From 0558a06e6de48ece3d600fb5922d191a3b59d1a9 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 11:00:11 +0100 Subject: [PATCH 01/62] fix all MONGO_OPLOG_URL --- tests/meteor-doc-fetcher.sh | 2 +- tests/meteor-oplog-cursor-supported.sh | 2 +- tests/meteor-oplog-entry-skipping.sh | 2 +- tests/meteor-oplog-x-implicit-collection-creation.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/meteor-doc-fetcher.sh b/tests/meteor-doc-fetcher.sh index 0fe1f1303..28b310878 100755 --- a/tests/meteor-doc-fetcher.sh +++ b/tests/meteor-doc-fetcher.sh @@ -8,6 +8,6 @@ export METEOR_LOCAL_DIR=~/.meteor export MONGO_URL="mongodb://localhost:27017/" -export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=mongodb-rs&directConnection=true" +export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=rs0&directConnection=true" TINYTEST_FILTER="mongo-livedata - doc fetcher" ./packages/test-in-console/run.sh --once diff --git a/tests/meteor-oplog-cursor-supported.sh b/tests/meteor-oplog-cursor-supported.sh index 262c31fa1..916858082 100755 --- a/tests/meteor-oplog-cursor-supported.sh +++ b/tests/meteor-oplog-cursor-supported.sh @@ -8,6 +8,6 @@ export METEOR_LOCAL_DIR=~/.meteor export MONGO_URL="mongodb://localhost:27017/" -export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=mongodb-rs&directConnection=true" +export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=rs0&directConnection=true" TINYTEST_FILTER="mongo-livedata - oplog - cursorSupported" ./packages/test-in-console/run.sh --once diff --git a/tests/meteor-oplog-entry-skipping.sh b/tests/meteor-oplog-entry-skipping.sh index 355c8b451..98c32d9b9 100755 --- a/tests/meteor-oplog-entry-skipping.sh +++ b/tests/meteor-oplog-entry-skipping.sh @@ -8,6 +8,6 @@ export METEOR_LOCAL_DIR=~/.meteor export MONGO_URL="mongodb://localhost:27017/" -export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=mongodb-rs&directConnection=true" +export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=rs0&directConnection=true" TINYTEST_FILTER="mongo-livedata - oplog - entry skipping" ./packages/test-in-console/run.sh --once diff --git a/tests/meteor-oplog-x-implicit-collection-creation.sh b/tests/meteor-oplog-x-implicit-collection-creation.sh index 68778f83f..c0d37c15d 100755 --- a/tests/meteor-oplog-x-implicit-collection-creation.sh +++ b/tests/meteor-oplog-x-implicit-collection-creation.sh @@ -8,6 +8,6 @@ export METEOR_LOCAL_DIR=~/.meteor export MONGO_URL="mongodb://localhost:27017/" -export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=mongodb-rs&directConnection=true" +export MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=rs0&directConnection=true" TINYTEST_FILTER="mongo-livedata - oplog - x - implicit collection creation" ./packages/test-in-console/run.sh --once From 6db25396a2f4ad8154a1fed5db9ff60c92233f2a Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 11:40:19 +0100 Subject: [PATCH 02/62] FERRETDB_REPL_SET_NAME --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 78da37acc..53dfcd83b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,7 @@ services: - TZ=Asia/Kathmandu - FERRETDB_HANDLER=postgresql - FERRETDB_POSTGRESQL_URL=postgres://user@postgres:5432/dance + - FERRETDB_REPL_SET_NAME=rs0 extra_hosts: - "host.docker.internal:host-gateway" @@ -26,6 +27,7 @@ services: - TZ=Asia/Kathmandu - FERRETDB_HANDLER=sqlite - FERRETDB_SQLITE_URL=file:/state/?_pragma=busy_timeout(20000) + - FERRETDB_REPL_SET_NAME=rs0 extra_hosts: - "host.docker.internal:host-gateway" From be5a833336bce09f639747b89b7e045f6f1aedb3 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 11:40:42 +0100 Subject: [PATCH 03/62] replSetName --- build/mongod.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/mongod.conf b/build/mongod.conf index cc66c45ef..371317792 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -9,7 +9,7 @@ security: replication: oplogSizeMB: 512 - replSetName: mongodb-rs + replSetName: rs0 setParameter: enableTestCommands: 1 From 5ad121e37d105dfe7e01b38449d4a8fdbb5255ec Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 12:07:48 +0100 Subject: [PATCH 04/62] add new service and create a root user with enableLocalhostAuthBypass --- Taskfile.yaml | 10 +++++++++- build/mongod_secured.conf | 15 +++++++++++++++ docker-compose.yml | 22 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 build/mongod_secured.conf diff --git a/Taskfile.yaml b/Taskfile.yaml index 1970c115c..e4e3d31bf 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -112,10 +112,18 @@ tasks: - > docker compose run --rm mongosh mongosh 'mongodb://host.docker.internal:27017/' - --eval 'rs.initiate({_id: "mongodb-rs", members: [{_id: 0, host: "localhost"}]})' + --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true + create-root-user: + desc: "Creates a user with root access" + cmds: + - > + docker compose run --rm mongosh mongosh + 'mongodb://host.docker.internal:27018/' + --eval 'db.getSiblingDB("admin").createUser({user: "user", pwd: "password", roles: [ "root" ]})' + # see https://github.com/DavidAnson/markdownlint-cli2#command-line for the reason we use double-quotes docs-fmt: desc: "Format and lint documentation" diff --git a/build/mongod_secured.conf b/build/mongod_secured.conf new file mode 100644 index 000000000..15eb82cc6 --- /dev/null +++ b/build/mongod_secured.conf @@ -0,0 +1,15 @@ +net: + port: 27018 + bindIpAll: true + tls: + mode: disabled + +security: + authorization: enabled + +setParameter: + enableTestCommands: 1 + enableLocalhostAuthBypass: true + +systemLog: + quiet: true diff --git a/docker-compose.yml b/docker-compose.yml index 53dfcd83b..f155be908 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -68,6 +68,28 @@ services: volumes: - ./build/mongod.conf:/etc/mongod.conf + mongodb_secured: + build: + context: ./build/deps + dockerfile: mongo7.Dockerfile + command: --config /etc/mongod.conf + container_name: dance_mongodb_secured + restart: unless-stopped + ulimits: + nproc: 64000 + nofile: + soft: 64000 + hard: 64000 + ports: + - 27017:27017 + environment: + # Always UTC+05:45. Set to catch timezone problems. + - TZ=Asia/Kathmandu + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - ./build/mongod_secured.conf:/etc/mongod.conf + # never started normally, used only for mongosh, mongodump, etc. mongosh: build: From 21d0ea0baeeba1278e67df12ef0848ec07380fb3 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 13:51:47 +0100 Subject: [PATCH 05/62] remove unnecessary task and trim -secured --- Taskfile.yaml | 8 -------- build/mongod_secured.conf | 2 +- cmd/dance/main.go | 2 ++ docker-compose.yml | 4 +++- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index e4e3d31bf..cf7705cc1 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -116,14 +116,6 @@ tasks: # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true - create-root-user: - desc: "Creates a user with root access" - cmds: - - > - docker compose run --rm mongosh mongosh - 'mongodb://host.docker.internal:27018/' - --eval 'db.getSiblingDB("admin").createUser({user: "user", pwd: "password", roles: [ "root" ]})' - # see https://github.com/DavidAnson/markdownlint-cli2#command-line for the reason we use double-quotes docs-fmt: desc: "Format and lint documentation" diff --git a/build/mongod_secured.conf b/build/mongod_secured.conf index 15eb82cc6..37c18f7fe 100644 --- a/build/mongod_secured.conf +++ b/build/mongod_secured.conf @@ -1,5 +1,5 @@ net: - port: 27018 + port: 27017 bindIpAll: true tls: mode: disabled diff --git a/cmd/dance/main.go b/cmd/dance/main.go index a4fd7e55b..395ddf25c 100644 --- a/cmd/dance/main.go +++ b/cmd/dance/main.go @@ -81,6 +81,8 @@ func main() { log.Fatal("-db is required") } + *dbF = strings.TrimSuffix(*dbF, "-secured") + ctx, stop := notifyAppTermination(context.Background()) go func() { <-ctx.Done() diff --git a/docker-compose.yml b/docker-compose.yml index f155be908..32e2c9dd3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -68,7 +68,7 @@ services: volumes: - ./build/mongod.conf:/etc/mongod.conf - mongodb_secured: + mongodb-secured: build: context: ./build/deps dockerfile: mongo7.Dockerfile @@ -85,6 +85,8 @@ services: environment: # Always UTC+05:45. Set to catch timezone problems. - TZ=Asia/Kathmandu + - MONGO_INITDB_ROOT_USERNAME=user + - MONGO_INITDB_ROOT_PASSWORD=password extra_hosts: - "host.docker.internal:host-gateway" volumes: From 6a9cb99c1203404966e9bf6999a5da735503b49a Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 13:55:39 +0100 Subject: [PATCH 06/62] add dotnet tests --- tests/dotnet-example-auth-scram-sha-1.yml | 20 ++++++++++++++++++++ tests/dotnet-example-auth-scram-sha-256.yml | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 tests/dotnet-example-auth-scram-sha-1.yml create mode 100644 tests/dotnet-example-auth-scram-sha-256.yml diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml new file mode 100644 index 000000000..fead49777 --- /dev/null +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -0,0 +1,20 @@ +--- +runner: command +dir: dotnet-example +args: + - dotnet + - run + - mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-1 + +results: + postgresql: + stats: + fail: 1 + + sqlite: + stats: + fail: 1 + + mongodb: + stats: + pass: 1 diff --git a/tests/dotnet-example-auth-scram-sha-256.yml b/tests/dotnet-example-auth-scram-sha-256.yml new file mode 100644 index 000000000..6fcb344cf --- /dev/null +++ b/tests/dotnet-example-auth-scram-sha-256.yml @@ -0,0 +1,20 @@ +--- +runner: command +dir: dotnet-example +args: + - dotnet + - run + - mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-256 + +results: + postgresql: + stats: + fail: 1 + + sqlite: + stats: + fail: 1 + + mongodb: + stats: + pass: 1 From 37cfaf467dece9ee58325c7ee88581b54ec63ee6 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 14:02:46 +0100 Subject: [PATCH 07/62] expected to break --- .github/workflows/dance.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dance.yml b/.github/workflows/dance.yml index cfad72b9a..77a79837d 100644 --- a/.github/workflows/dance.yml +++ b/.github/workflows/dance.yml @@ -42,6 +42,7 @@ jobs: - postgresql - sqlite - mongodb + - mongodb-secured test: # temporarily disabling to avoid CI noise # - dbaas_core-0 @@ -51,6 +52,7 @@ jobs: # - diff - dotnet-example - dotnet-example-auth + - dotnet-example-auth-scram-sha-1 - java-example - java-example-auth - meteor-doc-fetcher From 054bfc4957a84ce56a9f0f16a75589f369c55ff2 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 14:50:16 +0100 Subject: [PATCH 08/62] add key file --- build/key | 1 + 1 file changed, 1 insertion(+) create mode 100644 build/key diff --git a/build/key b/build/key new file mode 100644 index 000000000..f6803543d --- /dev/null +++ b/build/key @@ -0,0 +1 @@ +mysecretkey From 668d2165107d42c2846dd30c8fd60496e97aee92 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 14:50:32 +0100 Subject: [PATCH 09/62] fix config file --- build/mongod.conf | 3 ++- build/mongod_secured.conf | 15 --------------- 2 files changed, 2 insertions(+), 16 deletions(-) delete mode 100644 build/mongod_secured.conf diff --git a/build/mongod.conf b/build/mongod.conf index 371317792..81a0c0d12 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -5,7 +5,8 @@ net: mode: disabled security: - authorization: disabled + authorization: enabled + keyFile: "/etc/key" replication: oplogSizeMB: 512 diff --git a/build/mongod_secured.conf b/build/mongod_secured.conf deleted file mode 100644 index 37c18f7fe..000000000 --- a/build/mongod_secured.conf +++ /dev/null @@ -1,15 +0,0 @@ -net: - port: 27017 - bindIpAll: true - tls: - mode: disabled - -security: - authorization: enabled - -setParameter: - enableTestCommands: 1 - enableLocalhostAuthBypass: true - -systemLog: - quiet: true From a52cd153e3135b1acc95fc88709226e25bb350a5 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 14:51:25 +0100 Subject: [PATCH 10/62] enable auth by default using a keyfile --- Taskfile.yaml | 2 +- cmd/dance/main.go | 2 -- docker-compose.yml | 25 ++----------------------- 3 files changed, 3 insertions(+), 26 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index cf7705cc1..7ffd765bd 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -111,7 +111,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://host.docker.internal:27017/' + 'mongodb://user:password@host.docker.internal:27017/' --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true diff --git a/cmd/dance/main.go b/cmd/dance/main.go index 395ddf25c..a4fd7e55b 100644 --- a/cmd/dance/main.go +++ b/cmd/dance/main.go @@ -81,8 +81,6 @@ func main() { log.Fatal("-db is required") } - *dbF = strings.TrimSuffix(*dbF, "-secured") - ctx, stop := notifyAppTermination(context.Background()) go func() { <-ctx.Done() diff --git a/docker-compose.yml b/docker-compose.yml index 32e2c9dd3..897395756 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -53,28 +53,6 @@ services: command: --config /etc/mongod.conf container_name: dance_mongodb restart: unless-stopped - ulimits: - nproc: 64000 - nofile: - soft: 64000 - hard: 64000 - ports: - - 27017:27017 - environment: - # Always UTC+05:45. Set to catch timezone problems. - - TZ=Asia/Kathmandu - extra_hosts: - - "host.docker.internal:host-gateway" - volumes: - - ./build/mongod.conf:/etc/mongod.conf - - mongodb-secured: - build: - context: ./build/deps - dockerfile: mongo7.Dockerfile - command: --config /etc/mongod.conf - container_name: dance_mongodb_secured - restart: unless-stopped ulimits: nproc: 64000 nofile: @@ -90,7 +68,8 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: - - ./build/mongod_secured.conf:/etc/mongod.conf + - ./build/mongod.conf:/etc/mongod.conf + - ./build/key:/etc/key # never started normally, used only for mongosh, mongodump, etc. mongosh: From fa0ffd559bd144523a16317c6c719ac5d5704685 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 14:52:19 +0100 Subject: [PATCH 11/62] fix workflow --- .github/workflows/dance.