mongo 2.13.1 → 2.14.0.rc1

data/lib/mongo/uri/srv_protocol.rb

@@ -97,7 +97,7 @@ module Mongo
 
       # @return [ String ] NO_SRV_RECORDS Error message format string indicating that no SRV records
       #   were found.
-      NO_SRV_RECORDS = "The DNS query returned no SRV records at hostname (%s)".freeze
+      NO_SRV_RECORDS = "The DNS query returned no SRV records for '%s'".freeze
 
       # @return [ String ] INVALID_TXT_RECORD_OPTION Error message format string indicating that an
       #   unexpected TXT record option was found.
@@ -130,6 +130,7 @@ module Mongo
         @resolver ||= Srv::Resolver.new(
           raise_on_invalid: true,
           resolv_options: options[:resolv_options],
+          timeout: options[:connect_timeout],
         )
       end
 
@@ -220,7 +221,7 @@ module Mongo
           raise Error::InvalidTXTRecord.new(INVALID_OPTS_VALUE_DELIM) unless opt.index(URI_OPTS_VALUE_DELIM)
           key, value = opt.split(URI_OPTS_VALUE_DELIM)
           raise Error::InvalidTXTRecord.new(INVALID_TXT_RECORD_OPTION) unless VALID_TXT_OPTIONS.include?(key.downcase)
-          add_uri_option(key, value, txt_options)
+          options_mapper.add_uri_option(key, value, txt_options)
           txt_options
         end
       end

data/lib/mongo/utils.rb

@@ -34,7 +34,7 @@ module Mongo
     # @option opts [ Logger ] :logger A custom logger to use.
     # @option opts [ String ] :log_prefix A custom log prefix to use when
     #   logging.
-    module_function def warn_monitor_exception(msg, exc, **opts)
+    module_function def warn_bg_exception(msg, exc, **opts)
       bt_excerpt = excerpt_backtrace(exc, **opts)
       logger = LocalLogger.new(**opts)
       logger.log_warn("#{msg}: #{exc.class}: #{exc}#{bt_excerpt}")
@@ -55,8 +55,19 @@ module Mongo
       end
     end
 
+    # Symbolizes the keys in the provided hash.
     module_function def shallow_symbolize_keys(hash)
       Hash[hash.map { |k, v| [k.to_sym, v] }]
     end
+
+    # Stringifies the keys in the provided hash and converts underscore
+    # style keys to camel case style keys.
+    module_function def shallow_camelize_keys(hash)
+      Hash[hash.map { |k, v| [camelize(k), v] }]
+    end
+
+    module_function def camelize(sym)
+      sym.to_s.gsub(/_(\w)/) { $1.upcase }
+    end
   end
 end

data/lib/mongo/version.rb

@@ -17,5 +17,5 @@ module Mongo
   # The current version of the driver.
   #
   # @since 2.0.0
-  VERSION = '2.13.1'.freeze
+  VERSION = '2.14.0.rc1'.freeze
 end

data/spec/NOTES.aws-auth.md

@@ -145,13 +145,16 @@ problem. Below are some of the puzzling responses I encountered:
   line) but the value is otherwise completely valid. This error has no relation
   to the "session token" or "security token" as used with temporary AWS
   credentials.
-- *The security token included in the request is invalid*: this error is
-  produced when the AWS access key id, as specified in the scope part of the
-  `Authorization` header, is not a valid access key id. In the case of
-  non-temporary credentials being used for authentication, the error refers to
-  a "security token" but the authentication process does not actually use a
-  security token as this term is used in the AWS documentation describing
-  temporary credentials.
+- *The security token included in the request is invalid*: this error can be
+  produced in several circumstances:
+  - When the AWS access key id, as specified in the scope part of the
+    `Authorization` header, is not a valid access key id. In the case of
+    non-temporary credentials being used for authentication, the error refers to
+    a "security token" but the authentication process does not actually use a
+    security token as this term is used in the AWS documentation describing
+    temporary credentials.
+  - When using temporary credentials and the security token is not provided
+    in the STS request at all (x-amz-security-token header).
 - *Signature expired: 20200317T000000Z is now earlier than 20200317T222541Z
   (20200317T224041Z - 15 min.)*: This error happens when `x-amz-date` header
   value is the formatted date (`YYYYMMDD`) rather than the ISO8601 formatted
@@ -168,6 +171,8 @@ problem. Below are some of the puzzling responses I encountered:
   produced when temporary credentials are used and the credentials have
   expired.
 
