From e42a99cfdeeb5781acca95a3df6958bed05e4773 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Thu, 5 Sep 2024 20:03:57 -0500 Subject: [PATCH 01/25] try constring --- x/mongo/driver/connstring/connstring.go | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index fd69eb4904..4a7a01f4fb 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -296,7 +296,7 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { u.AuthMechanismProperties["SERVICE_NAME"] = "mongodb" } fallthrough - case "mongodb-aws", "mongodb-x509", "mongodb-oidc": + case "mongodb-aws", "mongodb-x509": if u.AuthSource == "" { u.AuthSource = "$external" } else if u.AuthSource != "$external" { @@ -313,6 +313,13 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { u.AuthSource = "admin" } } + case "mongodb-oidc": + if u.AuthSource == "" { + u.AuthSource = dbName + if u.AuthSource == "" { + u.AuthSource = "$external" + } + } case "": // Only set auth source if there is a request for authentication via non-empty credentials. if u.AuthSource == "" && (u.AuthMechanismProperties != nil || u.Username != "" || u.PasswordSet) { @@ -902,16 +909,15 @@ func (p *parser) parse(original string) (*ConnString, error) { uri := original var err error - switch { - case strings.HasPrefix(uri, SchemeMongoDBSRV+"://"): + if strings.HasPrefix(uri, SchemeMongoDBSRV+"://") { connStr.Scheme = SchemeMongoDBSRV // remove the scheme uri = uri[len(SchemeMongoDBSRV)+3:] - case strings.HasPrefix(uri, SchemeMongoDB+"://"): + } else if strings.HasPrefix(uri, SchemeMongoDB+"://") { connStr.Scheme = SchemeMongoDB // remove the scheme uri = uri[len(SchemeMongoDB)+3:] - default: + } else { return nil, errors.New(`scheme must be "mongodb" or "mongodb+srv"`) } @@ -922,9 +928,9 @@ func (p *parser) parse(original string) (*ConnString, error) { username := userInfo var password string - if u, p, ok := strings.Cut(userInfo, ":"); ok { - username = u - password = p + if idx := strings.Index(userInfo, ":"); idx != -1 { + username = userInfo[:idx] + password = userInfo[idx+1:] connStr.PasswordSet = true } From cc7d77edca455ec208387117b7e37e0dc18da6aa Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 07:35:55 -0500 Subject: [PATCH 02/25] try topology_options and client --- mongo/client.go | 48 +++++-- x/mongo/driver/topology/topology_options.go | 131 +++++++------------- 2 files changed, 88 insertions(+), 91 deletions(-) diff --git a/mongo/client.go b/mongo/client.go index 0ce6d2e24b..00f4f363ae 100644 --- a/mongo/client.go +++ b/mongo/client.go @@ -212,21 +212,42 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { } if clientOpt.Auth != nil { - client.authenticator, err = auth.CreateAuthenticator( - clientOpt.Auth.AuthMechanism, - topology.ConvertCreds(clientOpt.Auth), - clientOpt.HTTPClient, - ) + var oidcMachineCallback auth.OIDCCallback + if clientOpt.Auth.OIDCMachineCallback != nil { + oidcMachineCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { + cred, err := clientOpt.Auth.OIDCMachineCallback(ctx, convertOIDCArgs(args)) + return (*driver.OIDCCredential)(cred), err + } + } + + var oidcHumanCallback auth.OIDCCallback + if clientOpt.Auth.OIDCHumanCallback != nil { + oidcHumanCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { + cred, err := clientOpt.Auth.OIDCHumanCallback(ctx, convertOIDCArgs(args)) + return (*driver.OIDCCredential)(cred), err + } + } + + // Create an authenticator for the client + client.authenticator, err = auth.CreateAuthenticator(clientOpt.Auth.AuthMechanism, &auth.Cred{ + Source: clientOpt.Auth.AuthSource, + Username: clientOpt.Auth.Username, + Password: clientOpt.Auth.Password, + PasswordSet: clientOpt.Auth.PasswordSet, + Props: clientOpt.Auth.AuthMechanismProperties, + OIDCMachineCallback: oidcMachineCallback, + OIDCHumanCallback: oidcHumanCallback, + }, clientOpt.HTTPClient) if err != nil { - return nil, fmt.Errorf("error creating authenticator: %w", err) + return nil, err } } cfg, err := topology.NewConfigWithAuthenticator(clientOpt, client.clock, client.authenticator) + if err != nil { return nil, err } - client.serverAPI = topology.ServerAPIFromServerOptions(cfg.ServerOpts) if client.deployment == nil { @@ -245,6 +266,19 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { return client, nil } +// convertOIDCArgs converts the internal *driver.OIDCArgs into the equivalent +// public type *options.OIDCArgs. +func convertOIDCArgs(args *driver.OIDCArgs) *options.OIDCArgs { + if args == nil { + return nil + } + return &options.OIDCArgs{ + Version: args.Version, + IDPInfo: (*options.IDPInfo)(args.IDPInfo), + RefreshToken: args.RefreshToken, + } +} + // Connect initializes the Client by starting background monitoring goroutines. // If the Client was created using the NewClient function, this method must be called before a Client can be used. // diff --git a/x/mongo/driver/topology/topology_options.go b/x/mongo/driver/topology/topology_options.go index 2c0518a54e..0563e5524e 100644 --- a/x/mongo/driver/topology/topology_options.go +++ b/x/mongo/driver/topology/topology_options.go @@ -7,10 +7,10 @@ package topology import ( - "context" "crypto/tls" "fmt" "net/http" + "strings" "time" "go.mongodb.org/mongo-driver/event" @@ -71,80 +71,31 @@ func newLogger(opts *options.LoggerOptions) (*logger.Logger, error) { return log, nil } -// convertOIDCArgs converts the internal *driver.OIDCArgs into the equivalent -// public type *options.OIDCArgs. -func convertOIDCArgs(args *driver.OIDCArgs) *options.OIDCArgs { - if args == nil { - return nil - } - return &options.OIDCArgs{ - Version: args.Version, - IDPInfo: (*options.IDPInfo)(args.IDPInfo), - RefreshToken: args.RefreshToken, - } -} - -// ConvertCreds takes an [options.Credential] and returns the equivalent -// [driver.Cred]. -func ConvertCreds(cred *options.Credential) *driver.Cred { - if cred == nil { - return nil - } - - var oidcMachineCallback auth.OIDCCallback - if cred.OIDCMachineCallback != nil { - oidcMachineCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { - cred, err := cred.OIDCMachineCallback(ctx, convertOIDCArgs(args)) - return (*driver.OIDCCredential)(cred), err - } - } - - var oidcHumanCallback auth.OIDCCallback - if cred.OIDCHumanCallback != nil { - oidcHumanCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { - cred, err := cred.OIDCHumanCallback(ctx, convertOIDCArgs(args)) - return (*driver.OIDCCredential)(cred), err - } - } - - return &auth.Cred{ - Source: cred.AuthSource, - Username: cred.Username, - Password: cred.Password, - PasswordSet: cred.PasswordSet, - Props: cred.AuthMechanismProperties, - OIDCMachineCallback: oidcMachineCallback, - OIDCHumanCallback: oidcHumanCallback, - } -} - -// NewConfig will translate data from client options into a topology config for -// building non-default deployments. +// NewConfig will translate data from client options into a topology config for building non-default deployments. func NewConfig(co *options.ClientOptions, clock *session.ClusterClock) (*Config, error) { - var authenticator driver.Authenticator - var err error + // Auth & Database & Password & Username if co.Auth != nil { - authenticator, err = auth.CreateAuthenticator( - co.Auth.AuthMechanism, - ConvertCreds(co.Auth), - co.HTTPClient, - ) + cred := &auth.Cred{ + Username: co.Auth.Username, + Password: co.Auth.Password, + PasswordSet: co.Auth.PasswordSet, + Props: co.Auth.AuthMechanismProperties, + Source: co.Auth.AuthSource, + } + mechanism := co.Auth.AuthMechanism + authenticator, err := auth.CreateAuthenticator(mechanism, cred, co.HTTPClient) if err != nil { - return nil, fmt.Errorf("error creating authenticator: %w", err) + return nil, err } + return NewConfigWithAuthenticator(co, clock, authenticator) } - return NewConfigWithAuthenticator(co, clock, authenticator) + return NewConfigWithAuthenticator(co, clock, nil) } -// NewConfigWithAuthenticator will translate data from client options into a -// topology config for building non-default deployments. Server and topology -// options are not honored if a custom deployment is used. It uses a passed in +// NewConfigWithAuthenticator will translate data from client options into a topology config for building non-default deployments. +// Server and topology options are not honored if a custom deployment is used. It uses a passed in // authenticator to authenticate the connection. -func NewConfigWithAuthenticator( - co *options.ClientOptions, - clock *session.ClusterClock, - authenticator driver.Authenticator, -) (*Config, error) { +func NewConfigWithAuthenticator(co *options.ClientOptions, clock *session.ClusterClock, authenticator driver.Authenticator) (*Config, error) { var serverAPI *driver.ServerAPIOptions if err := co.Validate(); err != nil { @@ -206,11 +157,11 @@ func NewConfigWithAuthenticator( for _, comp := range comps { switch comp { case "zlib": - connOpts = append(connOpts, WithZlibLevel(func(*int) *int { + connOpts = append(connOpts, WithZlibLevel(func(level *int) *int { return co.ZlibLevel })) case "zstd": - connOpts = append(connOpts, WithZstdLevel(func(*int) *int { + connOpts = append(connOpts, WithZstdLevel(func(level *int) *int { return co.ZstdLevel })) } @@ -227,8 +178,30 @@ func NewConfigWithAuthenticator( } // Handshaker - var handshaker func(driver.Handshaker) driver.Handshaker - if authenticator != nil { + var handshaker = func(driver.Handshaker) driver.Handshaker { + return operation.NewHello().AppName(appName).Compressors(comps).ClusterClock(clock). + ServerAPI(serverAPI).LoadBalanced(loadBalanced) + } + // Auth & Database & Password & Username + if co.Auth != nil { + cred := &auth.Cred{ + Username: co.Auth.Username, + Password: co.Auth.Password, + PasswordSet: co.Auth.PasswordSet, + Props: co.Auth.AuthMechanismProperties, + Source: co.Auth.AuthSource, + } + mechanism := co.Auth.AuthMechanism + + if len(cred.Source) == 0 { + switch strings.ToUpper(mechanism) { + case auth.MongoDBX509, auth.GSSAPI, auth.PLAIN: + cred.Source = "$external" + default: + cred.Source = "admin" + } + } + handshakeOpts := &auth.HandshakeOptions{ AppName: appName, Authenticator: authenticator, @@ -238,13 +211,13 @@ func NewConfigWithAuthenticator( ClusterClock: clock, } - if co.Auth.AuthMechanism == "" { + if mechanism == "" { // Required for SASL mechanism negotiation during handshake - handshakeOpts.DBUser = co.Auth.AuthSource + "." + co.Auth.Username + handshakeOpts.DBUser = cred.Source + "." + cred.Username } if co.AuthenticateToAnything != nil && *co.AuthenticateToAnything { // Authenticate arbiters - handshakeOpts.PerformAuthentication = func(description.Server) bool { + handshakeOpts.PerformAuthentication = func(serv description.Server) bool { return true } } @@ -252,17 +225,7 @@ func NewConfigWithAuthenticator( handshaker = func(driver.Handshaker) driver.Handshaker { return auth.Handshaker(nil, handshakeOpts) } - } else { - handshaker = func(driver.Handshaker) driver.Handshaker { - return operation.NewHello(). - AppName(appName). - Compressors(comps). - ClusterClock(clock). - ServerAPI(serverAPI). - LoadBalanced(loadBalanced) - } } - connOpts = append(connOpts, WithHandshaker(handshaker)) // ConnectTimeout if co.ConnectTimeout != nil { From 3dac82f8b6efc903b381542d4349f8e1e52a263b Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 09:59:29 -0500 Subject: [PATCH 03/25] Revert "try topology_options and client" This reverts commit cc7d77edca455ec208387117b7e37e0dc18da6aa. --- mongo/client.go | 48 ++----- x/mongo/driver/topology/topology_options.go | 131 +++++++++++++------- 2 files changed, 91 insertions(+), 88 deletions(-) diff --git a/mongo/client.go b/mongo/client.go index 00f4f363ae..0ce6d2e24b 100644 --- a/mongo/client.go +++ b/mongo/client.go @@ -212,42 +212,21 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { } if clientOpt.Auth != nil { - var oidcMachineCallback auth.OIDCCallback - if clientOpt.Auth.OIDCMachineCallback != nil { - oidcMachineCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { - cred, err := clientOpt.Auth.OIDCMachineCallback(ctx, convertOIDCArgs(args)) - return (*driver.OIDCCredential)(cred), err - } - } - - var oidcHumanCallback auth.OIDCCallback - if clientOpt.Auth.OIDCHumanCallback != nil { - oidcHumanCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { - cred, err := clientOpt.Auth.OIDCHumanCallback(ctx, convertOIDCArgs(args)) - return (*driver.OIDCCredential)(cred), err - } - } - - // Create an authenticator for the client - client.authenticator, err = auth.CreateAuthenticator(clientOpt.Auth.AuthMechanism, &auth.Cred{ - Source: clientOpt.Auth.AuthSource, - Username: clientOpt.Auth.Username, - Password: clientOpt.Auth.Password, - PasswordSet: clientOpt.Auth.PasswordSet, - Props: clientOpt.Auth.AuthMechanismProperties, - OIDCMachineCallback: oidcMachineCallback, - OIDCHumanCallback: oidcHumanCallback, - }, clientOpt.HTTPClient) + client.authenticator, err = auth.CreateAuthenticator( + clientOpt.Auth.AuthMechanism, + topology.ConvertCreds(clientOpt.Auth), + clientOpt.HTTPClient, + ) if err != nil { - return nil, err + return nil, fmt.Errorf("error creating authenticator: %w", err) } } cfg, err := topology.NewConfigWithAuthenticator(clientOpt, client.clock, client.authenticator) - if err != nil { return nil, err } + client.serverAPI = topology.ServerAPIFromServerOptions(cfg.ServerOpts) if client.deployment == nil { @@ -266,19 +245,6 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { return client, nil } -// convertOIDCArgs converts the internal *driver.OIDCArgs into the equivalent -// public type *options.OIDCArgs. -func convertOIDCArgs(args *driver.OIDCArgs) *options.OIDCArgs { - if args == nil { - return nil - } - return &options.OIDCArgs{ - Version: args.Version, - IDPInfo: (*options.IDPInfo)(args.IDPInfo), - RefreshToken: args.RefreshToken, - } -} - // Connect initializes the Client by starting background monitoring goroutines. // If the Client was created using the NewClient function, this method must be called before a Client can be used. // diff --git a/x/mongo/driver/topology/topology_options.go b/x/mongo/driver/topology/topology_options.go index 0563e5524e..2c0518a54e 100644 --- a/x/mongo/driver/topology/topology_options.go +++ b/x/mongo/driver/topology/topology_options.go @@ -7,10 +7,10 @@ package topology import ( + "context" "crypto/tls" "fmt" "net/http" - "strings" "time" "go.mongodb.org/mongo-driver/event" @@ -71,31 +71,80 @@ func newLogger(opts *options.LoggerOptions) (*logger.Logger, error) { return log, nil } -// NewConfig will translate data from client options into a topology config for building non-default deployments. +// convertOIDCArgs converts the internal *driver.OIDCArgs into the equivalent +// public type *options.OIDCArgs. +func convertOIDCArgs(args *driver.OIDCArgs) *options.OIDCArgs { + if args == nil { + return nil + } + return &options.OIDCArgs{ + Version: args.Version, + IDPInfo: (*options.IDPInfo)(args.IDPInfo), + RefreshToken: args.RefreshToken, + } +} + +// ConvertCreds takes an [options.Credential] and returns the equivalent +// [driver.Cred]. +func ConvertCreds(cred *options.Credential) *driver.Cred { + if cred == nil { + return nil + } + + var oidcMachineCallback auth.OIDCCallback + if cred.OIDCMachineCallback != nil { + oidcMachineCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { + cred, err := cred.OIDCMachineCallback(ctx, convertOIDCArgs(args)) + return (*driver.OIDCCredential)(cred), err + } + } + + var oidcHumanCallback auth.OIDCCallback + if cred.OIDCHumanCallback != nil { + oidcHumanCallback = func(ctx context.Context, args *driver.OIDCArgs) (*driver.OIDCCredential, error) { + cred, err := cred.OIDCHumanCallback(ctx, convertOIDCArgs(args)) + return (*driver.OIDCCredential)(cred), err + } + } + + return &auth.Cred{ + Source: cred.AuthSource, + Username: cred.Username, + Password: cred.Password, + PasswordSet: cred.PasswordSet, + Props: cred.AuthMechanismProperties, + OIDCMachineCallback: oidcMachineCallback, + OIDCHumanCallback: oidcHumanCallback, + } +} + +// NewConfig will translate data from client options into a topology config for +// building non-default deployments. func NewConfig(co *options.ClientOptions, clock *session.ClusterClock) (*Config, error) { - // Auth & Database & Password & Username + var authenticator driver.Authenticator + var err error if co.Auth != nil { - cred := &auth.Cred{ - Username: co.Auth.Username, - Password: co.Auth.Password, - PasswordSet: co.Auth.PasswordSet, - Props: co.Auth.AuthMechanismProperties, - Source: co.Auth.AuthSource, - } - mechanism := co.Auth.AuthMechanism - authenticator, err := auth.CreateAuthenticator(mechanism, cred, co.HTTPClient) + authenticator, err = auth.CreateAuthenticator( + co.Auth.AuthMechanism, + ConvertCreds(co.Auth), + co.HTTPClient, + ) if err != nil { - return nil, err + return nil, fmt.Errorf("error creating authenticator: %w", err) } - return NewConfigWithAuthenticator(co, clock, authenticator) } - return NewConfigWithAuthenticator(co, clock, nil) + return NewConfigWithAuthenticator(co, clock, authenticator) } -// NewConfigWithAuthenticator will translate data from client options into a topology config for building non-default deployments. -// Server and topology options are not honored if a custom deployment is used. It uses a passed in +// NewConfigWithAuthenticator will translate data from client options into a +// topology config for building non-default deployments. Server and topology +// options are not honored if a custom deployment is used. It uses a passed in // authenticator to authenticate the connection. -func NewConfigWithAuthenticator(co *options.ClientOptions, clock *session.ClusterClock, authenticator driver.Authenticator) (*Config, error) { +func NewConfigWithAuthenticator( + co *options.ClientOptions, + clock *session.ClusterClock, + authenticator driver.Authenticator, +) (*Config, error) { var serverAPI *driver.ServerAPIOptions if err := co.Validate(); err != nil { @@ -157,11 +206,11 @@ func NewConfigWithAuthenticator(co *options.ClientOptions, clock *session.Cluste for _, comp := range comps { switch comp { case "zlib": - connOpts = append(connOpts, WithZlibLevel(func(level *int) *int { + connOpts = append(connOpts, WithZlibLevel(func(*int) *int { return co.ZlibLevel })) case "zstd": - connOpts = append(connOpts, WithZstdLevel(func(level *int) *int { + connOpts = append(connOpts, WithZstdLevel(func(*int) *int { return co.ZstdLevel })) } @@ -178,30 +227,8 @@ func NewConfigWithAuthenticator(co *options.ClientOptions, clock *session.Cluste } // Handshaker - var handshaker = func(driver.Handshaker) driver.Handshaker { - return operation.NewHello().AppName(appName).Compressors(comps).ClusterClock(clock). - ServerAPI(serverAPI).LoadBalanced(loadBalanced) - } - // Auth & Database & Password & Username - if co.Auth != nil { - cred := &auth.Cred{ - Username: co.Auth.Username, - Password: co.Auth.Password, - PasswordSet: co.Auth.PasswordSet, - Props: