##########################################################
## TESTING ON LATEST VERSION OF MDB TOOLS as of 7/15/20 ##
##########################################################

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump --version
mongodump version: 100.0.2-16-g3764bfc2
git version: 3764bfc2df899dd194fb635917c1cbda407a9998
Go version: go1.14.4
   os: darwin
   arch: amd64
   compiler: gc

######################
## Explicit Options ##
######################

## Works:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS" --username <my_actual_aws_access_key_id> --password <my_actual_aws_secret_access_key>
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $

###########################
## URI Connection String ##
###########################

## Also works:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://<my_actual_aws_access_key_id>:<my_actual_aws_secret_access_key_percent_encoded>@cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS"
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $


################################
## PANIC with awsSessionToken ##
################################

# Panics when supplying a bogus AWS Session Token, but param itself is accepted:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS" --username <my_actual_aws_access_key_id> --password <my_actual_aws_secret_access_key> --awsSessionToken test
panic: assignment to entry in nil map

goroutine 1 [running]:
github.com/mongodb/mongo-tools/vendor/github.com/mongodb/mongo-tools-common/options.(*ToolOptions).setOptionsFromURI(0xc00022d8c0, 0x7ffeefbff914, 0x62, 0x0, 0x0, 0x7ffeefbff96b, 0xb, 0x0, 0x0, 0xc000288a50, ...)
	/Users/andrew.feierabend/.go/src/github.com/mongodb/mongo-tools/vendor/github.com/mongodb/mongo-tools-common/options/options.go:881 +0x256f
github.com/mongodb/mongo-tools/vendor/github.com/mongodb/mongo-tools-common/options.(*ToolOptions).NormalizeOptionsAndURI(0xc00022d8c0, 0xc0002969a0, 0x1)
	/Users/andrew.feierabend/.go/src/github.com/mongodb/mongo-tools/vendor/github.com/mongodb/mongo-tools-common/options/options.go:534 +0x188
github.com/mongodb/mongo-tools/vendor/github.com/mongodb/mongo-tools-common/options.(*ToolOptions).ParseArgs(0xc00022d8c0, 0xc000020090, 0x0, 0x0, 0x19ce9c0, 0x28, 0x1779458, 0x145, 0x101010101)
	/Users/andrew.feierabend/.go/src/github.com/mongodb/mongo-tools/vendor/github.com/mongodb/mongo-tools-common/options/options.go:478 +0xa6
github.com/mongodb/mongo-tools/mongodump.ParseOptions(0xc000020090, 0x7, 0x7, 0x19bb7f0, 0x14, 0x19ce9c0, 0x28, 0x8, 0x10, 0xc00006bc20, ...)
	/Users/andrew.feierabend/.go/src/github.com/mongodb/mongo-tools/mongodump/options.go:88 +0x141
main.main()
	/Users/andrew.feierabend/.go/src/github.com/mongodb/mongo-tools/mongodump/main/mongodump.go:33 +0xc5

## Note that I do not have a way of testing an actual session key.

######################################
## DNS Lookup Error Still Incorrect ##
######################################

## Same confusing error with bogus hostname "fakefakefake" as before:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://<my_actual_aws_access_key_id>:<my_actual_aws_secret_access_key_percent_encoded>@fakefakefake.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS"
2020-07-15T11:44:08.236-0400	error parsing command line options: error parsing positional arguments: provide only one MongoDB connection string. Connection strings must begin with mongodb:// or mongodb+srv:// schemes
2020-07-15T11:44:08.236-0400	try 'mongodump --help' for more information
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $

## Identical command except with correct hostname (works):

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://<my_actual_aws_access_key_id>:<my_actual_aws_secret_access_key_percent_encoded>@cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS"
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $

###############################################################
## AWS Environment Variables Omitted Confusing Error Message ##
###############################################################


## Test without setting the AWS Environment Variables:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ env | grep AWS
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $

## Errors, as expected, but strangely:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS"
2020-07-15T11:46:10.097-0400	Failed: can't create session: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "MONGODB-AWS": Put "http://169.254.169.254/latest/api/token": context deadline exceeded

## Code only needs to look for 2 (or optionally 3) always-named-the-same AWS environment variables: if 2 are unset, immediately error with "no UN/PW or key/secret supplied"
## Instead, code hangs for a bit, as if awaiting user input, and then errors with confusing message regarding AWS' always-routable DNS server (169.254.169.254).
## Better to just indicate that the 2 required fields are missing, either through explicit options, URI, or AWS env, I would think.


## Test with the AWS Environment Variables Set, to test newly-added support in TOOLS-2618:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ export AWS_ACCESS_KEY_ID='<my_actual_aws_access_key_id>'
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ export AWS_SECRET_ACCESS_KEY='<my_actual_aws_secret_access_key>'
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ env | grep AWS
AWS_SECRET_ACCESS_KEY=<my_actual_aws_secret_access_key>
AWS_ACCESS_KEY_ID=<my_actual_aws_access_key_id>

## Works:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS"
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $


## Also performs as hoped:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ export AWS_SESSION_TOKEN='bogus value'
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ env | grep AWS
AWS_SESSION_TOKEN=bogus value
AWS_SECRET_ACCESS_KEY=<my_actual_aws_secret_access_key>
AWS_ACCESS_KEY_ID=<my_actual_aws_access_key_id>

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS"
2020-07-15T11:50:32.988-0400	Failed: can't create session: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "MONGODB-AWS": (AuthenticationFailed) Authentication failed.


## However, Tools do not seem to support a mix of both env and explicit/URI. If I unset the session key, and then try to use authMechanismProperties=AWS_SESSION_TOKEN:bogus to specify a bogus token:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ unset AWS_SESSION_TOKEN
~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ env | grep AWS
AWS_SECRET_ACCESS_KEY=<my_actual_aws_secret_access_key>
AWS_ACCESS_KEY_ID=<my_actual_aws_access_key_id>

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:bogus"
2020-07-15T12:05:10.612-0400	error parsing command line options: token without username and password is invalid for MONGODB-AWS
2020-07-15T12:05:10.612-0400	try 'mongodump --help' for more information

## However, adding back the access key ID and secret key, the authMechanismProperties in the URI string is outright rejected, despite the above error indicating that it was recognized in some fashion:

~/.go/src/github.com/mongodb/mongo-tools/bin(master) $ ./mongodump "mongodb+srv://<my_actual_aws_access_key_id>:<my_actual_aws_secret_access_key_percent_encoded>@cluster1-k45tj.mongodb-dev.net/test?authSource=%24external&authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:bogus"
2020-07-15T12:08:44.859-0400	WARNING: ignoring unsupported URI parameter 'authmechanismproperties'
2020-07-15T12:08:45.412-0400	Failed: can't create session: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "MONGODB-AWS": (AuthenticationFailed) Authentication failed.

## I don't have a way of testing session keys, so maybe if I were to provide a valid value for AWS_SESSION_TOKEN the auth would work, and the problem is only with the error message itself being misleading?