+See also [AWS documentation for STS error messages](https://docs.aws.amazon.com/STS/latest/APIReference/CommonErrors.html).
+
 ### Resources
 
 Generally I found Amazon's own documentation to be the best for implementing

data/spec/README.md

@@ -107,7 +107,7 @@ other tests require a sharded cluster with more than one shard. Tests requiring
 a single shard can be run against a deployment with multiple shards by
 specifying only one mongos address in MONGODB_URI.
 
-## Note Regarding SSL/TLS Arguments
+## Note Regarding TLS/SSL Arguments
 
 MongoDB 4.2 (server and shell) added new command line options for setting TLS
 parameters. These options follow the naming of URI options used by both the
@@ -185,6 +185,51 @@ verification, run:
 Note that there are tests in the test suite that cover TLS verification, and
 they may fail if the test suite is run in this way.
 
+## OCSP
+
+There are several types of OCSP tests implemented in the test suite.
+
+OCSP unit tests are in `spec/integration/ocsp_verifier_spec.rb`. To run
+these, set `OCSP_VERIFIER=1` in the environment. There must NOT be a process
+running on the host port 8100 as that port will be used by the OCSP responder
+launched by the tests.
+
+For the remaining OCSP tests, the following environment variables must be set
+to the possible values indicated below:
+
+    OCSP_ALGORITHM=rsa|ecdsa
+    OCSP_STATUS=valid|revoked|unknown
+    OCSP_DELEGATE=0|1
+    OCSP_MUST_STAPLE=0|1
+
+These tests also require the mock OCSP responder running on the host machine
+on port 8100 with the configuration that matches the environment variables
+just described. Please refer to the Docker and Evergreen scripts in the
+driver repository for further details.
+
+Additionally, the server must be configured to use the appropriate server
+certificate and CA certificate from the respective subdirectory of
+`spec/support/ocsp`. This is easiest to achieve by using the Docker tooling
+described in `.evergreen/README.md`.
+
+OCSP connectivity tests are in `spec/integration/ocsp_connectivity.rb`.
+These test the combinations described
+[here](https://github.com/mongodb/specifications/blob/master/source/ocsp-support/tests/README.rst#integration-tests-permutations-to-be-tested).
+To run these tests, set `OCSP_CONNECTIVITY=pass` environment variable if
+the tests are expected to connect successfully or `OCSP_CONNECTIVITY=fail` if
+the tests are expected to not connect.
+Note that some of these configurations require OCSP responder to return
+the failure response; in such configurations, ONLY the OCSP connectivity tests
+may pass (since the driver may reject connections to servers when OCSP
+responder returns the failure response, or OCSP verification otherwise
+definitively fails).
+
+When not running either OCSP verifier tests or OCSP connectivity tests but
+when OCSP algorithm is configured, the test suite will execute normally
+using the provided `MONGO_URI`. This configuration may be used to exercise
+OCSP while running the full test suite. In this case, setting `OCSP_STATUS`
+to `revoked` will generally cause the test suite to fail.
+
 ## Authentication
 
 mlaunch can configure authentication on the server:
@@ -511,6 +556,16 @@ following environment variable:
 
     FORK=1
 
+OCSP tests require Python 3 with asn1crypto, oscrypto and flask packages
+installed, and they require the drivers-evergreen-tools submodule to be
+checked out. To run these tests, set the following environment variable:
+
+    OCSP=1
+
+To check out the submodule, run:
+
+    git submodule update --init --recursive
+
 ## Debug Logging
 
 The test suite is run with the driver log level set to `WARN` by default.

