From cf3aca407374056806108659e22125e33fa5668c Mon Sep 17 00:00:00 2001 From: Maxim Katcharov Date: Wed, 29 May 2024 17:36:47 -0600 Subject: [PATCH] OIDC admin credentials JAVA-5450 # Conflicts: # driver-sync/src/test/functional/com/mongodb/internal/connection/OidcAuthenticationProseTests.java --- .evergreen/run-mongodb-oidc-test.sh | 7 +++++- .../com/mongodb/client/unified/Entities.java | 6 +++++ .../OidcAuthenticationProseTests.java | 23 +++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/.evergreen/run-mongodb-oidc-test.sh b/.evergreen/run-mongodb-oidc-test.sh index 1f5c1b310cc..ec2b2c19610 100755 --- a/.evergreen/run-mongodb-oidc-test.sh +++ b/.evergreen/run-mongodb-oidc-test.sh @@ -34,7 +34,12 @@ fi which java export OIDC_TESTS_ENABLED=true -./gradlew -Dorg.mongodb.test.uri="$MONGODB_URI" \ +# use admin credentials for tests +TO_REPLACE="mongodb://" +REPLACEMENT="mongodb://$OIDC_ADMIN_USER:$OIDC_ADMIN_PWD@" +ADMIN_URI=${MONGODB_URI/$TO_REPLACE/$REPLACEMENT} + +./gradlew -Dorg.mongodb.test.uri="$ADMIN_URI" \ --stacktrace --debug --info --no-build-cache driver-core:cleanTest \ driver-sync:test --tests OidcAuthenticationProseTests --tests UnifiedAuthTest \ driver-reactive-streams:test --tests OidcAuthenticationAsyncProseTests \ diff --git a/driver-sync/src/test/functional/com/mongodb/client/unified/Entities.java b/driver-sync/src/test/functional/com/mongodb/client/unified/Entities.java index 76e49d68cdb..f3aef9ec257 100644 --- a/driver-sync/src/test/functional/com/mongodb/client/unified/Entities.java +++ b/driver-sync/src/test/functional/com/mongodb/client/unified/Entities.java @@ -18,6 +18,7 @@ import com.mongodb.ClientEncryptionSettings; import com.mongodb.ClientSessionOptions; +import com.mongodb.ConnectionString; import com.mongodb.MongoClientSettings; import com.mongodb.MongoCredential; import com.mongodb.ReadConcern; @@ -535,6 +536,11 @@ private void initClient(final BsonDocument entity, final String id, "Unsupported authMechanismProperties for authMechanism: " + value); } + // override the org.mongodb.test.uri connection string + String uri = getenv("MONGODB_URI"); + ConnectionString cs = new ConnectionString(uri); + clientSettingsBuilder.applyConnectionString(cs); + String env = assertNotNull(getenv("OIDC_ENV")); MongoCredential oidcCredential = MongoCredential .createOidcCredential(null) diff --git a/driver-sync/src/test/functional/com/mongodb/internal/connection/OidcAuthenticationProseTests.java b/driver-sync/src/test/functional/com/mongodb/internal/connection/OidcAuthenticationProseTests.java index 9915f6a6a34..045cfdee9e9 100644 --- a/driver-sync/src/test/functional/com/mongodb/internal/connection/OidcAuthenticationProseTests.java +++ b/driver-sync/src/test/functional/com/mongodb/internal/connection/OidcAuthenticationProseTests.java @@ -232,6 +232,29 @@ public void test2p4InvalidClientConfigurationWithCallback() { () -> performFind(settings)); } + @Test + public void test2p5InvalidAllowedHosts() { + assumeTestEnvironment(); + + String uri = "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:123"; + ConnectionString cs = new ConnectionString(uri); + MongoCredential credential = assertNotNull(cs.getCredential()) + .withMechanismProperty("ALLOWED_HOSTS", Collections.emptyList()); + MongoClientSettings settings = MongoClientSettings.builder() + .applicationName(appName) + .applyConnectionString(cs) + .retryReads(false) + .credential(credential) + .build(); + assertCause(IllegalArgumentException.class, + "ALLOWED_HOSTS must be specified only when OIDC_HUMAN_CALLBACK is specified", + () -> { + try (MongoClient mongoClient = createMongoClient(settings)) { + performFind(mongoClient); + } + }); + } + @Test public void test3p1AuthFailsWithCachedToken() throws ExecutionException, InterruptedException, NoSuchFieldException, IllegalAccessException { TestCallback callbackWrapped = createCallback();