co.Auth.AuthMechanismProperties, - Source: co.Auth.AuthSource, - } - mechanism := co.Auth.AuthMechanism - - if len(cred.Source) == 0 { - switch strings.ToUpper(mechanism) { - case auth.MongoDBX509, auth.GSSAPI, auth.PLAIN: - cred.Source = "$external" - default: - cred.Source = "admin" - } - } - + var handshaker func(driver.Handshaker) driver.Handshaker + if authenticator != nil { handshakeOpts := &auth.HandshakeOptions{ AppName: appName, Authenticator: authenticator, @@ -211,13 +238,13 @@ func NewConfigWithAuthenticator(co *options.ClientOptions, clock *session.Cluste ClusterClock: clock, } - if mechanism == "" { + if co.Auth.AuthMechanism == "" { // Required for SASL mechanism negotiation during handshake - handshakeOpts.DBUser = cred.Source + "." + cred.Username + handshakeOpts.DBUser = co.Auth.AuthSource + "." + co.Auth.Username } if co.AuthenticateToAnything != nil && *co.AuthenticateToAnything { // Authenticate arbiters - handshakeOpts.PerformAuthentication = func(serv description.Server) bool { + handshakeOpts.PerformAuthentication = func(description.Server) bool { return true } } @@ -225,7 +252,17 @@ func NewConfigWithAuthenticator(co *options.ClientOptions, clock *session.Cluste handshaker = func(driver.Handshaker) driver.Handshaker { return auth.Handshaker(nil, handshakeOpts) } + } else { + handshaker = func(driver.Handshaker) driver.Handshaker { + return operation.NewHello(). + AppName(appName). + Compressors(comps). + ClusterClock(clock). + ServerAPI(serverAPI). + LoadBalanced(loadBalanced) + } } + connOpts = append(connOpts, WithHandshaker(handshaker)) // ConnectTimeout if co.ConnectTimeout != nil { From de5e8edb81a4e097ec9aadc19fda17e8c40abb23 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 09:59:38 -0500 Subject: [PATCH 04/25] Revert "try constring" This reverts commit e42a99cfdeeb5781acca95a3df6958bed05e4773. --- x/mongo/driver/connstring/connstring.go | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index 4a7a01f4fb..fd69eb4904 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -296,7 +296,7 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { u.AuthMechanismProperties["SERVICE_NAME"] = "mongodb" } fallthrough - case "mongodb-aws", "mongodb-x509": + case "mongodb-aws", "mongodb-x509", "mongodb-oidc": if u.AuthSource == "" { u.AuthSource = "$external" } else if u.AuthSource != "$external" { @@ -313,13 +313,6 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { u.AuthSource = "admin" } } - case "mongodb-oidc": - if u.AuthSource == "" { - u.AuthSource = dbName - if u.AuthSource == "" { - u.AuthSource = "$external" - } - } case "": // Only set auth source if there is a request for authentication via non-empty credentials. if u.AuthSource == "" && (u.AuthMechanismProperties != nil || u.Username != "" || u.PasswordSet) { @@ -909,15 +902,16 @@ func (p *parser) parse(original string) (*ConnString, error) { uri := original var err error - if strings.HasPrefix(uri, SchemeMongoDBSRV+"://") { + switch { + case strings.HasPrefix(uri, SchemeMongoDBSRV+"://"): connStr.Scheme = SchemeMongoDBSRV // remove the scheme uri = uri[len(SchemeMongoDBSRV)+3:] - } else if strings.HasPrefix(uri, SchemeMongoDB+"://") { + case strings.HasPrefix(uri, SchemeMongoDB+"://"): connStr.Scheme = SchemeMongoDB // remove the scheme uri = uri[len(SchemeMongoDB)+3:] - } else { + default: return nil, errors.New(`scheme must be "mongodb" or "mongodb+srv"`) } @@ -928,9 +922,9 @@ func (p *parser) parse(original string) (*ConnString, error) { username := userInfo var password string - if idx := strings.Index(userInfo, ":"); idx != -1 { - username = userInfo[:idx] - password = userInfo[idx+1:] + if u, p, ok := strings.Cut(userInfo, ":"); ok { + username = u + password = p connStr.PasswordSet = true } From 9bea432ab0d1cecc6e6c54e2ca36afff48c7aedf Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 10:00:31 -0500 Subject: [PATCH 05/25] add debug --- mongo/client.go | 1 + 1 file changed, 1 insertion(+) diff --git a/mongo/client.go b/mongo/client.go index 0ce6d2e24b..a8415c98e6 100644 --- a/mongo/client.go +++ b/mongo/client.go @@ -218,6 +218,7 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { clientOpt.HTTPClient, ) if err != nil { + fmt.Printf("error creating authenticator: %w", err) return nil, fmt.Errorf("error creating authenticator: %w", err) } } From d9cc0b536edd2604187c2a9c24b4245da882fd3b Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 10:45:09 -0500 Subject: [PATCH 06/25] more debug --- mongo/client.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mongo/client.go b/mongo/client.go index a8415c98e6..fd7bf329e5 100644 --- a/mongo/client.go +++ b/mongo/client.go @@ -218,8 +218,10 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { clientOpt.HTTPClient, ) if err != nil { - fmt.Printf("error creating authenticator: %w", err) + fmt.Printf("error creating authenticator: %w\n", err) return nil, fmt.Errorf("error creating authenticator: %w", err) + } else { + fmt.Printf("created authenticator\n") } } From 84d633c5d91c7934067a09563b71577e0aa59768 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 11:58:11 -0500 Subject: [PATCH 07/25] more debug --- mongo/options/clientoptions.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go index c3a9d439e9..9b28106192 100644 --- a/mongo/options/clientoptions.go +++ b/mongo/options/clientoptions.go @@ -435,7 +435,9 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions { } // Only create a Credential if there is a request for authentication via non-empty credentials in the URI. + fmt.Printf("in apply uri\n") if cs.HasAuthParameters() { + fmt.Printf("has auth parameters\n") c.Auth = &Credential{ AuthMechanism: cs.AuthMechanism, AuthMechanismProperties: cs.AuthMechanismProperties, From f95c1669dda7eba8f92796c9d8e9c03813e97fe2 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 12:26:45 -0500 Subject: [PATCH 08/25] more debug --- cmd/testoidcauth/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/testoidcauth/main.go b/cmd/testoidcauth/main.go index 711bac4ae2..14db5d1c26 100644 --- a/cmd/testoidcauth/main.go +++ b/cmd/testoidcauth/main.go @@ -1764,6 +1764,7 @@ func machine52azureWithBadUsername() error { } func machine61gcpWithNoUsername() error { + fmt.Printf("WHHAT IS GOING ON?