data/spec/integration/bulk_write_spec.rb

@@ -16,4 +16,52 @@ describe 'Bulk writes' do
       end.not_to raise_error
     end
   end
+
+  context 'when bulk write needs to be split' do
+    let(:subscriber) { EventSubscriber.new }
+
+    let(:max_bson_size) { Mongo::Server::ConnectionBase::DEFAULT_MAX_BSON_OBJECT_SIZE }
+
+    let(:insert_events) do
+      subscriber.command_started_events('insert')
+    end
+
+    let(:failed_events) do
+      subscriber.failed_events
+    end
+
+    let(:operations) do
+      [{ insert_one: { text: 'a' * (max_bson_size/2) } }] * 6
+    end
+
+    before do
+      authorized_client.subscribe(Mongo::Monitoring::COMMAND, subscriber)
+      authorized_collection.bulk_write(operations)
+    end
+
+    context '3.6+ server' do
+      min_server_fcv '3.6'
+
+      it 'splits the operations' do
+        # 3.6+ servers can send multiple bulk operations in one message,
+        # with the whole message being limited to 48m.
+        expect(insert_events.length).to eq(2)
+      end
+    end
+
+    context 'pre-3.6 server' do
+      max_server_version '3.4'
+
+      it 'splits the operations' do
+        # Pre-3.6 servers limit the entire message payload to the size of
+        # a single document which is 16m. Given our test data this means
+        # twice as many messages are sent.
+        expect(insert_events.length).to eq(4)
+      end
+    end
+
+    it 'does not have a command failed event' do
+      expect(failed_events).to be_empty
+    end
+  end
 end

data/spec/integration/client_authentication_options_spec.rb

@@ -131,7 +131,7 @@ describe 'Client authentication options' do
     end
   end
 
-  shared_examples_for 'an auth mechanism that doesn\'t support auth_mech_properties' do
+  shared_examples_for 'an auth mechanism that does not support auth_mech_properties' do
     context 'with URI options' do
       let(:credentials) { "#{user}:#{pwd}@" }
       let(:options) { "?authMechanism=#{auth_mech_string}&authMechanismProperties=CANONICALIZE_HOST_NAME:true" }
@@ -163,7 +163,7 @@ describe 'Client authentication options' do
     end
   end
 
-  shared_examples_for 'an auth mechanism that doesn\'t support invalid auth sources' do
+  shared_examples_for 'an auth mechanism that does not support invalid auth sources' do
     context 'with URI options' do
       let(:credentials) { "#{user}:#{pwd}@" }
       let(:options) { "?authMechanism=#{auth_mech_string}&authSource=foo" }
@@ -199,7 +199,7 @@ describe 'Client authentication options' do
 
     it_behaves_like 'a supported auth mechanism'
     it_behaves_like 'auth mechanism that uses database or default auth source', 'admin'
-    it_behaves_like 'an auth mechanism that doesn\'t support auth_mech_properties'
+    it_behaves_like 'an auth mechanism that does not support auth_mech_properties'
   end
 
   context 'with SCRAM-SHA-1 auth mechanism' do
@@ -208,7 +208,7 @@ describe 'Client authentication options' do
 
     it_behaves_like 'a supported auth mechanism'
     it_behaves_like 'auth mechanism that uses database or default auth source', 'admin'
-    it_behaves_like 'an auth mechanism that doesn\'t support auth_mech_properties'
+    it_behaves_like 'an auth mechanism that does not support auth_mech_properties'
   end
 
   context 'with SCRAM-SHA-256 auth mechanism' do
@@ -217,7 +217,7 @@ describe 'Client authentication options' do
 
     it_behaves_like 'a supported auth mechanism'
     it_behaves_like 'auth mechanism that uses database or default auth source', 'admin'
-    it_behaves_like 'an auth mechanism that doesn\'t support auth_mech_properties'
+    it_behaves_like 'an auth mechanism that does not support auth_mech_properties'
   end
 
   context 'with GSSAPI auth mechanism' do
@@ -227,7 +227,7 @@ describe 'Client authentication options' do
     let(:auth_mech_sym) { :gssapi }
 
     it_behaves_like 'a supported auth mechanism'
-    it_behaves_like 'an auth mechanism that doesn\'t support invalid auth sources'
+    it_behaves_like 'an auth mechanism that does not support invalid auth sources'
 
     let(:auth_mech_properties) { { canonicalize_host_name: true, service_name: 'other'} }
 
