0
  85. data/lib/mongo/operation/shared/causal_consistency_supported.rb +1 -0
  86. data/lib/mongo/operation/shared/collections_info_or_list_collections.rb +2 -0
  87. data/lib/mongo/operation/shared/executable.rb +1 -0
  88. data/lib/mongo/operation/shared/idable.rb +2 -1
  89. data/lib/mongo/operation/shared/limited.rb +1 -0
  90. data/lib/mongo/operation/shared/object_id_generator.rb +1 -0
  91. data/lib/mongo/operation/shared/result/aggregatable.rb +1 -0
  92. data/lib/mongo/operation/shared/sessions_supported.rb +1 -0
  93. data/lib/mongo/operation/shared/specifiable.rb +1 -0
  94. data/lib/mongo/operation/shared/write.rb +1 -0
  95. data/lib/mongo/operation/shared/write_concern_supported.rb +1 -0
  96. data/lib/mongo/operation/update/legacy/result.rb +7 -0
  97. data/lib/mongo/operation/update/result.rb +8 -0
  98. data/lib/mongo/operation/users_info/result.rb +3 -0
  99. data/lib/mongo/protocol/message.rb +47 -10
  100. data/lib/mongo/protocol/msg.rb +34 -1
  101. data/lib/mongo/protocol/query.rb +36 -0
  102. data/lib/mongo/protocol/serializers.rb +5 -2
  103. data/lib/mongo/query_cache.rb +242 -0
  104. data/lib/mongo/retryable.rb +8 -1
  105. data/lib/mongo/server.rb +15 -4
  106. data/lib/mongo/server/app_metadata.rb +27 -3
  107. data/lib/mongo/server/connection.rb +4 -4
  108. data/lib/mongo/server/connection_base.rb +38 -12
  109. data/lib/mongo/server/connection_common.rb +2 -2
  110. data/lib/mongo/server/connection_pool.rb +3 -0
  111. data/lib/mongo/server/description.rb +13 -1
  112. data/lib/mongo/server/monitor.rb +76 -44
  113. data/lib/mongo/server/monitor/connection.rb +57 -9
  114. data/lib/mongo/server/pending_connection.rb +14 -4
  115. data/lib/mongo/server/push_monitor.rb +173 -0
  116. data/{spec/runners/transactions/context.rb → lib/mongo/server/push_monitor/connection.rb} +9 -14
  117. data/lib/mongo/server_selector.rb +0 -1
  118. data/lib/mongo/server_selector/base.rb +583 -1
  119. data/lib/mongo/server_selector/nearest.rb +1 -6
  120. data/lib/mongo/server_selector/primary.rb +1 -6
  121. data/lib/mongo/server_selector/primary_preferred.rb +7 -10
  122. data/lib/mongo/server_selector/secondary.rb +1 -6
  123. data/lib/mongo/server_selector/secondary_preferred.rb +1 -7
  124. data/lib/mongo/session.rb +7 -1
  125. data/lib/mongo/socket.rb +26 -12
  126. data/lib/mongo/socket/ocsp_cache.rb +97 -0
  127. data/lib/mongo/socket/ocsp_verifier.rb +368 -0
  128. data/lib/mongo/socket/ssl.rb +46 -25
  129. data/lib/mongo/socket/tcp.rb +1 -1
  130. data/lib/mongo/srv/monitor.rb +7 -13
  131. data/lib/mongo/srv/resolver.rb +14 -10
  132. data/lib/mongo/timeout.rb +2 -0
  133. data/lib/mongo/topology_version.rb +9 -0
  134. data/lib/mongo/uri.rb +21 -390
  135. data/lib/mongo/uri/options_mapper.rb +582 -0
  136. data/lib/mongo/uri/srv_protocol.rb +3 -2
  137. data/lib/mongo/utils.rb +73 -0
  138. data/lib/mongo/version.rb +1 -1
  139. data/spec/NOTES.aws-auth.md +12 -7
  140. data/spec/README.aws-auth.md +2 -2
  141. data/spec/README.md +63 -1
  142. data/spec/integration/awaited_ismaster_spec.rb +28 -0
  143. data/spec/integration/bson_symbol_spec.rb +4 -2
  144. data/spec/integration/bulk_write_spec.rb +67 -0
  145. data/spec/integration/change_stream_examples_spec.rb +6 -2
  146. data/spec/integration/change_stream_spec.rb +1 -1
  147. data/spec/integration/check_clean_slate_spec.rb +16 -0
  148. data/spec/integration/client_authentication_options_spec.rb +92 -28
  149. data/spec/integration/client_construction_spec.rb +1 -0
  150. data/spec/integration/client_side_encryption/auto_encryption_bulk_writes_spec.rb +9 -5