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/dance.yml b/.github/workflows/dance.yml index 77a79837d..a92629d64 100644 --- a/.github/workflows/dance.yml +++ b/.github/workflows/dance.yml @@ -42,7 +42,6 @@ jobs: - postgresql - sqlite - mongodb - - mongodb-secured test: # temporarily disabling to avoid CI noise # - dbaas_core-0 From 80f19e5b9b7e3f49d0761198ec589cea68be8baa Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 15:03:20 +0100 Subject: [PATCH 12/62] should work --- .github/workflows/dance.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dance.yml b/.github/workflows/dance.yml index a92629d64..12f7f89fb 100644 --- a/.github/workflows/dance.yml +++ b/.github/workflows/dance.yml @@ -52,6 +52,7 @@ jobs: - dotnet-example - dotnet-example-auth - dotnet-example-auth-scram-sha-1 + - dotnet-example-auth-scram-sha-256 - java-example - java-example-auth - meteor-doc-fetcher From cef4bef6ad7cb6b00b8b20f28103649bc9832e69 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 15:10:38 +0100 Subject: [PATCH 13/62] add directConnection --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- tests/dotnet-example-auth-scram-sha-256.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index fead49777..7f618b9d1 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-1 + - mongodb://user:password@localhost:27017/?directConnection=true&authMechanism=SCRAM-SHA-1 results: postgresql: diff --git a/tests/dotnet-example-auth-scram-sha-256.yml b/tests/dotnet-example-auth-scram-sha-256.yml index 6fcb344cf..316fb6f5c 100644 --- a/tests/dotnet-example-auth-scram-sha-256.yml +++ b/tests/dotnet-example-auth-scram-sha-256.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-256 + - mongodb://user:password@localhost:27017/?directConnection=true&authMechanism=SCRAM-SHA-256 results: postgresql: From cf8ce362b80561182f210f3fbdecdea32020db20 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 15:15:55 +0100 Subject: [PATCH 14/62] add connect=replicaSet --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index 7f618b9d1..059e932c3 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?directConnection=true&authMechanism=SCRAM-SHA-1 + - mongodb://user:password@localhost:27017/?directConnection=true&connect=replicaSet&authMechanism=SCRAM-SHA-1 results: postgresql: From bc86e6e08c1ea5bb349f021eab30cc07c851a6d0 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 15:20:26 +0100 Subject: [PATCH 15/62] add replicaSet=rs0 --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index 059e932c3..7fc01b933 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?directConnection=true&connect=replicaSet&authMechanism=SCRAM-SHA-1 + - mongodb://user:password@localhost:27017/?directConnection=true&replicaSet=rs0&authMechanism=SCRAM-SHA-1 results: postgresql: From edc58f37f0cba1ae99e4028e11df3b2bb1f67720 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 15:41:13 +0100 Subject: [PATCH 16/62] fix --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index 7fc01b933..df46e9ad4 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?directConnection=true&replicaSet=rs0&authMechanism=SCRAM-SHA-1 + - "mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-1" results: postgresql: From 632c29331e90cea70b2ed2dbd6e176425a828028 Mon Sep 17 00:00:00 2001 From: b1ron Date: Tue, 16 Jan 2024 15:53:29 +0100 Subject: [PATCH 17/62] trick topology --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index df46e9ad4..12d3a7442 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - "mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-1" + - "mongodb://user:password@localhost:27017,localhost:27017/?authMechanism=SCRAM-SHA-1" results: postgresql: From cc6b1152e9b54506e3a15beca55db6282ce49979 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 16:20:52 +0100 Subject: [PATCH 18/62] python SCRAM-SHA-1 --- .github/workflows/dance.yml | 1 + tests/python-example-auth-scram-sha-1.sh | 7 +++++++ tests/python-example-auth-scram-sha-1.yml | 17 +++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100755 tests/python-example-auth-scram-sha-1.sh create mode 100644 tests/python-example-auth-scram-sha-1.yml diff --git a/.github/workflows/dance.yml b/.github/workflows/dance.yml index 12f7f89fb..62795b9a6 100644 --- a/.github/workflows/dance.yml +++ b/.github/workflows/dance.yml @@ -64,6 +64,7 @@ jobs: - mongo-tools - python-example - python-example-auth + - python-example-auth-scram-sha-1 - restheart - restheart-auth - ycsb-workloada diff --git a/tests/python-example-auth-scram-sha-1.sh b/tests/python-example-auth-scram-sha-1.sh new file mode 100755 index 000000000..17a84e230 --- /dev/null +++ b/tests/python-example-auth-scram-sha-1.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -ex + +pip3 install pymongo + +python3 pymongo_test.py mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-1 diff --git a/tests/python-example-auth-scram-sha-1.yml b/tests/python-example-auth-scram-sha-1.yml new file mode 100644 index 000000000..c862c2045 --- /dev/null +++ b/tests/python-example-auth-scram-sha-1.yml @@ -0,0 +1,17 @@ +--- +runner: command +dir: python-example +args: [../python-example-auth-scram-sha-1.sh] + +results: + postgresql: + stats: + fail: 1 + + sqlite: + stats: + fail: 1 + + mongodb: + stats: + pass: 1 From 2d200fe2d58c1e4ff9f2a481f2db40b9b2dc6e06 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 16:31:06 +0100 Subject: [PATCH 19/62] try --- tests/python-example-auth-scram-sha-1.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/python-example-auth-scram-sha-1.sh b/tests/python-example-auth-scram-sha-1.sh index 17a84e230..f575ae76e 100755 --- a/tests/python-example-auth-scram-sha-1.sh +++ b/tests/python-example-auth-scram-sha-1.sh @@ -4,4 +4,4 @@ set -ex pip3 install pymongo -python3 pymongo_test.py mongodb://user:password@localhost:27017/?authMechanism=SCRAM-SHA-1 +python3 pymongo_test.py mongodb://user:password@127.0.0.1:27017/?authMechanism=SCRAM-SHA-1 From 8ee7ab231a676461802cb7a0e17667a861c322ba Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 16:38:43 +0100 Subject: [PATCH 20/62] try --- tests/python-example-auth-scram-sha-1.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/python-example-auth-scram-sha-1.sh b/tests/python-example-auth-scram-sha-1.sh index f575ae76e..251f5d225 100755 --- a/tests/python-example-auth-scram-sha-1.sh +++ b/tests/python-example-auth-scram-sha-1.sh @@ -4,4 +4,4 @@ set -ex pip3 install pymongo -python3 pymongo_test.py mongodb://user:password@127.0.0.1:27017/?authMechanism=SCRAM-SHA-1 +python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?directConnection=true&replicaSet=rs0&authMechanism=SCRAM-SHA-1' From c794029e15bbbc904eb507d3a20b75ce14c70dc2 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 16:52:43 +0100 Subject: [PATCH 21/62] try --- build/key | 2 +- build/mongod.conf | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/build/key b/build/key index f6803543d..f3097ab13 100644 --- a/build/key +++ b/build/key @@ -1 +1 @@ -mysecretkey +password diff --git a/build/mongod.conf b/build/mongod.conf index 81a0c0d12..2a2e7ed7c 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -1,6 +1,6 @@ net: port: 27017 - bindIpAll: true + bindIp: ::,0.0.0.0 tls: mode: disabled @@ -13,7 +13,8 @@ replication: replSetName: rs0 setParameter: - enableTestCommands: 1 + enableTestCommands: 1 + enableLocalhostAuthBypass: false systemLog: quiet: true From 2eda99ca19e2c9c71a63b01e147629c3720e06f8 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 16:58:09 +0100 Subject: [PATCH 22/62] try --- Taskfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 7ffd765bd..7b48518f8 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -111,7 +111,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/' + 'mongodb://user:password@localhost:27017/' --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true From 0403d775e88139afe1cb0cfdd00f78e9aa24444e Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 16:58:33 +0100 Subject: [PATCH 23/62] revert conf --- build/mongod.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/build/mongod.conf b/build/mongod.conf index 2a2e7ed7c..28c29a2af 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -1,6 +1,6 @@ net: port: 27017 - bindIp: ::,0.0.0.0 + bindIpAll: true tls: mode: disabled @@ -13,8 +13,7 @@ replication: replSetName: rs0 setParameter: - enableTestCommands: 1 - enableLocalhostAuthBypass: false + enableTestCommands: 1 systemLog: quiet: true From e013ee8b6865a29ad03e29c6a6d152046215817e Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 17:13:06 +0100 Subject: [PATCH 24/62] try --- Taskfile.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 7b48518f8..68b3a1a73 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -111,8 +111,8 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@localhost:27017/' - --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' + 'mongodb://user:password@host.docker.internal:27017/' + --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true From 473294540e35fd60ad06f1a7a42e8b3023f8797a Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 17:25:48 +0100 Subject: [PATCH 25/62] try --- Taskfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 68b3a1a73..c5eeffeb8 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -111,7 +111,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/' + 'mongodb://user:password@mongodb:27017/' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true From de52905d8a94be545ea809c7beb6baa64a87481d Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 17 Jan 2024 17:43:06 +0100 Subject: [PATCH 26/62] try --- Taskfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index c5eeffeb8..09700b1e7 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -111,7 +111,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@mongodb:27017/' + 'mongodb://user:password@host.docker.internal:27017/?directConnection=true&replicaSet=rs0&authMechanism=SCRAM-SHA-1' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true From a2ea249c8057d5b86a9caa6a9f0f44c78ff81812 Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 12:38:07 +0100 Subject: [PATCH 27/62] chown file by overwriting the entrypoint --- Taskfile.yaml | 2 +- build/key | 2 +- build/mongod.conf | 1 + docker-compose.yml | 12 ++++++++++-- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 09700b1e7..68b3a1a73 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -111,7 +111,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?directConnection=true&replicaSet=rs0&authMechanism=SCRAM-SHA-1' + 'mongodb://user:password@host.docker.internal:27017/' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true diff --git a/build/key b/build/key index f3097ab13..f6803543d 100644 --- a/build/key +++ b/build/key @@ -1 +1 @@ -password +mysecretkey diff --git a/build/mongod.conf b/build/mongod.conf index 28c29a2af..10930039c 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -14,6 +14,7 @@ replication: setParameter: enableTestCommands: 1 + enableLocalhostAuthBypass: true systemLog: quiet: true diff --git a/docker-compose.yml b/docker-compose.yml index 897395756..7f829a7c2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: build: context: ./build/deps dockerfile: mongo7.Dockerfile - command: --config /etc/mongod.conf + # command: --config /etc/mongod.conf container_name: dance_mongodb restart: unless-stopped ulimits: @@ -70,7 +70,15 @@ services: volumes: - ./build/mongod.conf:/etc/mongod.conf - ./build/key:/etc/key - + entrypoint: + - bash + - -c + - | + chmod 400 /etc/key + chown 999:999 /etc/key + exec docker-entrypoint.sh $$@ + command: "mongod --config /etc/mongod.conf --keyFile /etc/key" + # never started normally, used only for mongosh, mongodump, etc. mongosh: build: From 927942c63e84283d9dc6586308bece867fa6d0af Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 12:46:03 +0100 Subject: [PATCH 28/62] remove key for now --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index 12d3a7442..b8ce7fcf7 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - "mongodb://user:password@localhost:27017,localhost:27017/?authMechanism=SCRAM-SHA-1" + - mongodb://user:password@127.0.0.1:27017/?authMechanism=SCRAM-SHA-1 results: postgresql: From a6f55051a135f73373f4f781dc0ebc87bed49af7 Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 12:50:47 +0100 Subject: [PATCH 29/62] w --- build/key | 1 - 1 file changed, 1 deletion(-) delete mode 100644 build/key diff --git a/build/key b/build/key deleted file mode 100644 index f6803543d..000000000 --- a/build/key +++ /dev/null @@ -1 +0,0 @@ -mysecretkey From 2c5d4b98b1f471bb3ab705bbfbdfa98bc87bb06c Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 12:51:04 +0100 Subject: [PATCH 30/62] add key --- build/key | 1 + 1 file changed, 1 insertion(+) create mode 100644 build/key diff --git a/build/key b/build/key new file mode 100644 index 000000000..f6803543d --- /dev/null +++ b/build/key @@ -0,0 +1 @@ +mysecretkey From cb4bf71e3d46bc6eafa1fafd5c5c4718e869c85f Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 13:13:02 +0100 Subject: [PATCH 31/62] ignore keyfile --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 5e8b49efd..83d2a9708 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /dumps/mongodump_tests/ /vendor/ cover.txt +build/key From cfcea45d53ab6a7543fc2d2c3b7064b569e60b71 Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 13:17:09 +0100 Subject: [PATCH 32/62] ignore keyfile --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 83d2a9708..f370f185c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,4 @@ /dumps/mongodump_tests/ /vendor/ cover.txt -build/key +/build/key From c8d1df021f53ea97fd20af8cdb88fbe5255f83aa Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 13:33:54 +0100 Subject: [PATCH 33/62] add link to stackoverflow --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 7f829a7c2..57cb9ea91 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -70,6 +70,7 @@ services: volumes: - ./build/mongod.conf:/etc/mongod.conf - ./build/key:/etc/key + # https://stackoverflow.com/a/62754564 entrypoint: - bash - -c From b23c8dd9413cb292bc492149004a5cd5539f4f8c Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 19:31:12 +0100 Subject: [PATCH 34/62] use x.509 certs --- build/certs/mongodb-ca.crt | 25 +++++++++++++++++ build/certs/mongodb-cert.crt | 25 +++++++++++++++++ build/certs/mongodb-cert.key | 28 +++++++++++++++++++ build/certs/mongodb.pem | 53 ++++++++++++++++++++++++++++++++++++ build/key | 1 - build/mongod.conf | 9 ++++-- docker-compose.yml | 15 +++------- 7 files changed, 142 insertions(+), 14 deletions(-) create mode 100644 build/certs/mongodb-ca.crt create mode 100644 build/certs/mongodb-cert.crt create mode 100644 build/certs/mongodb-cert.key create mode 100644 build/certs/mongodb.pem delete mode 100644 build/key diff --git a/build/certs/mongodb-ca.crt b/build/certs/mongodb-ca.crt new file mode 100644 index 000000000..ee2bfedff --- /dev/null +++ b/build/certs/mongodb-ca.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIzCCAwugAwIBAgIUZZG8nZUERhqy+aLvoqD/rUZW5pMwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAwDgYD +VQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVyc29u +YWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNVBAMM +FGhvc3QuZG9ja2VyLmludGVybmFsMB4XDTI0MDExODE4MjcyMVoXDTM0MDExNTE4 +MjcyMVowgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAw +DgYDVQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVy +c29uYWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNV +BAMMFGhvc3QuZG9ja2VyLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAvh+eajp1FUCcnPrl16fombbE18UirmOt5WHuv4lJcAQ4aatQTgaN +N//80+SaVV6YKfvqsfWwDBxfepQO2huPcFbVCtkpHL7iMF+mbnwJA/9BQj3GqcWh +oN9VBVDD5/zDKTcz6S+UiaCb9va7JZvaoCslV1PFBPotP++hl/pBc0w6eaMdfdUt +71nCqMlh8VChrM54cRX66+oeIg6gVpzd9SMfyp/pQqc3NHbte7FyKEZ9Nzs3IjX9 +cCrDndHw4hksuGiuVVPhthfIwggMS0/wfOeRaQk5pjXRKmigAG7YzVGamhZeT1gz +NX15cXmADx//o+xuWmtFY+5lHL+MaZexBwIDAQABo1MwUTAdBgNVHQ4EFgQUzZbP +2ilt0Wc7yH2Wh0vnQVemkxcwHwYDVR0jBBgwFoAUzZbP2ilt0Wc7yH2Wh0vnQVem +kxcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAc33veqcUhEyy +4mVkLeGfR7qj9GNkp5NoW0Ma9fuBoWV5WiTF50LWCa/e1oB3JaacZ7EJ5AjlG0R1 +b6IAYHqw3Om+ZnEwki/2h+OSrKhSLA1lgNWygdXGyF/P6I0CA1O95Jl5OVGJ89by +0Gf6PGMSXL3NTswmivUqpM4Z8tJDlGf1RveKVPBdEnbY/tHFl1Cw9YmUoScTir9y +qCC7AWUWJyOVEbbCecAM9ehO0AbQNCOaWuq0TzOBIvrVz6tHVY8sA6Z/gda6RNS1 +5/b/mmfMXdIBDhr87ikM8z89Ki2IEhPMU7aU+jga1VmhPuJkaTe/SUKtgxDR5YiU +kX0QBxPWHA== +-----END CERTIFICATE----- diff --git a/build/certs/mongodb-cert.crt b/build/certs/mongodb-cert.crt new file mode 100644 index 000000000..ee2bfedff --- /dev/null +++ b/build/certs/mongodb-cert.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIzCCAwugAwIBAgIUZZG8nZUERhqy+aLvoqD/rUZW5pMwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAwDgYD +VQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVyc29u +YWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNVBAMM +FGhvc3QuZG9ja2VyLmludGVybmFsMB4XDTI0MDExODE4MjcyMVoXDTM0MDExNTE4 +MjcyMVowgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAw +DgYDVQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVy +c29uYWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNV +BAMMFGhvc3QuZG9ja2VyLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAvh+eajp1FUCcnPrl16fombbE18UirmOt5WHuv4lJcAQ4aatQTgaN +N//80+SaVV6YKfvqsfWwDBxfepQO2huPcFbVCtkpHL7iMF+mbnwJA/9BQj3GqcWh +oN9VBVDD5/zDKTcz6S+UiaCb9va7JZvaoCslV1PFBPotP++hl/pBc0w6eaMdfdUt +71nCqMlh8VChrM54cRX66+oeIg6gVpzd9SMfyp/pQqc3NHbte7FyKEZ9Nzs3IjX9 +cCrDndHw4hksuGiuVVPhthfIwggMS0/wfOeRaQk5pjXRKmigAG7YzVGamhZeT1gz +NX15cXmADx//o+xuWmtFY+5lHL+MaZexBwIDAQABo1MwUTAdBgNVHQ4EFgQUzZbP +2ilt0Wc7yH2Wh0vnQVemkxcwHwYDVR0jBBgwFoAUzZbP2ilt0Wc7yH2Wh0vnQVem +kxcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAc33veqcUhEyy +4mVkLeGfR7qj9GNkp5NoW0Ma9fuBoWV5WiTF50LWCa/e1oB3JaacZ7EJ5AjlG0R1 +b6IAYHqw3Om+ZnEwki/2h+OSrKhSLA1lgNWygdXGyF/P6I0CA1O95Jl5OVGJ89by +0Gf6PGMSXL3NTswmivUqpM4Z8tJDlGf1RveKVPBdEnbY/tHFl1Cw9YmUoScTir9y +qCC7AWUWJyOVEbbCecAM9ehO0AbQNCOaWuq0TzOBIvrVz6tHVY8sA6Z/gda6RNS1 +5/b/mmfMXdIBDhr87ikM8z89Ki2IEhPMU7aU+jga1VmhPuJkaTe/SUKtgxDR5YiU +kX0QBxPWHA== +-----END CERTIFICATE----- diff --git a/build/certs/mongodb-cert.key b/build/certs/mongodb-cert.key new file mode 100644 index 000000000..2d94106b4 --- /dev/null +++ b/build/certs/mongodb-cert.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+H55qOnUVQJyc ++uXXp+iZtsTXxSKuY63lYe6/iUlwBDhpq1BOBo03//zT5JpVXpgp++qx9bAMHF96 +lA7aG49wVtUK2SkcvuIwX6ZufAkD/0FCPcapxaGg31UFUMPn/MMpNzPpL5SJoJv2 +9rslm9qgKyVXU8UE+i0/76GX+kFzTDp5ox191S3vWcKoyWHxUKGsznhxFfrr6h4i +DqBWnN31Ix/Kn+lCpzc0du17sXIoRn03OzciNf1wKsOd0fDiGSy4aK5VU+G2F8jC +CAxLT/B855FpCTmmNdEqaKAAbtjNUZqaFl5PWDM1fXlxeYAPH/+j7G5aa0Vj7mUc +v4xpl7EHAgMBAAECggEAEFUrCLko4cCBM8MiB5q3Eq1uz5Jx3kVV5QS6u92RX3wd +VIaRCYLqksr87z8OOxM7QzAPA2a1zvSJB0C83ePMOLxc5Oeu7nc/eyRcadVh+OPu +uUARVvhRYD6PUTuU+NLv+RRy8y9RNVmEzHx5q0tuRqAuPwhFPp43UOzHFwU6pira +VJAW4eBtyXPp3oggY6SPfK2hl0ZxrgLyPeFj197QnNquo1GA8iVaX4qKnKY7/MP5 ++yzcNpZ9I5gFT+nDISBws/BJrxiSa7nc6MEEprBYHGu/6/xN6RW8GSyEKfsd0bQo +JwDNAzzFK6Iv5VilhvVMGkrTRVsZC1oueouwwtBw8QKBgQDlGNO/kX80aFIF19s5 +HQmG2IauUBrgZrSL9oX101K//0DZZofnSfcDZlq9QXIWyutgteQ7xUeAStQAMTQX +n9LEICbcpKU87Tv7u2g0YF9zqq0hKOoW1DypjdXJYfEBl81R7JwXAbn4rdPd8x+F +HemFKuaIDRBCFYqzSWNXMdbK9QKBgQDUcyk+ARoPRJDRKrCM4A6ULf0dTIpK+K0l +uvcU22G9ZVGzhUfr+sQvlMaDv565t2O3ggdvnHe7WJO+bO53XZO3bHgg1lH/E2rp +6sy0X3sjBvsJaGX77NEte0LXDRvn56wIJb/wXIrW7kYMSDd5Rx1r2Y+DiBY+NzwN +R5NZkkbGiwKBgQDc7lld19FFWAkpq2W1KWSDjxIqzgNtPn6Er2O2kmmt0FnYjcEn +8jNtKur8sj1075GYPTDx1ylB9meGG+0xjyZxjtQLWhgjrmB3Pd6bDAlhAUpevRcq +ltg9ZxOxVmtV7u/JPpW0tiyDPhcgZpKSDCukCaAxue9g22dbyL0tXFnYdQKBgFGt +ZLG94rLz/WktLGs8yN4XQDS/dHuWV5sl4lBWd6FFDsAiAaCr7DkOzbNhPDjSVLf8 +ebdjRHT2fPa9EoE5rMzcGuMlAqk6YeRErSa7fq/cwy6+wFa2mUUPGodrNstVukH3 +oW9bZNV1DeEy8oDh4mHQZuh+rW6F9cR1PCU3o5Y5AoGABhydFwvoj/d/4nl26vI4 +rVgY3UXhZZuxdXfbjam9ifuqYMYbDzi0OfDaBCXeiWjpemUVDAmLIfJknDC2/d4P +f2XC5PmX0MJZzNT2Sn3SKHM9mp1oSgi/kfrouuynZvUEwWq2SNiYokjKqtTuYTpf +SPt7M1czRF6ltMipEIsgGns= +-----END PRIVATE KEY----- diff --git a/build/certs/mongodb.pem b/build/certs/mongodb.pem new file mode 100644 index 000000000..efb6336db --- /dev/null +++ b/build/certs/mongodb.pem @@ -0,0 +1,53 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+H55qOnUVQJyc ++uXXp+iZtsTXxSKuY63lYe6/iUlwBDhpq1BOBo03//zT5JpVXpgp++qx9bAMHF96 +lA7aG49wVtUK2SkcvuIwX6ZufAkD/0FCPcapxaGg31UFUMPn/MMpNzPpL5SJoJv2 +9rslm9qgKyVXU8UE+i0/76GX+kFzTDp5ox191S3vWcKoyWHxUKGsznhxFfrr6h4i +DqBWnN31Ix/Kn+lCpzc0du17sXIoRn03OzciNf1wKsOd0fDiGSy4aK5VU+G2F8jC +CAxLT/B855FpCTmmNdEqaKAAbtjNUZqaFl5PWDM1fXlxeYAPH/+j7G5aa0Vj7mUc +v4xpl7EHAgMBAAECggEAEFUrCLko4cCBM8MiB5q3Eq1uz5Jx3kVV5QS6u92RX3wd +VIaRCYLqksr87z8OOxM7QzAPA2a1zvSJB0C83ePMOLxc5Oeu7nc/eyRcadVh+OPu +uUARVvhRYD6PUTuU+NLv+RRy8y9RNVmEzHx5q0tuRqAuPwhFPp43UOzHFwU6pira +VJAW4eBtyXPp3oggY6SPfK2hl0ZxrgLyPeFj197QnNquo1GA8iVaX4qKnKY7/MP5 ++yzcNpZ9I5gFT+nDISBws/BJrxiSa7nc6MEEprBYHGu/6/xN6RW8GSyEKfsd0bQo +JwDNAzzFK6Iv5VilhvVMGkrTRVsZC1oueouwwtBw8QKBgQDlGNO/kX80aFIF19s5 +HQmG2IauUBrgZrSL9oX101K//0DZZofnSfcDZlq9QXIWyutgteQ7xUeAStQAMTQX +n9LEICbcpKU87Tv7u2g0YF9zqq0hKOoW1DypjdXJYfEBl81R7JwXAbn4rdPd8x+F +HemFKuaIDRBCFYqzSWNXMdbK9QKBgQDUcyk+ARoPRJDRKrCM4A6ULf0dTIpK+K0l +uvcU22G9ZVGzhUfr+sQvlMaDv565t2O3ggdvnHe7WJO+bO53XZO3bHgg1lH/E2rp +6sy0X3sjBvsJaGX77NEte0LXDRvn56wIJb/wXIrW7kYMSDd5Rx1r2Y+DiBY+NzwN +R5NZkkbGiwKBgQDc7lld19FFWAkpq2W1KWSDjxIqzgNtPn6Er2O2kmmt0FnYjcEn +8jNtKur8sj1075GYPTDx1ylB9meGG+0xjyZxjtQLWhgjrmB3Pd6bDAlhAUpevRcq +ltg9ZxOxVmtV7u/JPpW0tiyDPhcgZpKSDCukCaAxue9g22dbyL0tXFnYdQKBgFGt +ZLG94rLz/WktLGs8yN4XQDS/dHuWV5sl4lBWd6FFDsAiAaCr7DkOzbNhPDjSVLf8 +ebdjRHT2fPa9EoE5rMzcGuMlAqk6YeRErSa7fq/cwy6+wFa2mUUPGodrNstVukH3 +oW9bZNV1DeEy8oDh4mHQZuh+rW6F9cR1PCU3o5Y5AoGABhydFwvoj/d/4nl26vI4 +rVgY3UXhZZuxdXfbjam9ifuqYMYbDzi0OfDaBCXeiWjpemUVDAmLIfJknDC2/d4P +f2XC5PmX0MJZzNT2Sn3SKHM9mp1oSgi/kfrouuynZvUEwWq2SNiYokjKqtTuYTpf +SPt7M1czRF6ltMipEIsgGns= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIEIzCCAwugAwIBAgIUZZG8nZUERhqy+aLvoqD/rUZW5pMwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAwDgYD +VQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVyc29u +YWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNVBAMM +FGhvc3QuZG9ja2VyLmludGVybmFsMB4XDTI0MDExODE4MjcyMVoXDTM0MDExNTE4 +MjcyMVowgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAw +DgYDVQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVy +c29uYWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNV +BAMMFGhvc3QuZG9ja2VyLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAvh+eajp1FUCcnPrl16fombbE18UirmOt5WHuv4lJcAQ4aatQTgaN +N//80+SaVV6YKfvqsfWwDBxfepQO2huPcFbVCtkpHL7iMF+mbnwJA/9BQj3GqcWh +oN9VBVDD5/zDKTcz6S+UiaCb9va7JZvaoCslV1PFBPotP++hl/pBc0w6eaMdfdUt +71nCqMlh8VChrM54cRX66+oeIg6gVpzd9SMfyp/pQqc3NHbte7FyKEZ9Nzs3IjX9 +cCrDndHw4hksuGiuVVPhthfIwggMS0/wfOeRaQk5pjXRKmigAG7YzVGamhZeT1gz +NX15cXmADx//o+xuWmtFY+5lHL+MaZexBwIDAQABo1MwUTAdBgNVHQ4EFgQUzZbP +2ilt0Wc7yH2Wh0vnQVemkxcwHwYDVR0jBBgwFoAUzZbP2ilt0Wc7yH2Wh0vnQVem +kxcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAc33veqcUhEyy +4mVkLeGfR7qj9GNkp5NoW0Ma9fuBoWV5WiTF50LWCa/e1oB3JaacZ7EJ5AjlG0R1 +b6IAYHqw3Om+ZnEwki/2h+OSrKhSLA1lgNWygdXGyF/P6I0CA1O95Jl5OVGJ89by +0Gf6PGMSXL3NTswmivUqpM4Z8tJDlGf1RveKVPBdEnbY/tHFl1Cw9YmUoScTir9y +qCC7AWUWJyOVEbbCecAM9ehO0AbQNCOaWuq0TzOBIvrVz6tHVY8sA6Z/gda6RNS1 +5/b/mmfMXdIBDhr87ikM8z89Ki2IEhPMU7aU+jga1VmhPuJkaTe/SUKtgxDR5YiU +kX0QBxPWHA== +-----END CERTIFICATE----- diff --git a/build/key b/build/key deleted file mode 100644 index f6803543d..000000000 --- a/build/key +++ /dev/null @@ -1 +0,0 @@ -mysecretkey diff --git a/build/mongod.conf b/build/mongod.conf index 10930039c..c5e7e39c4 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -2,11 +2,16 @@ net: port: 27017 bindIpAll: true tls: - mode: disabled + mode: requireTLS + certificateKeyFile: /etc/certs/mongodb.pem + CAFile: /etc/certs/mongodb-cert.crt + clusterFile: /etc/certs/mongodb.pem + allowInvalidCertificates: true + allowInvalidHostnames: true security: authorization: enabled - keyFile: "/etc/key" + clusterAuthMode: x509 replication: oplogSizeMB: 512 diff --git a/docker-compose.yml b/docker-compose.yml index 57cb9ea91..ac038bbfd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: build: context: ./build/deps dockerfile: mongo7.Dockerfile - # command: --config /etc/mongod.conf + command: --config /etc/mongod.conf container_name: dance_mongodb restart: unless-stopped ulimits: @@ -68,17 +68,8 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: + - ./build/certs:/etc/certs - ./build/mongod.conf:/etc/mongod.conf - - ./build/key:/etc/key - # https://stackoverflow.com/a/62754564 - entrypoint: - - bash - - -c - - | - chmod 400 /etc/key - chown 999:999 /etc/key - exec docker-entrypoint.sh $$@ - command: "mongod --config /etc/mongod.conf --keyFile /etc/key" # never started normally, used only for mongosh, mongodump, etc. mongosh: @@ -92,6 +83,7 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: + - ./build/certs:/etc/certs - ./dumps:/dumps # legacy mongo shell @@ -107,6 +99,7 @@ services: - "host.docker.internal:host-gateway" working_dir: /tests/mongo volumes: + - ./build/certs:/etc/certs - ./tests/mongo:/tests/mongo # for documentation From 5805b91e02d5a4ba578be3b16ffa78a48486cef6 Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 18 Jan 2024 19:34:14 +0100 Subject: [PATCH 35/62] fix URIs --- Taskfile.