sensu-plugins-mongodb-mrtrotl 1.4.0

data/lib/pymongo/settings.py

@@ -0,0 +1,159 @@
+# Copyright 2014-present MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you
+# may not use this file except in compliance with the License.  You
+# may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.  See the License for the specific language governing
+# permissions and limitations under the License.
+
+"""Represent MongoClient's configuration."""
+
+import threading
+import traceback
+
+from bson.objectid import ObjectId
+from pymongo import common, monitor, pool
+from pymongo.common import LOCAL_THRESHOLD_MS, SERVER_SELECTION_TIMEOUT
+from pymongo.errors import ConfigurationError
+from pymongo.pool import PoolOptions
+from pymongo.server_description import ServerDescription
+from pymongo.topology_description import TOPOLOGY_TYPE
+
+
+class TopologySettings(object):
+    def __init__(
+        self,
+        seeds=None,
+        replica_set_name=None,
+        pool_class=None,
+        pool_options=None,
+        monitor_class=None,
+        condition_class=None,
+        local_threshold_ms=LOCAL_THRESHOLD_MS,
+        server_selection_timeout=SERVER_SELECTION_TIMEOUT,
+        heartbeat_frequency=common.HEARTBEAT_FREQUENCY,
+        server_selector=None,
+        fqdn=None,
+        direct_connection=False,
+        load_balanced=None,
+        srv_service_name=common.SRV_SERVICE_NAME,
+        srv_max_hosts=0,
+    ):
+        """Represent MongoClient's configuration.
+
+        Take a list of (host, port) pairs and optional replica set name.
+        """
+        if heartbeat_frequency < common.MIN_HEARTBEAT_INTERVAL:
+            raise ConfigurationError(
+                "heartbeatFrequencyMS cannot be less than %d"
+                % (common.MIN_HEARTBEAT_INTERVAL * 1000,)
+            )
+
+        self._seeds = seeds or [("localhost", 27017)]
+        self._replica_set_name = replica_set_name
+        self._pool_class = pool_class or pool.Pool
+        self._pool_options = pool_options or PoolOptions()
+        self._monitor_class = monitor_class or monitor.Monitor
+        self._condition_class = condition_class or threading.Condition
+        self._local_threshold_ms = local_threshold_ms
+        self._server_selection_timeout = server_selection_timeout
+        self._server_selector = server_selector
+        self._fqdn = fqdn
+        self._heartbeat_frequency = heartbeat_frequency
+        self._direct = direct_connection
+        self._load_balanced = load_balanced
+        self._srv_service_name = srv_service_name
+        self._srv_max_hosts = srv_max_hosts or 0
+
+        self._topology_id = ObjectId()
+        # Store the allocation traceback to catch unclosed clients in the
+        # test suite.
+        self._stack = "".join(traceback.format_stack())
+
+    @property
+    def seeds(self):
+        """List of server addresses."""
+        return self._seeds
+
+    @property
+    def replica_set_name(self):
+        return self._replica_set_name
+
+    @property
+    def pool_class(self):
+        return self._pool_class
+
+    @property
+    def pool_options(self):
+        return self._pool_options
+
+    @property
+    def monitor_class(self):
+        return self._monitor_class
+
+    @property
+    def condition_class(self):
+        return self._condition_class
+
+    @property
+    def local_threshold_ms(self):
+        return self._local_threshold_ms
+
+    @property
+    def server_selection_timeout(self):
+        return self._server_selection_timeout
+
+    @property
+    def server_selector(self):
+        return self._server_selector
+
+    @property
+    def heartbeat_frequency(self):
+        return self._heartbeat_frequency
+
+    @property
+    def fqdn(self):
+        return self._fqdn
+
+    @property
+    def direct(self):
+        """Connect directly to a single server, or use a set of servers?
+
+        True if there is one seed and no replica_set_name.
+        """
+        return self._direct
+
+    @property
+    def load_balanced(self):
+        """True if the client was configured to connect to a load balancer."""
+        return self._load_balanced
+
+    @property
+    def srv_service_name(self):
+        """The srvServiceName."""
+        return self._srv_service_name
+
+    @property
+    def srv_max_hosts(self):
+        """The srvMaxHosts."""
+        return self._srv_max_hosts
+
+    def get_topology_type(self):
+        if self.load_balanced:
+            return TOPOLOGY_TYPE.LoadBalanced
+        elif self.direct:
+            return TOPOLOGY_TYPE.Single
+        elif self.replica_set_name is not None:
+            return TOPOLOGY_TYPE.ReplicaSetNoPrimary
+        else:
+            return TOPOLOGY_TYPE.Unknown
+
+    def get_server_descriptions(self):
+        """Initial dict of (address, ServerDescription) for all seeds."""
+        return dict([(address, ServerDescription(address)) for address in self.seeds])