  151. data/spec/integration/connect_single_rs_name_spec.rb +5 -2
  152. data/spec/integration/connection_pool_populator_spec.rb +4 -2
  153. data/spec/integration/connection_spec.rb +7 -4
  154. data/spec/integration/crud_spec.rb +4 -4
  155. data/spec/integration/cursor_reaping_spec.rb +54 -18
  156. data/spec/integration/docs_examples_spec.rb +6 -0
  157. data/spec/integration/fork_reconnect_spec.rb +56 -1
  158. data/spec/integration/grid_fs_bucket_spec.rb +48 -0
  159. data/spec/integration/heartbeat_events_spec.rb +4 -23
  160. data/spec/integration/ocsp_connectivity_spec.rb +26 -0
  161. data/spec/integration/ocsp_verifier_cache_spec.rb +188 -0
  162. data/spec/integration/ocsp_verifier_spec.rb +334 -0
  163. data/spec/integration/query_cache_spec.rb +1045 -0
  164. data/spec/integration/query_cache_transactions_spec.rb +190 -0
  165. data/spec/integration/read_concern_spec.rb +1 -1
  166. data/spec/integration/retryable_errors_spec.rb +1 -1
  167. data/spec/integration/retryable_writes/retryable_writes_40_and_newer_spec.rb +1 -0
  168. data/spec/integration/retryable_writes/shared/performs_legacy_retries.rb +4 -2
  169. data/spec/integration/retryable_writes/shared/performs_modern_retries.rb +3 -3
  170. data/spec/integration/retryable_writes/shared/performs_no_retries.rb +2 -2
  171. data/spec/integration/sdam_error_handling_spec.rb +122 -15
  172. data/spec/integration/sdam_events_spec.rb +80 -6
  173. data/spec/integration/sdam_prose_spec.rb +64 -0
  174. data/spec/integration/server_monitor_spec.rb +25 -1
  175. data/spec/integration/server_selection_spec.rb +36 -0
  176. data/spec/integration/size_limit_spec.rb +23 -5
  177. data/spec/integration/srv_monitoring_spec.rb +38 -3
  178. data/spec/integration/srv_spec.rb +56 -0
  179. data/spec/integration/ssl_uri_options_spec.rb +2 -2
  180. data/spec/integration/transactions_examples_spec.rb +17 -7
  181. data/spec/integration/zlib_compression_spec.rb +25 -0
  182. data/spec/lite_spec_helper.rb +20 -9
  183. data/spec/mongo/address_spec.rb +1 -1
  184. data/spec/mongo/auth/aws/request_region_spec.rb +42 -0
  185. data/spec/mongo/auth/aws/request_spec.rb +76 -0
  186. data/spec/mongo/auth/scram_spec.rb +1 -1
  187. data/spec/mongo/auth/user_spec.rb +1 -1
  188. data/spec/mongo/bulk_write_spec.rb +2 -2
  189. data/spec/mongo/caching_cursor_spec.rb +70 -0
  190. data/spec/mongo/client_construction_spec.rb +386 -3
  191. data/spec/mongo/client_encryption_spec.rb +16 -10
  192. data/spec/mongo/client_spec.rb +85 -3
  193. data/spec/mongo/cluster/topology/replica_set_spec.rb +53 -10
  194. data/spec/mongo/cluster/topology/sharded_spec.rb +1 -1
  195. data/spec/mongo/cluster/topology/single_spec.rb +19 -8
  196. data/spec/mongo/cluster/topology/unknown_spec.rb +1 -1
  197. data/spec/mongo/cluster/topology_spec.rb +1 -1
  198. data/spec/mongo/cluster_spec.rb +37 -35
  199. data/spec/mongo/collection/view/change_stream_resume_spec.rb +7 -7
  200. data/spec/mongo/collection/view/explainable_spec.rb +87 -4
  201. data/spec/mongo/collection/view/map_reduce_spec.rb +2 -0
  202. data/spec/mongo/collection/view/readable_spec.rb +36 -0
  203. data/spec/mongo/collection_spec.rb +572 -0
  204. data/spec/mongo/crypt/auto_decryption_context_spec.rb +1 -1
  205. data/spec/mongo/crypt/auto_encryption_context_spec.rb +1 -1
  206. data/spec/mongo/crypt/binary_spec.rb +1 -6
  207. data/spec/mongo/crypt/binding/binary_spec.rb +1 -6
  208. data/spec/mongo/crypt/binding/context_spec.rb +2 -7
  209. data/spec/mongo/crypt/binding/helpers_spec.rb +1 -6
  210. data/spec/mongo/crypt/binding/mongocrypt_spec.rb +2 -7
