Permalink
Browse files

SERVER-10848 Speed up auth passthrough tests by using the internal us…

…er instead of a real admin user
  • Loading branch information...
1 parent 38ba557 commit bffe64219d917b3da8df5b37a734e5e672406c3c @stbrody stbrody committed Jan 30, 2014
View
@@ -167,17 +167,6 @@ def did_mongod_start(self, port=mongod_port, timeout=300):
print >> sys.stderr, "timeout starting mongod"
return False
- def setup_admin_user(self, port=mongod_port):
- try:
- Connection( "localhost" , int(port), ssl=use_ssl ).admin.command("createUser", "admin",
- pwd="password",
- roles=["__system"])
- except OperationFailure, e:
- if e.message == 'need to login':
- pass # SERVER-4225
- else:
- raise e
-
def start(self):
global mongod_port
global mongod
@@ -218,11 +207,13 @@ def start(self):
if self.kwargs.get('no_preallocj'):
argv += ['--nopreallocj']
if self.kwargs.get('auth'):
- argv += ['--auth']
+ argv += ['--auth', '--setParameter', 'enableLocalhostAuthBypass=false']
authMechanism = self.kwargs.get('authMechanism', 'MONGODB-CR')
if authMechanism != 'MONGODB-CR':
argv += ['--setParameter', 'authenticationMechanisms=' + authMechanism]
self.auth = True
+ if self.kwargs.get('keyFile'):
+ argv += ['--keyFile', self.kwargs.get('keyFile')]
if self.kwargs.get('use_ssl') or self.kwargs.get('use_x509'):
argv += ['--sslMode', "requireSSL",
'--sslPEMKeyFile', 'jstests/libs/server.pem',
@@ -237,9 +228,6 @@ def start(self):
if not self.did_mongod_start(self.port):
raise Exception("Failed to start mongod")
- if self.auth:
- self.setup_admin_user(self.port)
-
if self.slave:
local = Connection(port=self.port, slave_okay=True).local
synced = False
@@ -481,14 +469,6 @@ def runTest(test, result):
else:
raise Bug("fell off in extension case: %s" % path)
- if keyFile:
- f = open(keyFile, 'r')
- keyFileData = re.sub(r'\s', '', f.read()) # Remove all whitespace
- f.close()
- os.chmod(keyFile, stat.S_IRUSR | stat.S_IWUSR)
- else:
- keyFileData = None
-
mongo_test_filename = os.path.basename(path)
if 'sharedclient' in path:
mongo_test_filename += "-sharedclient"
@@ -615,6 +595,7 @@ def run_tests(tests):
no_preallocj=no_preallocj,
auth=auth,
authMechanism=authMechanism,
+ keyFile=keyFile,
use_ssl=use_ssl,
use_x509=use_x509).__enter__()
else:
@@ -632,6 +613,7 @@ def run_tests(tests):
no_preallocj=no_preallocj,
auth=auth,
authMechanism=authMechanism,
+ keyFile=keyFile,
use_ssl=use_ssl,
use_x509=use_x509).__enter__()
primary = Connection(port=master.port, slave_okay=True);
@@ -690,6 +672,7 @@ def run_tests(tests):
no_preallocj=no_preallocj,
auth=auth,
authMechanism=authMechanism,
+ keyFile=keyFile,
use_ssl=use_ssl,
use_x509=use_x509).__enter__()
@@ -915,7 +898,7 @@ def add_exe(e):
def set_globals(options, tests):
global mongod_executable, mongod_port, shell_executable, continue_on_failure, small_oplog, small_oplog_rs
- global no_journal, set_parameters, set_parameters_mongos, no_preallocj, auth, authMechanism, keyFile, smoke_db_prefix, test_path, start_mongod
+ global no_journal, set_parameters, set_parameters_mongos, no_preallocj, auth, authMechanism, keyFile, keyFileData, smoke_db_prefix, test_path, start_mongod
global use_ssl, use_x509
global file_of_commands_mode
global report_file, use_write_commands
@@ -965,6 +948,14 @@ def set_globals(options, tests):
# default keyFile from jstests/libs/authTestsKey
keyFile = os.path.join(mongo_repo, 'jstests', 'libs', 'authTestsKey')
+ if keyFile:
+ f = open(keyFile, 'r')
+ keyFileData = re.sub(r'\s', '', f.read()) # Remove all whitespace
+ f.close()
+ os.chmod(keyFile, stat.S_IRUSR | stat.S_IWUSR)
+ else:
+ keyFileData = None
+
# if smoke.py is running a list of commands read from a
# file (or stdin) rather than running a suite of js tests
file_of_commands_mode = options.File and options.mode == 'files'
@@ -144,7 +144,17 @@ namespace mongo {
mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled);
redactForLogging(&cmdToLog);
log() << " authenticate db: " << dbname << " " << cmdToLog << endl;
+
UserName user(cmdObj.getStringField("user"), dbname);
+ if (Command::testCommandsEnabled &&
+ user.getDB() == "admin" &&
+ user.getUser() == internalSecurity.user->getName().getUser()) {
+ // Allows authenticating as the internal user against the admin database. This is to
+ // support the auth passthrough test framework on mongos (since you can't use the local
+ // database on a mongos, so you can't auth as the internal user without this).
+ user = internalSecurity.user->getName();
+ }
+
std::string mechanism = cmdObj.getStringField("mechanism");
if (mechanism.empty()) {
mechanism = "MONGODB-CR";
