def test_scram_with_ssl(self):
proc_params = {'procParams': {'clusterAuthMode': 'x509'}}
config = {
'login': '******',
'password': '******',
'configsvrs': [{'clusterAuthMode': 'x509'}],
'routers': [{'clusterAuthMode': 'x509'}],
'shards': [{'shardParams': proc_params},
{'shardParams': {'members': [proc_params]}}],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.sh = ShardedCluster(config)
# Should create the user we requested. No raise on authenticate.
host = self.sh.router['hostname']
client = pymongo.MongoClient(
host, ssl_certfile=certificate('client.pem'))
client.admin.authenticate('luke', 'ekul')
# This should be the only user.
self.assertEqual(len(client.admin.command('usersInfo')['users']), 1)
self.assertFalse(client['$external'].command('usersInfo')['users'])
def test_scram_with_ssl(self):
member_params = {'procParams': {'clusterAuthMode': 'x509'}}
self.repl_cfg = {
'login': '******',
'password': '******',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.repl = ReplicaSet(self.repl_cfg)
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(
self.repl.primary(), ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client.admin.authenticate('luke', 'ekul')
# This should be the only user.
self.assertEqual(len(client.admin.command('usersInfo')['users']), 1)
self.assertFalse(client['$external'].command('usersInfo')['users'])
def test_mongodb_auth_uri(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
member_params = {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
}
self.repl_cfg = {
'login': TEST_SUBJECT,
'authSource': '$external',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
self.repl = ReplicaSet(self.repl_cfg)
self.assertIn('mongodb_auth_uri', self.repl.info())
repl_auth_uri = self.repl.info()['mongodb_auth_uri']
hosts = ','.join(m['host'] for m in self.repl.members())
self.assertIn(hosts, repl_auth_uri)
self.assertIn(TEST_SUBJECT, repl_auth_uri)
self.assertIn('authSource=$external', repl_auth_uri)
self.assertIn('authMechanism=MONGODB-X509', repl_auth_uri)
def test_ssl_auth(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
proc_params = {
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
# Should not raise an Exception.
self.server = Server(
'mongod', proc_params, ssl_params,
login=TEST_SUBJECT, auth_source='$external')
self.server.start()
# Should create an extra user. Doesn't raise.
client = pymongo.MongoClient(
self.server.hostname, ssl_certfile=DEFAULT_CLIENT_CERT,
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(
DEFAULT_SUBJECT, mechanism='MONGODB-X509')
# Should also create the user we requested. Doesn't raise.
client = pymongo.MongoClient(
self.server.hostname, ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(
TEST_SUBJECT, mechanism='MONGODB-X509')
def test_member_info_auth_uri(self):
member_params = {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
}
self.repl_cfg = {
'login': TEST_SUBJECT,
'authSource': '$external',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
self.repl = ReplicaSet(self.repl_cfg)
for i in range(len(self.repl)):
member = self.repl.member_info(i)
self.assertIn('mongodb_auth_uri', member)
uri = member['mongodb_auth_uri']
host = Servers().hostname(member['server_id'])
self.assertIn(host, uri)
self.assertIn(TEST_SUBJECT, uri)
self.assertIn('authSource=$external', uri)
self.assertIn('authMechanism=MONGODB-X509', uri)
def test_scram_with_ssl(self):
proc_params = {'procParams': {'clusterAuthMode': 'x509'}}
config = {
'login': '******',
'password': '******',
'configsvrs': [{'clusterAuthMode': 'x509'}],
'routers': [{'clusterAuthMode': 'x509'}],
'shards': [{'shardParams': proc_params},
{'shardParams': {'members': [proc_params]}}],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.sh = ShardedCluster(config)
time.sleep(1)
# Should create the user we requested. No raise on authenticate.
host = self.sh.router['hostname']
client = pymongo.MongoClient(
host, ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client.admin.authenticate('luke', 'ekul')
# This should be the only user.
self.assertEqual(len(client.admin.command('usersInfo')['users']), 1)
self.assertFalse(client['$external'].command('usersInfo')['users'])
