--- tests: - description: should use the default source and mechanism uri: mongodb://user:password@localhost valid: true credential: username: user password: password source: admin mechanism: mechanism_properties: - description: should use the database when no authSource is specified uri: mongodb://user:password@localhost/foo valid: true credential: username: user password: password source: foo mechanism: mechanism_properties: - description: should use the authSource when specified uri: mongodb://user:password@localhost/foo?authSource=bar valid: true credential: username: user password: password source: bar mechanism: mechanism_properties: - description: should recognise the mechanism (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI valid: true credential: username: user@DOMAIN.COM password: source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: mongodb - description: should ignore the database (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/foo?authMechanism=GSSAPI valid: true credential: username: user@DOMAIN.COM password: source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: mongodb - description: should accept valid authSource (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authSource=$external valid: true credential: username: user@DOMAIN.COM password: source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: mongodb - description: should accept generic mechanism property (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forward,SERVICE_HOST:example.com valid: true credential: username: user@DOMAIN.COM password: source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: other SERVICE_HOST: example.com CANONICALIZE_HOST_NAME: forward - description: should accept forwardAndReverse hostname canonicalization (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forwardAndReverse valid: true credential: username: user@DOMAIN.COM password: source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: other CANONICALIZE_HOST_NAME: forwardAndReverse - description: should accept no hostname canonicalization (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:none valid: true credential: username: user@DOMAIN.COM password: source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: other CANONICALIZE_HOST_NAME: none - description: must raise an error when the hostname canonicalization is invalid uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:invalid valid: false - description: should accept the password (GSSAPI) uri: mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI&authSource=$external valid: true credential: username: user@DOMAIN.COM password: password source: "$external" mechanism: GSSAPI mechanism_properties: SERVICE_NAME: mongodb - description: must raise an error when the authSource is empty uri: mongodb://user:password@localhost/foo?authSource= valid: false - description: must raise an error when the authSource is empty without credentials uri: mongodb://localhost/admin?authSource= valid: false - description: should throw an exception if authSource is invalid (GSSAPI) uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authSource=foo valid: false - description: should throw an exception if no username (GSSAPI) uri: mongodb://localhost/?authMechanism=GSSAPI valid: false - description: should recognize the mechanism (MONGODB-X509) uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509 valid: true credential: username: CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry password: source: "$external" mechanism: MONGODB-X509 mechanism_properties: - description: should ignore the database (MONGODB-X509) uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509 valid: true credential: username: CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry password: source: "$external" mechanism: MONGODB-X509 mechanism_properties: - description: should accept valid authSource (MONGODB-X509) uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509&authSource=$external valid: true credential: username: CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry password: source: "$external" mechanism: MONGODB-X509 mechanism_properties: - description: should recognize the mechanism with no username (MONGODB-X509) uri: mongodb://localhost/?authMechanism=MONGODB-X509 valid: true credential: username: password: source: "$external" mechanism: MONGODB-X509 mechanism_properties: - description: should recognize the mechanism with no username when auth source is explicitly specified (MONGODB-X509) uri: mongodb://localhost/?authMechanism=MONGODB-X509&authSource=$external valid: true credential: username: password: source: "$external" mechanism: MONGODB-X509 mechanism_properties: - description: should throw an exception if supplied a password (MONGODB-X509) uri: mongodb://user:password@localhost/?authMechanism=MONGODB-X509 valid: false - description: should throw an exception if authSource is invalid (MONGODB-X509) uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509&authSource=bar valid: false - description: should recognize the mechanism (PLAIN) uri: mongodb://user:password@localhost/?authMechanism=PLAIN valid: true credential: username: user password: password source: "$external" mechanism: PLAIN mechanism_properties: - description: should use the database when no authSource is specified (PLAIN) uri: mongodb://user:password@localhost/foo?authMechanism=PLAIN valid: true credential: username: user password: password source: foo mechanism: PLAIN mechanism_properties: - description: should use the authSource when specified (PLAIN) uri: mongodb://user:password@localhost/foo?authMechanism=PLAIN&authSource=bar valid: true credential: username: user password: password source: bar mechanism: PLAIN mechanism_properties: - description: should throw an exception if no username (PLAIN) uri: mongodb://localhost/?authMechanism=PLAIN valid: false - description: should recognize the mechanism (SCRAM-SHA-1) uri: mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-1 valid: true credential: username: user password: password source: admin mechanism: SCRAM-SHA-1 mechanism_properties: - description: should use the database when no authSource is specified (SCRAM-SHA-1) uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-1 valid: true credential: username: user password: password source: foo mechanism: SCRAM-SHA-1 mechanism_properties: - description: should accept valid authSource (SCRAM-SHA-1) uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-1&authSource=bar valid: true credential: username: user password: password source: bar mechanism: SCRAM-SHA-1 mechanism_properties: - description: should throw an exception if no username (SCRAM-SHA-1) uri: mongodb://localhost/?authMechanism=SCRAM-SHA-1 valid: false - description: should recognize the mechanism (SCRAM-SHA-256) uri: mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-256 valid: true credential: username: user password: password source: admin mechanism: SCRAM-SHA-256 mechanism_properties: - description: should use the database when no authSource is specified (SCRAM-SHA-256) uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-256 valid: true credential: