def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield remove_all_users(self.db) db = self.db try: yield db.add_user('mike', 'password', roles=['userAdmin', 'readWrite']) client = motor.MotorClient('mongodb://*****:*****@%s:%d' % (env.host, env.port), io_loop=self.io_loop) # ismaster doesn't throw auth errors. yield client.admin.command('ismaster') with self.assertRaises(OperationFailure): yield client.db.collection.find_one() client = motor.MotorClient('mongodb://*****:*****@%s:%d/%s' % (env.host, env.port, db.name), io_loop=self.io_loop) yield client[db.name].collection.find_one() finally: yield db.remove_user('mike')
def test_authenticate(self): # self.db is logged in as root. with ignore_deprecations(): yield self.db.add_user("mike", "password") client = motor.MotorClient(env.host, env.port, **self.get_client_kwargs()) db = client.motor_test try: # Authenticate many times at once to test concurrency. yield [db.authenticate("mike", "password") for _ in range(10)] # Just make sure there are no exceptions here. yield db.remove_user("mike") yield db.logout() if (yield at_least(self.cx, (2, 5, 4))): info = yield self.db.command("usersInfo", "mike") users = info.get('users', []) else: users = yield self.db.system.users.find().to_list(length=10) self.assertFalse("mike" in [u['user'] for u in users]) finally: yield remove_all_users(self.db) test.env.sync_cx.close()
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield remove_all_users(self.db) db = self.db try: yield db.add_user( 'mike', 'password', roles=['userAdmin', 'readWrite']) client = self.motor_client( 'mongodb://*****:*****@%s:%d' % (env.host, env.port)) with self.assertRaises(OperationFailure): yield client.db.collection.find_one() client = self.motor_client( 'mongodb://*****:*****@%s:%d/%s' % (env.host, env.port, db.name)) yield client[db.name].collection.find_one() finally: yield db.remove_user('mike')
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield remove_all_users(self.db) db = self.db try: test.env.create_user(db.name, 'mike', 'password', roles=['userAdmin', 'readWrite']) client = self.motor_client('mongodb://*****:*****@%s:%d' % (env.host, env.port)) with self.assertRaises(OperationFailure): yield client.db.collection.find_one() client = self.motor_client('mongodb://*****:*****@%s:%d/%s' % (env.host, env.port, db.name)) yield client[db.name].collection.find_one() finally: test.env.drop_user(db.name, 'mike')
def test_auth_from_uri(self): if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # self.db is logged in as root. yield remove_all_users(self.db) db = self.db try: yield db.add_user( 'mike', 'password', roles=['userAdmin', 'readWrite']) client = motor.MotorClient( 'mongodb://*****:*****@%s:%d' % (host, port), io_loop=self.io_loop) # Note: open() only calls ismaster, doesn't throw auth errors. yield client.open() with self.assertRaises(OperationFailure): yield client.db.collection.find_one() client = motor.MotorClient( 'mongodb://*****:*****@%s:%d/%s' % (host, port, db.name), io_loop=self.io_loop) yield client[db.name].collection.find_one() finally: yield db.remove_user('mike')
def test_authenticate(self): # self.db is logged in as root. with ignore_deprecations(): yield self.db.add_user("mike", "password") client = motor.MotorClient(host, port, **self.get_client_kwargs()) db = client.motor_test try: # Authenticate many times at once to test concurrency. yield [db.authenticate("mike", "password") for _ in range(10)] # Just make sure there are no exceptions here. yield db.remove_user("mike") yield db.logout() if (yield at_least(self.cx, (2, 5, 4))): info = yield self.db.command("usersInfo", "mike") users = info.get('users', []) else: users = yield self.db.system.users.find().to_list(length=10) self.assertFalse("mike" in [u['user'] for u in users]) finally: yield remove_all_users(self.db) test.env.sync_cx.disconnect()
def test_mongodb_x509_auth(self): if 'EVERGREEN' in os.environ: raise SkipTest("TODO: fix on Evergreen") # Expects the server to be running with SSL config described above, # and with "--auth". if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") # self.env.uri includes username and password. authenticated_client = motor.MotorClient(test.env.uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.io_loop) if not (yield at_least(authenticated_client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield authenticated_client['$external'].add_user( MONGODB_X509_USERNAME, roles=[{ 'role': 'readWriteAnyDatabase', 'db': 'admin' }, { 'role': 'userAdminAnyDatabase', 'db': 'admin' }]) # Not authenticated. client = motor.MotorClient("server", test.env.port, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.io_loop) with self.assertRaises(OperationFailure): yield client.motor_test.test.count() uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), "server", test.env.port)) # SSL options aren't supported in the URI.... auth_uri_client = motor.MotorClient(uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.io_loop) yield auth_uri_client.db.collection.find_one() # Cleanup. yield remove_all_users(authenticated_client['$external']) yield authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self): # Expects the server to be running with the server.pem, ca.pem # and crl.pem provided in mongodb and the server tests