\n") opts := options.Client().ApplyURI(uriSingle) if opts == nil || opts.Auth == nil { return fmt.Errorf("machine_6_1: failed parsing uri: %q", uriSingle) From 4bd86924c8ef47e91d3a89b12be6e2327835007e Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 12:58:01 -0500 Subject: [PATCH 09/25] try on small --- .evergreen/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index b328d471eb..7f65a32448 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -2735,7 +2735,7 @@ buildvariants: - name: testoidc-variant display_name: "OIDC" run_on: - - ubuntu2204-large + - ubuntu2204-small expansions: GO_DIST: "/opt/golang/go1.22" tasks: From 44dc99f289a59c4452965a835670ae271e00100f Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 13:23:51 -0500 Subject: [PATCH 10/25] debug --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8922d4d82c..e4b761d9b6 100644 --- a/Makefile +++ b/Makefile @@ -134,7 +134,7 @@ evg-test-enterprise-auth: .PHONY: evg-test-oidc-auth evg-test-oidc-auth: - go run ./cmd/testoidcauth/main.go + go run -v ./cmd/testoidcauth/main.go go run -race ./cmd/testoidcauth/main.go .PHONY: evg-test-kmip From ddc6d71023044c594d3cd088c10dd20a92d8031c Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 13:58:10 -0500 Subject: [PATCH 11/25] debug --- mongo/options/clientoptions.go | 1 + 1 file changed, 1 insertion(+) diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go index 9b28106192..b5fa8215f6 100644 --- a/mongo/options/clientoptions.go +++ b/mongo/options/clientoptions.go @@ -298,6 +298,7 @@ type ClientOptions struct { // Client creates a new ClientOptions instance. func Client() *ClientOptions { + fmt.Println("In client!\n") return &ClientOptions{ HTTPClient: httputil.DefaultHTTPClient, } From eebb030babd7154643a1c8ec9ec47401dfbb1058 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 14:36:32 -0500 Subject: [PATCH 12/25] debug --- mongo/options/clientoptions.go | 1 + 1 file changed, 1 insertion(+) diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go index b5fa8215f6..049a6188b4 100644 --- a/mongo/options/clientoptions.go +++ b/mongo/options/clientoptions.go @@ -427,6 +427,7 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions { cs, err := connstring.ParseAndValidate(uri) if err != nil { c.err = err + fmt.Printf("here was the error: %w\n", err) return c } c.cs = cs From 3f12668f8b5483cdcdab3d15703f0003d8ad2f01 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 19:55:23 -0500 Subject: [PATCH 13/25] debug --- mongo/client.go | 1 - mongo/options/clientoptions.go | 2 -- mongo/options/clientoptions_test.go | 14 +++++++++++++- x/mongo/driver/auth/oidc.go | 1 + 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/mongo/client.go b/mongo/client.go index fd7bf329e5..2189c63218 100644 --- a/mongo/client.go +++ b/mongo/client.go @@ -218,7 +218,6 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { clientOpt.HTTPClient, ) if err != nil { - fmt.Printf("error creating authenticator: %w\n", err) return nil, fmt.Errorf("error creating authenticator: %w", err) } else { fmt.Printf("created authenticator\n") diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go index 049a6188b4..9b28106192 100644 --- a/mongo/options/clientoptions.go +++ b/mongo/options/clientoptions.go @@ -298,7 +298,6 @@ type ClientOptions struct { // Client creates a new ClientOptions instance. func Client() *ClientOptions { - fmt.Println("In client!\n") return &ClientOptions{ HTTPClient: httputil.DefaultHTTPClient, } @@ -427,7 +426,6 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions { cs, err := connstring.ParseAndValidate(uri) if err != nil { c.err = err - fmt.Printf("here was the error: %w\n", err) return c } c.cs = cs diff --git a/mongo/options/clientoptions_test.go b/mongo/options/clientoptions_test.go index ac94637323..f85a112336 100644 --- a/mongo/options/clientoptions_test.go +++ b/mongo/options/clientoptions_test.go @@ -589,7 +589,7 @@ func TestClientOptions(t *testing.T) { }, }, { - "tmp", + "oidc azure", "mongodb://example.com/?authMechanism=MONGODB-OIDC&authMechanismProperties=TOKEN_RESOURCE:mongodb://test-cluster,ENVIRONMENT:azureManagedIdentities", &ClientOptions{ Hosts: []string{"example.com"}, @@ -600,6 +600,18 @@ func TestClientOptions(t *testing.T) { HTTPClient: httputil.DefaultHTTPClient, }, }, + { + "oidc gcp", + "mongodb://test.mongodb.net/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:mongodb://test-cluster", + &ClientOptions{ + Hosts: []string{"test.mongodb.net"}, + Auth: &Credential{AuthMechanism: "MONGODB-OIDC", AuthSource: "$external", AuthMechanismProperties: map[string]string{ + "ENVIRONMENT": "gcp", + "TOKEN_RESOURCE": "mongodb://test-cluster"}}, + err: nil, + HTTPClient: httputil.DefaultHTTPClient, + }, + }, { "comma in key:value pair causes error", "mongodb://example.com/?authMechanismProperties=TOKEN_RESOURCE:mongodb://host1%2Chost2", diff --git a/x/mongo/driver/auth/oidc.go b/x/mongo/driver/auth/oidc.go index 13fd10ec3d..7caba1b8db 100644 --- a/x/mongo/driver/auth/oidc.go +++ b/x/mongo/driver/auth/oidc.go @@ -110,6 +110,7 @@ func (oa *OIDCAuthenticator) SetAccessToken(accessToken string) { func newOIDCAuthenticator(cred *Cred, httpClient *http.Client) (Authenticator, error) { if cred.Source != "" && cred.Source != sourceExternal { + fmt.Println("source was: %s", cred.Source) return nil, newAuthError("MONGODB-OIDC source must be empty or $external", nil) } if cred.Password != "" { From 5d49dd6f8d2c995b3026f750b53248b25c274a86 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 20:19:28 -0500 Subject: [PATCH 14/25] debug again --- x/mongo/driver/connstring/connstring.go | 1 + 1 file changed, 1 insertion(+) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index fd69eb4904..25cf778601 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -297,6 +297,7 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { } fallthrough case "mongodb-aws", "mongodb-x509", "mongodb-oidc": + fmt.Println("auth source was %s", u.AuthSource) if u.AuthSource == "" { u.AuthSource = "$external" } else if u.AuthSource != "$external" { From fa9c6bee9ac223ebb1561731c49c06d48688c8df Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Fri, 6 Sep 2024 20:31:30 -0500 Subject: [PATCH 15/25] debug again --- x/mongo/driver/auth/oidc.go | 1 - x/mongo/driver/connstring/connstring.go | 3 ++- x/mongo/driver/connstring/connstring_test.go | 22 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/x/mongo/driver/auth/oidc.go b/x/mongo/driver/auth/oidc.go index 7caba1b8db..13fd10ec3d 100644 --- a/x/mongo/driver/auth/oidc.go +++ b/x/mongo/driver/auth/oidc.go @@ -110,7 +110,6 @@ func (oa *OIDCAuthenticator) SetAccessToken(accessToken string) { func newOIDCAuthenticator(cred *Cred, httpClient *http.Client) (Authenticator, error) { if cred.Source != "" && cred.Source != sourceExternal { - fmt.Println("source was: %s", cred.Source) return nil, newAuthError("MONGODB-OIDC source must be empty or $external", nil) } if cred.Password != "" { diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index 25cf778601..4086965958 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -279,6 +279,7 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { return errors.New("authSource must be non-empty when supplied in a URI") } + fmt.Printf("\nauth source before: %s\n", u.AuthSource) switch strings.ToLower(u.AuthMechanism) { case "plain": if u.AuthSource == "" { @@ -297,7 +298,6 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { } fallthrough case "mongodb-aws", "mongodb-x509", "mongodb-oidc": - fmt.Println("auth source was %s", u.AuthSource) if u.AuthSource == "" { u.AuthSource = "$external" } else if u.AuthSource != "$external" { @@ -325,6 +325,7 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { default: return fmt.Errorf("invalid auth mechanism") } + fmt.Printf("\nauth source after: %s\n", u.AuthSource) return nil } diff --git a/x/mongo/driver/connstring/connstring_test.go b/x/mongo/driver/connstring/connstring_test.go index 84c8ff1d45..1f5c692d1a 100644 --- a/x/mongo/driver/connstring/connstring_test.go +++ b/x/mongo/driver/connstring/connstring_test.go @@ -90,6 +90,28 @@ func TestAuthSource(t *testing.T) { } }) } + + tests = []struct { + s string + expected string + err bool + }{ + {s: "authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:mongodb://test-cluster", expected: "$external"}, + } + + for _, test := range tests { + s := fmt.Sprintf("mongodb://test.mongodb.net/?authMechanism=MONGODB-OIDC&/%s", test.s) + t.Run(s, func(t *testing.T) { + cs, err := connstring.ParseAndValidate(s) + if test.err { + require.Error(t, err) + } else { + require.NoError(t, err) + require.Equal(t, test.expected, cs.AuthSource) + } + }) + } + } func TestConnect(t *testing.T) { From 81f15522717f1afbdb4d2bb1e229efbd8d514120 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 05:22:38 -0500 Subject: [PATCH 16/25] debug again --- x/mongo/driver/topology/topology_options.go | 1 + 1 file changed, 1 insertion(+) diff --git a/x/mongo/driver/topology/topology_options.go b/x/mongo/driver/topology/topology_options.go index 2c0518a54e..4e82bee705 100644 --- a/x/mongo/driver/topology/topology_options.go +++ b/x/mongo/driver/topology/topology_options.go @@ -90,6 +90,7 @@ func ConvertCreds(cred *options.Credential) *driver.Cred { if cred == nil { return nil } + fmt.Printf("convert creds: %s", cred.AuthSource) var oidcMachineCallback auth.OIDCCallback if cred.OIDCMachineCallback != nil { From b8ad78c7f0b7b5ccde45d5c6f6e7ecf8101a8cd3 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 05:57:45 -0500 Subject: [PATCH 17/25] debug again --- mongo/options/clientoptions.go | 1 + x/mongo/driver/connstring/connstring.go | 2 ++ x/mongo/driver/topology/topology_test.go | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go index 9b28106192..dfdb13c92b 100644 --- a/mongo/options/clientoptions.go +++ b/mongo/options/clientoptions.go @@ -426,6 +426,7 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions { cs, err := connstring.ParseAndValidate(uri) if err != nil { c.err = err + fmt.Printf("here was the error %s", err) return c } c.cs = cs diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index 4086965958..71f044fe0f 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -84,10 +84,12 @@ var random = randutil.NewLockedRand() func ParseAndValidate(s string) (*ConnString, error) { connStr, err := Parse(s) if err != nil { + fmt.Print("parse error: %s", err) return nil, err } err = connStr.Validate() if err != nil { + fmt.Print("validate error: %s", err) return nil, fmt.Errorf("error validating uri: %w", err) } return connStr, nil diff --git a/x/mongo/driver/topology/topology_test.go b/x/mongo/driver/topology/topology_test.go index fd0703b97b..cf91a04e1d 100644 --- a/x/mongo/driver/topology/topology_test.go +++ b/x/mongo/driver/topology/topology_test.go @@ -682,7 +682,7 @@ func TestTopologyConstruction(t *testing.T) { name: "normal", uri: "mongodb://localhost:27017", pollingRequired: false, - }, + } } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { From 72e70b774d0215d1f5dfa80ef1281c9d48095a61 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 06:01:43 -0500 Subject: [PATCH 18/25] use type: test where appropriate --- .evergreen/config.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 7f65a32448..3056c9bcf1 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1804,7 +1804,7 @@ tasks: - name: "testgcpkms-task" commands: - command: shell.exec - type: setup + type: test params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver @@ -1893,7 +1893,7 @@ tasks: - name: "testazurekms-task" commands: - command: shell.exec - type: setup + type: test params: shell: "bash" working_dir: src/go.mongodb.org/mongo-driver @@ -1964,6 +1964,7 @@ tasks: role_arn: ${LAMBDA_AWS_ROLE_ARN} duration_seconds: 3600 - command: shell.exec + type: test params: working_dir: src/go.mongodb.org/mongo-driver shell: bash @@ -1986,6 +1987,7 @@ tasks: - name: "oidc-auth-test-azure" commands: - command: shell.exec + type: test params: working_dir: src/go.mongodb.org/mongo-driver shell: bash @@ -2011,6 +2013,7 @@ tasks: - name: "oidc-auth-test-gcp" commands: - command: shell.exec + type: test params: working_dir: src/go.mongodb.org/mongo-driver shell: bash From b916af6215a1fc71f31c85833942701974a4d81d Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 09:54:26 -0500 Subject: [PATCH 19/25] more debug --- x/mongo/driver/connstring/connstring.