Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28453

Key rotation integration tests

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.5.10
    • Affects Version/s: None
    • Component/s: Sharding
    • None
    • Fully Compatible
    • Sharding 2017-05-29, Sharding 2017-06-19, Sharding 2017-07-10

      • Verify that the startup of mongo cluster with no keys matches the spec
        1. start up the ShardingTest and confirm that there is a new key in admin.system.keys it must be there when
        a. auth is on - may be just need to ensure that it runs as a part of the auth suite.
        b. auth is off
      • Verify there is a $logicalTime with a signature in the response by looking directly in the response (reference is mongo.js reads $logicalTime)
      • Verify the user manual key rotation:
        1. Delete ALL existing keys by sending this command to the config server primary:
        admin.system.keys.remove({ purpose: 'SigningLogicalTime' });
        

        2. Kill all mongos.
        3. Kill all shard mongod.
        4. Restart all shards and mongos so they will wait for the new keys.
        5. Wait for config server primary to create new keys.

      • verify that mongo shell can use logical time with signature to advance logical time:
        Setup: 2 mongos
        1. With the help of mongobridge, sever all outgoing connections from mongos2. This will make it unable to advance the clock on its own.
        2. Send an insert to mongos1 to advance logical time.
        3. Get the logicalTime 'metadata' from mongos1 response and attach it to an isMaster command being sent to mongos2.
        4. Check that logicalTime response from the mongos2 matches what was passed.

            Assignee:
            jack.mulrow@mongodb.com Jack Mulrow
            Reporter:
            misha.tyulenev@mongodb.com Misha Tyulenev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: