def test_authenticate(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield from self.db.add_user("jesse", "password") db = AsyncIOMotorClient(host, port, io_loop=self.loop).motor_test try: # Authenticate many times at once to test concurrency. yield from asyncio.wait( [db.authenticate("jesse", "password") for _ in range(10)], loop=self.loop) # Just make sure there are no exceptions here. yield from db.remove_user("jesse") yield from db.logout() if (yield from at_least(self.cx, (2, 5, 4))): info = yield from self.db.command("usersInfo", "jesse") users = info.get('users', []) else: users = yield from self.db.system.users.find().to_list(10) self.assertFalse("jesse" in [u['user'] for u in users]) finally: yield from remove_all_users(self.db) test.env.sync_cx.disconnect()
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield from remove_all_users(self.db) db = self.db try: yield from db.add_user('mike', 'password', roles=['userAdmin', 'readWrite']) client = motor_asyncio.AsyncIOMotorClient( 'mongodb://*****:*****@%s:%d' % (env.host, env.port), io_loop=self.loop) # ismaster doesn't throw auth errors. yield from client.admin.command('ismaster') with self.assertRaises(OperationFailure): yield from client.db.collection.find_one() client = motor_asyncio.AsyncIOMotorClient( 'mongodb://*****:*****@%s:%d/%s' % (env.host, env.port, db.name), io_loop=self.loop) yield from client[db.name].collection.find_one() finally: yield from db.remove_user('mike')
def test_authenticate(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. test.env.create_user(self.db.name, "jesse", "password", roles=['userAdmin', 'readWrite']) db = AsyncIOMotorClient(env.host, env.port, **self.get_client_kwargs()).motor_test try: # Authenticate many times at once to test concurrency. yield from asyncio.wait( [db.authenticate("jesse", "password") for _ in range(10)], loop=self.loop) # Just make sure there are no exceptions here. test.env.drop_user(db.name, 'jesse') yield from db.logout() info = yield from self.db.command("usersInfo", "jesse") users = info.get('users', []) self.assertFalse("jesse" in [u['user'] for u in users]) finally: yield from remove_all_users(self.db) test.env.sync_cx.close()
def test_copy_db_auth_concurrent(self): # SERVER-6427, can't copy database via mongos with auth. yield from skip_if_mongos(self.cx) n_copies = 2 test_db_names = ['motor_test_%s' % i for i in range(n_copies)] # 1. Drop old test DBs yield from self.cx.drop_database('motor_test') yield from self.collection.insert({'_id': 1}) yield from self.drop_databases(self.cx, test_db_names) # 2. Copy a test DB N times at once client = self.get_client() try: # self.cx is logged in as root. yield from self.cx.motor_test.add_user('mike', 'password') futures = [ client.copy_database('motor_test', test_db_name, username='******', password='******') for test_db_name in test_db_names ] results, _ = yield from asyncio.wait(futures, loop=self.loop) self.assertTrue(all(isinstance(i.result(), dict) for i in results)) yield from self.check_copydb_results(client, {'_id': 1}, test_db_names) finally: yield from remove_all_users(client.motor_test) yield from self.drop_databases(self.cx, test_db_names)
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield from remove_all_users(self.db) db = self.db try: test.env.create_user(db.name, 'mike', 'password', roles=['userAdmin', 'readWrite']) client = self.asyncio_client('mongodb://*****:*****@%s:%d' % (env.host, env.port)) with self.assertRaises(OperationFailure): yield from client.db.collection.find_one() client = self.asyncio_client('mongodb://*****:*****@%s:%d/%s' % (env.host, env.port, db.name)) yield from client[db.name].collection.find_one() finally: test.env.drop_user(db.name, 'mike')
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield from remove_all_users(self.db) db = self.db try: yield from db.add_user( 'mike', 'password', roles=['userAdmin', 'readWrite']) client = self.asyncio_client( 'mongodb://*****:*****@%s:%d' % (env.host, env.port)) with self.assertRaises(OperationFailure): yield from client.db.collection.find_one() client = self.asyncio_client( 'mongodb://*****:*****@%s:%d/%s' % (env.host, env.port, db.name)) yield from client[db.name].collection.find_one() finally: yield from db.remove_user('mike')
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield from remove_all_users(self.db) db = self.db try: yield from db.add_user( 'mike', 'password', roles=['userAdmin', 'readWrite']) client = motor_asyncio.AsyncIOMotorClient( 'mongodb://*****:*****@%s:%d' % (host, port), io_loop=self.loop) # Note: open() only calls ismaster, doesn't throw auth errors. yield from client.open() with self.assertRaises(OperationFailure): yield from client.db.collection.find_one() client = motor_asyncio.AsyncIOMotorClient( 'mongodb://*****:*****@%s:%d/%s' % (host, port, db.name), io_loop=self.loop) yield from client[db.name].collection.find_one() finally: yield from db.remove_user('mike')
def test_copy_db_auth_concurrent(self): # SERVER-6427, can't copy database via mongos with auth. yield from skip_if_mongos(self.cx) n_copies = 2 test_db_names = ['motor_test_%s' % i for i in range(n_copies)] # 1. Drop old test DBs yield from self.cx.drop_database('motor_test') yield from self.collection.insert({'_id': 1}) yield from self.drop_databases(self.cx, test_db_names) # 2. Copy a test DB N times at once client = self.get_client() try: # self.cx is logged in as root. yield from self.cx.motor_test.add_user('mike', 'password') futures = [ client.copy_database( 'motor_test', test_db_name, username='******', password='******') for test_db_name in test_db_names] results, _ = yield from asyncio.wait(futures, loop=self.loop) self.assertTrue(all(isinstance(i.result(), dict) for i in results)) yield from self.check_copydb_results( client, {'_id': 1}, test_db_names) finally: yield from remove_all_users(client.motor_test) yield from self.drop_databases(self.cx, test_db_names)
def test_mongodb_x509_auth(self): # Expects the server to be running with SSL config described above, # and with "--auth". if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") # self.env.uri includes username and password. authenticated_client = AsyncIOMotorClient(test.env.uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.loop) if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield from authenticated_client['$external'].add_user( MONGODB_X509_USERNAME, roles=[{ 'role': 'readWriteAnyDatabase', 'db': 'admin' }, { 'role': 'userAdminAnyDatabase', 'db': 'admin' }]) # Not authenticated. client = AsyncIOMotorClient(env.host, env.port, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.loop) collection = client.motor_test.test with self.assertRaises(OperationFailure): yield from collection.count() yield from client.admin.authenticate(MONGODB_X509_USERNAME, mechanism='MONGODB-X509') yield from collection.delete_many({}) uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), env.host, env.port)) # SSL options aren't supported in the URI.... auth_uri_client = AsyncIOMotorClient(uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.loop) yield from auth_uri_client.db.collection.find_one() # Cleanup. yield from remove_all_users(authenticated_client['$external']) yield from authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self): # Expects the server to be running with the server.pem, ca.pem # and crl.pem provided in mongodb and the server tests as well as # --auth: # # --sslPEMKeyFile=jstests/libs/server.pem # --sslCAFile=jstests/libs/ca.pem # --sslCRLFile=jstests/libs/crl.pem # --auth if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") client = AsyncIOMotorClient(test.env.uri, ssl_certfile=CLIENT_PEM, io_loop=self.loop) if not (yield from at_least(client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield from client['$external'].add_user(MONGODB_X509_USERNAME, roles=[{ 'role': 'readWriteAnyDatabase', 'db': 'admin' }, { 'role': 'userAdminAnyDatabase', 'db': 'admin' }]) collection = client.motor_test.test with self.assertRaises(OperationFailure): yield from collection.count() yield from client.admin.authenticate(MONGODB_X509_USERNAME, mechanism='MONGODB-X509') yield from collection.remove() uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), host, port)) # SSL options aren't supported in the URI.... auth_uri_client = AsyncIOMotorClient(uri, ssl_certfile=CLIENT_PEM, io_loop=self.loop) yield from auth_uri_client.db.collection.find_one() # Cleanup. yield from remove_all_users(client['$external']) yield from client['$external'].logout()
def test_mongodb_x509_auth(self): # Expects the server to be running with SSL config described above, # and with "--auth". if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") # self.env.uri includes username and password. authenticated_client = AsyncIOMotorClient(test.env.uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.loop) if not (yield from at_least(authenticated_client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield from authenticated_client['$external'].add_user( MONGODB_X509_USERNAME, roles=[ {'role': 'readWriteAnyDatabase', 'db': 'admin'}, {'role': 'userAdminAnyDatabase', 'db': 'admin'}]) # Not authenticated. client = AsyncIOMotorClient(env.host, env.port, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.loop) collection = client.motor_test.test with self.assertRaises(OperationFailure): yield from collection.count() yield from