username: user password: password source: foo mechanism: SCRAM-SHA-256 mechanism_properties: - description: should accept valid authSource (SCRAM-SHA-256) uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-256&authSource=bar valid: true credential: username: user password: password source: bar mechanism: SCRAM-SHA-256 mechanism_properties: - description: should throw an exception if no username (SCRAM-SHA-256) uri: mongodb://localhost/?authMechanism=SCRAM-SHA-256 valid: false - description: URI with no auth-related info doesn't create credential uri: mongodb://localhost/ valid: true credential: - description: database in URI path doesn't create credentials uri: mongodb://localhost/foo valid: true credential: - description: authSource without username doesn't create credential (default mechanism) uri: mongodb://localhost/?authSource=foo valid: true credential: - description: should throw an exception if no username provided (userinfo implies default mechanism) uri: mongodb://@localhost.com/ valid: false - description: should throw an exception if no username/password provided (userinfo implies default mechanism) uri: mongodb://:@localhost.com/ valid: false - description: should recognise the mechanism (MONGODB-AWS) uri: mongodb://localhost/?authMechanism=MONGODB-AWS valid: true credential: username: password: source: "$external" mechanism: MONGODB-AWS mechanism_properties: - description: should recognise the mechanism when auth source is explicitly specified (MONGODB-AWS) uri: mongodb://localhost/?authMechanism=MONGODB-AWS&authSource=$external valid: true credential: username: password: source: "$external" mechanism: MONGODB-AWS mechanism_properties: - description: should throw an exception if username and no password (MONGODB-AWS) uri: mongodb://user@localhost/?authMechanism=MONGODB-AWS valid: false credential: - description: should use username and password if specified (MONGODB-AWS) uri: mongodb://user%21%40%23%24%25%5E%26%2A%28%29_%2B:pass%21%40%23%24%25%5E%26%2A%28%29_%2B@localhost/?authMechanism=MONGODB-AWS valid: true credential: username: user!@#$%^&*()_+ password: pass!@#$%^&*()_+ source: "$external" mechanism: MONGODB-AWS mechanism_properties: - description: should use username, password and session token if specified (MONGODB-AWS) uri: mongodb://user:password@localhost/?authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:token%21%40%23%24%25%5E%26%2A%28%29_%2B valid: true credential: username: user password: password source: "$external" mechanism: MONGODB-AWS mechanism_properties: AWS_SESSION_TOKEN: token!@#$%^&*()_+ - description: should recognise the mechanism with test environment (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test valid: true credential: username: password: source: "$external" mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: test - description: should recognise the mechanism when auth source is explicitly specified and with environment (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external&authMechanismProperties=ENVIRONMENT:test valid: true credential: username: password: source: "$external" mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: test - description: should throw an exception if supplied a password (MONGODB-OIDC) uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test valid: false credential: - description: should throw an exception if username is specified for test (MONGODB-OIDC) uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test valid: false credential: - description: should throw an exception if specified environment is not supported (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:invalid valid: false credential: - description: should throw an exception if neither environment nor callbacks specified (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC valid: false credential: - description: should throw an exception when unsupported auth property is specified (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=UnsupportedProperty:unexisted valid: false credential: - description: should recognise the mechanism with azure provider (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo valid: true credential: username: null password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: azure TOKEN_RESOURCE: foo - description: should accept a username with azure provider (MONGODB-OIDC) uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo valid: true credential: username: user password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: azure TOKEN_RESOURCE: foo - description: should accept a url-encoded TOKEN_RESOURCE (MONGODB-OIDC) uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:mongodb%3A%2F%2Ftest-cluster valid: true credential: username: user password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: azure TOKEN_RESOURCE: 'mongodb://test-cluster' - description: should accept an un-encoded TOKEN_RESOURCE (MONGODB-OIDC) uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:mongodb://test-cluster valid: true credential: username: user password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: azure TOKEN_RESOURCE: 'mongodb://test-cluster' - description: should handle a complicated url-encoded TOKEN_RESOURCE (MONGODB-OIDC) uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:abcd%25ef%3Ag%26hi valid: true credential: username: user password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: azure TOKEN_RESOURCE: 'abcd%ef:g&hi' - description: should url-encode a TOKEN_RESOURCE (MONGODB-OIDC) uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:a$b valid: true credential: username: user password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: azure TOKEN_RESOURCE: a$b - description: should accept a username and throw an error for a password with azure provider (MONGODB-OIDC) uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo valid: false credential: null - description: should throw an exception if no token audience is given for azure provider (MONGODB-OIDC) uri: mongodb://username@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure valid: false credential: null - description: should recognise the mechanism with gcp provider (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo valid: true credential: username: null password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: gcp TOKEN_RESOURCE: foo - description: should throw an error for a username and password with gcp provider (MONGODB-OIDC) uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo valid: false credential: null - description: should throw an error if not TOKEN_RESOURCE with gcp provider (MONGODB-OIDC) uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp valid: false credential: null - description: should recognise the mechanism with k8s provider (MONGODB-OIDC) uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s valid: true credential: username: null password: null source: $external mechanism: MONGODB-OIDC mechanism_properties: ENVIRONMENT: k8s - description: should throw an error for a username and password with k8s provider (MONGODB-OIDC) uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s valid: false credential: null