mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-24 16:46:00 +01:00
Code Issues Releases Activity
master
mongodb/jstests/ssl_x509/upgrade_noauth_to_x509_ssl.js
Moustafa Maher 2fd5f78d5a SERVER-95421 make initiateWithHighElectionTimeout the default in ReplSetTest (#28174) 
GitOrigin-RevId: df168ee363c3f0e86526270437d3688ac4bb326d
2024-10-22 02:53:25 +00:00

64 lines
2.4 KiB
JavaScript
Raw Permalink Blame History

/**
* This test checks the upgrade path from noauth/nossl to x509/requireTLS.
*
* NOTE: This test uses ssl communication and therefore cannot test modes that
* do not allow ssl. The first step in the full upgrade process is to restart
* the each node into the "transitionToX509allowTLS" state and is tested in
* the sslSpecial directory.
*
* This test requires users and data to persist across a restart.
* @tags: [requires_persistence]
*/
import {ReplSetTest} from "jstests/libs/replsettest.js";
import {allowTLS, requireTLS} from "jstests/ssl/libs/ssl_helpers.js";
TestData.disableImplicitSessions = true;
var dbName = 'upgradeToX509';
var transitionToX509allowTLS =
Object.merge(allowTLS, {transitionToAuth: '', clusterAuthMode: 'x509'});
// Undefine the flags we're replacing, otherwise upgradeSet will keep old values.
var x509requireTLS =
Object.merge(requireTLS, {transitionToAuth: undefined, clusterAuthMode: 'x509'});
var rst = new ReplSetTest({name: 'noauthSet', nodes: 3, nodeOptions: transitionToX509allowTLS});
rst.startSet();
rst.initiate(null, null, {initiateWithDefaultElectionTimeout: true});
var rstConn1 = rst.getPrimary();
var testDB = rstConn1.getDB(dbName);
// Create a user to login when auth is enabled later
assert.commandWorked(rstConn1.adminCommand(
{createUser: 'root', pwd: 'root', roles: ['root'], writeConcern: {w: 3}}));
assert.commandWorked(testDB.a.insert({a: 1, str: 'TESTTESTTEST'}));
assert.eq(1, testDB.a.count(), 'Error interacting with replSet');
print('=== UPGRADE transition to x509/allowTLS -> transition to x509/preferTLS ===');
rst.nodes.forEach(function(node) {
assert.commandWorked(node.adminCommand({setParameter: 1, tlsMode: "preferTLS"}));
});
rst.awaitSecondaryNodes();
testDB = rst.getPrimary().getDB(dbName);
assert.commandWorked(testDB.a.insert({a: 1, str: 'TESTTESTTEST'}));
assert.eq(2, testDB.a.count(), 'Error interacting with replSet');
print('=== UPGRADE transition to x509/preferTLS -> x509/requireTLS ===');
// Pre-logout so that upgradeSet() can authenticate for itself.
rst.nodes.forEach((node) => node.getDB('admin').logout());
rst.upgradeSet(x509requireTLS, 'root', 'root');
// Reauth and commit one last write.
const finalPrimary = rst.getPrimary();
assert(finalPrimary.getDB('admin').auth('root', 'root'));
testDB = finalPrimary.getDB(dbName);
assert.commandWorked(testDB.a.insert({a: 1, str: 'TESTTESTTEST'}));
assert.eq(3, testDB.a.count(), 'Error interacting with replSet');
rst.stopSet();
View Git Blame Copy Permalink