as well as # --auth: # # --sslPEMKeyFile=jstests/libs/server.pem # --sslCAFile=jstests/libs/ca.pem # --sslCRLFile=jstests/libs/crl.pem # --auth if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") authenticated_client = motor.MotorClient(test.env.uri, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop) if not (yield at_least(authenticated_client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield authenticated_client['$external'].add_user( MONGODB_X509_USERNAME, roles=[{ 'role': 'readWriteAnyDatabase', 'db': 'admin' }, { 'role': 'userAdminAnyDatabase', 'db': 'admin' }]) client = motor.MotorClient(host, port, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop) with test.assert_raises(OperationFailure): yield client.motor_test.test.count() uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), host, port)) # SSL options aren't supported in the URI.... auth_uri_client = motor.MotorClient(uri, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop) yield auth_uri_client.db.collection.find_one() # Cleanup. yield remove_all_users(authenticated_client['$external']) yield authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self): if 'EVERGREEN' in os.environ: raise SkipTest("TODO: fix on Evergreen") # Expects the server to be running with SSL config described above, # and with "--auth". if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") # self.env.uri includes username and password. authenticated_client = motor.MotorClient( test.env.uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.io_loop) if not (yield at_least(authenticated_client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield authenticated_client['$external'].add_user( MONGODB_X509_USERNAME, roles=[ {'role': 'readWriteAnyDatabase', 'db': 'admin'}, {'role': 'userAdminAnyDatabase', 'db': 'admin'}]) # Not authenticated. client = motor.MotorClient( "server", test.env.port, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.io_loop) with self.assertRaises(OperationFailure): yield client.motor_test.test.count() uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % ( quote_plus(MONGODB_X509_USERNAME), "server", test.env.port)) # SSL options aren't supported in the URI.... auth_uri_client = motor.MotorClient( uri, ssl_certfile=CLIENT_PEM, ssl_ca_certs=CA_PEM, io_loop=self.io_loop) yield auth_uri_client.db.collection.find_one() # Cleanup. yield remove_all_users(authenticated_client['$external']) yield authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self): # Expects the server to be running with the server.pem, ca.pem # and crl.pem provided in mongodb and the server tests as well as # --auth: # # --sslPEMKeyFile=jstests/libs/server.pem # --sslCAFile=jstests/libs/ca.pem # --sslCRLFile=jstests/libs/crl.pem # --auth if not test.env.mongod_validates_client_cert: raise SkipTest("No mongod available over SSL with certs") authenticated_client = motor.MotorClient( test.env.uri, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop) if not (yield at_least(authenticated_client, (2, 5, 3, -1))): raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer") if not test.env.auth: raise SkipTest('Authentication is not enabled on server') # Give admin all necessary privileges. yield authenticated_client['$external'].add_user( MONGODB_X509_USERNAME, roles=[ {'role': 'readWriteAnyDatabase', 'db': 'admin'}, {'role': 'userAdminAnyDatabase', 'db': 'admin'}]) client = motor.MotorClient( host, port, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop) with test.assert_raises(OperationFailure): yield client.motor_test.test.count() uri = ('mongodb://%s@%s:%d/?authMechanism=' 'MONGODB-X509' % ( quote_plus(MONGODB_X509_USERNAME), host, port)) # SSL options aren't supported in the URI.... auth_uri_client = motor.MotorClient( uri, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop) yield auth_uri_client.db.collection.find_one() # Cleanup. yield remove_all_users(authenticated_client['$external']) yield authenticated_client['$external'].logout()
def test_authenticate(self): # self.db is logged in as root. with ignore_deprecations(): yield self.db.add_user("mike", "password") client = motor.MotorClient(env.host, env.port, **self.get_client_kwargs()) db = client.motor_test try: # Authenticate many times at once to test concurrency. yield [db.authenticate("mike", "password") for _ in range(10)] # Just make sure there are no exceptions here. yield db.remove_user("mike") yield db.logout() info = yield self.db.command("usersInfo", "mike") users = info.get('users', []) self.assertFalse("mike" in [u['user'] for u in users]) finally: yield remove_all_users(self.db) test.env.sync_cx.close()
def test_authenticate(self): # self.db is logged in as root. test.env.create_user(self.db.name, "mike", "password", roles=['userAdmin', 'readWrite']) client = motor.MotorClient(env.host, env.port, **self.get_client_kwargs()) db = client.motor_test try: # Authenticate many times at once to test concurrency. yield [db.authenticate("mike", "password") for _ in range(10)] # Just make sure there are no exceptions here. test.env.drop_user(db.name, 'mike') yield db.logout() info = yield self.db.command("usersInfo", "mike") users = info.get('users', []) self.assertFalse("mike" in [u['user'] for u in users]) finally: yield remove_all_users(self.db) test.env.sync_cx.close()