Skip to content

Commit

Permalink
SERVER-10848 Speed up auth passthrough tests by using the internal us…
Browse files Browse the repository at this point in the history 
…er instead of a real admin user
  • Loading branch information
@stbrody
stbrody committed Feb 3, 2014
1 parent 38ba557 commit bffe642
Show file tree
Hide file tree
Showing 8 changed files with 35 additions and 70 deletions.
39 changes: 15 additions & 24 deletions buildscripts/smoke.py
View file
Expand Up @@ -167,17 +167,6 @@ def did_mongod_start(self, port=mongod_port, timeout=300):
print >> sys.stderr, "timeout starting mongod"
return False

def setup_admin_user(self, port=mongod_port):
try:
Connection( "localhost" , int(port), ssl=use_ssl ).admin.command("createUser", "admin",
pwd="password",
roles=["__system"])
except OperationFailure, e:
if e.message == 'need to login':
pass # SERVER-4225
else:
raise e

def start(self):
global mongod_port
global mongod
Expand Down Expand Up @@ -218,11 +207,13 @@ def start(self):
if self.kwargs.get('no_preallocj'):
argv += ['--nopreallocj']
if self.kwargs.get('auth'):
argv += ['--auth']
argv += ['--auth', '--setParameter', 'enableLocalhostAuthBypass=false']
authMechanism = self.kwargs.get('authMechanism', 'MONGODB-CR')
if authMechanism != 'MONGODB-CR':
argv += ['--setParameter', 'authenticationMechanisms=' + authMechanism]
self.auth = True
if self.kwargs.get('keyFile'):
argv += ['--keyFile', self.kwargs.get('keyFile')]
if self.kwargs.get('use_ssl') or self.kwargs.get('use_x509'):
argv += ['--sslMode', "requireSSL",
'--sslPEMKeyFile', 'jstests/libs/server.pem',
Expand All @@ -237,9 +228,6 @@ def start(self):
if not self.did_mongod_start(self.port):
raise Exception("Failed to start mongod")

if self.auth:
self.setup_admin_user(self.port)

if self.slave:
local = Connection(port=self.port, slave_okay=True).local
synced = False
Expand Down Expand Up @@ -481,14 +469,6 @@ def runTest(test, result):
else:
raise Bug("fell off in extension case: %s" % path)

if keyFile:
f = open(keyFile, 'r')
keyFileData = re.sub(r'\s', '', f.read()) # Remove all whitespace
f.close()
os.chmod(keyFile, stat.S_IRUSR | stat.S_IWUSR)
else:
keyFileData = None

mongo_test_filename = os.path.basename(path)
if 'sharedclient' in path:
mongo_test_filename += "-sharedclient"
Expand Down Expand Up @@ -615,6 +595,7 @@ def run_tests(tests):
no_preallocj=no_preallocj,
auth=auth,
authMechanism=authMechanism,
keyFile=keyFile,
use_ssl=use_ssl,
use_x509=use_x509).__enter__()
else:
Expand All @@ -632,6 +613,7 @@ def run_tests(tests):
no_preallocj=no_preallocj,
auth=auth,
authMechanism=authMechanism,
keyFile=keyFile,
use_ssl=use_ssl,
use_x509=use_x509).__enter__()
primary = Connection(port=master.port, slave_okay=True);
Expand Down Expand Up @@ -690,6 +672,7 @@ def run_tests(tests):
no_preallocj=no_preallocj,
auth=auth,
authMechanism=authMechanism,
keyFile=keyFile,
use_ssl=use_ssl,
use_x509=use_x509).__enter__()

