[SERVER-28453] Key rotation integration tests Created: 23/Mar/17  Updated: 06/Dec/17  Resolved: 23/Jun/17

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: None
Fix Version/s: 3.5.10

Type: Task Priority: Major - P3
Reporter: Misha Tyulenev Assignee: Jack Mulrow
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Sharding 2017-05-29, Sharding 2017-06-19, Sharding 2017-07-10
Participants:

 Description   
  • Verify that the startup of mongo cluster with no keys matches the spec
    1. start up the ShardingTest and confirm that there is a new key in admin.system.keys it must be there when
    a. auth is on - may be just need to ensure that it runs as a part of the auth suite.
    b. auth is off
  • Verify there is a $logicalTime with a signature in the response by looking directly in the response (reference is mongo.js reads $logicalTime)
  • Verify the user manual key rotation:
    1. Delete ALL existing keys by sending this command to the config server primary:

    admin.system.keys.remove({ purpose: 'SigningLogicalTime' });
    

    2. Kill all mongos.
    3. Kill all shard mongod.
    4. Restart all shards and mongos so they will wait for the new keys.
    5. Wait for config server primary to create new keys.

  • verify that mongo shell can use logical time with signature to advance logical time:
    Setup: 2 mongos
    1. With the help of mongobridge, sever all outgoing connections from mongos2. This will make it unable to advance the clock on its own.
    2. Send an insert to mongos1 to advance logical time.
    3. Get the logicalTime 'metadata' from mongos1 response and attach it to an isMaster command being sent to mongos2.
    4. Check that logicalTime response from the mongos2 matches what was passed.


 Comments   
Comment by Githook User [ 23/Jun/17 ]

Author:

{u'username': u'jsmulrow', u'name': u'Jack Mulrow', u'email': u'jack.mulrow@mongodb.com'}

Message: SERVER-28453 Key rotation integration tests
Branch: master
https://github.com/mongodb/mongo/commit/8004de424a597cf5933f2380cb31c63c0558630a

Generated at Thu Feb 08 04:18:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.