def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield remove_all_users(self.db)
db = self.db
try:
yield db.add_user('mike',
'password',
roles=['userAdmin', 'readWrite'])
client = motor.MotorClient('mongodb://*****:*****@%s:%d' %
(env.host, env.port),
io_loop=self.io_loop)
# ismaster doesn't throw auth errors.
yield client.admin.command('ismaster')
with self.assertRaises(OperationFailure):
yield client.db.collection.find_one()
client = motor.MotorClient('mongodb://*****:*****@%s:%d/%s' %
(env.host, env.port, db.name),
io_loop=self.io_loop)
yield client[db.name].collection.find_one()
finally:
yield db.remove_user('mike')
def test_authenticate(self):
# self.db is logged in as root.
with ignore_deprecations():
yield self.db.add_user("mike", "password")
client = motor.MotorClient(env.host, env.port,
**self.get_client_kwargs())
db = client.motor_test
try:
# Authenticate many times at once to test concurrency.
yield [db.authenticate("mike", "password") for _ in range(10)]
# Just make sure there are no exceptions here.
yield db.remove_user("mike")
yield db.logout()
if (yield at_least(self.cx, (2, 5, 4))):
info = yield self.db.command("usersInfo", "mike")
users = info.get('users', [])
else:
users = yield self.db.system.users.find().to_list(length=10)
self.assertFalse("mike" in [u['user'] for u in users])
finally:
yield remove_all_users(self.db)
test.env.sync_cx.close()
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield remove_all_users(self.db)
db = self.db
try:
yield db.add_user(
'mike', 'password',
roles=['userAdmin', 'readWrite'])
client = self.motor_client(
'mongodb://*****:*****@%s:%d' % (env.host, env.port))
with self.assertRaises(OperationFailure):
yield client.db.collection.find_one()
client = self.motor_client(
'mongodb://*****:*****@%s:%d/%s' %
(env.host, env.port, db.name))
yield client[db.name].collection.find_one()
finally:
yield db.remove_user('mike')
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield remove_all_users(self.db)
db = self.db
try:
test.env.create_user(db.name,
'mike',
'password',
roles=['userAdmin', 'readWrite'])
client = self.motor_client('mongodb://*****:*****@%s:%d' %
(env.host, env.port))
with self.assertRaises(OperationFailure):
yield client.db.collection.find_one()
client = self.motor_client('mongodb://*****:*****@%s:%d/%s' %
(env.host, env.port, db.name))
yield client[db.name].collection.find_one()
finally:
test.env.drop_user(db.name, 'mike')
def test_auth_from_uri(self):
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# self.db is logged in as root.
yield remove_all_users(self.db)
db = self.db
try:
yield db.add_user(
'mike', 'password',
roles=['userAdmin', 'readWrite'])
client = motor.MotorClient(
'mongodb://*****:*****@%s:%d' % (host, port),
io_loop=self.io_loop)
# Note: open() only calls ismaster, doesn't throw auth errors.
yield client.open()
with self.assertRaises(OperationFailure):
yield client.db.collection.find_one()
client = motor.MotorClient(
'mongodb://*****:*****@%s:%d/%s' %
(host, port, db.name),
io_loop=self.io_loop)
yield client[db.name].collection.find_one()
finally:
yield db.remove_user('mike')
def test_authenticate(self):
# self.db is logged in as root.
with ignore_deprecations():
yield self.db.add_user("mike", "password")
client = motor.MotorClient(host, port, **self.get_client_kwargs())
db = client.motor_test
try:
# Authenticate many times at once to test concurrency.
yield [db.authenticate("mike", "password") for _ in range(10)]
# Just make sure there are no exceptions here.
yield db.remove_user("mike")
yield db.logout()
if (yield at_least(self.cx, (2, 5, 4))):
info = yield self.db.command("usersInfo", "mike")
users = info.get('users', [])
else:
users = yield self.db.system.users.find().to_list(length=10)
self.assertFalse("mike" in [u['user'] for u in users])
finally:
yield remove_all_users(self.db)
test.env.sync_cx.disconnect()
def test_mongodb_x509_auth(self):
if 'EVERGREEN' in os.environ:
raise SkipTest("TODO: fix on Evergreen")
# Expects the server to be running with SSL config described above,
# and with "--auth".
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
# self.env.uri includes username and password.
authenticated_client = motor.MotorClient(test.env.uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.io_loop)
if not (yield at_least(authenticated_client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield authenticated_client['$external'].add_user(
MONGODB_X509_USERNAME,
roles=[{
'role': 'readWriteAnyDatabase',
'db': 'admin'
}, {
'role': 'userAdminAnyDatabase',
'db': 'admin'
}])
# Not authenticated.
client = motor.MotorClient("server",
test.env.port,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.io_loop)
with self.assertRaises(OperationFailure):
yield client.motor_test.test.count()
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' %
(quote_plus(MONGODB_X509_USERNAME), "server", test.env.port))
# SSL options aren't supported in the URI....
auth_uri_client = motor.MotorClient(uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.io_loop)
yield auth_uri_client.db.collection.find_one()