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index 71f044fe0f..b16fbebd03 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -367,6 +367,7 @@ func (u *ConnString) addOptions(connectionArgPairs []string) error { } u.AuthMechanismPropertiesSet = true case "authsource": + fmt.Print("in AddOptions: %s\n", value) u.AuthSource = value u.AuthSourceSet = true case "compressors": @@ -1047,6 +1048,7 @@ func (p *parser) parse(original string) (*ConnString, error) { return nil, fmt.Errorf("must have at least 1 host") } + fmt.Print("checking set default auth params\n") err = connStr.setDefaultAuthParams(extractedDatabase.db) if err != nil { return nil, err From 872798ce4eb707c6bb6aba1b48e6e6d18e8560af Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 10:28:13 -0500 Subject: [PATCH 20/25] more debug --- x/mongo/driver/connstring/connstring.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index b16fbebd03..60eddb87b6 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -367,7 +367,7 @@ func (u *ConnString) addOptions(connectionArgPairs []string) error { } u.AuthMechanismPropertiesSet = true case "authsource": - fmt.Print("in AddOptions: %s\n", value) + fmt.Printf("in AddOptions: %s\n", value) u.AuthSource = value u.AuthSourceSet = true case "compressors": @@ -906,6 +906,8 @@ func (p *parser) parse(original string) (*ConnString, error) { connStr.Original = original uri := original + fmt.Printf("original:%s\n", original) + var err error switch { case strings.HasPrefix(uri, SchemeMongoDBSRV+"://"): @@ -987,8 +989,12 @@ func (p *parser) parse(original string) (*ConnString, error) { uri = extractedDatabase.uri connStr.Database = extractedDatabase.db + fmt.Printf("db:%s\n", extractedDatabase.db) + // grab connection arguments from URI connectionArgsFromQueryString, err := extractQueryArgsFromURI(uri) + fmt.Printf("connectionArgsFromTXT:%s\n", connectionArgsFromTXT) + fmt.Printf("connectionArgsFromQueryString:%s\n", connectionArgsFromQueryString) if err != nil { return nil, err } From 41feec2b87d84ebc42465b1b95b41e4fc5fa3b15 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 12:20:49 -0500 Subject: [PATCH 21/25] fix debug --- x/mongo/driver/connstring/connstring.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index 60eddb87b6..b2cecaf1e9 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -993,8 +993,6 @@ func (p *parser) parse(original string) (*ConnString, error) { // grab connection arguments from URI connectionArgsFromQueryString, err := extractQueryArgsFromURI(uri) - fmt.Printf("connectionArgsFromTXT:%s\n", connectionArgsFromTXT) - fmt.Printf("connectionArgsFromQueryString:%s\n", connectionArgsFromQueryString) if err != nil { return nil, err } @@ -1011,6 +1009,8 @@ func (p *parser) parse(original string) (*ConnString, error) { connStr.SSL = true connStr.SSLSet = true } + fmt.Printf("connectionArgsFromTXT:%s\n", connectionArgsFromTXT) + fmt.Printf("connectionArgsFromQueryString:%s\n", connectionArgsFromQueryString) // add connection arguments from URI and TXT records to connstring connectionArgPairs := make([]string, 0, len(connectionArgsFromTXT)+len(connectionArgsFromQueryString)) From b4efb91bef21bd8ead2761d3d8c24fc187fc90c9 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 12:40:34 -0500 Subject: [PATCH 22/25] more debug --- x/mongo/driver/dns/dns.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/x/mongo/driver/dns/dns.go b/x/mongo/driver/dns/dns.go index 9334d493ed..80e14cae7d 100644 --- a/x/mongo/driver/dns/dns.go +++ b/x/mongo/driver/dns/dns.go @@ -48,6 +48,7 @@ func (r *Resolver) GetConnectionArgsFromTXT(host string) ([]string, error) { // error ignored because not finding a TXT record should not be // considered an error. recordsFromTXT, _ := r.LookupTXT(host) + fmt.Printf("recordsFromTXT %s\n", recordsFromTXT) // This is a temporary fix to get around bug https://github.com/golang/go/issues/21472. // It will currently incorrectly concatenate multiple TXT records to one @@ -61,8 +62,9 @@ func (r *Resolver) GetConnectionArgsFromTXT(host string) ([]string, error) { } if len(recordsFromTXT) > 0 { connectionArgsFromTXT = strings.FieldsFunc(recordsFromTXT[0], func(r rune) bool { return r == ';' || r == '&' }) - + fmt.Printf("connectionArgsFromTXT 1: %s\n", connectionArgsFromTXT) err := validateTXTResult(connectionArgsFromTXT) + fmt.Printf("connectionArgsFromTXT 2; %s\n", connectionArgsFromTXT) if err != nil { return nil, err } From 88e50335025ed168cbf810e3257be084b4349620 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 13:19:37 -0500 Subject: [PATCH 23/25] try again --- x/mongo/driver/connstring/connstring.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index b2cecaf1e9..d0882bf774 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -300,6 +300,10 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { } fallthrough case "mongodb-aws", "mongodb-x509", "mongodb-oidc": + // dns.LookupTXT will get "authSource=admin" from Atlas hosts. + if u.AuthSource == "admin" { + u.AuthSource = "$external" + } if u.AuthSource == "" { u.AuthSource = "$external" } else if u.AuthSource != "$external" { From 0745f0e94795a55901a3bb71627726c842404d28 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 14:31:18 -0500 Subject: [PATCH 24/25] undo changes --- cmd/testoidcauth/main.go | 1 - mongo/client.go | 2 -- mongo/options/clientoptions.go | 3 --- x/mongo/driver/connstring/connstring.go | 12 ------------ x/mongo/driver/dns/dns.go | 3 --- x/mongo/driver/topology/topology_options.go | 1 - x/mongo/driver/topology/topology_test.go | 2 +- 7 files changed, 1 insertion(+), 23 deletions(-) diff --git a/cmd/testoidcauth/main.go b/cmd/testoidcauth/main.go index 14db5d1c26..711bac4ae2 100644 --- a/cmd/testoidcauth/main.go +++ b/cmd/testoidcauth/main.go @@ -1764,7 +1764,6 @@ func machine52azureWithBadUsername() error { } func machine61gcpWithNoUsername() error { - fmt.Printf("WHHAT IS GOING ON?\n") opts := options.Client().ApplyURI(uriSingle) if opts == nil || opts.Auth == nil { return fmt.Errorf("machine_6_1: failed parsing uri: %q", uriSingle) diff --git a/mongo/client.go b/mongo/client.go index 2189c63218..0ce6d2e24b 100644 --- a/mongo/client.go +++ b/mongo/client.go @@ -219,8 +219,6 @@ func NewClient(opts ...