@@ -302,7 +302,7 @@ describe 'Client authentication options' do
     it_behaves_like 'a supported auth mechanism'
     it_behaves_like 'auth mechanism that uses database or default auth source', '$external'
     it_behaves_like 'an auth mechanism with ssl'
-    it_behaves_like 'an auth mechanism that doesn\'t support auth_mech_properties'
+    it_behaves_like 'an auth mechanism that does not support auth_mech_properties'
   end
 
   context 'with MONGODB-X509 auth mechanism' do
@@ -313,8 +313,8 @@ describe 'Client authentication options' do
 
     it_behaves_like 'a supported auth mechanism'
     it_behaves_like 'an auth mechanism with ssl'
-    it_behaves_like 'an auth mechanism that doesn\'t support auth_mech_properties'
-    it_behaves_like 'an auth mechanism that doesn\'t support invalid auth sources'
+    it_behaves_like 'an auth mechanism that does not support auth_mech_properties'
+    it_behaves_like 'an auth mechanism that does not support invalid auth sources'
 
     context 'with URI options' do
       let(:credentials) { "#{user}@" }
@@ -439,35 +439,62 @@ describe 'Client authentication options' do
       {
         service_name: service_name,
         canonicalize_host_name: canonicalize_host_name,
-        service_realm: service_realm
-      }
+        service_realm: service_realm,
+      }.freeze
     end
 
-    context 'with URI options' do
-      let(:options) do
-        "?authMechanismProperties=SERVICE_NAME:#{service_name}," +
-          "CANONICALIZE_HOST_NAME:#{canonicalize_host_name}," +
-          "SERVICE_REALM:#{service_realm}"
-      end
-
+    shared_examples 'correctly sets auth mechanism properties on the client' do
       it 'correctly sets auth mechanism properties on the client' do
-        expect(client.options[:auth_mech_properties]).to eq({
+        expect(client.options[:auth_mech_properties]).to eq(
           'service_name' => service_name,
           'canonicalize_host_name' => canonicalize_host_name,
-          'service_realm' => service_realm
-        })
+          'service_realm' => service_realm,
+        )
+      end
+    end
+
+    context 'with URI options' do
+      let(:options) do
+        "?authMechanismProperties=SERVICE_name:#{service_name}," +
+          "CANONICALIZE_HOST_name:#{canonicalize_host_name}," +
+          "SERVICE_realm:#{service_realm}"
       end
+
+      include_examples 'correctly sets auth mechanism properties on the client'
     end
 
     context 'with client options' do
-      let(:client_opts) { { auth_mech_properties: auth_mechanism_properties } }
+      [:auth_mech_properties, 'auth_mech_properties'].each do |key|
 
-      it 'correctly sets auth mechanism properties on the client' do
-        expect(client.options[:auth_mech_properties]).to eq({
-          'service_name' => service_name,
-          'canonicalize_host_name' => canonicalize_host_name,
-          'service_realm' => service_realm
-        })
+        context "using #{key.class} keys" do
+          let(:client_opts) { { key => auth_mechanism_properties } }
+
+          include_examples 'correctly sets auth mechanism properties on the client'
+
+          context 'when options are given in mixed case' do
+            let(:auth_mechanism_properties) do
+              {
+                service_NAME: service_name,
+                canonicalize_host_NAME: canonicalize_host_name,
+                service_REALM: service_realm,
+              }.freeze
+            end
+
+            context 'using URI and options' do
+
+              let(:client) { new_local_client_nmio(uri, client_opts) }
+
+              include_examples 'correctly sets auth mechanism properties on the client'
+            end
+
+            context 'using host and options' do
+
+              let(:client) { new_local_client_nmio(['localhost'], client_opts) }
+
+              include_examples 'correctly sets auth mechanism properties on the client'
+            end
+          end
+        end
       end
     end
   end

