[SERVER-55273] ReplSetTest and ShardingTest objects does not support x509 authentication - MongoDB Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: Testing Infrastructure
Labels:
- former-quick-wins

Operating System:
ALL
Steps To Reproduce:

Hide

1. Run the attached script with on the ssl suite.

Show
1. Run the attached script with on the ssl suite.

Description

The following snippet results in a JavaScript error when initializing a cluster:

'use strict';

var x509_options = {

    sslMode: "requireSSL",

    sslPEMKeyFile: "jstests/libs/server.pem",

    sslCAFile: "jstests/libs/ca.pem",

    sslClusterFile: "jstests/libs/cluster_cert.pem",

    sslAllowInvalidHostnames: "",

    clusterAuthMode: "x509"

};

var st = new ShardingTest({

    shards: 2,

    mongos: 1,

    other: {

        enableBalancer: true,

        configOptions: x509_options,

        mongosOptions: x509_options,

        rsOptions: x509_options,

        shardOptions: x509_options

});

st.stop();

With the following backtrace:

assert: command failed: {

	"ok" : 0,

	"errmsg" : "not authorized on admin to execute command { serverStatus: 1.0, lsid: { id: UUID(\"aeb11c69-c642-4f3b-8910-915161999c85\") }, $db: \"admin\" }",

	"code" : 13,

	"codeName" : "Unauthorized"

} with original command request: {

	"serverStatus" : 1,

	"lsid" : {

		"id" : UUID("aeb11c69-c642-4f3b-8910-915161999c85")

} on connection: connection to ip-10-122-78-134.ec2.internal:20520

_getErrorWithCode@src/mongo/shell/utils.js:25:13

doassert@src/mongo/shell/assert.js:18:14

_assertCommandWorked@src/mongo/shell/assert.js:719:17

assert.commandWorked@src/mongo/shell/assert.js:811:16

_isRunningWithoutJournaling/result<@src/mongo/shell/replsettest.js:214:32

asCluster@src/mongo/shell/replsettest.js:203:20

_isRunningWithoutJournaling@src/mongo/shell/replsettest.js:213:22

ReplSetTest/this._updateConfigIfNotDurable@src/mongo/shell/replsettest.js:1167:13

ReplSetTest/this._setDefaultConfigOptions@src/mongo/shell/replsettest.js:1176:9

ReplSetTest/this.initiateWithAnyNodeAsPrimary@src/mongo/shell/replsettest.js:1318:9

initiateReplicaSet@src/mongo/shell/shardingtest.js:1634:9

ShardingTest@src/mongo/shell/shardingtest.js:1709:13

@jstests/ssl/sharding_with_x509.js:20:10

@jstests/ssl/sharding_with_x509.js:3:2

The cause of this seems to be that when initializing a shard as a replica set a server status command is being executed but the only authentication method available is by using a keyFile, so there is no way of using x509. There is an old ticket proposing a refactor of ShardingTest and ReplSetTest. Until this is fixed, tests like sharding_with_x509.js or speculative-auth-sharding.js must be blacklisted.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

test_x509.js
0.5 kB
Mar 17 2021 05:58:40 PM UTC

Issue Links

is depended on by

SERVER-55824 Make ssl_get_more.js start shards as replicaset

Closed

is related to

SERVER-53605 Ensure replsettest.asCluster works with clusterAuthMode = x509

Closed

SERVER-43899 Blacklist sharding_with_x509.js and speculative-auth-sharding.js start shards as replica sets

Closed

related to

SERVER-14017 Refactor ShardingTest and ReplSetTest objects to use separate control and test connections

Backlog

Activity

People

Assignee:: Backlog - Replication Team

Reporter:: Marcos José Grillo Ramirez

Participants:: Backlog - Replication Team, Marcos José Grillo Ramirez, Mark Benvenuto, Tommaso Tocci

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: Mar 17 2021 06:05:26 PM UTC

Updated:: May 04 2021 07:30:27 PM UTC

Resolved:: May 04 2021 07:30:27 PM UTC