472 lines
17 KiB
YAML
472 lines
17 KiB
YAML
---
|
|
tests:
|
|
- description: should use the default source and mechanism
|
|
uri: mongodb://user:password@localhost
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: admin
|
|
mechanism:
|
|
mechanism_properties:
|
|
- description: should use the database when no authSource is specified
|
|
uri: mongodb://user:password@localhost/foo
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: foo
|
|
mechanism:
|
|
mechanism_properties:
|
|
- description: should use the authSource when specified
|
|
uri: mongodb://user:password@localhost/foo?authSource=bar
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: bar
|
|
mechanism:
|
|
mechanism_properties:
|
|
- description: should recognise the mechanism (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password:
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: mongodb
|
|
- description: should ignore the database (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/foo?authMechanism=GSSAPI
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password:
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: mongodb
|
|
- description: should accept valid authSource (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authSource=$external
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password:
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: mongodb
|
|
- description: should accept generic mechanism property (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forward,SERVICE_HOST:example.com
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password:
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: other
|
|
SERVICE_HOST: example.com
|
|
CANONICALIZE_HOST_NAME: forward
|
|
- description: should accept forwardAndReverse hostname canonicalization (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forwardAndReverse
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password:
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: other
|
|
CANONICALIZE_HOST_NAME: forwardAndReverse
|
|
- description: should accept no hostname canonicalization (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:none
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password:
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: other
|
|
CANONICALIZE_HOST_NAME: none
|
|
- description: must raise an error when the hostname canonicalization is invalid
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:invalid
|
|
valid: false
|
|
- description: should accept the password (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI&authSource=$external
|
|
valid: true
|
|
credential:
|
|
username: user@DOMAIN.COM
|
|
password: password
|
|
source: "$external"
|
|
mechanism: GSSAPI
|
|
mechanism_properties:
|
|
SERVICE_NAME: mongodb
|
|
- description: must raise an error when the authSource is empty
|
|
uri: mongodb://user:password@localhost/foo?authSource=
|
|
valid: false
|
|
- description: must raise an error when the authSource is empty without credentials
|
|
uri: mongodb://localhost/admin?authSource=
|
|
valid: false
|
|
- description: should throw an exception if authSource is invalid (GSSAPI)
|
|
uri: mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authSource=foo
|
|
valid: false
|
|
- description: should throw an exception if no username (GSSAPI)
|
|
uri: mongodb://localhost/?authMechanism=GSSAPI
|
|
valid: false
|
|
- description: should recognize the mechanism (MONGODB-X509)
|
|
uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509
|
|
valid: true
|
|
credential:
|
|
username: CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-X509
|
|
mechanism_properties:
|
|
- description: should ignore the database (MONGODB-X509)
|
|
uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509
|
|
valid: true
|
|
credential:
|
|
username: CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-X509
|
|
mechanism_properties:
|
|
- description: should accept valid authSource (MONGODB-X509)
|
|
uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509&authSource=$external
|
|
valid: true
|
|
credential:
|
|
username: CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-X509
|
|
mechanism_properties:
|
|
- description: should recognize the mechanism with no username (MONGODB-X509)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-X509
|
|
valid: true
|
|
credential:
|
|
username:
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-X509
|
|
mechanism_properties:
|
|
- description: should recognize the mechanism with no username when auth source is
|
|
explicitly specified (MONGODB-X509)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-X509&authSource=$external
|
|
valid: true
|
|
credential:
|
|
username:
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-X509
|
|
mechanism_properties:
|
|
- description: should throw an exception if supplied a password (MONGODB-X509)
|
|
uri: mongodb://user:password@localhost/?authMechanism=MONGODB-X509
