def test_authenticate(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from self.db.add_user("jesse", "password")
db = AsyncIOMotorClient(host, port, io_loop=self.loop).motor_test
try:
# Authenticate many times at once to test concurrency.
yield from asyncio.wait(
[db.authenticate("jesse", "password") for _ in range(10)],
loop=self.loop)
# Just make sure there are no exceptions here.
yield from db.remove_user("jesse")
yield from db.logout()
if (yield from at_least(self.cx, (2, 5, 4))):
info = yield from self.db.command("usersInfo", "jesse")
users = info.get('users', [])
else:
users = yield from self.db.system.users.find().to_list(10)
self.assertFalse("jesse" in [u['user'] for u in users])
finally:
yield from remove_all_users(self.db)
test.env.sync_cx.disconnect()
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from remove_all_users(self.db)
db = self.db
try:
yield from db.add_user('mike',
'password',
roles=['userAdmin', 'readWrite'])
client = motor_asyncio.AsyncIOMotorClient(
'mongodb://*****:*****@%s:%d' % (env.host, env.port),
io_loop=self.loop)
# ismaster doesn't throw auth errors.
yield from client.admin.command('ismaster')
with self.assertRaises(OperationFailure):
yield from client.db.collection.find_one()
client = motor_asyncio.AsyncIOMotorClient(
'mongodb://*****:*****@%s:%d/%s' %
(env.host, env.port, db.name),
io_loop=self.loop)
yield from client[db.name].collection.find_one()
finally:
yield from db.remove_user('mike')
def test_authenticate(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
test.env.create_user(self.db.name,
"jesse",
"password",
roles=['userAdmin', 'readWrite'])
db = AsyncIOMotorClient(env.host, env.port,
**self.get_client_kwargs()).motor_test
try:
# Authenticate many times at once to test concurrency.
yield from asyncio.wait(
[db.authenticate("jesse", "password") for _ in range(10)],
loop=self.loop)
# Just make sure there are no exceptions here.
test.env.drop_user(db.name, 'jesse')
yield from db.logout()
info = yield from self.db.command("usersInfo", "jesse")
users = info.get('users', [])
self.assertFalse("jesse" in [u['user'] for u in users])
finally:
yield from remove_all_users(self.db)
test.env.sync_cx.close()
def test_authenticate(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from self.db.add_user("jesse", "password")
db = AsyncIOMotorClient(host, port, io_loop=self.loop).motor_test
try:
# Authenticate many times at once to test concurrency.
yield from asyncio.wait(
[db.authenticate("jesse", "password") for _ in range(10)],
loop=self.loop)
# Just make sure there are no exceptions here.
yield from db.remove_user("jesse")
yield from db.logout()
if (yield from at_least(self.cx, (2, 5, 4))):
info = yield from self.db.command("usersInfo", "jesse")
users = info.get('users', [])
else:
users = yield from self.db.system.users.find().to_list(10)
self.assertFalse("jesse" in [u['user'] for u in users])
finally:
yield from remove_all_users(self.db)
test.env.sync_cx.disconnect()
def test_copy_db_auth_concurrent(self):
# SERVER-6427, can't copy database via mongos with auth.
yield from skip_if_mongos(self.cx)
n_copies = 2
test_db_names = ['motor_test_%s' % i for i in range(n_copies)]
# 1. Drop old test DBs
yield from self.cx.drop_database('motor_test')
yield from self.collection.insert({'_id': 1})
yield from self.drop_databases(self.cx, test_db_names)
# 2. Copy a test DB N times at once
client = self.get_client()
try:
# self.cx is logged in as root.
yield from self.cx.motor_test.add_user('mike', 'password')
futures = [
client.copy_database('motor_test',
test_db_name,
username='******',
password='******')
for test_db_name in test_db_names
]
results, _ = yield from asyncio.wait(futures, loop=self.loop)
self.assertTrue(all(isinstance(i.result(), dict) for i in results))
yield from self.check_copydb_results(client, {'_id': 1},
test_db_names)
finally:
yield from remove_all_users(client.motor_test)
yield from self.drop_databases(self.cx, test_db_names)
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from remove_all_users(self.db)
db = self.db
try:
test.env.create_user(db.name,
'mike',
'password',
roles=['userAdmin', 'readWrite'])
client = self.asyncio_client('mongodb://*****:*****@%s:%d' %
(env.host, env.port))
with self.assertRaises(OperationFailure):
yield from client.db.collection.find_one()
client = self.asyncio_client('mongodb://*****:*****@%s:%d/%s' %
(env.host, env.port, db.name))
yield from client[db.name].collection.find_one()
finally:
test.env.drop_user(db.name, 'mike')
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from remove_all_users(self.db)
db = self.db
try:
yield from db.add_user(
'mike', 'password',
roles=['userAdmin', 'readWrite'])
client = self.asyncio_client(
'mongodb://*****:*****@%s:%d' % (env.host, env.port))
with self.assertRaises(OperationFailure):
yield from client.db.collection.find_one()
client = self.asyncio_client(
'mongodb://*****:*****@%s:%d/%s' %
(env.host, env.port, db.name))
yield from client[db.name].collection.find_one()
finally:
yield from db.remove_user('mike')
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from remove_all_users(self.db)
db = self.db
try:
yield from db.add_user(
'mike', 'password',
roles=['userAdmin', 'readWrite'])
client = motor_asyncio.AsyncIOMotorClient(
'mongodb://*****:*****@%s:%d' % (host, port),
io_loop=self.loop)
