PHPC-2613: Test x509 authentication on Atlas #1858
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for testing X.509 certificate authentication on Atlas by introducing new test environments and functionality to handle certificate-based connections. The changes extract base64-encoded certificates from environment variables, write them to temporary files, and modify connection URIs to use the certificate files for authentication.
- Adds X.509 authentication testing with two new Atlas environments (
ATLAS_X509andATLAS_X509_DEV) - Refactors connection testing logic into reusable functions
- Implements certificate extraction and temporary file handling for X.509 authentication
alcaeus
force-pushed
the
phpc-2613-test-x509
branch
from
918c125 to
0e55a07
Compare
tests/atlas.phpt
Outdated
|
|
||
| foreach ($envs as $env) { | ||
| echo $env, ': '; | ||
| $uri = getenv($env); | ||
| $uri = extractUri($env); |
There was a problem hiding this comment.
It looks like the only purpose of extractUri() is to convert false return value from getenv() into null. That seems unnecessary given the conditional below that fails a non-string value.
There was a problem hiding this comment.
Good point, I was a little eager with my refactoring. Removed it in favour of getenv.
| chmod($certPath, 0600); | ||
|
|
||
| return [ | ||
| 'uri' => $uri . '&tlsCertificateKeyFile=' . $certPath, |
There was a problem hiding this comment.
Should $certPath get URL-encoded with rawurlencode()? I expect tempnam() will only produce alphanumeric strings, so that may be superfluous.
There was a problem hiding this comment.
Yeah, I think it should be safe (famous last words)
tests/atlas.phpt
Outdated
| } | ||
|
|
||
| file_put_contents($certPath, $certContents); | ||
| chmod($certPath, 0600); |
There was a problem hiding this comment.
Is this necessary? tempnam() should already create the file with these perms.
There was a problem hiding this comment.
TIL:
Creates a file with a unique filename, with access permission set to 0600
Removed the chmod call.
PHPC-2613
This adds two new Atlas environments to the connectivity tests. These test X509 authentication and rely on extracting a certificate string to a file and modifying the connection string accordingly.