  211. data/spec/mongo/crypt/binding/status_spec.rb +1 -6
  212. data/spec/mongo/crypt/binding/version_spec.rb +1 -6
  213. data/spec/mongo/crypt/data_key_context_spec.rb +1 -1
  214. data/spec/mongo/crypt/explicit_decryption_context_spec.rb +1 -1
  215. data/spec/mongo/crypt/explicit_encryption_context_spec.rb +1 -1
  216. data/spec/mongo/crypt/status_spec.rb +1 -6
  217. data/spec/mongo/database_spec.rb +353 -8
  218. data/spec/mongo/distinguishing_semaphore_spec.rb +63 -0
  219. data/spec/mongo/error/no_server_available_spec.rb +1 -1
  220. data/spec/mongo/error/operation_failure_spec.rb +40 -0
  221. data/spec/mongo/index/view_spec.rb +148 -2
  222. data/spec/mongo/logger_spec.rb +13 -11
  223. data/spec/mongo/monitoring/event/server_closed_spec.rb +1 -1
  224. data/spec/mongo/monitoring/event/server_description_changed_spec.rb +1 -4
  225. data/spec/mongo/monitoring/event/server_opening_spec.rb +1 -1
  226. data/spec/mongo/monitoring/event/topology_changed_spec.rb +1 -1
  227. data/spec/mongo/monitoring/event/topology_closed_spec.rb +1 -1
  228. data/spec/mongo/monitoring/event/topology_opening_spec.rb +1 -1
  229. data/spec/mongo/operation/delete/op_msg_spec.rb +3 -3
  230. data/spec/mongo/operation/insert/command_spec.rb +2 -2
  231. data/spec/mongo/operation/insert/op_msg_spec.rb +3 -3
  232. data/spec/mongo/operation/read_preference_op_msg_spec.rb +1 -1
  233. data/spec/mongo/operation/update/command_spec.rb +2 -2
  234. data/spec/mongo/operation/update/op_msg_spec.rb +3 -3
  235. data/spec/mongo/protocol/msg_spec.rb +10 -0
  236. data/spec/mongo/query_cache_spec.rb +280 -0
  237. data/spec/mongo/semaphore_spec.rb +51 -0
  238. data/spec/mongo/server/app_metadata_shared.rb +82 -2
  239. data/spec/mongo/server/connection_auth_spec.rb +2 -2
  240. data/spec/mongo/server/connection_pool_spec.rb +7 -3
  241. data/spec/mongo/server/connection_spec.rb +15 -8
  242. data/spec/mongo/server/description_spec.rb +18 -0
  243. data/spec/mongo/server_selector/nearest_spec.rb +23 -23
  244. data/spec/mongo/server_selector/primary_preferred_spec.rb +26 -26
  245. data/spec/mongo/server_selector/primary_spec.rb +9 -9
  246. data/spec/mongo/server_selector/secondary_preferred_spec.rb +22 -22
  247. data/spec/mongo/server_selector/secondary_spec.rb +18 -18
  248. data/spec/mongo/server_selector_spec.rb +6 -6
  249. data/spec/mongo/session_spec.rb +35 -0
  250. data/spec/mongo/socket/ssl_spec.rb +4 -4
  251. data/spec/mongo/socket_spec.rb +1 -1
  252. data/spec/mongo/uri/srv_protocol_spec.rb +64 -33
  253. data/spec/mongo/uri_option_parsing_spec.rb +11 -11
  254. data/spec/mongo/uri_spec.rb +68 -41
  255. data/spec/mongo/utils_spec.rb +39 -0
  256. data/spec/runners/auth.rb +3 -0
  257. data/spec/runners/change_streams/test.rb +3 -3
  258. data/spec/runners/cmap.rb +1 -1
  259. data/spec/runners/command_monitoring.rb +3 -34
  260. data/spec/runners/connection_string.rb +35 -124
  261. data/spec/runners/crud/context.rb +9 -5
  262. data/spec/runners/crud/operation.rb +59 -27
  263. data/spec/runners/crud/spec.rb +0 -8
  264. data/spec/runners/crud/test.rb +1 -1
  265. data/spec/runners/crud/test_base.rb +0 -19
  266. data/spec/runners/sdam.rb +2 -2
  267. data/spec/runners/server_selection.rb +242 -28
  268. data/spec/runners/transactions.rb +12 -12
  269. data/spec/runners/transactions/operation.rb +151 -25
  270. data/spec/runners/transactions/test.rb +62 -18
  271. data/spec/shared/LICENSE +20 -0
  272. data/spec/shared/lib/mrss/child_process_helper.rb +80 -0
  273. data/spec/shared/lib/mrss/constraints.rb +303 -0