@@ -454,7 +454,6 @@ ReplSetTest.prototype.initiate = function( cfg , initCmd , timeout ) {
if ((jsTestOptions().keyFile || jsTestOptions().useX509) &&
cmdKey == 'replSetInitiate') {
master = this.getMaster();
- jsTest.addAuth(master);
jsTest.authenticateNodes(this.nodes);
}
}
View
@@ -767,9 +767,6 @@ startMongodTest = function (port, dirname, restart, extraOptions ) {
conn.name = (useHostname ? getHostName() : "localhost") + ":" + port;
if (jsTestOptions().auth || jsTestOptions().keyFile || jsTestOptions().useX509) {
- if (!this.shardsvr && !options.replSet && !options.hasOwnProperty("slave") && !restart) {
- jsTest.addAuth(conn);
- }
jsTest.authenticate(conn);
}
return conn;
@@ -824,6 +821,9 @@ function appendSetParameterArgs(argArray) {
"authenticationMechanisms=" + jsTest.options().authMechanism]);
}
}
+ if (jsTest.options().auth) {
+ argArray.push.apply(argArray, ['--setParameter', "enableLocalhostAuthBypass=false"]);
+ }
// mongos only options
if (programName.endsWith('mongos')) {
@@ -933,8 +933,8 @@ runMongoProgram = function() {
if ( jsTestOptions().auth ) {
args = args.slice(1);
args.unshift( progName,
- '-u', jsTestOptions().adminUser,
- '-p', jsTestOptions().adminPassword,
+ '-u', jsTestOptions().authUser,
+ '-p', jsTestOptions().authPassword,
'--authenticationMechanism', DB.prototype._defaultAuthenticationMechanism,
'--authenticationDatabase=admin'
);
@@ -959,8 +959,8 @@ startMongoProgramNoConnect = function() {
if ( jsTestOptions().auth ) {
args = args.slice(1);
args.unshift(progName,
- '-u', jsTestOptions().adminUser,
- '-p', jsTestOptions().adminPassword,
+ '-u', jsTestOptions().authUser,
+ '-p', jsTestOptions().authPassword,
'--authenticationMechanism', DB.prototype._defaultAuthenticationMechanism,
'--authenticationDatabase=admin');
}
@@ -216,9 +216,6 @@ ReplTest.prototype.start = function( master , options , restart, norepl ){
} else {
var conn = startMongod.apply(null, o);
if (jsTestOptions().keyFile || jsTestOptions().auth || jsTestOptions().useX509) {
- if (master) {
- jsTest.addAuth(conn);
- }
jsTest.authenticate(conn);
}
return conn;
@@ -400,7 +400,6 @@ ShardingTest = function( testName , numShards , verboseLevel , numMongos , other
}
if (jsTestOptions().keyFile || jsTestOptions().useX509) {
- jsTest.addAuth( this.s );
jsTest.authenticate( this._configConnection );
jsTest.authenticateNodes( this._configServers );
jsTest.authenticateNodes( this._mongos );
View
@@ -431,37 +431,7 @@ jsTest.randomize = function( seed ) {
print( "Random seed for test : " + seed )
}
-/**
-* Adds a user to the admin DB on the given connection. This is only used for running the test suite
-* with authentication enabled.
-*/
-jsTest.addAuth = function(conn) {
- // Get a connection over localhost so that the first user can be added.
- var localconn = conn;
- if ( localconn.host.indexOf('localhost') != 0 ) {
- print( 'Getting locahost connection instead of ' + conn + ' to add first admin user' );
- var hosts = conn.host.split(',');
- for ( var i = 0; i < hosts.length; i++ ) {
- hosts[i] = 'localhost:' + hosts[i].split(':')[1];
- }
- localconn = new Mongo(hosts.join(','));
- }
- print ("Adding admin user on connection: " + localconn);
- try {
- localconn._skipAuth = true; // Make sure we don't try to authenticate the conn while adding the user
- return localconn.getDB('admin').createUser({user: jsTestOptions().adminUser,
- pwd: jsTestOptions().adminPassword,
- roles: ["__system"]},
- {w: 'majority', wtimeout: 60000});
- } finally {
- localconn._skipAuth = false;
- }
-}
-
jsTest.authenticate = function(conn) {
- if (conn._skipAuth) { // To prevent us from trying to authenticate while in the process of adding user.
- return true;
- }
if (!jsTest.options().auth && !jsTest.options().keyFile && !jsTest.options().useX509) {
conn.authenticated = true;
return true;
@@ -472,13 +442,12 @@ jsTest.authenticate = function(conn) {
// Set authenticated to stop an infinite recursion from getDB calling
// back into authenticate.
conn.authenticated = true;
- print ("Authenticating to admin database as " +
- jsTestOptions().adminUser + " with mechanism " +
+ print ("Authenticating as internal " + jsTestOptions().authUser + " user with mechanism " +
DB.prototype._defaultAuthenticationMechanism +
" on connection: " + conn);
conn.authenticated = conn.getDB('admin').auth({
- user: jsTestOptions().adminUser,
- pwd: jsTestOptions().adminPassword
+ user: jsTestOptions().authUser,
+ pwd: jsTestOptions().authPassword,
});
return conn.authenticated;
}, "Authenticating connection: " + conn, 5000, 1000);

0 comments on commit bffe642

Please sign in to comment.