client.admin.authenticate( MONGODB_X509_USERNAME, mechanism='MONGODB-X509') yield from collection.delete_many({}) uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % ( quote_plus(MONGODB_X509_USERNAME), env.host, env.port)) # SSL options aren't supported in the URI.... auth_uri_client = AsyncIOMotorClient(uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.loop) yield from auth_uri_client.db.collection.find_one() # Cleanup. yield from remove_all_users(authenticated_client['$external']) yield from authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self): # Expects the server to be running with the server.pem, ca.pem # and crl.pem provided in mongodb and the server tests as well as # --auth: # # --sslPEMKeyFile=jstests/libs/server.pem # --sslCAFile=jstests/libs/ca.pem # --sslCRLFile=jstests/libs/crl.pem # --auth if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") client = AsyncIOMotorClient(test.env.uri, ssl_certfile=CLIENT_PEM, io_loop=self.loop) if not (yield from at_least(client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield from client['$external'].add_user(MONGODB_X509_USERNAME, roles=[ {'role': 'readWriteAnyDatabase', 'db': 'admin'}, {'role': 'userAdminAnyDatabase', 'db': 'admin'}]) collection = client.motor_test.test with test.assert_raises(OperationFailure): yield from collection.count() yield from client.admin.authenticate( MONGODB_X509_USERNAME, mechanism='MONGODB-X509') yield from collection.remove() uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % ( quote_plus(MONGODB_X509_USERNAME), host, port)) # SSL options aren't supported in the URI.... auth_uri_client = AsyncIOMotorClient(uri, ssl_certfile=CLIENT_PEM, io_loop=self.loop) yield from auth_uri_client.db.collection.find_one() # Cleanup. yield from remove_all_users(client['$external']) yield from client['$external'].logout()
def test_copy_db_auth(self): # SERVER-6427, can't copy database via mongos with auth. yield from skip_if_mongos(self.cx) yield from self.collection.remove() yield from self.collection.insert({'_id': 1}) try: # self.cx is logged in as root. yield from self.cx.motor_test.add_user('mike', 'password') # This will catch any socket leaks. client = self.get_client(max_pool_size=1, waitQueueTimeoutMS=1) target_db_name = 'motor_test_2' with self.assertRaises(pymongo.errors.OperationFailure): yield from client.copy_database('motor_test', target_db_name, username='******', password='******') with self.assertRaises(pymongo.errors.OperationFailure): yield from client.copy_database('motor_test', target_db_name, username='******', password='******') # Copy a database using name and password. yield from client.copy_database('motor_test', target_db_name, username='******', password='******') self.assertEqual( {'_id': 1}, (yield from client[target_db_name].test_collection.find_one())) yield from client.drop_database(target_db_name) finally: yield from remove_all_users(self.cx.motor_test)
def test_copy_db_auth(self): # SERVER-6427, can't copy database via mongos with auth. yield from skip_if_mongos(self.cx) yield from self.collection.remove() yield from self.collection.insert({'_id': 1}) try: # self.cx is logged in as root. yield from self.cx.motor_test.add_user('mike', 'password') # This will catch any socket leaks. client = self.get_client(max_pool_size=1, waitQueueTimeoutMS=1) target_db_name = 'motor_test_2' with self.assertRaises(pymongo.errors.OperationFailure): yield from client.copy_database( 'motor_test', target_db_name, username='******', password='******') with self.assertRaises(pymongo.errors.OperationFailure): yield from client.copy_database( 'motor_test', target_db_name, username='******', password='******') # Copy a database using name and password. yield from client.copy_database( 'motor_test', target_db_name, username='******', password='******') self.assertEqual( {'_id': 1}, (yield from client[target_db_name].test_collection.find_one())) yield from client.drop_database(target_db_name) finally: yield from remove_all_users(self.cx.motor_test)
def test_authenticate(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield from self.db.add_user("jesse", "password") db = AsyncIOMotorClient(env.host, env.port, **self.get_client_kwargs()).motor_test try: # Authenticate many times at once to test concurrency. yield from asyncio.wait( [db.authenticate("jesse", "password") for _ in range(10)], loop=self.loop) # Just make sure there are no exceptions here. yield from db.remove_user("jesse") yield from db.logout() info = yield from self.db.command("usersInfo", "jesse") users = info.get('users', []) self.assertFalse("jesse" in [u['user'] for u in users]) finally: yield from remove_all_users(self.db) test.env.sync_cx.close()