# Note: open() only calls ismaster, doesn't throw auth errors.
yield from client.open()
with self.assertRaises(OperationFailure):
yield from client.db.collection.find_one()
client = motor_asyncio.AsyncIOMotorClient(
'mongodb://*****:*****@%s:%d/%s' %
(host, port, db.name),
io_loop=self.loop)
yield from client[db.name].collection.find_one()
finally:
yield from db.remove_user('mike')
def test_copy_db_auth_concurrent(self):
# SERVER-6427, can't copy database via mongos with auth.
yield from skip_if_mongos(self.cx)
n_copies = 2
test_db_names = ['motor_test_%s' % i for i in range(n_copies)]
# 1. Drop old test DBs
yield from self.cx.drop_database('motor_test')
yield from self.collection.insert({'_id': 1})
yield from self.drop_databases(self.cx, test_db_names)
# 2. Copy a test DB N times at once
client = self.get_client()
try:
# self.cx is logged in as root.
yield from self.cx.motor_test.add_user('mike', 'password')
futures = [
client.copy_database(
'motor_test', test_db_name,
username='******', password='******')
for test_db_name in test_db_names]
results, _ = yield from asyncio.wait(futures, loop=self.loop)
self.assertTrue(all(isinstance(i.result(), dict) for i in results))
yield from self.check_copydb_results(
client, {'_id': 1}, test_db_names)
finally:
yield from remove_all_users(client.motor_test)
yield from self.drop_databases(self.cx, test_db_names)
def test_mongodb_x509_auth(self):
# Expects the server to be running with SSL config described above,
# and with "--auth".
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
# self.env.uri includes username and password.
authenticated_client = AsyncIOMotorClient(test.env.uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.loop)
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield from authenticated_client['$external'].add_user(
MONGODB_X509_USERNAME,
roles=[{
'role': 'readWriteAnyDatabase',
'db': 'admin'
}, {
'role': 'userAdminAnyDatabase',
'db': 'admin'
}])
# Not authenticated.
client = AsyncIOMotorClient(env.host,
env.port,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.loop)
collection = client.motor_test.test
with self.assertRaises(OperationFailure):
yield from collection.count()
yield from client.admin.authenticate(MONGODB_X509_USERNAME,
mechanism='MONGODB-X509')
yield from collection.delete_many({})
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' %
(quote_plus(MONGODB_X509_USERNAME), env.host, env.port))
# SSL options aren't supported in the URI....
auth_uri_client = AsyncIOMotorClient(uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.loop)
yield from auth_uri_client.db.collection.find_one()
# Cleanup.
yield from remove_all_users(authenticated_client['$external'])
yield from authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self):
# Expects the server to be running with the server.pem, ca.pem
# and crl.pem provided in mongodb and the server tests as well as
# --auth:
#
# --sslPEMKeyFile=jstests/libs/server.pem
# --sslCAFile=jstests/libs/ca.pem
# --sslCRLFile=jstests/libs/crl.pem
# --auth
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
client = AsyncIOMotorClient(test.env.uri,
ssl_certfile=CLIENT_PEM,
io_loop=self.loop)
if not (yield from at_least(client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield from client['$external'].add_user(MONGODB_X509_USERNAME,
roles=[{
'role':
'readWriteAnyDatabase',
'db': 'admin'
}, {
'role':
'userAdminAnyDatabase',
'db': 'admin'
}])
collection = client.motor_test.test
with self.assertRaises(OperationFailure):
yield from collection.count()
yield from client.admin.authenticate(MONGODB_X509_USERNAME,
mechanism='MONGODB-X509')
yield from collection.remove()
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' %
(quote_plus(MONGODB_X509_USERNAME), host, port))
# SSL options aren't supported in the URI....
auth_uri_client = AsyncIOMotorClient(uri,
ssl_certfile=CLIENT_PEM,
io_loop=self.loop)
yield from auth_uri_client.db.collection.find_one()
# Cleanup.
yield from remove_all_users(client['$external'])
yield from client['$external'].logout()
def test_mongodb_x509_auth(self):