Expand Down Expand Up @@ -915,7 +898,7 @@ def add_exe(e):

def set_globals(options, tests):
global mongod_executable, mongod_port, shell_executable, continue_on_failure, small_oplog, small_oplog_rs
global no_journal, set_parameters, set_parameters_mongos, no_preallocj, auth, authMechanism, keyFile, smoke_db_prefix, test_path, start_mongod
global no_journal, set_parameters, set_parameters_mongos, no_preallocj, auth, authMechanism, keyFile, keyFileData, smoke_db_prefix, test_path, start_mongod
global use_ssl, use_x509
global file_of_commands_mode
global report_file, use_write_commands
Expand Down Expand Up @@ -965,6 +948,14 @@ def set_globals(options, tests):
# default keyFile from jstests/libs/authTestsKey
keyFile = os.path.join(mongo_repo, 'jstests', 'libs', 'authTestsKey')

if keyFile:
f = open(keyFile, 'r')
keyFileData = re.sub(r'\s', '', f.read()) # Remove all whitespace
f.close()
os.chmod(keyFile, stat.S_IRUSR | stat.S_IWUSR)
else:
keyFileData = None

# if smoke.py is running a list of commands read from a
# file (or stdin) rather than running a suite of js tests
file_of_commands_mode = options.File and options.mode == 'files'
Expand Down
0 jstests/sharding/sharding_with_keyfile.js → ...ts/sharding/sharding_with_keyfile_auth.js
View file
File renamed without changes.
10 changes: 10 additions & 0 deletions src/mongo/db/commands/authentication_commands.cpp
View file
Expand Up @@ -144,7 +144,17 @@ namespace mongo {
mutablebson::Document cmdToLog(cmdObj, mutablebson::Document::kInPlaceDisabled);
redactForLogging(&cmdToLog);
log() << " authenticate db: " << dbname << " " << cmdToLog << endl;

UserName user(cmdObj.getStringField("user"), dbname);
if (Command::testCommandsEnabled &&
user.getDB() == "admin" &&
user.getUser() == internalSecurity.user->getName().getUser()) {
// Allows authenticating as the internal user against the admin database. This is to
// support the auth passthrough test framework on mongos (since you can't use the local
// database on a mongos, so you can't auth as the internal user without this).
user = internalSecurity.user->getName();
}

std::string mechanism = cmdObj.getStringField("mechanism");
if (mechanism.empty()) {
mechanism = "MONGODB-CR";
Expand Down
1 change: 0 additions & 1 deletion src/mongo/shell/replsettest.js
View file
Expand Up @@ -454,7 +454,6 @@ ReplSetTest.prototype.initiate = function( cfg , initCmd , timeout ) {
if ((jsTestOptions().keyFile || jsTestOptions().useX509) &&
cmdKey == 'replSetInitiate') {
master = this.getMaster();
jsTest.addAuth(master);
jsTest.authenticateNodes(this.nodes);
}
}
Expand Down
14 changes: 7 additions & 7 deletions src/mongo/shell/servers.js
View file
Expand Up @@ -767,9 +767,6 @@ startMongodTest = function (port, dirname, restart, extraOptions ) {
conn.name = (useHostname ? getHostName() : "localhost") + ":" + port;

if (jsTestOptions().auth || jsTestOptions().keyFile || jsTestOptions().useX509) {
if (!this.shardsvr && !options.replSet && !options.hasOwnProperty("slave") && !restart) {
jsTest.addAuth(conn);
}
jsTest.authenticate(conn);
}
return conn;
Expand Down Expand Up @@ -824,6 +821,9 @@ function appendSetParameterArgs(argArray) {
"authenticationMechanisms=" + jsTest.options().authMechanism]);
}
}
if (jsTest.options().auth) {
argArray.push.apply(argArray, ['--setParameter', "enableLocalhostAuthBypass=false"]);
}