data/lib/pymongo/socket_checker.py

@@ -0,0 +1,104 @@
+# Copyright 2020-present MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Select / poll helper"""
+
+import errno
+import select
+import sys
+from typing import Any, Optional
+
+# PYTHON-2320: Jython does not fully support poll on SSL sockets,
+# https://bugs.jython.org/issue2900
+_HAVE_POLL = hasattr(select, "poll") and not sys.platform.startswith("java")
+_SelectError = getattr(select, "error", OSError)
+
+
+def _errno_from_exception(exc):
+    if hasattr(exc, "errno"):
+        return exc.errno
+    if exc.args:
+        return exc.args[0]
+    return None
+
+
+class SocketChecker(object):
+    def __init__(self) -> None:
+        self._poller: Optional[select.poll]
+        if _HAVE_POLL:
+            self._poller = select.poll()
+        else:
+            self._poller = None
+
+    def select(
+        self, sock: Any, read: bool = False, write: bool = False, timeout: Optional[float] = 0
+    ) -> bool:
+        """Select for reads or writes with a timeout in seconds (or None).
+
+        Returns True if the socket is readable/writable, False on timeout.
+        """
+        res: Any
+        while True:
+            try:
+                if self._poller:
+                    mask = select.POLLERR | select.POLLHUP
+                    if read:
+                        mask = mask | select.POLLIN | select.POLLPRI
+                    if write:
+                        mask = mask | select.POLLOUT
+                    self._poller.register(sock, mask)
+                    try:
+                        # poll() timeout is in milliseconds. select()
+                        # timeout is in seconds.
+                        timeout_ = None if timeout is None else timeout * 1000
+                        res = self._poller.poll(timeout_)
+                        # poll returns a possibly-empty list containing
+                        # (fd, event) 2-tuples for the descriptors that have
+                        # events or errors to report. Return True if the list
+                        # is not empty.
+                        return bool(res)
+                    finally:
+                        self._poller.unregister(sock)
+                else:
+                    rlist = [sock] if read else []
+                    wlist = [sock] if write else []
+                    res = select.select(rlist, wlist, [sock], timeout)
+                    # select returns a 3-tuple of lists of objects that are
+                    # ready: subsets of the first three arguments. Return
+                    # True if any of the lists are not empty.
+                    return any(res)
+            except (_SelectError, IOError) as exc:  # type: ignore
+                if _errno_from_exception(exc) in (errno.EINTR, errno.EAGAIN):
+                    continue
+                raise
+
+    def socket_closed(self, sock: Any) -> bool:
+        """Return True if we know socket has been closed, False otherwise."""
+        try:
+            return self.select(sock, read=True)
+        except (RuntimeError, KeyError):
+            # RuntimeError is raised during a concurrent poll. KeyError
+            # is raised by unregister if the socket is not in the poller.
+            # These errors should not be possible since we protect the
+            # poller with a mutex.
+            raise
+        except ValueError:
+            # ValueError is raised by register/unregister/select if the
+            # socket file descriptor is negative or outside the range for
+            # select (> 1023).
+            return True
+        except Exception:
+            # Any other exceptions should be attributed to a closed
+            # or invalid socket.
+            return True