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 68b3a1a73..15ca9ae54 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -91,19 +91,21 @@ tasks: cmds: - docker compose exec postgres psql -U postgres -d ferretdb + # FIXME validation failed for the self-signed certificate, try --tlsAllowInvalidCertificates. mongo: desc: "Run legacy MongoDB shell (`mongo`) with test script" cmds: - > docker compose run --rm mongo - 'mongodb://host.docker.internal:27017/' + 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-ca.crt' {{.CLI_ARGS}} mongosh: desc: "Run mongo shell" cmds: - > - docker compose run --rm mongosh mongosh mongodb://host.docker.internal:27017/ + docker compose run --rm mongosh mongosh + 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-ca.crt' --verbose --eval 'disableTelemetry()' --shell init-repl: @@ -111,7 +113,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/' + 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-cert.crt' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true From dd10170cf0d16f942399ec90049bab1660c94911 Mon Sep 17 00:00:00 2001 From: b1ron Date: Fri, 19 Jan 2024 11:37:40 +0100 Subject: [PATCH 36/62] fix TLS for mongo shell --- build/mongod.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/mongod.conf b/build/mongod.conf index c5e7e39c4..99cde5c7f 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -8,7 +8,7 @@ net: clusterFile: /etc/certs/mongodb.pem allowInvalidCertificates: true allowInvalidHostnames: true - + security: authorization: enabled clusterAuthMode: x509 From da14d669e290bfe8b2b50b212b13eb5798f9fe29 Mon Sep 17 00:00:00 2001 From: b1ron Date: Fri, 19 Jan 2024 12:55:42 +0100 Subject: [PATCH 37/62] flags for legacy mongo shell for self signed certificates --- Taskfile.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 15ca9ae54..ea3c285f8 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -91,13 +91,13 @@ tasks: cmds: - docker compose exec postgres psql -U postgres -d ferretdb - # FIXME validation failed for the self-signed certificate, try --tlsAllowInvalidCertificates. mongo: desc: "Run legacy MongoDB shell (`mongo`) with test script" cmds: - > docker compose run --rm mongo - 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-ca.crt' + --tls --tlsCertificateKeyFile /etc/certs/mongodb.pem --tlsAllowInvalidCertificates + 'mongodb://user:password@host.docker.internal:27017/' {{.CLI_ARGS}} mongosh: @@ -105,9 +105,8 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-ca.crt' + 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-cert.crt' --verbose --eval 'disableTelemetry()' --shell - init-repl: desc: "Initializes a new replica set" cmds: From a53800f5498f4abb7efe5dd1364b9ec1a3e2ee71 Mon Sep 17 00:00:00 2001 From: b1ron Date: Fri, 19 Jan 2024 12:57:54 +0100 Subject: [PATCH 38/62] remove build .gitignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index f370f185c..5e8b49efd 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,3 @@ /dumps/mongodump_tests/ /vendor/ cover.txt -/build/key From 1069d1193adf4c88a8fc86f0e74d34f54dd98251 Mon Sep 17 00:00:00 2001 From: b1ron Date: Sun, 21 Jan 2024 21:23:31 +0100 Subject: [PATCH 39/62] fixes --- Taskfile.yaml | 10 ++-- build/certs/mongodb-ca.crt | 49 +++++++++-------- build/certs/mongodb-cert.crt | 25 --------- build/certs/mongodb-cert.key | 28 ---------- build/certs/mongodb.pem | 103 ++++++++++++++++++----------------- docker-compose.yml | 6 +- 6 files changed, 86 insertions(+), 135 deletions(-) delete mode 100644 build/certs/mongodb-cert.crt delete mode 100644 build/certs/mongodb-cert.key diff --git a/Taskfile.yaml b/Taskfile.yaml index ea3c285f8..32dd84f19 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -95,8 +95,7 @@ tasks: desc: "Run legacy MongoDB shell (`mongo`) with test script" cmds: - > - docker compose run --rm mongo - --tls --tlsCertificateKeyFile /etc/certs/mongodb.pem --tlsAllowInvalidCertificates + docker compose run --rm mongo --tls --tlsCAFile /etc/ssl/mongodb-ca.crt --sslPEMKeyFile /etc/ssl/mongodb.pem 'mongodb://user:password@host.docker.internal:27017/' {{.CLI_ARGS}} @@ -105,14 +104,15 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-cert.crt' - --verbose --eval 'disableTelemetry()' --shell + 'mongodb://user:password@host.docker.internal:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=/etc/ssl/mongodb.pem&tlsCaFile=/etc/ssl/mongodb-ca.crt&replicaSet=rs0' + --eval 'disableTelemetry()' --shell + init-repl: desc: "Initializes a new replica set" cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?tls=true&tlsCertificateKeyFile=/etc/certs/mongodb.pem&tlsCaFile=/etc/certs/mongodb-cert.crt' + 'mongodb://user:password@host.docker.internal:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=/etc/ssl/mongodb.pem&tlsCaFile=/etc/ssl/mongodb-ca.crt&replicaSet=rs0' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true diff --git a/build/certs/mongodb-ca.crt b/build/certs/mongodb-ca.crt index ee2bfedff..53349cc89 100644 --- a/build/certs/mongodb-ca.crt +++ b/build/certs/mongodb-ca.crt @@ -1,25 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIEIzCCAwugAwIBAgIUZZG8nZUERhqy+aLvoqD/rUZW5pMwDQYJKoZIhvcNAQEL -BQAwgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAwDgYD -VQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVyc29u -YWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNVBAMM -FGhvc3QuZG9ja2VyLmludGVybmFsMB4XDTI0MDExODE4MjcyMVoXDTM0MDExNTE4 -MjcyMVowgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAw -DgYDVQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVy -c29uYWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNV -BAMMFGhvc3QuZG9ja2VyLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAvh+eajp1FUCcnPrl16fombbE18UirmOt5WHuv4lJcAQ4aatQTgaN -N//80+SaVV6YKfvqsfWwDBxfepQO2huPcFbVCtkpHL7iMF+mbnwJA/9BQj3GqcWh -oN9VBVDD5/zDKTcz6S+UiaCb9va7JZvaoCslV1PFBPotP++hl/pBc0w6eaMdfdUt -71nCqMlh8VChrM54cRX66+oeIg6gVpzd9SMfyp/pQqc3NHbte7FyKEZ9Nzs3IjX9 -cCrDndHw4hksuGiuVVPhthfIwggMS0/wfOeRaQk5pjXRKmigAG7YzVGamhZeT1gz -NX15cXmADx//o+xuWmtFY+5lHL+MaZexBwIDAQABo1MwUTAdBgNVHQ4EFgQUzZbP -2ilt0Wc7yH2Wh0vnQVemkxcwHwYDVR0jBBgwFoAUzZbP2ilt0Wc7yH2Wh0vnQVem -kxcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAc33veqcUhEyy -4mVkLeGfR7qj9GNkp5NoW0Ma9fuBoWV5WiTF50LWCa/e1oB3JaacZ7EJ5AjlG0R1 -b6IAYHqw3Om+ZnEwki/2h+OSrKhSLA1lgNWygdXGyF/P6I0CA1O95Jl5OVGJ89by -0Gf6PGMSXL3NTswmivUqpM4Z8tJDlGf1RveKVPBdEnbY/tHFl1Cw9YmUoScTir9y -qCC7AWUWJyOVEbbCecAM9ehO0AbQNCOaWuq0TzOBIvrVz6tHVY8sA6Z/gda6RNS1 -5/b/mmfMXdIBDhr87ikM8z89Ki2IEhPMU7aU+jga1VmhPuJkaTe/SUKtgxDR5YiU -kX0QBxPWHA== +MIIEvTCCAyWgAwIBAgIQRmKU0Vl2pnFYCF3AQNKRLTANBgkqhkiG9w0BAQsFADB3 +MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJjAkBgNVBAsMHWJ5cm9u +QGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMS0wKwYDVQQDDCRta2NlcnQgYnlyb25A +Ynlyb24tVGhpbmtDZW50cmUtTTkxMHEwHhcNMjQwMTIxMTIzODMzWhcNMzQwMTIx +MTIzODMzWjB3MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJjAkBgNV +BAsMHWJ5cm9uQGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMS0wKwYDVQQDDCRta2Nl +cnQgYnlyb25AYnlyb24tVGhpbmtDZW50cmUtTTkxMHEwggGiMA0GCSqGSIb3DQEB +AQUAA4IBjwAwggGKAoIBgQCtlK7z575Ku59IWFY74CvA7DNkep186C8dNsIjdn0j +Q9CGUq9NqrB2QhMdZoSXwIzscx47VMrpwIJZi3YmT2fCcRMw1Fa8p226Ji1NcShK +y3Q33lbIP7E5AExyJF/gFMFy3nVrr2nDnfmnXsryPhl3Xqx7utxmxtSG0mXVZVOY +SLQAiv272OryBuvHFn6FNDRukr7996vK8Bvmveompi/yKY6489yQD/hC+XqeSGOQ +u38dzMpyNFL3QHXWCR0FKsAZru4q6U3h490GFwD/mY2+SBLHCPZAWoDJvqLkvWBH +joHALx1uO8UzbuvWKjOJDPKZfNzei9ZgOHAkhtRjZiCMcNjoRcbew907D02IC6wl +m+JV1goBA0zPD/PSjy4p/eOXSzTiGdrMqDcYNu+FaRB5e1Hrl53smVEUvgyZuvnR +fFUNZCu6tIJ+8GtIBEATHDC+xGiAGBtzdNT6Kbijn4KdGKHHBadwIL9aKRGFIWQq +FWbnzXK6g6wK+gA4FhwDF8kCAwEAAaNFMEMwDgYDVR0PAQH/BAQDAgIEMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFInI/5hpQXavC/l4mbdJrT9/T3P5MA0G +CSqGSIb3DQEBCwUAA4IBgQAoi/9UCTdwWcRJ4OImJd+8JZKZzQuLvis0d+idce4r +KUQCHYQp46VwltdL2u3DGk8iMTutRXf51DgvFG+2S8Ius117F/QUNSohF8fpeLL1 +Bv2koqs6+UxE7wkxagrg7fPGPjpkI70s/RXsag6jXnsiBH3N+ttlJIz8+pPOlk5u +l5xSe405W1vqZa/0FX40OgvDk+qTxxzlynE8Nhue6j2bYag4fDyrD/+DZXeZe5UB +KxSVO8AgzdJQZGkQuZ/zHSJMXuAZYUlyDhogqAWwrary0bwdXyFY15NIdjxXQBw4 +g2IlqWfPgJUICHE1wiYTmXFI1LeQIQcyahgenvsfj+i/RK0z41zQgeONGqInOYmm +KTzu7p4MlCXGk3aZMqi8hL5JJGAvpUvzZwp3XEUjyWs4hJ/WLu9uHLKGT5vuSVbb +c8G8CX22EG0RMoZEdNDcjtTkexcdtuTm0MHamhGESHgWZ6/NweIVqMx9KusLDZ1H +dem6Wp45oaAuA0LLh49aDi8= -----END CERTIFICATE----- diff --git a/build/certs/mongodb-cert.crt b/build/certs/mongodb-cert.crt deleted file mode 100644 index ee2bfedff..000000000 --- a/build/certs/mongodb-cert.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEIzCCAwugAwIBAgIUZZG8nZUERhqy+aLvoqD/rUZW5pMwDQYJKoZIhvcNAQEL -BQAwgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAwDgYD -VQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVyc29u -YWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNVBAMM -FGhvc3QuZG9ja2VyLmludGVybmFsMB4XDTI0MDExODE4MjcyMVoXDTM0MDExNTE4 -MjcyMVowgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAw -DgYDVQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVy -c29uYWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNV -BAMMFGhvc3QuZG9ja2VyLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAvh+eajp1FUCcnPrl16fombbE18UirmOt5WHuv4lJcAQ4aatQTgaN -N//80+SaVV6YKfvqsfWwDBxfepQO2huPcFbVCtkpHL7iMF+mbnwJA/9BQj3GqcWh -oN9VBVDD5/zDKTcz6S+UiaCb9va7JZvaoCslV1PFBPotP++hl/pBc0w6eaMdfdUt -71nCqMlh8VChrM54cRX66+oeIg6gVpzd9SMfyp/pQqc3NHbte7FyKEZ9Nzs3IjX9 -cCrDndHw4hksuGiuVVPhthfIwggMS0/wfOeRaQk5pjXRKmigAG7YzVGamhZeT1gz -NX15cXmADx//o+xuWmtFY+5lHL+MaZexBwIDAQABo1MwUTAdBgNVHQ4EFgQUzZbP -2ilt0Wc7yH2Wh0vnQVemkxcwHwYDVR0jBBgwFoAUzZbP2ilt0Wc7yH2Wh0vnQVem -kxcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAc33veqcUhEyy -4mVkLeGfR7qj9GNkp5NoW0Ma9fuBoWV5WiTF50LWCa/e1oB3JaacZ7EJ5AjlG0R1 -b6IAYHqw3Om+ZnEwki/2h+OSrKhSLA1lgNWygdXGyF/P6I0CA1O95Jl5OVGJ89by -0Gf6PGMSXL3NTswmivUqpM4Z8tJDlGf1RveKVPBdEnbY/tHFl1Cw9YmUoScTir9y -qCC7AWUWJyOVEbbCecAM9ehO0AbQNCOaWuq0TzOBIvrVz6tHVY8sA6Z/gda6RNS1 -5/b/mmfMXdIBDhr87ikM8z89Ki2IEhPMU7aU+jga1VmhPuJkaTe/SUKtgxDR5YiU -kX0QBxPWHA== ------END CERTIFICATE----- diff --git a/build/certs/mongodb-cert.key b/build/certs/mongodb-cert.key deleted file mode 100644 index 2d94106b4..000000000 --- a/build/certs/mongodb-cert.