test(NODE-5443): x509 auth (#4080)

mongodb · Apr 18, 2024 · a6882ec · a6882ec
1 parent 8fca1aa
commit a6882ec
Show file tree

Hide file tree

Showing 7 changed files with 218 additions and 599 deletions.
diff --git a/.evergreen/config.in.yml b/.evergreen/config.in.yml
@@ -1111,6 +1111,18 @@ functions:
         binary: bash
         args:
           - ${PROJECT_DIRECTORY}/.evergreen/run-benchmarks.sh
+  "run x509 auth tests":
+    - command: subprocess.exec
+      type: test
+      params:
+        working_dir: "src"
+        env:
+          PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+          MONGODB_URI: ${MONGODB_URI}
+          DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+        binary: bash
+        args:
+          - ${PROJECT_DIRECTORY}/.evergreen/run-x509-tests.sh
 
 tasks:
   - name: 'test-atlas-data-lake'

diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -1071,6 +1071,18 @@ functions:
         binary: bash
         args:
           - ${PROJECT_DIRECTORY}/.evergreen/run-benchmarks.sh
+  run x509 auth tests:
+    - command: subprocess.exec
+      type: test
+      params:
+        working_dir: src
+        env:
+          PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
+          MONGODB_URI: ${MONGODB_URI}
+          DRIVERS_TOOLS: ${DRIVERS_TOOLS}
+        binary: bash
+        args:
+          - ${PROJECT_DIRECTORY}/.evergreen/run-x509-tests.sh
 tasks:
   - name: test-atlas-data-lake
     tags:
@@ -1731,6 +1743,23 @@ tasks:
       - func: bootstrap mongo-orchestration
       - func: bootstrap kms servers
       - func: run tests
+  - name: test-x509-authentication
+    tags:
+      - latest
+      - auth
+      - x509
+    commands:
+      - command: expansions.update
+        type: setup
+        params:
+          updates:
+            - {key: VERSION, value: latest}
+            - {key: TOPOLOGY, value: sharded_cluster}
+            - {key: AUTH, value: noauth}
+            - {key: SSL, value: ssl}
+      - func: install dependencies
+      - func: bootstrap mongo-orchestration
+      - func: run x509 auth tests
   - name: test-atlas-connectivity
     tags:
       - atlas-connect
@@ -3975,6 +4004,7 @@ buildvariants:
       - test-3.6-replica_set
       - test-3.6-sharded_cluster
       - test-latest-server-v1-api
+      - test-x509-authentication
       - test-atlas-connectivity
       - test-5.0-load-balanced
       - test-6.0-load-balanced
@@ -4028,6 +4058,7 @@ buildvariants:
       - test-3.6-replica_set
       - test-3.6-sharded_cluster
       - test-latest-server-v1-api
+      - test-x509-authentication
       - test-atlas-connectivity
       - test-5.0-load-balanced
       - test-6.0-load-balanced
@@ -4081,6 +4112,7 @@ buildvariants:
       - test-3.6-replica_set
       - test-3.6-sharded_cluster
       - test-latest-server-v1-api
+      - test-x509-authentication
       - test-atlas-connectivity
       - test-5.0-load-balanced
       - test-6.0-load-balanced
@@ -4133,6 +4165,7 @@ buildvariants:
       - test-3.6-replica_set
       - test-3.6-sharded_cluster
       - test-latest-server-v1-api
+      - test-x509-authentication
       - test-atlas-connectivity
       - test-5.0-load-balanced
       - test-6.0-load-balanced

diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js
@@ -114,6 +114,22 @@ BASE_TASKS.push({
   ]
 });
 
+BASE_TASKS.push({
+  name: `test-x509-authentication`,
+  tags: ['latest', 'auth', 'x509'],
+  commands: [
+    updateExpansions({
+      VERSION: 'latest',
+      TOPOLOGY: 'sharded_cluster',
+      AUTH: 'noauth',
+      SSL: 'ssl'
+    }),
+    { func: 'install dependencies' },
+    { func: 'bootstrap mongo-orchestration' },
+    { func: 'run x509 auth tests' }
+  ]
+})
+
 // manually added tasks
 TASKS.push(
   ...[

diff --git a/.evergreen/run-x509-tests.sh b/.evergreen/run-x509-tests.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source "${PROJECT_DIRECTORY}/.evergreen/init-node-and-npm-env.sh"
+
+set -o errexit
+
+export SSL_KEY_FILE=$DRIVERS_TOOLS/.evergreen/x509gen/client.pem
+export SSL_CA_FILE=$DRIVERS_TOOLS/.evergreen/x509gen/ca.pem
+export SSL_KEY_FILE_EXPIRED=$DRIVERS_TOOLS/.evergreen/x509gen/expired.pem
+export SSL_KEY_NO_USER=$DRIVERS_TOOLS/.evergreen/x509gen/crl.pem
+
+SUBJECT=$(openssl x509 -subject -nameopt RFC2253 -noout -inform PEM -in $SSL_KEY_FILE)
+
+# Strip `subject=` prefix from the subject
+SUBJECT=${SUBJECT#"subject="}
+
+# Remove any leading or trailing whitespace
+SUBJECT=$(echo "$SUBJECT" | awk '{$1=$1;print}')
+
+export SUBJECT
+
+npm run check:x509
diff --git a/package.json b/package.json
@@ -158,6 +158,7 @@
     "check:socks5": "mocha --config test/manual/mocharc.json test/manual/socks5.test.ts",
     "check:csfle": "mocha --config test/mocha_mongodb.json test/integration/client-side-encryption",
     "check:snappy": "mocha test/unit/assorted/snappy.test.js",
+    "check:x509": "mocha test/manual/x509_auth.test.ts",
     "fix:eslint": "npm run check:eslint -- --fix",
     "prepare": "node etc/prepare.js",
     "preview:docs": "ts-node etc/docs/preview.ts",