# Cleanup.
yield remove_all_users(authenticated_client['$external'])
yield authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self):
# Expects the server to be running with the server.pem, ca.pem
# and crl.pem provided in mongodb and the server tests as well as
# --auth:
#
# --sslPEMKeyFile=jstests/libs/server.pem
# --sslCAFile=jstests/libs/ca.pem
# --sslCRLFile=jstests/libs/crl.pem
# --auth
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
authenticated_client = motor.MotorClient(test.env.uri,
ssl_certfile=CLIENT_PEM,
io_loop=self.io_loop)
if not (yield at_least(authenticated_client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield authenticated_client['$external'].add_user(
MONGODB_X509_USERNAME,
roles=[{
'role': 'readWriteAnyDatabase',
'db': 'admin'
}, {
'role': 'userAdminAnyDatabase',
'db': 'admin'
}])
client = motor.MotorClient(host,
port,
ssl_certfile=CLIENT_PEM,
io_loop=self.io_loop)
with test.assert_raises(OperationFailure):
yield client.motor_test.test.count()
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' %
(quote_plus(MONGODB_X509_USERNAME), host, port))
# SSL options aren't supported in the URI....
auth_uri_client = motor.MotorClient(uri,
ssl_certfile=CLIENT_PEM,
io_loop=self.io_loop)
yield auth_uri_client.db.collection.find_one()
# Cleanup.
yield remove_all_users(authenticated_client['$external'])
yield authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self):
if 'EVERGREEN' in os.environ:
raise SkipTest("TODO: fix on Evergreen")
# Expects the server to be running with SSL config described above,
# and with "--auth".
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
# self.env.uri includes username and password.
authenticated_client = motor.MotorClient(
test.env.uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.io_loop)
if not (yield at_least(authenticated_client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield authenticated_client['$external'].add_user(
MONGODB_X509_USERNAME, roles=[
{'role': 'readWriteAnyDatabase', 'db': 'admin'},
{'role': 'userAdminAnyDatabase', 'db': 'admin'}])
# Not authenticated.
client = motor.MotorClient(
"server", test.env.port,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.io_loop)
with self.assertRaises(OperationFailure):
yield client.motor_test.test.count()
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' % (
quote_plus(MONGODB_X509_USERNAME), "server", test.env.port))
# SSL options aren't supported in the URI....
auth_uri_client = motor.MotorClient(
uri,
ssl_certfile=CLIENT_PEM,
ssl_ca_certs=CA_PEM,
io_loop=self.io_loop)
yield auth_uri_client.db.collection.find_one()
# Cleanup.
yield remove_all_users(authenticated_client['$external'])
yield authenticated_client['$external'].logout()
def test_mongodb_x509_auth(self):
# Expects the server to be running with the server.pem, ca.pem
# and crl.pem provided in mongodb and the server tests as well as
# --auth:
#
# --sslPEMKeyFile=jstests/libs/server.pem
# --sslCAFile=jstests/libs/ca.pem
# --sslCRLFile=jstests/libs/crl.pem
# --auth
if not test.env.mongod_validates_client_cert:
raise SkipTest("No mongod available over SSL with certs")
authenticated_client = motor.MotorClient(
test.env.uri, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop)
if not (yield at_least(authenticated_client, (2, 5, 3, -1))):
raise SkipTest("MONGODB-X509 tests require MongoDB 2.5.3 or newer")
if not test.env.auth:
raise SkipTest('Authentication is not enabled on server')
# Give admin all necessary privileges.
yield authenticated_client['$external'].add_user(
MONGODB_X509_USERNAME, roles=[
{'role': 'readWriteAnyDatabase', 'db': 'admin'},
{'role': 'userAdminAnyDatabase', 'db': 'admin'}])
client = motor.MotorClient(
host, port, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop)
with test.assert_raises(OperationFailure):
yield client.motor_test.test.count()
uri = ('mongodb://%s@%s:%d/?authMechanism='
'MONGODB-X509' % (
quote_plus(MONGODB_X509_USERNAME), host, port))
# SSL options aren't supported in the URI....
auth_uri_client = motor.MotorClient(
uri, ssl_certfile=CLIENT_PEM, io_loop=self.io_loop)
yield auth_uri_client.db.collection.find_one()
# Cleanup.
yield remove_all_users(authenticated_client['$external'])
yield authenticated_client['$external'].logout()
def test_authenticate(self):
# self.db is logged in as root.
with ignore_deprecations():
yield self.db.add_user("mike", "password")
client = motor.MotorClient(env.host, env.port,
**self.get_client_kwargs())
db = client.motor_test
try:
# Authenticate many times at once to test concurrency.
yield [db.authenticate("mike", "password") for _ in range(10)]
# Just make sure there are no exceptions here.
yield db.remove_user("mike")
yield db.logout()
info = yield self.db.command("usersInfo", "mike")
users = info.get('users', [])
self.assertFalse("mike" in [u['user'] for u in users])
finally:
yield remove_all_users(self.db)
test.env.sync_cx.close()
def test_authenticate(self):
# self.db is logged in as root.
test.env.create_user(self.db.name,
"mike",
"password",
roles=['userAdmin', 'readWrite'])
client = motor.MotorClient(env.host, env.port,
**self.get_client_kwargs())
db = client.motor_test
try:
# Authenticate many times at once to test concurrency.
yield [db.authenticate("mike", "password") for _ in range(10)]
# Just make sure there are no exceptions here.
test.env.drop_user(db.name, 'mike')
yield db.logout()
info = yield self.db.command("usersInfo", "mike")
users = info.get('users', [])
self.assertFalse("mike" in [u['user'] for u in users])
finally:
yield remove_all_users(self.db)
test.env.sync_cx.close()