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+H55qOnUVQJyc -+uXXp+iZtsTXxSKuY63lYe6/iUlwBDhpq1BOBo03//zT5JpVXpgp++qx9bAMHF96 -lA7aG49wVtUK2SkcvuIwX6ZufAkD/0FCPcapxaGg31UFUMPn/MMpNzPpL5SJoJv2 -9rslm9qgKyVXU8UE+i0/76GX+kFzTDp5ox191S3vWcKoyWHxUKGsznhxFfrr6h4i -DqBWnN31Ix/Kn+lCpzc0du17sXIoRn03OzciNf1wKsOd0fDiGSy4aK5VU+G2F8jC -CAxLT/B855FpCTmmNdEqaKAAbtjNUZqaFl5PWDM1fXlxeYAPH/+j7G5aa0Vj7mUc -v4xpl7EHAgMBAAECggEAEFUrCLko4cCBM8MiB5q3Eq1uz5Jx3kVV5QS6u92RX3wd -VIaRCYLqksr87z8OOxM7QzAPA2a1zvSJB0C83ePMOLxc5Oeu7nc/eyRcadVh+OPu -uUARVvhRYD6PUTuU+NLv+RRy8y9RNVmEzHx5q0tuRqAuPwhFPp43UOzHFwU6pira -VJAW4eBtyXPp3oggY6SPfK2hl0ZxrgLyPeFj197QnNquo1GA8iVaX4qKnKY7/MP5 -+yzcNpZ9I5gFT+nDISBws/BJrxiSa7nc6MEEprBYHGu/6/xN6RW8GSyEKfsd0bQo -JwDNAzzFK6Iv5VilhvVMGkrTRVsZC1oueouwwtBw8QKBgQDlGNO/kX80aFIF19s5 -HQmG2IauUBrgZrSL9oX101K//0DZZofnSfcDZlq9QXIWyutgteQ7xUeAStQAMTQX -n9LEICbcpKU87Tv7u2g0YF9zqq0hKOoW1DypjdXJYfEBl81R7JwXAbn4rdPd8x+F -HemFKuaIDRBCFYqzSWNXMdbK9QKBgQDUcyk+ARoPRJDRKrCM4A6ULf0dTIpK+K0l -uvcU22G9ZVGzhUfr+sQvlMaDv565t2O3ggdvnHe7WJO+bO53XZO3bHgg1lH/E2rp -6sy0X3sjBvsJaGX77NEte0LXDRvn56wIJb/wXIrW7kYMSDd5Rx1r2Y+DiBY+NzwN -R5NZkkbGiwKBgQDc7lld19FFWAkpq2W1KWSDjxIqzgNtPn6Er2O2kmmt0FnYjcEn -8jNtKur8sj1075GYPTDx1ylB9meGG+0xjyZxjtQLWhgjrmB3Pd6bDAlhAUpevRcq -ltg9ZxOxVmtV7u/JPpW0tiyDPhcgZpKSDCukCaAxue9g22dbyL0tXFnYdQKBgFGt -ZLG94rLz/WktLGs8yN4XQDS/dHuWV5sl4lBWd6FFDsAiAaCr7DkOzbNhPDjSVLf8 -ebdjRHT2fPa9EoE5rMzcGuMlAqk6YeRErSa7fq/cwy6+wFa2mUUPGodrNstVukH3 -oW9bZNV1DeEy8oDh4mHQZuh+rW6F9cR1PCU3o5Y5AoGABhydFwvoj/d/4nl26vI4 -rVgY3UXhZZuxdXfbjam9ifuqYMYbDzi0OfDaBCXeiWjpemUVDAmLIfJknDC2/d4P -f2XC5PmX0MJZzNT2Sn3SKHM9mp1oSgi/kfrouuynZvUEwWq2SNiYokjKqtTuYTpf -SPt7M1czRF6ltMipEIsgGns= ------END PRIVATE KEY----- diff --git a/build/certs/mongodb.pem b/build/certs/mongodb.pem index efb6336db..e8c0c0901 100644 --- a/build/certs/mongodb.pem +++ b/build/certs/mongodb.pem @@ -1,53 +1,54 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+H55qOnUVQJyc -+uXXp+iZtsTXxSKuY63lYe6/iUlwBDhpq1BOBo03//zT5JpVXpgp++qx9bAMHF96 -lA7aG49wVtUK2SkcvuIwX6ZufAkD/0FCPcapxaGg31UFUMPn/MMpNzPpL5SJoJv2 -9rslm9qgKyVXU8UE+i0/76GX+kFzTDp5ox191S3vWcKoyWHxUKGsznhxFfrr6h4i -DqBWnN31Ix/Kn+lCpzc0du17sXIoRn03OzciNf1wKsOd0fDiGSy4aK5VU+G2F8jC -CAxLT/B855FpCTmmNdEqaKAAbtjNUZqaFl5PWDM1fXlxeYAPH/+j7G5aa0Vj7mUc -v4xpl7EHAgMBAAECggEAEFUrCLko4cCBM8MiB5q3Eq1uz5Jx3kVV5QS6u92RX3wd -VIaRCYLqksr87z8OOxM7QzAPA2a1zvSJB0C83ePMOLxc5Oeu7nc/eyRcadVh+OPu -uUARVvhRYD6PUTuU+NLv+RRy8y9RNVmEzHx5q0tuRqAuPwhFPp43UOzHFwU6pira -VJAW4eBtyXPp3oggY6SPfK2hl0ZxrgLyPeFj197QnNquo1GA8iVaX4qKnKY7/MP5 -+yzcNpZ9I5gFT+nDISBws/BJrxiSa7nc6MEEprBYHGu/6/xN6RW8GSyEKfsd0bQo -JwDNAzzFK6Iv5VilhvVMGkrTRVsZC1oueouwwtBw8QKBgQDlGNO/kX80aFIF19s5 -HQmG2IauUBrgZrSL9oX101K//0DZZofnSfcDZlq9QXIWyutgteQ7xUeAStQAMTQX -n9LEICbcpKU87Tv7u2g0YF9zqq0hKOoW1DypjdXJYfEBl81R7JwXAbn4rdPd8x+F -HemFKuaIDRBCFYqzSWNXMdbK9QKBgQDUcyk+ARoPRJDRKrCM4A6ULf0dTIpK+K0l -uvcU22G9ZVGzhUfr+sQvlMaDv565t2O3ggdvnHe7WJO+bO53XZO3bHgg1lH/E2rp -6sy0X3sjBvsJaGX77NEte0LXDRvn56wIJb/wXIrW7kYMSDd5Rx1r2Y+DiBY+NzwN -R5NZkkbGiwKBgQDc7lld19FFWAkpq2W1KWSDjxIqzgNtPn6Er2O2kmmt0FnYjcEn -8jNtKur8sj1075GYPTDx1ylB9meGG+0xjyZxjtQLWhgjrmB3Pd6bDAlhAUpevRcq -ltg9ZxOxVmtV7u/JPpW0tiyDPhcgZpKSDCukCaAxue9g22dbyL0tXFnYdQKBgFGt -ZLG94rLz/WktLGs8yN4XQDS/dHuWV5sl4lBWd6FFDsAiAaCr7DkOzbNhPDjSVLf8 -ebdjRHT2fPa9EoE5rMzcGuMlAqk6YeRErSa7fq/cwy6+wFa2mUUPGodrNstVukH3 -oW9bZNV1DeEy8oDh4mHQZuh+rW6F9cR1PCU3o5Y5AoGABhydFwvoj/d/4nl26vI4 -rVgY3UXhZZuxdXfbjam9ifuqYMYbDzi0OfDaBCXeiWjpemUVDAmLIfJknDC2/d4P -f2XC5PmX0MJZzNT2Sn3SKHM9mp1oSgi/kfrouuynZvUEwWq2SNiYokjKqtTuYTpf -SPt7M1czRF6ltMipEIsgGns= ------END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEIzCCAwugAwIBAgIUZZG8nZUERhqy+aLvoqD/rUZW5pMwDQYJKoZIhvcNAQEL -BQAwgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAwDgYD -VQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVyc29u -YWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNVBAMM -FGhvc3QuZG9ja2VyLmludGVybmFsMB4XDTI0MDExODE4MjcyMVoXDTM0MDExNTE4 -MjcyMVowgaAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRAw -DgYDVQQHDAdCZWRmb3JkMREwDwYDVQQKDAhQZXJzb25hbDERMA8GA1UECwwIUGVy -c29uYWwxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xHTAbBgNV -BAMMFGhvc3QuZG9ja2VyLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAvh+eajp1FUCcnPrl16fombbE18UirmOt5WHuv4lJcAQ4aatQTgaN -N//80+SaVV6YKfvqsfWwDBxfepQO2huPcFbVCtkpHL7iMF+mbnwJA/9BQj3GqcWh -oN9VBVDD5/zDKTcz6S+UiaCb9va7JZvaoCslV1PFBPotP++hl/pBc0w6eaMdfdUt -71nCqMlh8VChrM54cRX66+oeIg6gVpzd9SMfyp/pQqc3NHbte7FyKEZ9Nzs3IjX9 -cCrDndHw4hksuGiuVVPhthfIwggMS0/wfOeRaQk5pjXRKmigAG7YzVGamhZeT1gz -NX15cXmADx//o+xuWmtFY+5lHL+MaZexBwIDAQABo1MwUTAdBgNVHQ4EFgQUzZbP -2ilt0Wc7yH2Wh0vnQVemkxcwHwYDVR0jBBgwFoAUzZbP2ilt0Wc7yH2Wh0vnQVem -kxcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAc33veqcUhEyy -4mVkLeGfR7qj9GNkp5NoW0Ma9fuBoWV5WiTF50LWCa/e1oB3JaacZ7EJ5AjlG0R1 -b6IAYHqw3Om+ZnEwki/2h+OSrKhSLA1lgNWygdXGyF/P6I0CA1O95Jl5OVGJ89by -0Gf6PGMSXL3NTswmivUqpM4Z8tJDlGf1RveKVPBdEnbY/tHFl1Cw9YmUoScTir9y -qCC7AWUWJyOVEbbCecAM9ehO0AbQNCOaWuq0TzOBIvrVz6tHVY8sA6Z/gda6RNS1 -5/b/mmfMXdIBDhr87ikM8z89Ki2IEhPMU7aU+jga1VmhPuJkaTe/SUKtgxDR5YiU -kX0QBxPWHA== +MIIEcDCCAtigAwIBAgIQJbXK0rR4gSbdduvggxcXXzANBgkqhkiG9w0BAQsFADB3 +MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJjAkBgNVBAsMHWJ5cm9u +QGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMS0wKwYDVQQDDCRta2NlcnQgYnlyb25A +Ynlyb24tVGhpbmtDZW50cmUtTTkxMHEwHhcNMjQwMTIxMTI0MDQ3WhcNMjYwNDIx +MTE0MDQ3WjBRMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNh +dGUxJjAkBgNVBAsMHWJ5cm9uQGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfiMugypjw98xZmZRrdO8y8GjTGs +qXk4wAn4JKXF5G5E99TtRBLGDmvPO6HW+h5Ua+6Qu0F8WxXpNyPlt8yVzTT4x7dc +vxY8ZxMZ7w2UGUqm+CilvjXD44wBOlUO1FJhffsYYZFwYsjUWUmo/uZntfNAawbR ++ehL9y9IL3EgFTWFpNCCx25gD7C3hTnkxgpGg5yrel5mbq1zd85VWeijRr6si0ZH +XCGxkRR300M/pxhrTY2dVeXeFXpLpXh9CsG6iJUeRzvuy7SdCsSGyhxmjVv/GJ7X +ELYg9vytg99I/VHszfLZV0wU/eMlIswGrCINrD4c6Xpg7zffqBd4FxLuzwIDAQAB +o4GdMIGaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB +BQUHAwEwHwYDVR0jBBgwFoAUicj/mGlBdq8L+XiZt0mtP39Pc/kwSAYDVR0RBEEw +P4IEZWNob4IJbG9jYWxob3N0ghRob3N0LmRvY2tlci5pbnRlcm5hbIcEfwAAAYcQ +AAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAYEAIqR0TW38EovYncsl +FSRBcg8pA18hf49fMsKHx0c/XR9tMlGf7WJrsbbnVP8MTiDU1KFa2lwLVcz05C13 +l1aoAY/Yll3TEaccFkdRvu57Uapgk1FoRB8tNZcKibTzdI+B5PKEm5mztMui3yll +4uf7eoNMdDrjx56/+WpqFtWYNPkpBtRPDpMKFlbCKn4qEq99HTYbgb6QF9TVbgFC +0spuy/QHuvqnYqUkDhn06squptcWGN8jkA+6FwZXIz6rhuuJCCCEEidDkYut9ySh +KUhQBhWpfVSgYxj/EVhS4hPkqcYO4G1qcpg+00CWDHbMN4mh7N2FsZ2Be6TO2VZ4 +AH8XPuaBcyLkcWKMQJ5izdL2hw7BzJXFitoMDifiuMjSlghqkZQg2GadR1zg+tte +Jdgm8iIVOQw77x2jeol+RZRk4xGte/uWCTS0HbOcakGRG8UDrweujDLo1G+rQVu7 +nY9DuXvsnjLn+wCTuyEbsk+16njPaqp/UDg/Eah/6TSxWakH -----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN+Iy6DKmPD3zF +mZlGt07zLwaNMaypeTjACfgkpcXkbkT31O1EEsYOa887odb6HlRr7pC7QXxbFek3 +I+W3zJXNNPjHt1y/FjxnExnvDZQZSqb4KKW+NcPjjAE6VQ7UUmF9+xhhkXBiyNRZ +Saj+5me180BrBtH56Ev3L0gvcSAVNYWk0ILHbmAPsLeFOeTGCkaDnKt6XmZurXN3 +zlVZ6KNGvqyLRkdcIbGRFHfTQz+nGGtNjZ1V5d4VekuleH0KwbqIlR5HO+7LtJ0K +xIbKHGaNW/8YntcQtiD2/K2D30j9UezN8tlXTBT94yUizAasIg2sPhzpemDvN9+o +F3gXEu7PAgMBAAECggEBAKuesSuIx3OTlQRUwplgveD1SwE05chkYDvrUp6+nhCD +LOZPvc8d0XdMr2Thqe3IfdFc+617mDGRJTyzpYIrbpqIy84lY5s43OWJze8ZIlCc +mllmDQxbYjhkfNVs8ClL5z4AjcUmWT2GVyF6tdyGgN3jrMZA7Y7M1xdEh2I4YWIp +Ml3KlU54lhX4volN9WqMugzaDMoJKEBjq4AlrYTRvR17d7X/opSoRecsPjXjIsVu +IUXFavAw2eWBNts0g6nFTy9wA7ZoDK91bRyeRsZuKNzCdaVX3tTCFg1H4D8CzLxX +GGM8/grvWMpCqtPYSPwvI3waSSGkwkEvpX4N0I8Ak1kCgYEA2fzQqbSMgQ9pU1CJ +fSBUyZQOuCBu0CSk3SGC0iNlEzHO2NZhSoHwQGs3iopA8gudfoghr4TeJgxEJbBc +g28oMv9V/YPlPjfyRp9yvJOmrXXqgXzMTEhykEMG6hIzgxxdON706+mYhQmd4582 +nkBC9m51o0PglxmB6fY766t8yHMCgYEA8eNMeAfvrL4eB/fkZ+0bb6R3M4G81TzY +sKWyDkILmJlTDtIXCgsIqt1xAGvSHvyd7V31OqQuPXmLwBDH86vhpVRvUgN+4UKY +Ma75u4bGlfDlj14vsVanfeXC7bPce6D7zniUWyg/CGy34gLvDa/QjzUOF27FF6R8 +nfppu+gEFTUCgYEAw8FiDRRDHN8fIZ9waHpxSbh442bUvHw7xQ0D8vuwF+WhsF4M +bqFzhBYEgZgYLIS7wVY0ke9Ko3ZeeE4BNlLLEcj0ir44ToBlRICJw8kAZENA/Vl6 +CYMBxoU6n1cLBVGicaDe50AWJFp3fGKM5N4mhDC72YrqFCbm4JisRL3yR/sCgYEA +j2AJbYRWvm+aYWLAUhGrF4vG1BLsmQCN+HbeibEAKp2HK9u/qEZOBulnF7bRP2jB +O3db6jxy5CFtgpTv0DFreJIJwfUsedz9VUW/5TXH9AxsJYTQhC827FsKJddcszMC +zqmOVlIOurGmdSMEC3rRBnGOPrl7vb3T19gcYDLwaJkCgYAvB9dHGBuE2mGVmRxu +hzZeFbYoBfeO6cvsrPOgcg/WUr0qi56Um5qztlVRpQP2+KrQnkxcJ3Mo38qr6qgj +VnmgmnWY13SuqoDFDApxqvIcsNRwIb5zNDqf/k5W7EoUopd5k3MyVy+eUoBAd4Rn +mU8WSoLjc7NrUwfeWcFw618MUw== +-----END PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml index ac038bbfd..f0063033d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -68,7 +68,7 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: - - ./build/certs:/etc/certs + - ./build/certs:/etc/ssl - ./build/mongod.conf:/etc/mongod.conf # never started normally, used only for mongosh, mongodump, etc. @@ -83,7 +83,7 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: - - ./build/certs:/etc/certs + - ./build/certs:/etc/ssl - ./dumps:/dumps # legacy mongo shell @@ -99,7 +99,7 @@ services: - "host.docker.internal:host-gateway" working_dir: /tests/mongo volumes: - - ./build/certs:/etc/certs + - ./build/certs:/etc/ssl - ./tests/mongo:/tests/mongo # for documentation From fe541ccfdc27b1a9570e6972b47df53236278c50 Mon Sep 17 00:00:00 2001 From: b1ron Date: Sun, 21 Jan 2024 21:29:23 +0100 Subject: [PATCH 40/62] tweak config file --- build/mongod.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/mongod.conf b/build/mongod.conf index 99cde5c7f..abd735f4a 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -3,9 +3,9 @@ net: bindIpAll: true tls: mode: requireTLS - certificateKeyFile: /etc/certs/mongodb.pem - CAFile: /etc/certs/mongodb-cert.crt - clusterFile: /etc/certs/mongodb.pem + certificateKeyFile: /etc/ssl/mongodb.pem + CAFile: /etc/ssl/mongodb-ca.crt + clusterFile: /etc/ssl/mongodb.pem allowInvalidCertificates: true allowInvalidHostnames: true @@ -18,7 +18,7 @@ replication: replSetName: rs0 setParameter: - enableTestCommands: 1 + enableTestCommands: true enableLocalhostAuthBypass: true systemLog: From 4a9ee7f3b72400e1644075c9be82a13d76baa754 Mon Sep 17 00:00:00 2001 From: b1ron Date: Sun, 21 Jan 2024 21:41:13 +0100 Subject: [PATCH 41/62] allowConnectionsWithoutCertificates for mTLS --- build/mongod.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/build/mongod.conf b/build/mongod.conf index abd735f4a..1fa2628d2 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -8,6 +8,7 @@ net: clusterFile: /etc/ssl/mongodb.pem allowInvalidCertificates: true allowInvalidHostnames: true + allowConnectionsWithoutCertificates: true security: authorization: enabled From 0496789a875ae81aec5bef4051866e6d8338ad47 Mon Sep 17 00:00:00 2001 From: b1ron Date: Sun, 21 Jan 2024 21:44:51 +0100 Subject: [PATCH 42/62] fix scram-sha-1 tests --- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- tests/python-example-auth-scram-sha-1.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index b8ce7fcf7..7c8dd64bb 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@127.0.0.1:27017/?authMechanism=SCRAM-SHA-1 + - mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-1 results: postgresql: diff --git a/tests/python-example-auth-scram-sha-1.sh b/tests/python-example-auth-scram-sha-1.sh index 251f5d225..e2ed39acd 100755 --- a/tests/python-example-auth-scram-sha-1.sh +++ b/tests/python-example-auth-scram-sha-1.sh @@ -4,4 +4,4 @@ set -ex pip3 install pymongo -python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?directConnection=true&replicaSet=rs0&authMechanism=SCRAM-SHA-1' +python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-1' From b3a96fb05c512d3139e4251a59aa462c1ff4e18f Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 10:52:20 +0100 Subject: [PATCH 43/62] add remaining tests --- tests/dotnet-example-auth-scram-sha-256.yml | 2 +- tests/java-example-auth-scram-sha-1.sh | 9 +++++++++ tests/java-example-auth-scram-sha-1.yml | 17 +++++++++++++++++ tests/java-example-auth-scram-sha-256.sh | 9 +++++++++ tests/java-example-auth-scram-sha-256.yml | 17 +++++++++++++++++ tests/python-example-auth-scram-sha-256.sh | 7 +++++++ tests/python-example-auth-scram-sha-256.yml | 17 +++++++++++++++++ 7 files changed, 77 insertions(+), 1 deletion(-) create mode 100755 tests/java-example-auth-scram-sha-1.sh create mode 100644 tests/java-example-auth-scram-sha-1.yml create mode 100755 tests/java-example-auth-scram-sha-256.sh create mode 100644 tests/java-example-auth-scram-sha-256.yml create mode 100755 tests/python-example-auth-scram-sha-256.sh create mode 100644 tests/python-example-auth-scram-sha-256.yml diff --git a/tests/dotnet-example-auth-scram-sha-256.yml b/tests/dotnet-example-auth-scram-sha-256.yml index 316fb6f5c..aeed545e8 100644 --- a/tests/dotnet-example-auth-scram-sha-256.yml +++ b/tests/dotnet-example-auth-scram-sha-256.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?directConnection=true&authMechanism=SCRAM-SHA-256 + - mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-256 results: postgresql: diff --git a/tests/java-example-auth-scram-sha-1.sh b/tests/java-example-auth-scram-sha-1.sh new file mode 100755 index 000000000..c5ac51fc2 --- /dev/null +++ b/tests/java-example-auth-scram-sha-1.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +set -ex + +# enables Maven exceptions +export MAVEN_OPTS='-ea' + +mvn compile exec:java -Dexec.mainClass=com.start.Connection \ +-Dexec.args="mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-1" diff --git a/tests/java-example-auth-scram-sha-1.yml b/tests/java-example-auth-scram-sha-1.yml new file mode 100644 index 000000000..99b4821e1 --- /dev/null +++ b/tests/java-example-auth-scram-sha-1.yml @@ -0,0 +1,17 @@ +--- +runner: command +dir: java-example/java +args: [../../java-example-auth-scram-sha-1.sh] + +results: + postgresql: + stats: + fail: 1 + + sqlite: + stats: + fail: 1 + + mongodb: + stats: + pass: 1 diff --git a/tests/java-example-auth-scram-sha-256.sh b/tests/java-example-auth-scram-sha-256.sh new file mode 100755 index 000000000..a89a2ff89 --- /dev/null +++ b/tests/java-example-auth-scram-sha-256.