  274. data/spec/shared/lib/mrss/lite_constraints.rb +175 -0
  275. data/spec/shared/lib/mrss/spec_organizer.rb +149 -0
  276. data/spec/spec_helper.rb +3 -1
  277. data/spec/spec_tests/cmap_spec.rb +7 -3
  278. data/spec/spec_tests/command_monitoring_spec.rb +22 -12
  279. data/spec/spec_tests/crud_spec.rb +1 -1
  280. data/spec/spec_tests/data/change_streams/change-streams-errors.yml +4 -9
  281. data/spec/spec_tests/data/change_streams/change-streams-resume-whitelist.yml +66 -0
  282. data/spec/spec_tests/data/change_streams/change-streams.yml +0 -1
  283. data/spec/spec_tests/data/cmap/pool-checkout-connection.yml +6 -2
  284. data/spec/spec_tests/data/cmap/pool-create-min-size.yml +3 -0
  285. data/spec/spec_tests/data/connection_string/valid-warnings.yml +24 -0
  286. data/spec/spec_tests/data/max_staleness/ReplicaSetNoPrimary/MaxStalenessTooSmall.yml +15 -0
  287. data/spec/spec_tests/data/max_staleness/ReplicaSetNoPrimary/NoKnownServers.yml +4 -3
  288. data/spec/spec_tests/data/max_staleness/Unknown/SmallMaxStaleness.yml +1 -0
  289. data/spec/spec_tests/data/sdam_integration/cancel-server-check.yml +96 -0
  290. data/spec/spec_tests/data/sdam_integration/connectTimeoutMS.yml +88 -0
  291. data/spec/spec_tests/data/sdam_integration/find-network-error.yml +83 -0
  292. data/spec/spec_tests/data/sdam_integration/find-shutdown-error.yml +116 -0
  293. data/spec/spec_tests/data/sdam_integration/insert-network-error.yml +86 -0
  294. data/spec/spec_tests/data/sdam_integration/insert-shutdown-error.yml +115 -0
  295. data/spec/spec_tests/data/sdam_integration/isMaster-command-error.yml +168 -0
  296. data/spec/spec_tests/data/sdam_integration/isMaster-network-error.yml +162 -0
  297. data/spec/spec_tests/data/sdam_integration/isMaster-timeout.yml +229 -0
  298. data/spec/spec_tests/data/sdam_integration/rediscover-quickly-after-step-down.yml +87 -0
  299. data/spec/spec_tests/data/sdam_monitoring/discovered_standalone.yml +1 -3
  300. data/spec/spec_tests/data/sdam_monitoring/standalone.yml +2 -2
  301. data/spec/spec_tests/data/sdam_monitoring/standalone_repeated.yml +2 -2
  302. data/spec/spec_tests/data/sdam_monitoring/standalone_suppress_equal_description_changes.yml +2 -2
  303. data/spec/spec_tests/data/sdam_monitoring/standalone_to_rs_with_me_mismatch.yml +2 -2
  304. data/spec/spec_tests/data/uri_options/auth-options.yml +25 -0
  305. data/spec/spec_tests/data/uri_options/compression-options.yml +6 -3
  306. data/spec/spec_tests/data/uri_options/read-preference-options.yml +24 -0
  307. data/spec/spec_tests/data/uri_options/ruby-connection-options.yml +1 -0
  308. data/spec/spec_tests/data/uri_options/tls-options.yml +160 -4
  309. data/spec/spec_tests/dns_seedlist_discovery_spec.rb +9 -1
  310. data/spec/spec_tests/max_staleness_spec.rb +4 -142
  311. data/spec/spec_tests/retryable_reads_spec.rb +2 -2
  312. data/spec/spec_tests/sdam_integration_spec.rb +13 -0
  313. data/spec/spec_tests/sdam_monitoring_spec.rb +1 -2
  314. data/spec/spec_tests/server_selection_spec.rb +4 -116
  315. data/spec/spec_tests/uri_options_spec.rb +31 -33
  316. data/spec/stress/cleanup_spec.rb +17 -2
  317. data/spec/stress/connection_pool_stress_spec.rb +10 -8
  318. data/spec/stress/fork_reconnect_stress_spec.rb +1 -1
  319. data/spec/support/certificates/atlas-ocsp-ca.crt +28 -0
  320. data/spec/support/certificates/atlas-ocsp.crt +41 -0
  321. data/spec/support/client_registry.rb +1 -0
  322. data/spec/support/client_registry_macros.rb +11 -2
  323. data/spec/support/cluster_config.rb +4 -0
  324. data/spec/support/common_shortcuts.rb +45 -0
