def test_parse_tls_insecure_options(self): # tlsInsecure is expanded correctly. uri = "mongodb://example.com/?tlsInsecure=true" res = get_validated_options( { "ssl_match_hostname": False, "ssl_cert_reqs": ssl.CERT_NONE, "tlsinsecure": True }, warn=False) self.assertEqual(res, parse_uri(uri)["options"]) # tlsAllow* specified AFTER tlsInsecure. # tlsAllow* options warns and overrides values implied by tlsInsecure. uri = ("mongodb://example.com/?tlsInsecure=true" "&tlsAllowInvalidCertificates=false" "&tlsAllowInvalidHostnames=false") res = get_validated_options( { "ssl_match_hostname": True, "ssl_cert_reqs": ssl.CERT_REQUIRED, "tlsinsecure": True }, warn=False) with warnings.catch_warnings(record=True) as ctx: warnings.simplefilter('always') self.assertEqual(res, parse_uri(uri)["options"]) for warning in ctx: self.assertRegexpMatches( warning.message.args[0], ".*tlsAllowInvalid.*overrides.*tlsInsecure.*") clear_warning_registry() # tlsAllow* specified BEFORE tlsInsecure. # tlsAllow* options warns and overrides values implied by tlsInsecure. uri = ("mongodb://example.com/" "?tlsAllowInvalidCertificates=false" "&tlsAllowInvalidHostnames=false" "&tlsInsecure=true") res = get_validated_options( { "ssl_match_hostname": True, "ssl_cert_reqs": ssl.CERT_REQUIRED, "tlsinsecure": True }, warn=False) with warnings.catch_warnings(record=True) as ctx: warnings.simplefilter('always') self.assertEqual(res, parse_uri(uri)["options"]) for warning in ctx: self.assertRegexpMatches( warning.message.args[0], ".*tlsAllowInvalid.*overrides.*tlsInsecure.*")
def test_parse_tls_insecure_options(self): # tlsInsecure is expanded correctly. uri = "mongodb://example.com/?tlsInsecure=true" res = get_validated_options( {"ssl_match_hostname": False, "ssl_cert_reqs": ssl.CERT_NONE, "tlsinsecure": True}, warn=False) self.assertEqual(res, parse_uri(uri)["options"]) # tlsAllow* specified AFTER tlsInsecure. # tlsAllow* options warns and overrides values implied by tlsInsecure. uri = ("mongodb://example.com/?tlsInsecure=true" "&tlsAllowInvalidCertificates=false" "&tlsAllowInvalidHostnames=false") res = get_validated_options( {"ssl_match_hostname": True, "ssl_cert_reqs": ssl.CERT_REQUIRED, "tlsinsecure": True}, warn=False) with warnings.catch_warnings(record=True) as ctx: warnings.simplefilter('always') self.assertEqual(res, parse_uri(uri)["options"]) for warning in ctx: self.assertRegexpMatches( warning.message.args[0], ".*tlsAllowInvalid.*overrides.*tlsInsecure.*") clear_warning_registry() # tlsAllow* specified BEFORE tlsInsecure. # tlsAllow* options warns and overrides values implied by tlsInsecure. uri = ("mongodb://example.com/" "?tlsAllowInvalidCertificates=false" "&tlsAllowInvalidHostnames=false" "&tlsInsecure=true") res = get_validated_options( {"ssl_match_hostname": True, "ssl_cert_reqs": ssl.CERT_REQUIRED, "tlsinsecure": True}, warn=False) with warnings.catch_warnings(record=True) as ctx: warnings.simplefilter('always') self.assertEqual(res, parse_uri(uri)["options"]) for warning in ctx: self.assertRegexpMatches( warning.message.args[0], ".*tlsAllowInvalid.*overrides.*tlsInsecure.*")
def validate_options(opts, warn=False): """Validates and normalizes options passed in a MongoDB URI. Returns a new dictionary of validated and normalized options. If warn is False then errors will be thrown for invalid options, otherwise they will be ignored and a warning will be issued. :Parameters: - `opts`: A dict of MongoDB URI options. - `warn` (optional): If ``True`` then warnigns will be logged and invalid options will be ignored. Otherwise invalid options will cause errors. """ return get_validated_options(opts, warn)