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +set -ex + +# enables Maven exceptions +export MAVEN_OPTS='-ea' + +mvn compile exec:java -Dexec.mainClass=com.start.Connection \ +-Dexec.args="mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-256" diff --git a/tests/java-example-auth-scram-sha-256.yml b/tests/java-example-auth-scram-sha-256.yml new file mode 100644 index 000000000..c4ab14ed7 --- /dev/null +++ b/tests/java-example-auth-scram-sha-256.yml @@ -0,0 +1,17 @@ +--- +runner: command +dir: java-example/java +args: [../../java-example-auth-scram-sha-256.sh] + +results: + postgresql: + stats: + fail: 1 + + sqlite: + stats: + fail: 1 + + mongodb: + stats: + pass: 1 diff --git a/tests/python-example-auth-scram-sha-256.sh b/tests/python-example-auth-scram-sha-256.sh new file mode 100755 index 000000000..07ea65b59 --- /dev/null +++ b/tests/python-example-auth-scram-sha-256.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -ex + +pip3 install pymongo + +python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-256' diff --git a/tests/python-example-auth-scram-sha-256.yml b/tests/python-example-auth-scram-sha-256.yml new file mode 100644 index 000000000..1715437c5 --- /dev/null +++ b/tests/python-example-auth-scram-sha-256.yml @@ -0,0 +1,17 @@ +--- +runner: command +dir: python-example +args: [../python-example-auth-scram-sha-256.sh] + +results: + postgresql: + stats: + fail: 1 + + sqlite: + stats: + fail: 1 + + mongodb: + stats: + pass: 1 From dad4e646cf65ec152da46bd81de8899f0a157c87 Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 11:08:26 +0100 Subject: [PATCH 44/62] do not run them on CI yet --- .github/workflows/dance.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dance.yml b/.github/workflows/dance.yml index 62795b9a6..1c5c5b082 100644 --- a/.github/workflows/dance.yml +++ b/.github/workflows/dance.yml @@ -51,10 +51,12 @@ jobs: # - diff - dotnet-example - dotnet-example-auth - - dotnet-example-auth-scram-sha-1 - - dotnet-example-auth-scram-sha-256 + # - dotnet-example-auth-scram-sha-1 + # - dotnet-example-auth-scram-sha-256 - java-example - java-example-auth + # - java-example-auth-scram-sha-1 + # - java-example-auth-scram-sha-256 - meteor-doc-fetcher - meteor-oplog-cursor-supported - meteor-oplog-entry-skipping @@ -64,7 +66,8 @@ jobs: - mongo-tools - python-example - python-example-auth - - python-example-auth-scram-sha-1 + # - python-example-auth-scram-sha-1 + # - python-example-auth-scram-sha-256 - restheart - restheart-auth - ycsb-workloada From 71a6b8b9f1a0f09bd50674a8accc2d62561934ac Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 14:04:47 +0100 Subject: [PATCH 45/62] fixes --- tests/java-example-auth.yml | 6 ++++-- tests/java-example.yml | 6 ++++-- tests/mongo.yml | 11 ++++------- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/tests/java-example-auth.yml b/tests/java-example-auth.yml index 46da59eab..95bf7062c 100644 --- a/tests/java-example-auth.yml +++ b/tests/java-example-auth.yml @@ -6,11 +6,13 @@ args: [../../java-example-auth.sh] results: postgresql: stats: - pass: 1 + # https://github.com/FerretDB/FerretDB/pull/3996 + fail: 1 sqlite: stats: - pass: 1 + # https://github.com/FerretDB/FerretDB/pull/3996 + fail: 1 mongodb: stats: diff --git a/tests/java-example.yml b/tests/java-example.yml index a38b613e7..92c480b14 100644 --- a/tests/java-example.yml +++ b/tests/java-example.yml @@ -6,11 +6,13 @@ args: [../../java-example.sh] results: postgresql: stats: - pass: 1 + # https://github.com/FerretDB/FerretDB/pull/3996 + fail: 1 sqlite: stats: - pass: 1 + # https://github.com/FerretDB/FerretDB/pull/3996 + fail: 1 mongodb: stats: diff --git a/tests/mongo.yml b/tests/mongo.yml index d88ad8351..060b9a3bd 100644 --- a/tests/mongo.yml +++ b/tests/mongo.yml @@ -171,7 +171,6 @@ results: # SyntaxError: import declarations may only appear at top level of a module - mongo/jstests/readonly/get_more.js tailable: - # https://github.com/FerretDB/FerretDB/issues/2283 # https://github.com/FerretDB/FerretDB/issues/2341 - mongo/jstests/aggregation/sources/collStats/query_exec_stats.js # https://github.com/FerretDB/FerretDB/issues/3606 @@ -199,8 +198,6 @@ results: - mongo/jstests/core/write/crud_api.js auth: # https://github.com/FerretDB/FerretDB/issues/7 - # https://github.com/FerretDB/FerretDB/issues/1492 - # https://github.com/FerretDB/FerretDB/issues/1491 - mongo/jstests/core/administrative/auth1.js - mongo/jstests/auth/getMore.js - mongo/jstests/auth/list_sessions.js @@ -210,8 +207,8 @@ results: postgresql: stats: - fail: 73 - pass: 44 + fail: 72 + pass: 45 fail: include_fail: - aggregation @@ -224,8 +221,8 @@ results: sqlite: stats: - fail: 73 - pass: 44 + fail: 72 + pass: 45 fail: include_fail: - aggregation From 70ecd5d9c3325fac6323721fb84c56ceeefa30ab Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 15:49:00 +0100 Subject: [PATCH 46/62] revert complete mess --- Taskfile.yaml | 6 ++--- build/certs/mongodb-ca.crt | 28 -------------------- build/certs/mongodb.pem | 54 -------------------------------------- build/key | 1 + build/mongod.conf | 10 +------ docker-compose.yml | 17 +++++++++--- internal/jstest/jstest.go | 2 +- 7 files changed, 19 insertions(+), 99 deletions(-) delete mode 100644 build/certs/mongodb-ca.crt delete mode 100644 build/certs/mongodb.pem create mode 100644 build/key diff --git a/Taskfile.yaml b/Taskfile.yaml index 32dd84f19..0c98e00bb 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -95,7 +95,7 @@ tasks: desc: "Run legacy MongoDB shell (`mongo`) with test script" cmds: - > - docker compose run --rm mongo --tls --tlsCAFile /etc/ssl/mongodb-ca.crt --sslPEMKeyFile /etc/ssl/mongodb.pem + docker compose run --rm mongo 'mongodb://user:password@host.docker.internal:27017/' {{.CLI_ARGS}} @@ -104,7 +104,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=/etc/ssl/mongodb.pem&tlsCaFile=/etc/ssl/mongodb-ca.crt&replicaSet=rs0' + 'mongodb://user:password@host.docker.internal:27017/?directConnection=true' --eval 'disableTelemetry()' --shell init-repl: @@ -112,7 +112,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=/etc/ssl/mongodb.pem&tlsCaFile=/etc/ssl/mongodb-ca.crt&replicaSet=rs0' + 'mongodb://user:password@host.docker.internal:27017/?directConnection=true' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true diff --git a/build/certs/mongodb-ca.crt b/build/certs/mongodb-ca.crt deleted file mode 100644 index 53349cc89..000000000 --- a/build/certs/mongodb-ca.crt +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEvTCCAyWgAwIBAgIQRmKU0Vl2pnFYCF3AQNKRLTANBgkqhkiG9w0BAQsFADB3 -MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJjAkBgNVBAsMHWJ5cm9u -QGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMS0wKwYDVQQDDCRta2NlcnQgYnlyb25A -Ynlyb24tVGhpbmtDZW50cmUtTTkxMHEwHhcNMjQwMTIxMTIzODMzWhcNMzQwMTIx -MTIzODMzWjB3MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJjAkBgNV -BAsMHWJ5cm9uQGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMS0wKwYDVQQDDCRta2Nl -cnQgYnlyb25AYnlyb24tVGhpbmtDZW50cmUtTTkxMHEwggGiMA0GCSqGSIb3DQEB -AQUAA4IBjwAwggGKAoIBgQCtlK7z575Ku59IWFY74CvA7DNkep186C8dNsIjdn0j -Q9CGUq9NqrB2QhMdZoSXwIzscx47VMrpwIJZi3YmT2fCcRMw1Fa8p226Ji1NcShK -y3Q33lbIP7E5AExyJF/gFMFy3nVrr2nDnfmnXsryPhl3Xqx7utxmxtSG0mXVZVOY -SLQAiv272OryBuvHFn6FNDRukr7996vK8Bvmveompi/yKY6489yQD/hC+XqeSGOQ -u38dzMpyNFL3QHXWCR0FKsAZru4q6U3h490GFwD/mY2+SBLHCPZAWoDJvqLkvWBH -joHALx1uO8UzbuvWKjOJDPKZfNzei9ZgOHAkhtRjZiCMcNjoRcbew907D02IC6wl -m+JV1goBA0zPD/PSjy4p/eOXSzTiGdrMqDcYNu+FaRB5e1Hrl53smVEUvgyZuvnR -fFUNZCu6tIJ+8GtIBEATHDC+xGiAGBtzdNT6Kbijn4KdGKHHBadwIL9aKRGFIWQq -FWbnzXK6g6wK+gA4FhwDF8kCAwEAAaNFMEMwDgYDVR0PAQH/BAQDAgIEMBIGA1Ud -EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFInI/5hpQXavC/l4mbdJrT9/T3P5MA0G -CSqGSIb3DQEBCwUAA4IBgQAoi/9UCTdwWcRJ4OImJd+8JZKZzQuLvis0d+idce4r -KUQCHYQp46VwltdL2u3DGk8iMTutRXf51DgvFG+2S8Ius117F/QUNSohF8fpeLL1 -Bv2koqs6+UxE7wkxagrg7fPGPjpkI70s/RXsag6jXnsiBH3N+ttlJIz8+pPOlk5u -l5xSe405W1vqZa/0FX40OgvDk+qTxxzlynE8Nhue6j2bYag4fDyrD/+DZXeZe5UB -KxSVO8AgzdJQZGkQuZ/zHSJMXuAZYUlyDhogqAWwrary0bwdXyFY15NIdjxXQBw4 -g2IlqWfPgJUICHE1wiYTmXFI1LeQIQcyahgenvsfj+i/RK0z41zQgeONGqInOYmm -KTzu7p4MlCXGk3aZMqi8hL5JJGAvpUvzZwp3XEUjyWs4hJ/WLu9uHLKGT5vuSVbb -c8G8CX22EG0RMoZEdNDcjtTkexcdtuTm0MHamhGESHgWZ6/NweIVqMx9KusLDZ1H -dem6Wp45oaAuA0LLh49aDi8= ------END CERTIFICATE----- diff --git a/build/certs/mongodb.pem b/build/certs/mongodb.pem deleted file mode 100644 index e8c0c0901..000000000 --- a/build/certs/mongodb.pem +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEcDCCAtigAwIBAgIQJbXK0rR4gSbdduvggxcXXzANBgkqhkiG9w0BAQsFADB3 -MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJjAkBgNVBAsMHWJ5cm9u -QGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMS0wKwYDVQQDDCRta2NlcnQgYnlyb25A -Ynlyb24tVGhpbmtDZW50cmUtTTkxMHEwHhcNMjQwMTIxMTI0MDQ3WhcNMjYwNDIx -MTE0MDQ3WjBRMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNh -dGUxJjAkBgNVBAsMHWJ5cm9uQGJ5cm9uLVRoaW5rQ2VudHJlLU05MTBxMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfiMugypjw98xZmZRrdO8y8GjTGs -qXk4wAn4JKXF5G5E99TtRBLGDmvPO6HW+h5Ua+6Qu0F8WxXpNyPlt8yVzTT4x7dc -vxY8ZxMZ7w2UGUqm+CilvjXD44wBOlUO1FJhffsYYZFwYsjUWUmo/uZntfNAawbR -+ehL9y9IL3EgFTWFpNCCx25gD7C3hTnkxgpGg5yrel5mbq1zd85VWeijRr6si0ZH -XCGxkRR300M/pxhrTY2dVeXeFXpLpXh9CsG6iJUeRzvuy7SdCsSGyhxmjVv/GJ7X -ELYg9vytg99I/VHszfLZV0wU/eMlIswGrCINrD4c6Xpg7zffqBd4FxLuzwIDAQAB -o4GdMIGaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB -BQUHAwEwHwYDVR0jBBgwFoAUicj/mGlBdq8L+XiZt0mtP39Pc/kwSAYDVR0RBEEw -P4IEZWNob4IJbG9jYWxob3N0ghRob3N0LmRvY2tlci5pbnRlcm5hbIcEfwAAAYcQ -AAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAYEAIqR0TW38EovYncsl -FSRBcg8pA18hf49fMsKHx0c/XR9tMlGf7WJrsbbnVP8MTiDU1KFa2lwLVcz05C13 -l1aoAY/Yll3TEaccFkdRvu57Uapgk1FoRB8tNZcKibTzdI+B5PKEm5mztMui3yll -4uf7eoNMdDrjx56/+WpqFtWYNPkpBtRPDpMKFlbCKn4qEq99HTYbgb6QF9TVbgFC -0spuy/QHuvqnYqUkDhn06squptcWGN8jkA+6FwZXIz6rhuuJCCCEEidDkYut9ySh -KUhQBhWpfVSgYxj/EVhS4hPkqcYO4G1qcpg+00CWDHbMN4mh7N2FsZ2Be6TO2VZ4 -AH8XPuaBcyLkcWKMQJ5izdL2hw7BzJXFitoMDifiuMjSlghqkZQg2GadR1zg+tte -Jdgm8iIVOQw77x2jeol+RZRk4xGte/uWCTS0HbOcakGRG8UDrweujDLo1G+rQVu7 -nY9DuXvsnjLn+wCTuyEbsk+16njPaqp/UDg/Eah/6TSxWakH ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN+Iy6DKmPD3zF -mZlGt07zLwaNMaypeTjACfgkpcXkbkT31O1EEsYOa887odb6HlRr7pC7QXxbFek3 -I+W3zJXNNPjHt1y/FjxnExnvDZQZSqb4KKW+NcPjjAE6VQ7UUmF9+xhhkXBiyNRZ -Saj+5me180BrBtH56Ev3L0gvcSAVNYWk0ILHbmAPsLeFOeTGCkaDnKt6XmZurXN3 -zlVZ6KNGvqyLRkdcIbGRFHfTQz+nGGtNjZ1V5d4VekuleH0KwbqIlR5HO+7LtJ0K -xIbKHGaNW/8YntcQtiD2/K2D30j9UezN8tlXTBT94yUizAasIg2sPhzpemDvN9+o -F3gXEu7PAgMBAAECggEBAKuesSuIx3OTlQRUwplgveD1SwE05chkYDvrUp6+nhCD -LOZPvc8d0XdMr2Thqe3IfdFc+617mDGRJTyzpYIrbpqIy84lY5s43OWJze8ZIlCc -mllmDQxbYjhkfNVs8ClL5z4AjcUmWT2GVyF6tdyGgN3jrMZA7Y7M1xdEh2I4YWIp -Ml3KlU54lhX4volN9WqMugzaDMoJKEBjq4AlrYTRvR17d7X/opSoRecsPjXjIsVu -IUXFavAw2eWBNts0g6nFTy9wA7ZoDK91bRyeRsZuKNzCdaVX3tTCFg1H4D8CzLxX -GGM8/grvWMpCqtPYSPwvI3waSSGkwkEvpX4N0I8Ak1kCgYEA2fzQqbSMgQ9pU1CJ -fSBUyZQOuCBu0CSk3SGC0iNlEzHO2NZhSoHwQGs3iopA8gudfoghr4TeJgxEJbBc -g28oMv9V/YPlPjfyRp9yvJOmrXXqgXzMTEhykEMG6hIzgxxdON706+mYhQmd4582 -nkBC9m51o0PglxmB6fY766t8yHMCgYEA8eNMeAfvrL4eB/fkZ+0bb6R3M4G81TzY -sKWyDkILmJlTDtIXCgsIqt1xAGvSHvyd7V31OqQuPXmLwBDH86vhpVRvUgN+4UKY -Ma75u4bGlfDlj14vsVanfeXC7bPce6D7zniUWyg/CGy34gLvDa/QjzUOF27FF6R8 -nfppu+gEFTUCgYEAw8FiDRRDHN8fIZ9waHpxSbh442bUvHw7xQ0D8vuwF+WhsF4M -bqFzhBYEgZgYLIS7wVY0ke9Ko3ZeeE4BNlLLEcj0ir44ToBlRICJw8kAZENA/Vl6 -CYMBxoU6n1cLBVGicaDe50AWJFp3fGKM5N4mhDC72YrqFCbm4JisRL3yR/sCgYEA -j2AJbYRWvm+aYWLAUhGrF4vG1BLsmQCN+HbeibEAKp2HK9u/qEZOBulnF7bRP2jB -O3db6jxy5CFtgpTv0DFreJIJwfUsedz9VUW/5TXH9AxsJYTQhC827FsKJddcszMC -zqmOVlIOurGmdSMEC3rRBnGOPrl7vb3T19gcYDLwaJkCgYAvB9dHGBuE2mGVmRxu -hzZeFbYoBfeO6cvsrPOgcg/WUr0qi56Um5qztlVRpQP2+KrQnkxcJ3Mo38qr6qgj -VnmgmnWY13SuqoDFDApxqvIcsNRwIb5zNDqf/k5W7EoUopd5k3MyVy+eUoBAd4Rn -mU8WSoLjc7NrUwfeWcFw618MUw== ------END PRIVATE KEY----- diff --git a/build/key b/build/key new file mode 100644 index 000000000..f6803543d --- /dev/null +++ b/build/key @@ -0,0 +1 @@ +mysecretkey diff --git a/build/mongod.conf b/build/mongod.conf index 1fa2628d2..05ac24499 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -1,18 +1,10 @@ net: port: 27017 bindIpAll: true - tls: - mode: requireTLS - certificateKeyFile: /etc/ssl/mongodb.pem - CAFile: /etc/ssl/mongodb-ca.crt - clusterFile: /etc/ssl/mongodb.pem - allowInvalidCertificates: true - allowInvalidHostnames: true - allowConnectionsWithoutCertificates: true security: authorization: enabled - clusterAuthMode: x509 + keyFile: "/etc/key" replication: oplogSizeMB: 512 diff --git a/docker-compose.yml b/docker-compose.yml index f0063033d..33a154e96 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: build: context: ./build/deps dockerfile: mongo7.Dockerfile - command: --config /etc/mongod.conf + # command: --config /etc/mongod.conf container_name: dance_mongodb restart: unless-stopped ulimits: @@ -68,8 +68,19 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: - - ./build/certs:/etc/ssl - ./build/mongod.conf:/etc/mongod.conf + - ./build/key:/etc/key + entrypoint: + - bash + - -c + - | + trap 'true' SIGTERM + chmod 400 /etc/key + chown 999:999 /etc/key + exec docker-entrypoint.sh $$@ + wait $! + chmod 777 /etc/key + command: "mongod --config /etc/mongod.conf --keyFile /etc/key" # never started normally, used only for mongosh, mongodump, etc. mongosh: @@ -83,7 +94,6 @@ services: extra_hosts: - "host.docker.internal:host-gateway" volumes: - - ./build/certs:/etc/ssl - ./dumps:/dumps # legacy mongo shell @@ -99,7 +109,6 @@ services: - "host.docker.internal:host-gateway" working_dir: /tests/mongo volumes: - - ./build/certs:/etc/ssl - ./tests/mongo:/tests/mongo # for documentation diff --git a/internal/jstest/jstest.go b/internal/jstest/jstest.go index 55de19fdc..3dd0ef18d 100644 --- a/internal/jstest/jstest.go +++ b/internal/jstest/jstest.go @@ -151,7 +151,7 @@ func runMongo(dir, file string) ([]byte, error) { dockerArgs := []string{"compose", "run", "-T", "--rm", "mongo"} shellArgs := []string{ - "--verbose", "--norc", "mongodb://host.docker.internal:27017/", + "--verbose", "--norc", "mongodb://user:password@host.docker.internal:27017/", "--eval", evalBuilder(file), file, } dockerArgs = append(dockerArgs, shellArgs...) From c571be301ad9eea3f5235d9c0282a10cb9803b18 Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 18:45:09 +0100 Subject: [PATCH 47/62] fixes --- build/key | 1 - build/mongod.conf | 8 ++++---- internal/jstest/jstest.go | 2 +- tests/dotnet-example-auth-scram-sha-1.yml | 2 +- tests/dotnet-example-auth-scram-sha-256.yml | 2 +- tests/java-example-auth-scram-sha-1.sh | 2 +- tests/java-example-auth-scram-sha-256.sh | 2 +- tests/python-example-auth-scram-sha-1.sh | 2 +- tests/python-example-auth-scram-sha-256.sh | 2 +- tests/python-example-auth.sh | 2 +- 10 files changed, 12 insertions(+), 13 deletions(-) delete mode 100644 build/key diff --git a/build/key b/build/key deleted file mode 100644 index f6803543d..000000000 --- a/build/key +++ /dev/null @@ -1 +0,0 @@ -mysecretkey diff --git a/build/mongod.conf b/build/mongod.conf index 05ac24499..59e5648c5 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -1,10 +1,11 @@ net: port: 27017 bindIpAll: true - + tls: + mode: disabled + security: - authorization: enabled - keyFile: "/etc/key" + authorization: disabled replication: oplogSizeMB: 512 @@ -12,7 +13,6 @@ replication: setParameter: enableTestCommands: true - enableLocalhostAuthBypass: true systemLog: quiet: true diff --git a/internal/jstest/jstest.go b/internal/jstest/jstest.go index 3dd0ef18d..55de19fdc 100644 --- a/internal/jstest/jstest.go +++ b/internal/jstest/jstest.go @@ -151,7 +151,7 @@ func runMongo(dir, file string) ([]byte, error) { dockerArgs := []string{"compose", "run", "-T", "--rm", "mongo"} shellArgs := []string{ - "--verbose", "--norc", "mongodb://user:password@host.docker.internal:27017/", + "--verbose", "--norc", "mongodb://host.docker.internal:27017/", "--eval", evalBuilder(file), file, } dockerArgs = append(dockerArgs, shellArgs...) diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index 7c8dd64bb..7f8bbfde5 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-1 + - mongodb://user:password@localhost:27017/?replicaSet=rs0&directConnection=true&authMechanism=SCRAM-SHA-1 results: postgresql: diff --git a/tests/dotnet-example-auth-scram-sha-256.yml b/tests/dotnet-example-auth-scram-sha-256.yml index aeed545e8..c926ff5cf 100644 --- a/tests/dotnet-example-auth-scram-sha-256.yml +++ b/tests/dotnet-example-auth-scram-sha-256.yml @@ -4,7 +4,7 @@ dir: dotnet-example args: - dotnet - run - - mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-256 + - mongodb://user:password@localhost:27017/?replicaSet=rs0&directConnection=true&authMechanism=SCRAM-SHA-256 results: postgresql: diff --git a/tests/java-example-auth-scram-sha-1.sh b/tests/java-example-auth-scram-sha-1.sh index c5ac51fc2..6382ec6fe 100755 --- a/tests/java-example-auth-scram-sha-1.sh +++ b/tests/java-example-auth-scram-sha-1.sh @@ -6,4 +6,4 @@ set -ex export MAVEN_OPTS='-ea' mvn compile exec:java -Dexec.mainClass=com.start.Connection \ --Dexec.args="mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-1" +-Dexec.args="mongodb://user:password@localhost:27017/?replicaSet=rs0&directConnection=true&authMechanism=SCRAM-SHA-1" diff --git a/tests/java-example-auth-scram-sha-256.sh b/tests/java-example-auth-scram-sha-256.sh index a89a2ff89..609170057 100755 --- a/tests/java-example-auth-scram-sha-256.sh +++ b/tests/java-example-auth-scram-sha-256.sh @@ -6,4 +6,4 @@ set -ex export MAVEN_OPTS='-ea' mvn compile exec:java -Dexec.mainClass=com.start.Connection \ --Dexec.args="mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-256" +-Dexec.args="mongodb://user:password@localhost:27017/?replicaSet=rs0&directConnection=true&authMechanism=SCRAM-SHA-256" diff --git a/tests/python-example-auth-scram-sha-1.sh b/tests/python-example-auth-scram-sha-1.sh index e2ed39acd..f3bcebcce 100755 --- a/tests/python-example-auth-scram-sha-1.sh +++ b/tests/python-example-auth-scram-sha-1.sh @@ -4,4 +4,4 @@ set -ex pip3 install pymongo -python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-1' +python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?replicaSet=rs0&directConnection=true&authMechanism=SCRAM-SHA-1' diff --git a/tests/python-example-auth-scram-sha-256.sh b/tests/python-example-auth-scram-sha-256.sh index 07ea65b59..27a2d3831 100755 --- a/tests/python-example-auth-scram-sha-256.sh +++ b/tests/python-example-auth-scram-sha-256.sh @@ -4,4 +4,4 @@ set -ex pip3 install pymongo -python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?directConnection=true&tls=true&tlsCertificateKeyFile=../../build/certs/mongodb.pem&tlsCaFile=../../build/certs/mongodb-ca.crt&authMechanism=SCRAM-SHA-256' +python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?replicaSet=rs0&directConnection=true&authMechanism=SCRAM-SHA-256' diff --git a/tests/python-example-auth.sh b/tests/python-example-auth.sh index b78eff407..9ca35c648 100755 --- a/tests/python-example-auth.sh +++ b/tests/python-example-auth.sh @@ -4,4 +4,4 @@ set -ex pip3 install pymongo -python3 pymongo_test.py mongodb://user:password@localhost:27017/?authMechanism=PLAIN +python3 pymongo_test.py 'mongodb://user:password@localhost:27017/?authMechanism=PLAIN' From b7918941b4c47d94e0707fdc6ed00a968d2dd4cf Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 18:47:13 +0100 Subject: [PATCH 48/62] remove MONGO_INITDB_ROOT environment variables --- docker-compose.yml | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 33a154e96..c7996f7c2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: build: context: ./build/deps dockerfile: mongo7.Dockerfile - # command: --config /etc/mongod.conf + command: --config /etc/mongod.conf container_name: dance_mongodb restart: unless-stopped ulimits: @@ -63,24 +63,10 @@ services: environment: # Always UTC+05:45. Set to catch timezone problems. - TZ=Asia/Kathmandu - - MONGO_INITDB_ROOT_USERNAME=user - - MONGO_INITDB_ROOT_PASSWORD=password extra_hosts: - "host.docker.internal:host-gateway" volumes: - ./build/mongod.conf:/etc/mongod.conf - - ./build/key:/etc/key - entrypoint: - - bash - - -c - - | - trap 'true' SIGTERM - chmod 400 /etc/key - chown 999:999 /etc/key - exec docker-entrypoint.sh $$@ - wait $! - chmod 777 /etc/key - command: "mongod --config /etc/mongod.conf --keyFile /etc/key" # never started normally, used only for mongosh, mongodump, etc. mongosh: From 5d804fb31eba417aa4dafb4e4997ab47c29ff732 Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 18:47:25 +0100 Subject: [PATCH 49/62] fix Taskfile --- Taskfile.yaml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 0c98e00bb..087dcb1e7 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -41,6 +41,7 @@ tasks: docker compose up --always-recreate-deps --force-recreate --remove-orphans --renew-anon-volumes -t 0 --detach --build {{.DB}} - task: init-repl + - task: init-user preconditions: - sh: "test {{.DB}}" msg: "Please set DB variable to one of `postgresql`, `sqlite`, or `mongodb`" @@ -96,7 +97,7 @@ tasks: cmds: - > docker compose run --rm mongo - 'mongodb://user:password@host.docker.internal:27017/' + 'mongodb://host.docker.internal:27017/' {{.CLI_ARGS}} mongosh: @@ -104,7 +105,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?directConnection=true' + 'mongodb://host.docker.internal:27017/?directConnection=true' --eval 'disableTelemetry()' --shell init-repl: @@ -112,11 +113,23 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://user:password@host.docker.internal:27017/?directConnection=true' + 'mongodb://host.docker.internal:27017/?directConnection=true' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' # this is true to prevent an already initialized error and no such command error for replSetInitiate ignore_error: true + # creates a user similar to MONGO_INITDB_ROOT_USERNAME but does not enable authentication + # https://github.com/docker-library/mongo/blob/master/7.0/docker-entrypoint.sh#L260 + init-user: + desc: "Creates a user with the root access role" + cmds: + - > + docker compose run --rm mongosh mongosh + 'mongodb://host.docker.internal:27017/?directConnection=true' + --verbose --eval 'db.getSiblingDB("admin").createUser({user: "user", pwd: "password", roles: [ "root" ]})' + # this is true to prevent an already initialized error and no such command error for replSetInitiate + ignore_error: true + # see https://github.com/DavidAnson/markdownlint-cli2#command-line for the reason we use double-quotes docs-fmt: desc: "Format and lint documentation" From 341485e6e1441c617b0a11232cbbfd27ed3bd186 Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 18:50:19 +0100 Subject: [PATCH 50/62] format --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c7996f7c2..53dfcd83b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -67,7 +67,7 @@ services: - "host.docker.internal:host-gateway" volumes: - ./build/mongod.conf:/etc/mongod.conf - + # never started normally, used only for mongosh, mongodump, etc. mongosh: build: From 461ee6f858e6eb87c09adceabe4037c9dfa274d0 Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 22 Jan 2024 19:02:12 +0100 Subject: [PATCH 51/62] stats --- tests/mongo-go-driver.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/mongo-go-driver.yml b/tests/mongo-go-driver.yml index 2d44070f6..d0bac442c 100644 --- a/tests/mongo-go-driver.yml +++ b/tests/mongo-go-driver.yml @@ -39,8 +39,9 @@ results: # panic: runtime error: invalid memory address or nil pointer dereference - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_NotSupported - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_NotSupported/afterClusterTime_not_included - skip: + - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_Supported + skip: - go.mongodb.org/mongo-driver/internal/integration/TestChangeStream_ReplicaSet - go.mongodb.org/mongo-driver/x/mongo/driver/integration/TestCompression - go.mongodb.org/mongo-driver/x/mongo/driver/integration/TestInsert @@ -127,8 +128,8 @@ results: postgresql: stats: fail: 6 - skip: 9 - pass: 633 + skip: 8 + pass: 634 ignore: include_ignore: - ignore @@ -145,8 +146,8 @@ results: sqlite: stats: fail: 6 - skip: 9 - pass: 633 + skip: 8 + pass: 634 ignore: include_ignore: - ignore From ea2c7356a85235cbc5c747c572ad317141adacf5 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 24 Jan 2024 10:19:34 +0100 Subject: [PATCH 52/62] fix stats --- tests/java-example-auth.yml | 6 ++---- tests/mongo.yml | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/tests/java-example-auth.yml b/tests/java-example-auth.yml index 95bf7062c..46da59eab 100644 --- a/tests/java-example-auth.yml +++ b/tests/java-example-auth.yml @@ -6,13 +6,11 @@ args: [../../java-example-auth.sh] results: postgresql: stats: - # https://github.com/FerretDB/FerretDB/pull/3996 - fail: 1 + pass: 1 sqlite: stats: - # https://github.com/FerretDB/FerretDB/pull/3996 - fail: 1 + pass: 1 mongodb: stats: diff --git a/tests/mongo.yml b/tests/mongo.yml index 060b9a3bd..5a55e90c5 100644 --- a/tests/mongo.yml +++ b/tests/mongo.yml @@ -207,8 +207,8 @@ results: postgresql: stats: - fail: 72 - pass: 45 + fail: 71 + pass: 46 fail: include_fail: - aggregation @@ -221,8 +221,8 @@ results: sqlite: stats: - fail: 72 - pass: 45 + fail: 71 + pass: 46 fail: include_fail: - aggregation From 4da95a206de559e0aa57675fa7f730a49af38056 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 24 Jan 2024 10:23:56 +0100 Subject: [PATCH 53/62] fix stats --- tests/java-example.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/java-example.yml b/tests/java-example.yml index 92c480b14..e8e813e11 100644 --- a/tests/java-example.yml +++ b/tests/java-example.yml @@ -6,13 +6,12 @@ args: [../../java-example.sh] results: postgresql: stats: - # https://github.com/FerretDB/FerretDB/pull/3996 - fail: 1 + pass: 1 sqlite: stats: - # https://github.com/FerretDB/FerretDB/pull/3996 - fail: 1 + pass: 1 + pass: 1 mongodb: stats: From 46418692b03c3a6431ffacde89da17f0f475bb56 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 24 Jan 2024 10:26:46 +0100 Subject: [PATCH 54/62] fix --- tests/java-example.