|
|
valid: false
|
|
- description: should throw an exception if authSource is invalid (MONGODB-X509)
|
|
uri: mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509&authSource=bar
|
|
valid: false
|
|
- description: should recognize the mechanism (PLAIN)
|
|
uri: mongodb://user:password@localhost/?authMechanism=PLAIN
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: "$external"
|
|
mechanism: PLAIN
|
|
mechanism_properties:
|
|
- description: should use the database when no authSource is specified (PLAIN)
|
|
uri: mongodb://user:password@localhost/foo?authMechanism=PLAIN
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: foo
|
|
mechanism: PLAIN
|
|
mechanism_properties:
|
|
- description: should use the authSource when specified (PLAIN)
|
|
uri: mongodb://user:password@localhost/foo?authMechanism=PLAIN&authSource=bar
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: bar
|
|
mechanism: PLAIN
|
|
mechanism_properties:
|
|
- description: should throw an exception if no username (PLAIN)
|
|
uri: mongodb://localhost/?authMechanism=PLAIN
|
|
valid: false
|
|
- description: should recognize the mechanism (SCRAM-SHA-1)
|
|
uri: mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-1
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: admin
|
|
mechanism: SCRAM-SHA-1
|
|
mechanism_properties:
|
|
- description: should use the database when no authSource is specified (SCRAM-SHA-1)
|
|
uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-1
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: foo
|
|
mechanism: SCRAM-SHA-1
|
|
mechanism_properties:
|
|
- description: should accept valid authSource (SCRAM-SHA-1)
|
|
uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-1&authSource=bar
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: bar
|
|
mechanism: SCRAM-SHA-1
|
|
mechanism_properties:
|
|
- description: should throw an exception if no username (SCRAM-SHA-1)
|
|
uri: mongodb://localhost/?authMechanism=SCRAM-SHA-1
|
|
valid: false
|
|
- description: should recognize the mechanism (SCRAM-SHA-256)
|
|
uri: mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-256
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: admin
|
|
mechanism: SCRAM-SHA-256
|
|
mechanism_properties:
|
|
- description: should use the database when no authSource is specified (SCRAM-SHA-256)
|
|
uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-256
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: foo
|
|
mechanism: SCRAM-SHA-256
|
|
mechanism_properties:
|
|
- description: should accept valid authSource (SCRAM-SHA-256)
|
|
uri: mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-256&authSource=bar
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: bar
|
|
mechanism: SCRAM-SHA-256
|
|
mechanism_properties:
|
|
- description: should throw an exception if no username (SCRAM-SHA-256)
|
|
uri: mongodb://localhost/?authMechanism=SCRAM-SHA-256
|
|
valid: false
|
|
- description: URI with no auth-related info doesn't create credential
|
|
uri: mongodb://localhost/
|
|
valid: true
|
|
credential:
|
|
- description: database in URI path doesn't create credentials
|
|
uri: mongodb://localhost/foo
|
|
valid: true
|
|
credential:
|
|
- description: authSource without username doesn't create credential (default mechanism)
|
|
uri: mongodb://localhost/?authSource=foo
|
|
valid: true
|
|
credential:
|
|
- description: should throw an exception if no username provided (userinfo implies
|
|
default mechanism)
|
|
uri: mongodb://@localhost.com/
|
|
valid: false
|
|
- description: should throw an exception if no username/password provided (userinfo
|
|
implies default mechanism)
|
|
uri: mongodb://:@localhost.com/
|
|
valid: false
|
|
- description: should recognise the mechanism (MONGODB-AWS)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-AWS
|
|
valid: true
|
|
credential:
|
|
username:
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-AWS
|
|
mechanism_properties:
|
|
- description: should recognise the mechanism when auth source is explicitly specified
|
|
(MONGODB-AWS)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-AWS&authSource=$external
|
|
valid: true
|
|
credential:
|
|
username:
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-AWS
|
|
mechanism_properties:
|
|
- description: should throw an exception if username and no password (MONGODB-AWS)
|
|
uri: mongodb://user@localhost/?authMechanism=MONGODB-AWS
|
|
valid: false
|
|
credential:
|
|
- description: should use username and password if specified (MONGODB-AWS)
|
|
uri: mongodb://user%21%40%23%24%25%5E%26%2A%28%29_%2B:pass%21%40%23%24%25%5E%26%2A%28%29_%2B@localhost/?authMechanism=MONGODB-AWS
|
|
valid: true
|
|
credential:
|
|
username: user!@#$%^&*()_+
|
|
password: pass!@#$%^&*()_+
|
|
source: "$external"
|
|
mechanism: MONGODB-AWS
|
|
mechanism_properties:
|
|
- description: should use username, password and session token if specified (MONGODB-AWS)
|
|