  325. data/spec/support/constraints.rb +6 -253
  326. data/spec/support/event_subscriber.rb +123 -33
  327. data/spec/support/keyword_struct.rb +26 -0
  328. data/spec/support/matchers.rb +16 -0
  329. data/spec/support/ocsp +1 -0
  330. data/spec/support/session_registry.rb +52 -0
  331. data/spec/support/shared/server_selector.rb +13 -1
  332. data/spec/support/spec_config.rb +60 -13
  333. data/spec/support/spec_setup.rb +1 -1
  334. data/spec/support/utils.rb +84 -1
  335. metadata +1027 -937
  336. metadata.gz.sig +0 -0
  337. data/lib/mongo/server_selector/selectable.rb +0 -560
  338. data/spec/runners/sdam_monitoring.rb +0 -89
  339. data/spec/support/lite_constraints.rb +0 -141
@@ -0,0 +1,26 @@
1
+ require 'lite_spec_helper'
2
+
3
+ # These tests test the configurations described in
4
+ # https://github.com/mongodb/specifications/blob/master/source/ocsp-support/tests/README.rst#integration-tests-permutations-to-be-tested
5
+ describe 'OCSP connectivity' do
6
+ require_ocsp_connectivity
7
+ clear_ocsp_cache
8
+
9
+ let(:client) do
10
+ new_local_client(ENV.fetch('MONGODB_URI'),
11
+ server_selection_timeout: 5,
12
+ )
13
+ end
14
+
15
+ if ENV['OCSP_CONNECTIVITY'] == 'fail'
16
+ it 'fails to connect' do
17
+ lambda do
18
+ client.command(ping: 1)
19
+ end.should raise_error(Mongo::Error::NoServerAvailable, /UNKNOWN/)
20
+ end
21
+ else
22
+ it 'works' do
23
+ client.command(ping: 1)
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,188 @@
1
+ require 'lite_spec_helper'
2
+ require 'webrick'
3
+
4
+ describe Mongo::Socket::OcspVerifier do
5
+ require_ocsp_verifier
6
+
7
+ shared_examples 'verifies' do
8
+ context 'mri' do
9
+ fails_on_jruby
10
+
11
+ it 'verifies the first time and reads from cache the second time' do
12
+ RSpec::Mocks.with_temporary_scope do
13
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
14
+
15
+ verifier.verify_with_cache.should be true
16
+ end
17
+
18
+ RSpec::Mocks.with_temporary_scope do
19
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).not_to receive(:do_verify)
20
+
21
+ verifier.verify_with_cache.should be true
22
+ end
23
+ end
24
+ end
25
+
26
+ context 'jruby' do
27
+ require_jruby
28
+
29
+ # JRuby does not return OCSP endpoints, therefore we never perform
30
+ # any validation.
31
+ # https://github.com/jruby/jruby-openssl/issues/210
32
+ it 'does not verify' do
33
+ RSpec::Mocks.with_temporary_scope do
34
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
35
+
36
+ verifier.verify.should be false
37
+ end
38
+
39
+ RSpec::Mocks.with_temporary_scope do
40
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
41
+
42
+ verifier.verify.should be false
43
+ end
44
+ end
45
+ end
46
+ end
47
+
48
+ shared_examples 'fails verification' do
49
+ context 'mri' do
50
+ fails_on_jruby
51
+
52
+ it 'verifies the first time, reads from cache the second time, raises an exception in both cases' do
53
+ RSpec::Mocks.with_temporary_scope do
54
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
55
+
56
+ lambda do
57
+ verifier.verify
58
+ # Redirect tests receive responses from port 8101,
59
+ # tests without redirects receive responses from port 8100.
60
+ end.should raise_error(Mongo::Error::ServerCertificateRevoked, %r,TLS certificate of 'foo' has been revoked according to 'http://localhost:810[01]/status',)
61
+ end
62
+
63
+ RSpec::Mocks.with_temporary_scope do
64
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).not_to receive(:do_verify)
65
+
66
+ lambda do
67
+ verifier.verify
68
+ # Redirect tests receive responses from port 8101,
69
+ # tests without redirects receive responses from port 8100.