def test_ssl_auth(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
proc_params = {
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
# Should not raise an Exception.
self.server = Server('mongod',
proc_params,
ssl_params,
login=TEST_SUBJECT,
auth_source='$external')
self.server.start()
# Should create an extra user. Doesn't raise.
client = pymongo.MongoClient(self.server.hostname,
ssl_certfile=DEFAULT_CLIENT_CERT)
client['$external'].authenticate(DEFAULT_SUBJECT,
mechanism='MONGODB-X509')
# Should also create the user we requested. Doesn't raise.
client = pymongo.MongoClient(self.server.hostname,
ssl_certfile=certificate('client.pem'))
client['$external'].authenticate(TEST_SUBJECT,
mechanism='MONGODB-X509')
def test_mongodb_auth_uri(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
member_params = {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {'authenticationMechanisms': 'MONGODB-X509'}
}
}
self.repl_cfg = {
'login': TEST_SUBJECT,
'authSource': '$external',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
self.repl = ReplicaSet(self.repl_cfg)
self.assertIn('mongodb_auth_uri', self.repl.info())
repl_auth_uri = self.repl.info()['mongodb_auth_uri']
hosts = ','.join(m['host'] for m in self.repl.members())
self.assertIn(hosts, repl_auth_uri)
self.assertIn(TEST_SUBJECT, repl_auth_uri)
self.assertIn('authSource=$external', repl_auth_uri)
self.assertIn('authMechanism=MONGODB-X509', repl_auth_uri)
replset_param = 'replicaSet=' + self.repl.repl_id
self.assertIn(replset_param, repl_auth_uri)
def test_member_info_auth_uri(self):
member_params = {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {'authenticationMechanisms': 'MONGODB-X509'}
}
}
self.repl_cfg = {
'login': TEST_SUBJECT,
'authSource': '$external',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
self.repl = ReplicaSet(self.repl_cfg)
for i in range(len(self.repl)):
member = self.repl.member_info(i)
self.assertIn('mongodb_auth_uri', member)
uri = member['mongodb_auth_uri']
host = Servers().hostname(member['server_id'])
self.assertIn(host, uri)
self.assertIn(TEST_SUBJECT, uri)
self.assertIn('authSource=$external', uri)
self.assertIn('authMechanism=MONGODB-X509', uri)
def test_mongodb_auth_uri(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
proc_params = {
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
self.server = Server(self.mongod_name,
proc_params,
ssl_params,
login=TEST_SUBJECT,
auth_source='$external')
self.server.start()
self.assertIn('mongodb_auth_uri', self.server.info())
auth_uri = self.server.info()['mongodb_auth_uri']
self.assertIn(self.server.hostname, auth_uri)
self.assertIn(TEST_SUBJECT, auth_uri)
self.assertIn('authSource=$external', auth_uri)
self.assertIn('authMechanism=MONGODB-X509', auth_uri)
def test_scram_with_ssl(self):
member_params = {'procParams': {'clusterAuthMode': 'x509'}}
self.repl_cfg = {
'login': '******',
'password': '******',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.repl = ReplicaSet(self.repl_cfg)
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(self.repl.primary(),
ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client.admin.authenticate('luke', 'ekul')
# This should be the only user.
self.assertEqual(len(client.admin.command('usersInfo')['users']), 1)
self.assertFalse(client['$external'].command('usersInfo')['users'])
def test_mongodb_auth_uri(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
shard_params = {
'shardParams': {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {'authenticationMechanisms': 'MONGODB-X509'}
}
}
}
config = {
'login': TEST_SUBJECT,
'authSource': '$external',
'configsvrs': [{'clusterAuthMode': 'x509'}],
'routers': [{'clusterAuthMode': 'x509'}],
'shards': [shard_params, shard_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
self.sh = ShardedCluster(config)
self.assertIn('mongodb_auth_uri', self.sh.info())
auth_uri = self.sh.info()['mongodb_auth_uri']
hosts = ','.join(r['hostname'] for r in self.sh.routers)
self.assertIn(hosts, auth_uri)
self.assertIn(TEST_SUBJECT, auth_uri)
self.assertIn('authSource=$external', auth_uri)
self.assertIn('authMechanism=MONGODB-X509', auth_uri)
def test_ssl(self):
config = {
'configsvrs': [{}],
'routers': [{}],
'shards': [{}, {
'shardParams': {
'members': [{}]
}
}],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.sh = ShardedCluster(config)