data/lib/pymongo/srv_resolver.py

@@ -0,0 +1,126 @@
+# Copyright 2019-present MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you
+# may not use this file except in compliance with the License.  You
+# may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.  See the License for the specific language governing
+# permissions and limitations under the License.
+
+"""Support for resolving hosts and options from mongodb+srv:// URIs."""
+
+import ipaddress
+import random
+
+try:
+    from dns import resolver
+
+    _HAVE_DNSPYTHON = True
+except ImportError:
+    _HAVE_DNSPYTHON = False
+
+from pymongo.common import CONNECT_TIMEOUT
+from pymongo.errors import ConfigurationError
+
+
+# dnspython can return bytes or str from various parts
+# of its API depending on version. We always want str.
+def maybe_decode(text):
+    if isinstance(text, bytes):
+        return text.decode()
+    return text
+
+
+# PYTHON-2667 Lazily call dns.resolver methods for compatibility with eventlet.
+def _resolve(*args, **kwargs):
+    if hasattr(resolver, "resolve"):
+        # dnspython >= 2
+        return resolver.resolve(*args, **kwargs)
+    # dnspython 1.X
+    return resolver.query(*args, **kwargs)
+
+
+_INVALID_HOST_MSG = (
+    "Invalid URI host: %s is not a valid hostname for 'mongodb+srv://'. "
+    "Did you mean to use 'mongodb://'?"
+)
+
+
+class _SrvResolver(object):
+    def __init__(self, fqdn, connect_timeout, srv_service_name, srv_max_hosts=0):
+        self.__fqdn = fqdn
+        self.__srv = srv_service_name
+        self.__connect_timeout = connect_timeout or CONNECT_TIMEOUT
+        self.__srv_max_hosts = srv_max_hosts or 0
+        # Validate the fully qualified domain name.
+        try:
+            ipaddress.ip_address(fqdn)
+            raise ConfigurationError(_INVALID_HOST_MSG % ("an IP address",))
+        except ValueError:
+            pass
+
+        try:
+            self.__plist = self.__fqdn.split(".")[1:]
+        except Exception:
+            raise ConfigurationError(_INVALID_HOST_MSG % (fqdn,))
+        self.__slen = len(self.__plist)
+        if self.__slen < 2:
+            raise ConfigurationError(_INVALID_HOST_MSG % (fqdn,))
+
+    def get_options(self):
+        try:
+            results = _resolve(self.__fqdn, "TXT", lifetime=self.__connect_timeout)
+        except (resolver.NoAnswer, resolver.NXDOMAIN):
+            # No TXT records
+            return None
+        except Exception as exc:
+            raise ConfigurationError(str(exc))
+        if len(results) > 1:
+            raise ConfigurationError("Only one TXT record is supported")
+        return (b"&".join([b"".join(res.strings) for res in results])).decode("utf-8")
+
+    def _resolve_uri(self, encapsulate_errors):
+        try:
+            results = _resolve(
+                "_" + self.__srv + "._tcp." + self.__fqdn, "SRV", lifetime=self.__connect_timeout
+            )
+        except Exception as exc:
+            if not encapsulate_errors:
+                # Raise the original error.
+                raise
+            # Else, raise all errors as ConfigurationError.
+            raise ConfigurationError(str(exc))
+        return results
+
+    def _get_srv_response_and_hosts(self, encapsulate_errors):
+        results = self._resolve_uri(encapsulate_errors)
+
+        # Construct address tuples
+        nodes = [
+            (maybe_decode(res.target.to_text(omit_final_dot=True)), res.port) for res in results
+        ]
+
+        # Validate hosts
+        for node in nodes:
+            try:
+                nlist = node[0].split(".")[1:][-self.__slen :]
+            except Exception:
+                raise ConfigurationError("Invalid SRV host: %s" % (node[0],))
+            if self.__plist != nlist:
+                raise ConfigurationError("Invalid SRV host: %s" % (node[0],))
+        if self.__srv_max_hosts:
+            nodes = random.sample(nodes, min(self.__srv_max_hosts, len(nodes)))
+        return results, nodes
+
+    def get_hosts(self):
+        _, nodes = self._get_srv_response_and_hosts(True)
+        return nodes
+
+    def get_hosts_and_min_ttl(self):
+        results, nodes = self._get_srv_response_and_hosts(False)
+        return nodes, results.rrset.ttl

data/lib/pymongo/ssl_context.py

@@ -0,0 +1,39 @@
+# Copyright 2014-present MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you
+# may not use this file except in compliance with the License.  You
+# may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.  See the License for the specific language governing
+# permissions and limitations under the License.
+
+"""A fake SSLContext implementation."""
+
+import ssl as _ssl
+
+# PROTOCOL_TLS_CLIENT is Python 3.6+
+PROTOCOL_SSLv23 = getattr(_ssl, "PROTOCOL_TLS_CLIENT", _ssl.PROTOCOL_SSLv23)
+OP_NO_SSLv2 = getattr(_ssl, "OP_NO_SSLv2", 0)
+OP_NO_SSLv3 = getattr(_ssl, "OP_NO_SSLv3", 0)
+OP_NO_COMPRESSION = getattr(_ssl, "OP_NO_COMPRESSION", 0)
+# Python 3.7+, OpenSSL 1.1.0h+
+OP_NO_RENEGOTIATION = getattr(_ssl, "OP_NO_RENEGOTIATION", 0)
+
+HAS_SNI = getattr(_ssl, "HAS_SNI", False)
+IS_PYOPENSSL = False
+
+# Errors raised by SSL sockets when in non-blocking mode.
+BLOCKING_IO_ERRORS = (_ssl.SSLWantReadError, _ssl.SSLWantWriteError)
+
+# Base Exception class
+SSLError = _ssl.SSLError
+
+from ssl import SSLContext  # noqa: F401,E402
+
+if hasattr(_ssl, "VERIFY_CRL_CHECK_LEAF"):
+    from ssl import VERIFY_CRL_CHECK_LEAF  # noqa: F401