70
+ end.should raise_error(Mongo::Error::ServerCertificateRevoked, %r,TLS certificate of 'foo' has been revoked according to 'http://localhost:810[01]/status',)
71
+ end
72
+ end
73
+ end
74
+
75
+ context 'jruby' do
76
+ require_jruby
77
+
78
+ # JRuby does not return OCSP endpoints, therefore we never perform
79
+ # any validation.
80
+ # https://github.com/jruby/jruby-openssl/issues/210
81
+ it 'does not verify' do
82
+ RSpec::Mocks.with_temporary_scope do
83
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
84
+
85
+ verifier.verify.should be false
86
+ end
87
+
88
+ RSpec::Mocks.with_temporary_scope do
89
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
90
+
91
+ verifier.verify.should be false
92
+ end
93
+ end
94
+ end
95
+ end
96
+
97
+ shared_examples 'does not verify' do
98
+ it 'does not verify and does not raise an exception' do
99
+ RSpec::Mocks.with_temporary_scope do
100
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
101
+
102
+ verifier.verify.should be false
103
+ end
104
+
105
+ RSpec::Mocks.with_temporary_scope do
106
+ expect_any_instance_of(Mongo::Socket::OcspVerifier).to receive(:do_verify).and_call_original
107
+
108
+ verifier.verify.should be false
109
+ end
110
+ end
111
+ end
112
+
113
+ shared_context 'verifier' do |opts|
114
+ algorithm = opts[:algorithm]
115
+
116
+ let(:cert_path) { SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/server.pem") }
117
+ let(:ca_cert_path) { SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem") }
118
+
119
+ let(:cert) { OpenSSL::X509::Certificate.new(File.read(cert_path)) }
120
+ let(:ca_cert) { OpenSSL::X509::Certificate.new(File.read(ca_cert_path)) }
121
+
122
+ let(:cert_store) do
123
+ OpenSSL::X509::Store.new.tap do |store|
124
+ store.add_cert(ca_cert)
125
+ end
126
+ end
127
+
128
+ let(:verifier) do
129
+ described_class.new('foo', cert, ca_cert, cert_store, timeout: 3)
130
+ end
131
+ end
132
+
133
+ include_context 'verifier', algorithm: 'rsa'
134
+ algorithm = 'rsa'
135
+
136
+ %w(ca delegate).each do |responder_cert|
137
+ responder_cert_file_name = {
138
+ 'ca' => 'ca',
139
+ 'delegate' => 'ocsp-responder',
140
+ }.fetch(responder_cert)
141
+
142
+ context "when responder uses #{responder_cert} cert" do
143
+ context 'good response' do
144
+ with_ocsp_mock(
145
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
146
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
147
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
148
+ )
149
+
150
+ include_examples 'verifies'
151
+
152
+ it 'does not wait for the timeout' do
153
+ lambda do
154
+ verifier.verify
155
+ end.should take_shorter_than 3
156
+ end
157
+ end
158
+
159
+ context 'revoked response' do
160
+ with_ocsp_mock(
161
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
162
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
163
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
164
+ fault: 'revoked'
165
+ )
166
+
167
+ include_examples 'fails verification'
168
+ end
169
+
170
+ context 'unknown response' do
171
+ with_ocsp_mock(
172
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
173
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
174
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
175
+ fault: 'unknown',
176
+ )
177
+
178
+ include_examples 'does not verify'
179
+
180
+ it 'does not wait for the timeout' do
181
+ lambda do
182
+ verifier.verify
183
+ end.should take_shorter_than 3
184
+ end
185
+ end
186
+ end
187
+ end
188
+ end
@@ -0,0 +1,334 @@
1
+ require 'lite_spec_helper'
2
+ require 'webrick'
3
+
4
+ describe Mongo::Socket::OcspVerifier do
5
+ require_ocsp_verifier
6
+
7
+ shared_examples 'verifies' do
8
+ context 'mri' do
9
+ fails_on_jruby
10
+
11
+ it 'verifies' do
12
+ verifier.verify.should be true
13
+ end
14
+ end
15
+
16
+ context 'jruby' do
17
+ require_jruby
18
+
19
+ # JRuby does not return OCSP endpoints, therefore we never perform
20
+ # any validation.
21
+ # https://github.com/jruby/jruby-openssl/issues/210
22
+ it 'does not verify' do
23
+ verifier.verify.should be false
24
+ end
25
+ end
26
+ end
27
+
28
+ shared_examples 'fails verification' do
29
+ context 'mri' do
30
+ fails_on_jruby
31
+
32
+ it 'raises an exception' do
33
+ lambda do
34
+ verifier.verify
35
+ # Redirect tests receive responses from port 8101,
36
+ # tests without redirects receive responses from port 8100.