# Expects the server to be running with SSL config described above,
# and with "--auth".
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
# self.env.uri includes username and password.
authenticated_client = AsyncIOMotorClient(test.env.uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.loop)
if not (yield from at_least(authenticated_client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield from authenticated_client['$external'].add_user(
MONGODB_X509_USERNAME, roles=[
{'role': 'readWriteAnyDatabase', 'db': 'admin'},
{'role': 'userAdminAnyDatabase', 'db': 'admin'}])
# Not authenticated.
client = AsyncIOMotorClient(env.host, env.port,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.loop)
collection = client.motor_test.test
with self.assertRaises(OperationFailure):
yield from collection.count()
yield from client.admin.authenticate(
MONGODB_X509_USERNAME, mechanism='MONGODB-X509')
yield from collection.delete_many({})
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' % (
quote_plus(MONGODB_X509_USERNAME), env.host, env.port))
# SSL options aren't supported in the URI....
auth_uri_client = AsyncIOMotorClient(uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.loop)
yield from auth_uri_client.db.collection.find_one()
# Cleanup.
yield from remove_all_users(authenticated_client['$external'])
yield from authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self):
# Expects the server to be running with the server.pem, ca.pem
# and crl.pem provided in mongodb and the server tests as well as
# --auth:
#
# --sslPEMKeyFile=jstests/libs/server.pem
# --sslCAFile=jstests/libs/ca.pem
# --sslCRLFile=jstests/libs/crl.pem
# --auth
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
client = AsyncIOMotorClient(test.env.uri,
ssl_certfile=CLIENT_PEM,
io_loop=self.loop)
if not (yield from at_least(client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield from client['$external'].add_user(MONGODB_X509_USERNAME, roles=[
{'role': 'readWriteAnyDatabase', 'db': 'admin'},
{'role': 'userAdminAnyDatabase', 'db': 'admin'}])
collection = client.motor_test.test
with test.assert_raises(OperationFailure):
yield from collection.count()
yield from client.admin.authenticate(
MONGODB_X509_USERNAME, mechanism='MONGODB-X509')
yield from collection.remove()
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' % (
quote_plus(MONGODB_X509_USERNAME), host, port))
# SSL options aren't supported in the URI....
auth_uri_client = AsyncIOMotorClient(uri,
ssl_certfile=CLIENT_PEM,
io_loop=self.loop)
yield from auth_uri_client.db.collection.find_one()
# Cleanup.
yield from remove_all_users(client['$external'])
yield from client['$external'].logout()
def test_copy_db_auth(self):
# SERVER-6427, can't copy database via mongos with auth.
yield from skip_if_mongos(self.cx)
yield from self.collection.remove()
yield from self.collection.insert({'_id': 1})
try:
# self.cx is logged in as root.
yield from self.cx.motor_test.add_user('mike', 'password')
# This will catch any socket leaks.
client = self.get_client(max_pool_size=1, waitQueueTimeoutMS=1)
target_db_name = 'motor_test_2'
with self.assertRaises(pymongo.errors.OperationFailure):
yield from client.copy_database('motor_test',
target_db_name,
username='******',
password='******')
with self.assertRaises(pymongo.errors.OperationFailure):
yield from client.copy_database('motor_test',
target_db_name,
username='******',
password='******')
# Copy a database using name and password.
yield from client.copy_database('motor_test',
target_db_name,
username='******',
password='******')
self.assertEqual(
{'_id': 1},
(yield from client[target_db_name].test_collection.find_one()))
yield from client.drop_database(target_db_name)
finally:
yield from remove_all_users(self.cx.motor_test)
def test_copy_db_auth(self):
# SERVER-6427, can't copy database via mongos with auth.
yield from skip_if_mongos(self.cx)
yield from self.collection.remove()
yield from self.collection.insert({'_id': 1})
try:
# self.cx is logged in as root.
yield from self.cx.motor_test.add_user('mike', 'password')
# This will catch any socket leaks.
client = self.get_client(max_pool_size=1, waitQueueTimeoutMS=1)
target_db_name = 'motor_test_2'
with self.assertRaises(pymongo.errors.OperationFailure):
yield from client.copy_database(
'motor_test', target_db_name,
username='******', password='******')
with self.assertRaises(pymongo.errors.OperationFailure):
yield from client.copy_database(
'motor_test', target_db_name,
username='******', password='******')
# Copy a database using name and password.
yield from client.copy_database(
'motor_test', target_db_name,
username='******', password='******')
self.assertEqual(
{'_id': 1},
(yield from client[target_db_name].test_collection.find_one()))
yield from client.drop_database(target_db_name)
finally:
yield from remove_all_users(self.cx.motor_test)
def test_authenticate(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield from self.db.add_user("jesse", "password")
db = AsyncIOMotorClient(env.host, env.port,
**self.get_client_kwargs()).motor_test
try:
# Authenticate many times at once to test concurrency.
yield from asyncio.wait(
[db.authenticate("jesse", "password") for _ in range(10)],
loop=self.loop)
# Just make sure there are no exceptions here.
yield from db.remove_user("jesse")
yield from db.logout()
info = yield from self.db.command("usersInfo", "jesse")
users = info.get('users', [])
self.assertFalse("jesse" in [u['user'] for u in users])
finally:
yield from remove_all_users(self.db)
test.env.sync_cx.close()