// mongos only options
if (programName.endsWith('mongos')) {
Expand Down Expand Up @@ -933,8 +933,8 @@ runMongoProgram = function() {
if ( jsTestOptions().auth ) {
args = args.slice(1);
args.unshift( progName,
'-u', jsTestOptions().adminUser,
'-p', jsTestOptions().adminPassword,
'-u', jsTestOptions().authUser,
'-p', jsTestOptions().authPassword,
'--authenticationMechanism', DB.prototype._defaultAuthenticationMechanism,
'--authenticationDatabase=admin'
);
Expand All @@ -959,8 +959,8 @@ startMongoProgramNoConnect = function() {
if ( jsTestOptions().auth ) {
args = args.slice(1);
args.unshift(progName,
'-u', jsTestOptions().adminUser,
'-p', jsTestOptions().adminPassword,
'-u', jsTestOptions().authUser,
'-p', jsTestOptions().authPassword,
'--authenticationMechanism', DB.prototype._defaultAuthenticationMechanism,
'--authenticationDatabase=admin');
}
Expand Down
3 changes: 0 additions & 3 deletions src/mongo/shell/servers_misc.js
View file
Expand Up @@ -216,9 +216,6 @@ ReplTest.prototype.start = function( master , options , restart, norepl ){
} else {
var conn = startMongod.apply(null, o);
if (jsTestOptions().keyFile || jsTestOptions().auth || jsTestOptions().useX509) {
if (master) {
jsTest.addAuth(conn);
}
jsTest.authenticate(conn);
}
return conn;
Expand Down
1 change: 0 additions & 1 deletion src/mongo/shell/shardingtest.js
View file
Expand Up @@ -400,7 +400,6 @@ ShardingTest = function( testName , numShards , verboseLevel , numMongos , other
}

if (jsTestOptions().keyFile || jsTestOptions().useX509) {
jsTest.addAuth( this.s );
jsTest.authenticate( this._configConnection );
jsTest.authenticateNodes( this._configServers );
jsTest.authenticateNodes( this._mongos );
Expand Down
37 changes: 3 additions & 34 deletions src/mongo/shell/utils.js
View file
Expand Up @@ -431,37 +431,7 @@ jsTest.randomize = function( seed ) {
print( "Random seed for test : " + seed )
}

/**
* Adds a user to the admin DB on the given connection. This is only used for running the test suite
* with authentication enabled.
*/
jsTest.addAuth = function(conn) {
// Get a connection over localhost so that the first user can be added.
var localconn = conn;
if ( localconn.host.indexOf('localhost') != 0 ) {
print( 'Getting locahost connection instead of ' + conn + ' to add first admin user' );
var hosts = conn.host.split(',');
for ( var i = 0; i < hosts.length; i++ ) {
hosts[i] = 'localhost:' + hosts[i].split(':')[1];
}
localconn = new Mongo(hosts.join(','));
}
print ("Adding admin user on connection: " + localconn);
try {
localconn._skipAuth = true; // Make sure we don't try to authenticate the conn while adding the user
return localconn.getDB('admin').createUser({user: jsTestOptions().adminUser,
pwd: jsTestOptions().adminPassword,
roles: ["__system"]},
{w: 'majority', wtimeout: 60000});
} finally {
localconn._skipAuth = false;
}
}

jsTest.authenticate = function(conn) {
if (conn._skipAuth) { // To prevent us from trying to authenticate while in the process of adding user.
return true;
}
if (!jsTest.options().auth && !jsTest.options().keyFile && !jsTest.options().useX509) {
conn.authenticated = true;
return true;
Expand All @@ -472,13 +442,12 @@ jsTest.authenticate = function(conn) {
// Set authenticated to stop an infinite recursion from getDB calling
// back into authenticate.
conn.authenticated = true;
print ("Authenticating to admin database as " +
jsTestOptions().adminUser + " with mechanism " +
print ("Authenticating as internal " + jsTestOptions().authUser + " user with mechanism " +
DB.prototype._defaultAuthenticationMechanism +
" on connection: " + conn);
conn.authenticated = conn.getDB('admin').auth({
user: jsTestOptions().adminUser,
pwd: jsTestOptions().adminPassword
user: jsTestOptions().authUser,
pwd: jsTestOptions().authPassword,
});
return conn.authenticated;
}, "Authenticating connection: " + conn, 5000, 1000);
Expand Down

0 comments on commit bffe642

Please sign in to comment.