uri: mongodb://user:password@localhost/?authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:token%21%40%23%24%25%5E%26%2A%28%29_%2B
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: password
|
|
source: "$external"
|
|
mechanism: MONGODB-AWS
|
|
mechanism_properties:
|
|
AWS_SESSION_TOKEN: token!@#$%^&*()_+
|
|
- description: should recognise the mechanism with test environment (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test
|
|
valid: true
|
|
credential:
|
|
username:
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: test
|
|
- description: should recognise the mechanism when auth source is explicitly specified and with environment (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external&authMechanismProperties=ENVIRONMENT:test
|
|
valid: true
|
|
credential:
|
|
username:
|
|
password:
|
|
source: "$external"
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: test
|
|
- description: should throw an exception if supplied a password (MONGODB-OIDC)
|
|
uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test
|
|
valid: false
|
|
credential:
|
|
- description: should throw an exception if username is specified for test (MONGODB-OIDC)
|
|
uri: mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test
|
|
valid: false
|
|
credential:
|
|
- description: should throw an exception if specified environment is not supported (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:invalid
|
|
valid: false
|
|
credential:
|
|
- description: should throw an exception if neither environment nor callbacks specified (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC
|
|
valid: false
|
|
credential:
|
|
- description: should throw an exception when unsupported auth property is specified (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=UnsupportedProperty:unexisted
|
|
valid: false
|
|
credential:
|
|
- description: should recognise the mechanism with azure provider (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo
|
|
valid: true
|
|
credential:
|
|
username: null
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: azure
|
|
TOKEN_RESOURCE: foo
|
|
- description: should accept a username with azure provider (MONGODB-OIDC)
|
|
uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: azure
|
|
TOKEN_RESOURCE: foo
|
|
- description: should accept a url-encoded TOKEN_RESOURCE (MONGODB-OIDC)
|
|
uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:mongodb%3A%2F%2Ftest-cluster
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: azure
|
|
TOKEN_RESOURCE: 'mongodb://test-cluster'
|
|
- description: should accept an un-encoded TOKEN_RESOURCE (MONGODB-OIDC)
|
|
uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:mongodb://test-cluster
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: azure
|
|
TOKEN_RESOURCE: 'mongodb://test-cluster'
|
|
- description: should handle a complicated url-encoded TOKEN_RESOURCE (MONGODB-OIDC)
|
|
uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:abcd%25ef%3Ag%26hi
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: azure
|
|
TOKEN_RESOURCE: 'abcd%ef:g&hi'
|
|
- description: should url-encode a TOKEN_RESOURCE (MONGODB-OIDC)
|
|
uri: mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:a$b
|
|
valid: true
|
|
credential:
|
|
username: user
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: azure
|
|
TOKEN_RESOURCE: a$b
|
|
- description: should accept a username and throw an error for a password with azure provider (MONGODB-OIDC)
|
|
uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo
|
|
valid: false
|
|
credential: null
|
|
- description: should throw an exception if no token audience is given for azure provider (MONGODB-OIDC)
|
|
uri: mongodb://username@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure
|
|
valid: false
|
|
credential: null
|
|
- description: should recognise the mechanism with gcp provider (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo
|
|
valid: true
|
|
credential:
|
|
username: null
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: gcp
|
|
TOKEN_RESOURCE: foo
|
|
- description: should throw an error for a username and password with gcp provider
|
|
(MONGODB-OIDC)
|
|
uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo
|
|
valid: false
|
|
credential: null
|
|
- description: should throw an error if not TOKEN_RESOURCE with gcp provider (MONGODB-OIDC)
|
|
uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp
|
|
valid: false
|
|
credential: null
|
|
- description: should recognise the mechanism with k8s provider (MONGODB-OIDC)
|
|
uri: mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s
|
|
valid: true
|
|
credential:
|
|
username: null
|
|
password: null
|
|
source: $external
|
|
mechanism: MONGODB-OIDC
|
|
mechanism_properties:
|
|
ENVIRONMENT: k8s
|
|
- description: should throw an error for a username and password with k8s provider
|
|
(MONGODB-OIDC)
|
|
uri: mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s
|
|
valid: false
|
|
credential: null
|