data/spec/integration/connection_pool_populator_spec.rb

@@ -4,7 +4,9 @@ describe 'Connection pool populator integration' do
   let(:options) { {} }
 
   let(:server_options) do
-    SpecConfig.instance.test_options.merge(options).merge(SpecConfig.instance.auth_options)
+    Mongo::Utils.shallow_symbolize_keys(Mongo::Client.canonicalize_ruby_options(
+      SpecConfig.instance.all_test_options,
+    )).update(options)
   end
 
   let(:address) do

data/spec/integration/cursor_reaping_spec.rb

@@ -5,6 +5,16 @@ describe 'Cursor reaping' do
   # in MRI, I don't currently know how to force GC to run in JRuby
   only_mri
 
+  around(:all) do |example|
+    saved_level = Mongo::Logger.logger.level
+    Mongo::Logger.logger.level = Logger::DEBUG
+    begin
+      example.run
+    ensure
+      Mongo::Logger.logger.level = saved_level
+    end
+  end
+
   let(:subscriber) { EventSubscriber.new }
 
   let(:client) do
@@ -37,37 +47,63 @@ describe 'Cursor reaping' do
       expect(events).to be_empty
     end
 
+    def abandon_cursors
+      [].tap do |cursor_ids|
+        # scopes are weird, having this result in a let block
+        # makes it not garbage collected
+        10.times do
+          scope = collection.find.batch_size(2).no_cursor_timeout
+
+          # there is no API for retrieving the cursor
+          scope.each.first
+          # and keep the first cursor
+          cursor_ids << scope.instance_variable_get('@cursor').id
+        end
+      end
+    end
+
     # this let block is a kludge to avoid copy pasting all of this code
     let(:cursor_id_and_kill_event) do
       expect(Mongo::Operation::KillCursors).to receive(:new).at_least(:once).and_call_original
 
-      cursor_id = nil
-
-      # scopes are weird, having this result in a let block
-      # makes it not garbage collected
-      2.times do
-        scope = collection.find.batch_size(2).no_cursor_timeout
+      cursor_ids = abandon_cursors
 
-        # there is no API for retrieving the cursor
-        scope.each.first
-        # and keep the first cursor
-        cursor_id ||= scope.instance_variable_get('@cursor').id
+      cursor_ids.each do |cursor_id|
+        expect(cursor_id).to be_a(Integer)
+        expect(cursor_id > 0).to be true
       end
 
-      expect(cursor_id).to be_a(Integer)
-      expect(cursor_id > 0).to be true
-
       GC.start
+      sleep 1
 
       # force periodic executor to run because its frequency is not configurable
       client.cluster.instance_variable_get('@periodic_executor').execute
 
       started_event = subscriber.started_events.detect do |event|
-        event.command['killCursors'] &&
-        event.command['cursors'].map { |c| Utils.int64_value(c) }.include?(cursor_id)
+        event.command['killCursors']
+      end
+      started_event.should_not be nil
+
+      found_cursor_id = nil
+      started_event = subscriber.started_events.detect do |event|
+        found = false
+        if event.command['killCursors']
+          cursor_ids.each do |cursor_id|
+            if event.command['cursors'].map { |c| Utils.int64_value(c) }.include?(cursor_id)
+              found_cursor_id = cursor_id
+              found = true
+              break
+            end
+          end
+        end
+        found
+      end
+
+      if started_event.nil?
+        p subscriber.started_events
       end
 
-      expect(started_event).not_to be_nil
+      started_event.should_not be nil
 
       succeeded_event = subscriber.succeeded_events.detect do |event|
         event.command_name == 'killCursors' && event.request_id == started_event.request_id
@@ -77,7 +113,7 @@ describe 'Cursor reaping' do
 
       expect(succeeded_event.reply['ok']).to eq 1
 
-      [cursor_id, succeeded_event]
+      [found_cursor_id, succeeded_event]
     end
 
     it 'is reaped' do