37
+ end.should raise_error(Mongo::Error::ServerCertificateRevoked, %r,TLS certificate of 'foo' has been revoked according to 'http://localhost:810[01]/status',)
38
+ end
39
+
40
+ it 'does not wait for the timeout' do
41
+ lambda do
42
+ lambda do
43
+ verifier.verify
44
+ end.should raise_error(Mongo::Error::ServerCertificateRevoked)
45
+ end.should take_shorter_than 3
46
+ end
47
+ end
48
+
49
+ context 'jruby' do
50
+ require_jruby
51
+
52
+ # JRuby does not return OCSP endpoints, therefore we never perform
53
+ # any validation.
54
+ # https://github.com/jruby/jruby-openssl/issues/210
55
+ it 'does not verify' do
56
+ verifier.verify.should be false
57
+ end
58
+ end
59
+ end
60
+
61
+ shared_examples 'does not verify' do
62
+ it 'does not verify and does not raise an exception' do
63
+ verifier.verify.should be false
64
+ end
65
+ end
66
+
67
+ shared_context 'basic verifier' do
68
+
69
+ let(:cert) { OpenSSL::X509::Certificate.new(File.read(cert_path)) }
70
+ let(:ca_cert) { OpenSSL::X509::Certificate.new(File.read(ca_cert_path)) }
71
+
72
+ let(:cert_store) do
73
+ OpenSSL::X509::Store.new.tap do |store|
74
+ store.add_cert(ca_cert)
75
+ end
76
+ end
77
+
78
+ let(:verifier) do
79
+ described_class.new('foo', cert, ca_cert, cert_store, timeout: 3)
80
+ end
81
+ end
82
+
83
+ shared_context 'verifier' do |opts|
84
+ algorithm = opts[:algorithm]
85
+
86
+ let(:cert_path) { SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/server.pem") }
87
+ let(:ca_cert_path) { SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem") }
88
+
89
+ include_context 'basic verifier'
90
+ end
91
+
92
+ %w(rsa ecdsa).each do |algorithm|
93
+ context "when using #{algorithm} cert" do
94
+ include_context 'verifier', algorithm: algorithm
95
+
96
+ context 'responder not responding' do
97
+ include_examples 'does not verify'
98
+
99
+ it 'does not wait for the timeout' do
100
+ # Loopback interface should be refusing connections, which will make
101
+ # the operation complete quickly.
102
+ lambda do
103
+ verifier.verify
104
+ end.should take_shorter_than 3
105
+ end
106
+ end
107
+
108
+ %w(ca delegate).each do |responder_cert|
109
+ responder_cert_file_name = {
110
+ 'ca' => 'ca',
111
+ 'delegate' => 'ocsp-responder',
112
+ }.fetch(responder_cert)
113
+
114
+ context "when responder uses #{responder_cert} cert" do
115
+ context 'good response' do
116
+ with_ocsp_mock(
117
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
118
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
119
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
120
+ )
121
+
122
+ include_examples 'verifies'
123
+
124
+ it 'does not wait for the timeout' do
125
+ lambda do
126
+ verifier.verify
127
+ end.should take_shorter_than 3
128
+ end
129
+ end
130
+
131
+ context 'revoked response' do
132
+ with_ocsp_mock(
133
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
134
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
135
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
136
+ fault: 'revoked'
137
+ )
138
+
139
+ include_examples 'fails verification'
140
+ end
141
+
142
+ context 'unknown response' do
143
+ with_ocsp_mock(
144
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
145
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
146
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
147
+ fault: 'unknown',
148
+ )
149
+
150
+ include_examples 'does not verify'
151
+
152
+ it 'does not wait for the timeout' do
153
+ lambda do
154
+ verifier.verify
155
+ end.should take_shorter_than 3
156
+ end
157
+ end
158
+ end
159
+ end
160
+ end
161
+ end
162
+
163
+ context 'when OCSP responder redirects' do
164
+ algorithm = 'rsa'
165
+ responder_cert_file_name = 'ca'
166
+ let(:algorithm) { 'rsa' }
167
+ let(:responder_cert_file_name) { 'ca' }
168
+
169
+ context 'one time' do
170
+
171
+ around do |example|
172
+ server = WEBrick::HTTPServer.new(Port: 8100)
173
+ server.mount_proc '/' do |req, res|
174
+ res.status = 303
175
+ res['locAtion'] = "http://localhost:8101#{req.path}"
176
+ res.body = "See http://localhost:8101#{req.path}"