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/java-example.yml b/tests/java-example.yml index e8e813e11..a38b613e7 100644 --- a/tests/java-example.yml +++ b/tests/java-example.yml @@ -11,7 +11,6 @@ results: sqlite: stats: pass: 1 - pass: 1 mongodb: stats: From 6e84f4f77d1e763961af6d26bf828ae09b042837 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 24 Jan 2024 13:56:38 +0100 Subject: [PATCH 55/62] fixes --- .github/workflows/dance.yml | 12 ++++++------ Taskfile.yaml | 2 +- build/mongod.conf | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/dance.yml b/.github/workflows/dance.yml index 1c5c5b082..efa8f3619 100644 --- a/.github/workflows/dance.yml +++ b/.github/workflows/dance.yml @@ -51,12 +51,12 @@ jobs: # - diff - dotnet-example - dotnet-example-auth - # - dotnet-example-auth-scram-sha-1 - # - dotnet-example-auth-scram-sha-256 + - dotnet-example-auth-scram-sha-1 + - dotnet-example-auth-scram-sha-256 - java-example - java-example-auth - # - java-example-auth-scram-sha-1 - # - java-example-auth-scram-sha-256 + - java-example-auth-scram-sha-1 + - java-example-auth-scram-sha-256 - meteor-doc-fetcher - meteor-oplog-cursor-supported - meteor-oplog-entry-skipping @@ -66,8 +66,8 @@ jobs: - mongo-tools - python-example - python-example-auth - # - python-example-auth-scram-sha-1 - # - python-example-auth-scram-sha-256 + - python-example-auth-scram-sha-1 + - python-example-auth-scram-sha-256 - restheart - restheart-auth - ycsb-workloada diff --git a/Taskfile.yaml b/Taskfile.yaml index 087dcb1e7..862a04835 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -105,7 +105,7 @@ tasks: cmds: - > docker compose run --rm mongosh mongosh - 'mongodb://host.docker.internal:27017/?directConnection=true' + 'mongodb://host.docker.internal:27017/' --eval 'disableTelemetry()' --shell init-repl: diff --git a/build/mongod.conf b/build/mongod.conf index 59e5648c5..3d99a549f 100644 --- a/build/mongod.conf +++ b/build/mongod.conf @@ -8,8 +8,8 @@ security: authorization: disabled replication: - oplogSizeMB: 512 - replSetName: rs0 + oplogSizeMB: 512 + replSetName: rs0 setParameter: enableTestCommands: true From 2d979b1c870130ac063ec62b69e11d19fedbfb22 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 24 Jan 2024 15:24:06 +0100 Subject: [PATCH 56/62] fix config files --- internal/config/config.go | 8 ++++---- tests/dotnet-example-auth-scram-sha-1.yml | 4 ++++ tests/dotnet-example-auth-scram-sha-256.yml | 5 ++++- tests/java-example-auth-scram-sha-1.yml | 4 ++++ tests/java-example-auth-scram-sha-256.yml | 4 ++++ tests/python-example-auth-scram-sha-1.yml | 6 +++++- tests/python-example-auth-scram-sha-256.yml | 6 +++++- 7 files changed, 30 insertions(+), 7 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index ee07100c3..e2a934b09 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -207,11 +207,11 @@ func (tc *TestConfig) Compare(results *TestResults) (*CompareResult, error) { case Skip: switch testRes.Status { case Fail: - compareResult.UnexpectedFail[test] = testResOutput + compareResult.ExpectedFail[test] = testResOutput case Skip: compareResult.ExpectedSkip[test] = testResOutput case Pass: - compareResult.UnexpectedPass[test] = testResOutput + compareResult.ExpectedPass[test] = testResOutput case Ignore: fallthrough case Unknown: @@ -222,9 +222,9 @@ func (tc *TestConfig) Compare(results *TestResults) (*CompareResult, error) { case Pass: switch testRes.Status { case Fail: - compareResult.UnexpectedFail[test] = testResOutput + compareResult.ExpectedFail[test] = testResOutput case Skip: - compareResult.UnexpectedSkip[test] = testResOutput + compareResult.ExpectedSkip[test] = testResOutput case Pass: compareResult.ExpectedPass[test] = testResOutput case Ignore: diff --git a/tests/dotnet-example-auth-scram-sha-1.yml b/tests/dotnet-example-auth-scram-sha-1.yml index 7f8bbfde5..5abaab785 100644 --- a/tests/dotnet-example-auth-scram-sha-1.yml +++ b/tests/dotnet-example-auth-scram-sha-1.yml @@ -10,10 +10,14 @@ results: postgresql: stats: fail: 1 + fail: + - dotnet-example sqlite: stats: fail: 1 + fail: + - dotnet-example mongodb: stats: diff --git a/tests/dotnet-example-auth-scram-sha-256.yml b/tests/dotnet-example-auth-scram-sha-256.yml index c926ff5cf..9796e6c1e 100644 --- a/tests/dotnet-example-auth-scram-sha-256.yml +++ b/tests/dotnet-example-auth-scram-sha-256.yml @@ -10,11 +10,14 @@ results: postgresql: stats: fail: 1 + fail: + - dotnet-example sqlite: stats: fail: 1 - + fail: + - dotnet-example mongodb: stats: pass: 1 diff --git a/tests/java-example-auth-scram-sha-1.yml b/tests/java-example-auth-scram-sha-1.yml index 99b4821e1..e4a0efa1c 100644 --- a/tests/java-example-auth-scram-sha-1.yml +++ b/tests/java-example-auth-scram-sha-1.yml @@ -7,10 +7,14 @@ results: postgresql: stats: fail: 1 + fail: + - java-example/java sqlite: stats: fail: 1 + fail: + - java-example/java mongodb: stats: diff --git a/tests/java-example-auth-scram-sha-256.yml b/tests/java-example-auth-scram-sha-256.yml index c4ab14ed7..331eb0e51 100644 --- a/tests/java-example-auth-scram-sha-256.yml +++ b/tests/java-example-auth-scram-sha-256.yml @@ -7,10 +7,14 @@ results: postgresql: stats: fail: 1 + fail: + - java-example/java sqlite: stats: fail: 1 + fail: + - java-example/java mongodb: stats: diff --git a/tests/python-example-auth-scram-sha-1.yml b/tests/python-example-auth-scram-sha-1.yml index c862c2045..115310e3a 100644 --- a/tests/python-example-auth-scram-sha-1.yml +++ b/tests/python-example-auth-scram-sha-1.yml @@ -7,10 +7,14 @@ results: postgresql: stats: fail: 1 - + fail: + - python-example + sqlite: stats: fail: 1 + fail: + - python-example mongodb: stats: diff --git a/tests/python-example-auth-scram-sha-256.yml b/tests/python-example-auth-scram-sha-256.yml index 1715437c5..171b2f860 100644 --- a/tests/python-example-auth-scram-sha-256.yml +++ b/tests/python-example-auth-scram-sha-256.yml @@ -7,10 +7,14 @@ results: postgresql: stats: fail: 1 - + fail: + - python-example + sqlite: stats: fail: 1 + fail: + - python-example mongodb: stats: From 0dc202efc3374a46b919d4f84587a190a23d84f2 Mon Sep 17 00:00:00 2001 From: b1ron Date: Wed, 24 Jan 2024 16:17:28 +0100 Subject: [PATCH 57/62] revert changes to config.go --- internal/config/config.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index e2a934b09..ee07100c3 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -207,11 +207,11 @@ func (tc *TestConfig) Compare(results *TestResults) (*CompareResult, error) { case Skip: switch testRes.Status { case Fail: - compareResult.ExpectedFail[test] = testResOutput + compareResult.UnexpectedFail[test] = testResOutput case Skip: compareResult.ExpectedSkip[test] = testResOutput case Pass: - compareResult.ExpectedPass[test] = testResOutput + compareResult.UnexpectedPass[test] = testResOutput case Ignore: fallthrough case Unknown: @@ -222,9 +222,9 @@ func (tc *TestConfig) Compare(results *TestResults) (*CompareResult, error) { case Pass: switch testRes.Status { case Fail: - compareResult.ExpectedFail[test] = testResOutput + compareResult.UnexpectedFail[test] = testResOutput case Skip: - compareResult.ExpectedSkip[test] = testResOutput + compareResult.UnexpectedSkip[test] = testResOutput case Pass: compareResult.ExpectedPass[test] = testResOutput case Ignore: From 9eaf4231a4d2b83c9df9d83267c9a91559ab69cb Mon Sep 17 00:00:00 2001 From: b1ron Date: Thu, 25 Jan 2024 11:17:02 +0100 Subject: [PATCH 58/62] newline --- tests/dotnet-example-auth-scram-sha-256.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/dotnet-example-auth-scram-sha-256.yml b/tests/dotnet-example-auth-scram-sha-256.yml index 9796e6c1e..bf6706420 100644 --- a/tests/dotnet-example-auth-scram-sha-256.yml +++ b/tests/dotnet-example-auth-scram-sha-256.yml @@ -18,6 +18,7 @@ results: fail: 1 fail: - dotnet-example + mongodb: stats: pass: 1 From 448e0af310dea0b1141a65c6454f062fd79c0d2b Mon Sep 17 00:00:00 2001 From: b1ron Date: Sat, 27 Jan 2024 08:14:47 +0100 Subject: [PATCH 59/62] Taskfile --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 53dfcd83b..0a49d9a00 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,7 @@ services: - FERRETDB_HANDLER=postgresql - FERRETDB_POSTGRESQL_URL=postgres://user@postgres:5432/dance - FERRETDB_REPL_SET_NAME=rs0 + - FERRETDB_TEST_ENABLE_NEW_AUTH=true extra_hosts: - "host.docker.internal:host-gateway" From 778758c16ea136b685cc94310f009ca9b0bf68a8 Mon Sep 17 00:00:00 2001 From: b1ron Date: Sat, 27 Jan 2024 08:16:33 +0100 Subject: [PATCH 60/62] ignore error for roles that have not been impl yet --- Taskfile.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Taskfile.yaml b/Taskfile.yaml index 862a04835..ad7e7ded0 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -115,7 +115,7 @@ tasks: docker compose run --rm mongosh mongosh 'mongodb://host.docker.internal:27017/?directConnection=true' --verbose --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "localhost"}]})' - # this is true to prevent an already initialized error and no such command error for replSetInitiate + # ignore already initialized error and no such command error for replSetInitiate ignore_error: true # creates a user similar to MONGO_INITDB_ROOT_USERNAME but does not enable authentication @@ -127,7 +127,7 @@ tasks: docker compose run --rm mongosh mongosh 'mongodb://host.docker.internal:27017/?directConnection=true' --verbose --eval 'db.getSiblingDB("admin").createUser({user: "user", pwd: "password", roles: [ "root" ]})' - # this is true to prevent an already initialized error and no such command error for replSetInitiate + # ignore roles that are not implemented yet ignore_error: true # see https://github.com/DavidAnson/markdownlint-cli2#command-line for the reason we use double-quotes From 4b71904990b2fa2635d2d25e3dec4501d58a5253 Mon Sep 17 00:00:00 2001 From: b1ron Date: Sat, 27 Jan 2024 08:18:07 +0100 Subject: [PATCH 61/62] enable new auth for sqlite --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 0a49d9a00..f1b01bbb7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -29,6 +29,7 @@ services: - FERRETDB_HANDLER=sqlite - FERRETDB_SQLITE_URL=file:/state/?_pragma=busy_timeout(20000) - FERRETDB_REPL_SET_NAME=rs0 + - FERRETDB_TEST_ENABLE_NEW_AUTH=true extra_hosts: - "host.docker.internal:host-gateway" From cf1a8d0239d4deabaf2ade81b31555d858706235 Mon Sep 17 00:00:00 2001 From: b1ron Date: Mon, 29 Jan 2024 11:58:22 +0100 Subject: [PATCH 62/62] fix config --- tests/mongo-go-driver.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/mongo-go-driver.yml b/tests/mongo-go-driver.yml index 9eb46c892..1c9420d6f 100644 --- a/tests/mongo-go-driver.yml +++ b/tests/mongo-go-driver.yml @@ -33,6 +33,7 @@ results: # panic: runtime error: invalid memory address or nil pointer dereference - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_NotSupported - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_NotSupported/afterClusterTime_not_included + - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_Supported skip: - go.mongodb.org/mongo-driver/internal/integration/TestChangeStream_ReplicaSet - go.mongodb.org/mongo-driver/x/mongo/driver/integration/TestCompression @@ -43,7 +44,6 @@ results: - go.mongodb.org/mongo-driver/x/mongo/driver/topology/TestCMAPSpec/pool-checkout-returned-connection-maxConnecting.json - go.mongodb.org/mongo-driver/x/mongo/driver/topology/TestCMAPSpec/pool-close-destroy-conns.json - go.mongodb.org/mongo-driver/x/mongo/driver/topology/TestCMAPSpec/pool-create-min-size-error.json - - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_Supported pass: - go.mongodb.org/mongo-driver/internal/integration/TestClient/ - go.mongodb.org/mongo-driver/internal/docexamples/TestDocumentationExamples/DeleteExamples @@ -68,6 +68,7 @@ results: - go.mongodb.org/mongo-driver/internal/integration/TestClient/retry_writes_error_20_wrapped/write_error_code_20 - go.mongodb.org/mongo-driver/internal/integration/TestClient/retry_writes_error_20_wrapped/write_error_code_20_wrong_msg - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_NotSupported/clusterTime_not_included + - go.mongodb.org/mongo-driver/internal/integration/TestCausalConsistency_Supported/operation_time_nil - go.mongodb.org/mongo-driver/internal/integration/TestChangeStream_Standalone - go.mongodb.org/mongo-driver/internal/integration/TestChangeStream_Standalone/no_custom_standalone_error - go.mongodb.org/mongo-driver/internal/integration/TestClient/disconnect @@ -157,8 +158,8 @@ results: postgresql: stats: fail: 6 - skip: 9 - pass: 633 + skip: 8 + pass: 634 ignore: include_ignore: - ignore @@ -175,8 +176,8 @@ results: sqlite: stats: fail: 6 - skip: 9 - pass: 633 + skip: 8 + pass: 634 ignore: include_ignore: - ignore