# Server should require SSL.
host = self.sh.router['hostname']
with self.assertRaises(pymongo.errors.ConnectionFailure):
connected(pymongo.MongoClient(host))
# This shouldn't raise.
connected(
pymongo.MongoClient(host,
ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE))
def test_mongodb_auth_uri(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
proc_params = {
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
self.server = Server(
'mongod', proc_params, ssl_params,
login=TEST_SUBJECT, auth_source='$external')
self.server.start()
self.assertIn('mongodb_auth_uri', self.server.info())
auth_uri = self.server.info()['mongodb_auth_uri']
self.assertIn(self.server.hostname, auth_uri)
self.assertIn(TEST_SUBJECT, auth_uri)
self.assertIn('authSource=$external', auth_uri)
self.assertIn('authMechanism=MONGODB-X509', auth_uri)
def test_ssl_auth(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
shard_params = {
'shardParams': {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
}
}
config = {
'login': TEST_SUBJECT,
'authSource': '$external',
'configsvrs': self.x509_configsvrs,
'routers': [{
'clusterAuthMode': 'x509'
}],
'shards': [shard_params, shard_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.sh = ShardedCluster(config)
# Should create an extra user. No raise on authenticate.
host = self.sh.router['hostname']
client = pymongo.MongoClient(host,
ssl_certfile=DEFAULT_CLIENT_CERT,
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(DEFAULT_SUBJECT,
mechanism='MONGODB-X509')
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(host,
ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(TEST_SUBJECT,
mechanism='MONGODB-X509')
def test_ssl(self):
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
# Should not raise an Exception.
self.server = Server('mongod', {}, ssl_params)
self.server.start()
# Server should require SSL.
self.assertRaises(pymongo.errors.ConnectionFailure,
pymongo.MongoClient, self.server.hostname)
# Doesn't raise with certificate provided.
pymongo.MongoClient(self.server.hostname,
ssl_certfile=certificate('client.pem'))
def test_ssl(self):
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
# Should not raise an Exception.
self.server = Server('mongod', {}, ssl_params)
self.server.start()
# Server should require SSL.
with self.assertRaises(pymongo.errors.ConnectionFailure):
connected(pymongo.MongoClient(self.server.hostname))
# Doesn't raise with certificate provided.
connected(pymongo.MongoClient(
self.server.hostname, ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE))
def test_scram_with_ssl(self):
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
# Should not raise an Exception.
self.server = Server(
'mongod', {}, ssl_params, login='******', password='******')
self.server.start()
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(
self.server.hostname, ssl_certfile=certificate('client.pem'))
client.admin.authenticate('luke', 'ekul')
# This should be the only user.
self.assertEqual(len(client.admin.command('usersInfo')['users']), 1)
self.assertFalse(client['$external'].command('usersInfo')['users'])
def test_ssl_auth(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
shard_params = {
'shardParams': {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {'authenticationMechanisms': 'MONGODB-X509'}
}
}
}
config = {
'login': TEST_SUBJECT,
'authSource': '$external',
'configsvrs': [{'clusterAuthMode': 'x509'}],
'routers': [{'clusterAuthMode': 'x509'}],
'shards': [shard_params, shard_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.sh = ShardedCluster(config)
# Should create an extra user. No raise on authenticate.
host = self.sh.router['hostname']
client = pymongo.MongoClient(
host, ssl_certfile=DEFAULT_CLIENT_CERT,
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(
DEFAULT_SUBJECT, mechanism='MONGODB-X509')
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(
host, ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(TEST_SUBJECT, mechanism='MONGODB-X509')
def test_scram_with_ssl(self):
ssl_params = {
'sslPEMKeyFile': certificate('server.pem'),
'sslCAFile': certificate('ca.pem'),
'sslMode': 'requireSSL',
'sslAllowInvalidCertificates': True
}
# Should not raise an Exception.
self.server = Server(
'mongod', {}, ssl_params, login='******', password='******')
self.server.start()
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(
self.server.hostname, ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client.admin.authenticate('luke', 'ekul')