177
+ end
178
+ Thread.new { server.start }
179
+ begin
180
+ example.run
181
+ ensure
182
+ server.shutdown
183
+ end
184
+ end
185
+
186
+ include_context 'verifier', algorithm: algorithm
187
+
188
+ context 'good response' do
189
+ with_ocsp_mock(
190
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
191
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
192
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
193
+ port: 8101,
194
+ )
195
+
196
+ include_examples 'verifies'
197
+
198
+ it 'does not wait for the timeout' do
199
+ lambda do
200
+ verifier.verify
201
+ end.should take_shorter_than 3
202
+ end
203
+ end
204
+
205
+ context 'revoked response' do
206
+ with_ocsp_mock(
207
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
208
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
209
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
210
+ fault: 'revoked',
211
+ port: 8101,
212
+ )
213
+
214
+ include_examples 'fails verification'
215
+ end
216
+
217
+ context 'unknown response' do
218
+ with_ocsp_mock(
219
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
220
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
221
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
222
+ fault: 'unknown',
223
+ port: 8101,
224
+ )
225
+
226
+ include_examples 'does not verify'
227
+
228
+ it 'does not wait for the timeout' do
229
+ lambda do
230
+ verifier.verify
231
+ end.should take_shorter_than 3
232
+ end
233
+ end
234
+ end
235
+
236
+ context 'infinitely' do
237
+ with_ocsp_mock(
238
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/ca.pem"),
239
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.crt"),
240
+ SpecConfig.instance.ocsp_files_dir.join("#{algorithm}/#{responder_cert_file_name}.key"),
241
+ port: 8101,
242
+ )
243
+
244
+ around do |example|
245
+ server = WEBrick::HTTPServer.new(Port: 8100)
246
+ server.mount_proc '/' do |req, res|
247
+ res.status = 303
248
+ res['locAtion'] = req.path
249
+ res.body = "See #{req.path} indefinitely"
250
+ end
251
+ Thread.new { server.start }
252
+ begin
253
+ example.run
254
+ ensure
255
+ server.shutdown
256
+ end
257
+ end
258
+
259
+ include_context 'verifier', algorithm: algorithm
260
+ include_examples 'does not verify'
261
+ end
262
+ end
263
+
264
+ context 'responder returns unexpected status code' do
265
+
266
+ include_context 'verifier', algorithm: 'rsa'
267
+
268
+ context '40x / 50x' do
269
+ around do |example|
270
+ server = WEBrick::HTTPServer.new(Port: 8100)
271
+ server.mount_proc '/' do |req, res|
272
+ res.status = code
273
+ res.body = "HTTP #{code}"
274
+ end
275
+ Thread.new { server.start }
276
+ begin
277
+ example.run
278
+ ensure
279
+ server.shutdown
280
+ end
281
+ end
282
+
283
+ [400, 404, 500, 503].each do |_code|
284
+ context "code #{_code}" do
285
+ let(:code) { _code }
286
+ include_examples 'does not verify'
287
+ end
288
+ end
289
+ end
290
+
291
+ context '204' do
292
+ around do |example|
293
+ server = WEBrick::HTTPServer.new(Port: 8100)
294
+ server.mount_proc '/' do |req, res|
295
+ res.status = 204
296
+ end
297
+ Thread.new { server.start }
298
+ begin
299
+ example.run
300
+ ensure
301
+ server.shutdown
302
+ end
303
+ end
304
+
305
+ context "code 204" do
306
+ let(:code) { 204 }
307
+ include_examples 'does not verify'
308
+ end
309
+ end
310
+ end
311
+
312
+ context 'responder URI has no path' do
313
+ require_external_connectivity
314
+
315
+ include_context 'basic verifier'
316
+
317
+ let(:cert_path) { File.join(File.dirname(__FILE__), '../support/certificates/atlas-ocsp.crt') }
318
+ let(:ca_cert_path) { File.join(File.dirname(__FILE__), '../support/certificates/atlas-ocsp-ca.crt') }
319
+ let(:cert_store) do
320
+ OpenSSL::X509::Store.new.tap do |store|
321
+ store.set_default_paths
322
+ end
323
+ end
324
+
325
+ before do
326
+ URI.parse(verifier.ocsp_uris.first).path.should == ''
327
+ end
328
+
329
+ it 'verifies' do
330
+ # TODO This test might fail if the certificate expires?
331
+ verifier.verify.should be true
332
+ end
333
+ end
334
+ end