*options.ClientOptions) (*Client, error) { ) if err != nil { return nil, fmt.Errorf("error creating authenticator: %w", err) - } else { - fmt.Printf("created authenticator\n") } } diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go index dfdb13c92b..c3a9d439e9 100644 --- a/mongo/options/clientoptions.go +++ b/mongo/options/clientoptions.go @@ -426,7 +426,6 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions { cs, err := connstring.ParseAndValidate(uri) if err != nil { c.err = err - fmt.Printf("here was the error %s", err) return c } c.cs = cs @@ -436,9 +435,7 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions { } // Only create a Credential if there is a request for authentication via non-empty credentials in the URI. - fmt.Printf("in apply uri\n") if cs.HasAuthParameters() { - fmt.Printf("has auth parameters\n") c.Auth = &Credential{ AuthMechanism: cs.AuthMechanism, AuthMechanismProperties: cs.AuthMechanismProperties, diff --git a/x/mongo/driver/connstring/connstring.go b/x/mongo/driver/connstring/connstring.go index d0882bf774..67af28fa77 100644 --- a/x/mongo/driver/connstring/connstring.go +++ b/x/mongo/driver/connstring/connstring.go @@ -84,12 +84,10 @@ var random = randutil.NewLockedRand() func ParseAndValidate(s string) (*ConnString, error) { connStr, err := Parse(s) if err != nil { - fmt.Print("parse error: %s", err) return nil, err } err = connStr.Validate() if err != nil { - fmt.Print("validate error: %s", err) return nil, fmt.Errorf("error validating uri: %w", err) } return connStr, nil @@ -281,7 +279,6 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { return errors.New("authSource must be non-empty when supplied in a URI") } - fmt.Printf("\nauth source before: %s\n", u.AuthSource) switch strings.ToLower(u.AuthMechanism) { case "plain": if u.AuthSource == "" { @@ -331,7 +328,6 @@ func (u *ConnString) setDefaultAuthParams(dbName string) error { default: return fmt.Errorf("invalid auth mechanism") } - fmt.Printf("\nauth source after: %s\n", u.AuthSource) return nil } @@ -371,7 +367,6 @@ func (u *ConnString) addOptions(connectionArgPairs []string) error { } u.AuthMechanismPropertiesSet = true case "authsource": - fmt.Printf("in AddOptions: %s\n", value) u.AuthSource = value u.AuthSourceSet = true case "compressors": @@ -910,8 +905,6 @@ func (p *parser) parse(original string) (*ConnString, error) { connStr.Original = original uri := original - fmt.Printf("original:%s\n", original) - var err error switch { case strings.HasPrefix(uri, SchemeMongoDBSRV+"://"): @@ -993,8 +986,6 @@ func (p *parser) parse(original string) (*ConnString, error) { uri = extractedDatabase.uri connStr.Database = extractedDatabase.db - fmt.Printf("db:%s\n", extractedDatabase.db) - // grab connection arguments from URI connectionArgsFromQueryString, err := extractQueryArgsFromURI(uri) if err != nil { @@ -1013,8 +1004,6 @@ func (p *parser) parse(original string) (*ConnString, error) { connStr.SSL = true connStr.SSLSet = true } - fmt.Printf("connectionArgsFromTXT:%s\n", connectionArgsFromTXT) - fmt.Printf("connectionArgsFromQueryString:%s\n", connectionArgsFromQueryString) // add connection arguments from URI and TXT records to connstring connectionArgPairs := make([]string, 0, len(connectionArgsFromTXT)+len(connectionArgsFromQueryString)) @@ -1058,7 +1047,6 @@ func (p *parser) parse(original string) (*ConnString, error) { return nil, fmt.Errorf("must have at least 1 host") } - fmt.Print("checking set default auth params\n") err = connStr.setDefaultAuthParams(extractedDatabase.db) if err != nil { return nil, err diff --git a/x/mongo/driver/dns/dns.go b/x/mongo/driver/dns/dns.go index 80e14cae7d..24fa4c6820 100644 --- a/x/mongo/driver/dns/dns.go +++ b/x/mongo/driver/dns/dns.go @@ -48,7 +48,6 @@ func (r *Resolver) GetConnectionArgsFromTXT(host string) ([]string, error) { // error ignored because not finding a TXT record should not be // considered an error. recordsFromTXT, _ := r.LookupTXT(host) - fmt.Printf("recordsFromTXT %s\n", recordsFromTXT) // This is a temporary fix to get around bug https://github.com/golang/go/issues/21472. // It will currently incorrectly concatenate multiple TXT records to one @@ -62,9 +61,7 @@ func (r *Resolver) GetConnectionArgsFromTXT(host string) ([]string, error) { } if len(recordsFromTXT) > 0 { connectionArgsFromTXT = strings.FieldsFunc(recordsFromTXT[0], func(r rune) bool { return r == ';' || r == '&' }) - fmt.Printf("connectionArgsFromTXT 1: %s\n", connectionArgsFromTXT) err := validateTXTResult(connectionArgsFromTXT) - fmt.Printf("connectionArgsFromTXT 2; %s\n", connectionArgsFromTXT) if err != nil { return nil, err } diff --git a/x/mongo/driver/topology/topology_options.go b/x/mongo/driver/topology/topology_options.go index 4e82bee705..2c0518a54e 100644 --- a/x/mongo/driver/topology/topology_options.go +++ b/x/mongo/driver/topology/topology_options.go @@ -90,7 +90,6 @@ func ConvertCreds(cred *options.Credential) *driver.Cred { if cred == nil { return nil } - fmt.Printf("convert creds: %s", cred.AuthSource) var oidcMachineCallback auth.OIDCCallback if cred.OIDCMachineCallback != nil { diff --git a/x/mongo/driver/topology/topology_test.go b/x/mongo/driver/topology/topology_test.go index cf91a04e1d..fd0703b97b 100644 --- a/x/mongo/driver/topology/topology_test.go +++ b/x/mongo/driver/topology/topology_test.go @@ -682,7 +682,7 @@ func TestTopologyConstruction(t *testing.T) { name: "normal", uri: "mongodb://localhost:27017", pollingRequired: false, - } + }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { From d261962ffce4832c475ca9edfac12e79cc82d7a6 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Sat, 7 Sep 2024 14:32:38 -0500 Subject: [PATCH 25/25] undo changes --- Makefile | 2 +- x/mongo/driver/dns/dns.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e4b761d9b6..8922d4d82c 100644 --- a/Makefile +++ b/Makefile @@ -134,7 +134,7 @@ evg-test-enterprise-auth: .PHONY: evg-test-oidc-auth evg-test-oidc-auth: - go run -v ./cmd/testoidcauth/main.go + go run ./cmd/testoidcauth/main.go go run -race ./cmd/testoidcauth/main.go .PHONY: evg-test-kmip diff --git a/x/mongo/driver/dns/dns.go b/x/mongo/driver/dns/dns.go index 24fa4c6820..9334d493ed 100644 --- a/x/mongo/driver/dns/dns.go +++ b/x/mongo/driver/dns/dns.go @@ -61,6 +61,7 @@ func (r *Resolver) GetConnectionArgsFromTXT(host string) ([]string, error) { } if len(recordsFromTXT) > 0 { connectionArgsFromTXT = strings.FieldsFunc(recordsFromTXT[0], func(r rune) bool { return r == ';' || r == '&' }) + err := validateTXTResult(connectionArgsFromTXT) if err != nil { return nil, err