data/lib/pymongo/ssl_support.py

@@ -0,0 +1,99 @@
+# Copyright 2014-present MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you
+# may not use this file except in compliance with the License.  You
+# may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.  See the License for the specific language governing
+# permissions and limitations under the License.
+
+"""Support for SSL in PyMongo."""
+
+from pymongo.errors import ConfigurationError
+
+HAVE_SSL = True
+
+try:
+    import pymongo.pyopenssl_context as _ssl
+except ImportError:
+    try:
+        import pymongo.ssl_context as _ssl  # type: ignore[no-redef]
+    except ImportError:
+        HAVE_SSL = False
+
+
+if HAVE_SSL:
+    # Note: The validate* functions below deal with users passing
+    # CPython ssl module constants to configure certificate verification
+    # at a high level. This is legacy behavior, but requires us to
+    # import the ssl module even if we're only using it for this purpose.
+    import ssl as _stdlibssl  # noqa
+    from ssl import CERT_NONE, CERT_REQUIRED
+
+    HAS_SNI = _ssl.HAS_SNI
+    IPADDR_SAFE = True
+    SSLError = _ssl.SSLError
+    BLOCKING_IO_ERRORS = _ssl.BLOCKING_IO_ERRORS
+
+    def get_ssl_context(
+        certfile,
+        passphrase,
+        ca_certs,
+        crlfile,
+        allow_invalid_certificates,
+        allow_invalid_hostnames,
+        disable_ocsp_endpoint_check,
+    ):
+        """Create and return an SSLContext object."""
+        verify_mode = CERT_NONE if allow_invalid_certificates else CERT_REQUIRED
+        ctx = _ssl.SSLContext(_ssl.PROTOCOL_SSLv23)
+        if verify_mode != CERT_NONE:
+            ctx.check_hostname = not allow_invalid_hostnames
+        else:
+            ctx.check_hostname = False
+        if hasattr(ctx, "check_ocsp_endpoint"):
+            ctx.check_ocsp_endpoint = not disable_ocsp_endpoint_check
+        if hasattr(ctx, "options"):
+            # Explicitly disable SSLv2, SSLv3 and TLS compression. Note that
+            # up to date versions of MongoDB 2.4 and above already disable
+            # SSLv2 and SSLv3, python disables SSLv2 by default in >= 2.7.7
+            # and >= 3.3.4 and SSLv3 in >= 3.4.3.
+            ctx.options |= _ssl.OP_NO_SSLv2
+            ctx.options |= _ssl.OP_NO_SSLv3
+            ctx.options |= _ssl.OP_NO_COMPRESSION
+            ctx.options |= _ssl.OP_NO_RENEGOTIATION
+        if certfile is not None:
+            try:
+                ctx.load_cert_chain(certfile, None, passphrase)
+            except _ssl.SSLError as exc:
+                raise ConfigurationError("Private key doesn't match certificate: %s" % (exc,))
+        if crlfile is not None:
+            if _ssl.IS_PYOPENSSL:
+                raise ConfigurationError("tlsCRLFile cannot be used with PyOpenSSL")
+            # Match the server's behavior.
+            setattr(ctx, "verify_flags", getattr(_ssl, "VERIFY_CRL_CHECK_LEAF", 0))  # noqa
+            ctx.load_verify_locations(crlfile)
+        if ca_certs is not None:
+            ctx.load_verify_locations(ca_certs)
+        elif verify_mode != CERT_NONE:
+            ctx.load_default_certs()
+        ctx.verify_mode = verify_mode
+        return ctx
+
+else:
+
+    class SSLError(Exception):  # type: ignore
+        pass
+
+    HAS_SNI = False
+    IPADDR_SAFE = False
+    BLOCKING_IO_ERRORS = ()  # type: ignore
+
+    def get_ssl_context(*dummy):  # type: ignore
+        """No ssl module, raise ConfigurationError."""
+        raise ConfigurationError("The ssl module is not available.")