# This should be the only user.
self.assertEqual(len(client.admin.command('usersInfo')['users']), 1)
self.assertFalse(client['$external'].command('usersInfo')['users'])
def test_mongodb_auth_uri(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
shard_params = {
'shardParams': {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
}
}
config = {
'login': TEST_SUBJECT,
'authSource': '$external',
'configsvrs': [{
'clusterAuthMode': 'x509'
}],
'routers': [{
'clusterAuthMode': 'x509'
}],
'shards': [shard_params, shard_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
self.sh = ShardedCluster(config)
self.assertIn('mongodb_auth_uri', self.sh.info())
auth_uri = self.sh.info()['mongodb_auth_uri']
hosts = ','.join(r['hostname'] for r in self.sh.routers)
self.assertIn(hosts, auth_uri)
self.assertIn(TEST_SUBJECT, auth_uri)
self.assertIn('authSource=$external', auth_uri)
self.assertIn('authMechanism=MONGODB-X509', auth_uri)
def test_ssl_auth(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
member_params = {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {
'authenticationMechanisms': 'MONGODB-X509'
}
}
}
self.repl_cfg = {
'login': TEST_SUBJECT,
'authSource': '$external',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.repl = ReplicaSet(self.repl_cfg)
# Should create an extra user. No raise on authenticate.
client = pymongo.MongoClient(self.repl.primary(),
ssl_certfile=DEFAULT_CLIENT_CERT,
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(DEFAULT_SUBJECT,
mechanism='MONGODB-X509')
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(self.repl.primary(),
ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(TEST_SUBJECT,
mechanism='MONGODB-X509')
def test_ssl_auth(self):
if SERVER_VERSION < (2, 4):
raise SkipTest("Need to be able to set 'authenticationMechanisms' "
"parameter to test.")
member_params = {
'procParams': {
'clusterAuthMode': 'x509',
'setParameter': {'authenticationMechanisms': 'MONGODB-X509'}
}
}
self.repl_cfg = {
'login': TEST_SUBJECT,
'authSource': '$external',
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.repl = ReplicaSet(self.repl_cfg)
# Should create an extra user. No raise on authenticate.
client = pymongo.MongoClient(
self.repl.primary(), ssl_certfile=DEFAULT_CLIENT_CERT,
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(
DEFAULT_SUBJECT, mechanism='MONGODB-X509')
# Should create the user we requested. No raise on authenticate.
client = pymongo.MongoClient(
self.repl.primary(), ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE)
client['$external'].authenticate(
TEST_SUBJECT, mechanism='MONGODB-X509')
def test_ssl(self):
member_params = {}
self.repl_cfg = {
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.repl = ReplicaSet(self.repl_cfg)
# Server should require SSL.
with self.assertRaises(pymongo.errors.ConnectionFailure):
connected(pymongo.MongoClient(self.repl.primary()))
# This shouldn't raise.
connected(pymongo.MongoClient(
self.repl.primary(), ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE))
def test_ssl(self):
member_params = {}
self.repl_cfg = {
'members': [member_params, member_params],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.repl = ReplicaSet(self.repl_cfg)
# Server should require SSL.
with self.assertRaises(pymongo.errors.ConnectionFailure):
connected(pymongo.MongoClient, self.repl.primary())
# This shouldn't raise.
connected(
pymongo.MongoClient(self.repl.primary(),
ssl_certfile=certificate('client.pem')))
def test_ssl(self):
config = {
'configsvrs': [{}],
'routers': [{}],
'shards': [{}, {'shardParams': {'members': [{}]}}],
'sslParams': {
'sslCAFile': certificate('ca.pem'),
'sslPEMKeyFile': certificate('server.pem'),
'sslMode': 'requireSSL',
'sslClusterFile': certificate('cluster_cert.pem'),
'sslAllowInvalidCertificates': True
}
}
# Should not raise an Exception.
self.sh = ShardedCluster(config)
# Server should require SSL.
host = self.sh.router['hostname']
with self.assertRaises(pymongo.errors.ConnectionFailure):
connected(pymongo.MongoClient(host))
# This shouldn't raise.
connected(
pymongo.MongoClient(host, ssl_certfile=certificate('client.pem'),
ssl_cert_reqs=ssl.CERT_NONE))
