diff --git a/.evergreen/config.yml b/.evergreen/config.yml index d9d3ec73a4..d64b5ba485 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -379,7 +379,7 @@ functions: params: binary: bash working_dir: "src" - include_expansions_in_env: [MONGODB_URI, AUTH, SSL, TOPOLOGY, COMPRESSOR, RVM_RUBY] + include_expansions_in_env: [DRIVERS_TOOLS, MONGODB_URI, AUTH, SSL, TOPOLOGY, COMPRESSOR, RVM_RUBY] args: - ".evergreen/run-tests-new.sh" "run tests": @@ -1189,7 +1189,7 @@ buildvariants: os: ubuntu2204 display_name: ${auth-and-ssl} ${ruby} db-${mongodb-version} ${topology} tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: "mongo-recent" matrix_spec: @@ -1381,7 +1381,7 @@ buildvariants: os: ubuntu2204 display_name: "${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: zlib-"ruby-3.3" matrix_spec: @@ -1393,7 +1393,7 @@ buildvariants: os: ubuntu2204 display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: snappy-"ruby-3.3" matrix_spec: @@ -1405,7 +1405,7 @@ buildvariants: os: ubuntu2204 display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" # the zstd-ruby gem does not support JRuby (explicitly). However, there is # apparently a zstd-jni gem for JRuby that we could investigate here; if @@ -1421,7 +1421,7 @@ buildvariants: os: ubuntu2204 display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: activesupport-"ruby-3.3" matrix_spec: @@ -1454,7 +1454,7 @@ buildvariants: os: ubuntu2004 display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: snappy-"ruby-2.7" matrix_spec: @@ -1466,7 +1466,7 @@ buildvariants: os: ubuntu2004 display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" # the zstd-ruby gem does not support JRuby (explicitly). However, there is # apparently a zstd-jni gem for JRuby that we could investigate here; if @@ -1482,7 +1482,7 @@ buildvariants: os: ubuntu2004 display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: activesupport-"ruby-2.7" matrix_spec: diff --git a/.evergreen/config/common.yml.erb b/.evergreen/config/common.yml.erb index 6682d5c3ab..433c411949 100644 --- a/.evergreen/config/common.yml.erb +++ b/.evergreen/config/common.yml.erb @@ -376,7 +376,7 @@ functions: params: binary: bash working_dir: "src" - include_expansions_in_env: [MONGODB_URI, AUTH, SSL, TOPOLOGY, COMPRESSOR, RVM_RUBY] + include_expansions_in_env: [DRIVERS_TOOLS, MONGODB_URI, AUTH, SSL, TOPOLOGY, COMPRESSOR, RVM_RUBY] args: - ".evergreen/run-tests-new.sh" "run tests": diff --git a/.evergreen/config/standard.yml.erb b/.evergreen/config/standard.yml.erb index 7760f56ae4..6118d1bb99 100644 --- a/.evergreen/config/standard.yml.erb +++ b/.evergreen/config/standard.yml.erb @@ -59,7 +59,7 @@ buildvariants: os: ubuntu2204 display_name: ${auth-and-ssl} ${ruby} db-${mongodb-version} ${topology} tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: "mongo-recent" matrix_spec: @@ -251,7 +251,7 @@ buildvariants: os: ubuntu2204 display_name: "${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" <% [ [latest_ruby, latest_stable_mdb, 'ubuntu2204'], @@ -268,7 +268,7 @@ buildvariants: os: <%= distro %> display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: <%= "snappy-#{rubies}" %> matrix_spec: @@ -280,7 +280,7 @@ buildvariants: os: <%= distro %> display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" # the zstd-ruby gem does not support JRuby (explicitly). However, there is # apparently a zstd-jni gem for JRuby that we could investigate here; if @@ -296,7 +296,7 @@ buildvariants: os: <%= distro %> display_name: "${compressor} ${mongodb-version} ${topology} ${auth-and-ssl} ${ruby}" tasks: - - name: "test-mlaunch" + - name: "run-main-test-suite" - matrix_name: <%= "activesupport-#{rubies}" %> matrix_spec: diff --git a/.evergreen/lib/server_setup.rb b/.evergreen/lib/server_setup.rb index 5f0c12ec82..fbadef3c5d 100644 --- a/.evergreen/lib/server_setup.rb +++ b/.evergreen/lib/server_setup.rb @@ -1,4 +1,6 @@ require 'mongo' +require_relative '../../spec/support/utils' +require_relative '../../spec/support/spec_setup' Mongo::Logger.logger.level = :WARN @@ -88,7 +90,12 @@ def env_true?(key) end def client - @client ||= Mongo::Client.new(ENV.fetch('MONGODB_URI')) + @client ||= Mongo::Client.new( + SpecConfig.instance.addresses, + SpecConfig.instance.all_test_options.merge( + socket_timeout: 5, connect_timeout: 5 + ) + ) end def bootstrap_client diff --git a/spec/integration/reconnect_spec.rb b/spec/integration/reconnect_spec.rb index 0fa47c29af..f48f957d5e 100644 --- a/spec/integration/reconnect_spec.rb +++ b/spec/integration/reconnect_spec.rb @@ -114,6 +114,7 @@ minimum_mri_version '3.0.0' it 'recreates SRV monitor' do + skip 'https://jira.mongodb.org/browse/RUBY-3749' wait_for_discovery expect(client.cluster.topology).to be_a(expected_topology_cls) diff --git a/spec/integration/srv_monitoring_spec.rb b/spec/integration/srv_monitoring_spec.rb index 3da2f7fd09..6d7acfe5c5 100644 --- a/spec/integration/srv_monitoring_spec.rb +++ b/spec/integration/srv_monitoring_spec.rb @@ -307,7 +307,7 @@ require_topology :sharded it 'updates topology via SRV records' do - + skip 'https://jira.mongodb.org/browse/RUBY-3749' rules = [ ['_mongodb._tcp.test-fake.test.build.10gen.cc', :srv, [0, 0, 27999, 'localhost.test.build.10gen.cc'], @@ -356,7 +356,7 @@ require_topology :replica_set it 'updates topology via SRV records then stops SRV monitor' do - + skip 'https://jira.mongodb.org/browse/RUBY-3749' rules = [ ['_mongodb._tcp.test-fake.test.build.10gen.cc', :srv, [0, 0, 27999, 'localhost.test.build.10gen.cc'], diff --git a/spec/integration/ssl_uri_options_spec.rb b/spec/integration/ssl_uri_options_spec.rb index e1a93c88df..99dbf89317 100644 --- a/spec/integration/ssl_uri_options_spec.rb +++ b/spec/integration/ssl_uri_options_spec.rb @@ -22,6 +22,8 @@ end it 'successfully connects and runs an operation' do + skip 'https://jira.mongodb.org/browse/RUBY-3749' + client = new_local_client(uri) expect { client[:foo].count_documents }.not_to raise_error end diff --git a/spec/mongo/socket/ssl_spec.rb b/spec/mongo/socket/ssl_spec.rb index 28be3ce78f..a4a9ecc172 100644 --- a/spec/mongo/socket/ssl_spec.rb +++ b/spec/mongo/socket/ssl_spec.rb @@ -22,20 +22,16 @@ SpecConfig.instance.ssl_options end - let (:key_string) do - File.read(SpecConfig.instance.local_client_key_path) - end - let (:cert_string) do - File.read(SpecConfig.instance.local_client_cert_path) + File.read(SpecConfig.instance.client_cert_path) end - let (:ca_cert_string) do - File.read(SpecConfig.instance.local_ca_cert_path) + let(:key_string) do + cert_string end - let(:key_encrypted_string) do - File.read(SpecConfig.instance.client_encrypted_key_path) + let (:ca_cert_string) do + File.read(SpecConfig.instance.ca_cert_path) end let(:cert_object) do @@ -121,24 +117,6 @@ end end - context 'when certificate and an encrypted key are provided as strings' do - require_local_tls - - let(:ssl_options) do - { - :ssl => true, - :ssl_cert_string => cert_string, - :ssl_key_string => key_encrypted_string, - :ssl_key_pass_phrase => SpecConfig.instance.client_encrypted_key_passphrase, - :ssl_verify => false - } - end - - it 'connects to the server' do - expect(socket).to be_alive - end - end - context 'when a certificate and key are provided as objects' do let(:ssl_options) do @@ -254,7 +232,7 @@ { :ssl => true, :ssl_cert_object => cert, - :ssl_key => SpecConfig.instance.local_client_key_path, + :ssl_key => SpecConfig.instance.client_key_path, :ssl_verify => false } end @@ -425,7 +403,7 @@ let(:ssl_options) do super().merge( - :ssl_ca_cert => SpecConfig.instance.local_ca_cert_path, + :ssl_ca_cert => SpecConfig.instance.ca_cert_path, :ssl_verify => true ) end @@ -467,7 +445,7 @@ let(:ssl_options) do super().merge( - :ssl_ca_cert => SpecConfig.instance.local_ca_cert_path, + :ssl_ca_cert => SpecConfig.instance.ca_cert_path, :ssl_ca_cert_string => 'This is a string, not a certificate', :ssl_verify => true ) @@ -483,7 +461,7 @@ let(:ssl_options) do super().merge( - :ssl_ca_cert => SpecConfig.instance.local_ca_cert_path, + :ssl_ca_cert => SpecConfig.instance.ca_cert_path, :ssl_ca_cert_object => 'This is a string, not an array of certificates', :ssl_verify => true ) @@ -497,7 +475,7 @@ context 'both as a PEM-encoded string and as object parameter' do let(:ssl_options) do - cert = File.read(SpecConfig.instance.local_ca_cert_path) + cert = File.read(SpecConfig.instance.ca_cert_path) super().merge( :ssl_ca_cert_string => cert, :ssl_ca_cert_object => 'This is a string, not an array of certificates', @@ -542,37 +520,6 @@ end end - context 'when CA certificate file contains multiple certificates' do - require_local_tls - - let(:server) do - ClientRegistry.instance.global_client('authorized').cluster.next_primary - end - - let(:connection) do - Mongo::Server::Connection.new(server, ssl_options.merge(socket_timeout: 2)) - end - - context 'as a file' do - let(:ssl_options) do - SpecConfig.instance.test_options.merge( - ssl: true, - ssl_cert: SpecConfig.instance.client_cert_path, - ssl_key: SpecConfig.instance.client_key_path, - ssl_ca_cert: SpecConfig.instance.multi_ca_path, - ssl_verify: true, - ) - end - - it 'succeeds' do - connection - expect do - connection.connect! - end.not_to raise_error - end - end - end - context 'when a CA certificate is not provided' do require_local_tls @@ -583,7 +530,7 @@ end local_env do - { 'SSL_CERT_FILE' => SpecConfig.instance.local_ca_cert_path } + { 'SSL_CERT_FILE' => SpecConfig.instance.ca_cert_path } end it 'uses the default cert store' do @@ -608,7 +555,7 @@ SpecConfig.instance.test_options.merge( ssl_cert: SpecConfig.instance.second_level_cert_path, ssl_key: SpecConfig.instance.second_level_key_path, - ssl_ca_cert: SpecConfig.instance.local_ca_cert_path, + ssl_ca_cert: SpecConfig.instance.ca_cert_path, ssl_verify: true, ) end @@ -627,29 +574,6 @@ end.to raise_error(Mongo::Error::SocketError) end end - - context 'bundled with intermediate cert' do - - # https://github.com/jruby/jruby-openssl/issues/181 - require_mri - - let(:ssl_options) do - SpecConfig.instance.test_options.merge( - ssl: true, - ssl_cert: SpecConfig.instance.second_level_cert_bundle_path, - ssl_key: SpecConfig.instance.second_level_key_path, - ssl_ca_cert: SpecConfig.instance.local_ca_cert_path, - ssl_verify: true, - ) - end - - it 'succeeds' do - connection - expect do - connection.connect! - end.not_to raise_error - end - end end context 'as a string' do @@ -660,7 +584,7 @@ ssl_cert_string: File.read(SpecConfig.instance.second_level_cert_path), ssl_key: nil, ssl_key_string: File.read(SpecConfig.instance.second_level_key_path), - ssl_ca_cert: SpecConfig.instance.local_ca_cert_path, + ssl_ca_cert: SpecConfig.instance.ca_cert_path, ssl_verify: true, ) end @@ -672,31 +596,6 @@ end.to raise_error(Mongo::Error::SocketError) end end - - context 'bundled with intermediate cert' do - - # https://github.com/jruby/jruby-openssl/issues/181 - require_mri - - let(:ssl_options) do - SpecConfig.instance.test_options.merge( - ssl: true, - ssl_cert: nil, - ssl_cert_string: File.read(SpecConfig.instance.second_level_cert_bundle_path), - ssl_key: nil, - ssl_key_string: File.read(SpecConfig.instance.second_level_key_path), - ssl_ca_cert: SpecConfig.instance.local_ca_cert_path, - ssl_verify: true, - ) - end - - it 'succeeds' do - connection - expect do - connection.connect! - end.not_to raise_error - end - end end end @@ -716,7 +615,7 @@ ssl: true, ssl_cert: SpecConfig.instance.client_pem_path, ssl_key: SpecConfig.instance.client_pem_path, - ssl_ca_cert: SpecConfig.instance.local_ca_cert_path, + ssl_ca_cert: SpecConfig.instance.ca_cert_path, ssl_verify: true, ) end @@ -734,7 +633,7 @@ let(:ssl_options) do super().merge( - :ssl_ca_cert => SpecConfig.instance.local_ca_cert_path + :ssl_ca_cert => SpecConfig.instance.ca_cert_path ).tap { |options| options.delete(:ssl_verify) } end @@ -748,7 +647,7 @@ let(:ssl_options) do super().merge( - :ssl_ca_cert => SpecConfig.instance.local_ca_cert_path, + :ssl_ca_cert => SpecConfig.instance.ca_cert_path, :ssl_verify => true ) end diff --git a/spec/support/spec_config.rb b/spec/support/spec_config.rb index 20588c1aa4..796db6f4a8 100644 --- a/spec/support/spec_config.rb +++ b/spec/support/spec_config.rb @@ -29,7 +29,7 @@ def initialize @connect_options = { connect: :direct } end if @uri_options[:ssl].nil? - @ssl = (ENV['SSL'] == 'ssl') || (ENV['SSL_ENABLED'] == 'true') + @ssl = (%w(yes ssl).include?(ENV['SSL'])) || (ENV['SSL_ENABLED'] == 'true') else @ssl = @uri_options[:ssl] end @@ -266,52 +266,82 @@ def ssl_certs_dir Pathname.new("#{spec_root}/support/certificates") end + def evergreen_certs_dir + Pathname.new("#{spec_root}/../.evergreen/x509gen") + end + def ocsp_files_dir Pathname.new("#{spec_root}/../.mod/drivers-evergreen-tools/.evergreen/ocsp") end - # TLS certificates & keys + # Evergreen cert paths - def local_client_key_path - "#{ssl_certs_dir}/client.key" + def evergreen_ca_pem_path + "#{evergreen_certs_dir}/ca.pem" end - def client_key_path - if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_KEY_PEM'] - ENV['DRIVER_TOOLS_CLIENT_KEY_PEM'] - else - local_client_key_path - end + def evergreen_client_pem_path + "#{evergreen_certs_dir}/client.pem" end - def local_client_cert_path - "#{ssl_certs_dir}/client.crt" + def evergreen_client_key_path + "#{evergreen_certs_dir}/client-private.pem" + end + + def evergreen_client_cert_path + "#{evergreen_certs_dir}/client-public.pem" + end + + def ca_cert_path + if drivers_tools? + evergreen_ca_pem_path + else + local_ca_cert_path + end end def client_cert_path - if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_CERT_PEM'] - ENV['DRIVER_TOOLS_CLIENT_CERT_PEM'] + if drivers_tools? + evergreen_client_pem_path else local_client_cert_path end end - def local_client_pem_path - if (algo = ENV['OCSP_ALGORITHM'])&.empty? - "#{ssl_certs_dir}/client.pem" + def client_key_path + if drivers_tools? + evergreen_client_key_path else - Pathname.new("#{spec_root}/support/ocsp/#{algo}/server.pem") + local_client_key_path end end def client_pem_path - if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_CERT_KEY_PEM'] - ENV['DRIVER_TOOLS_CLIENT_CERT_KEY_PEM'] + if drivers_tools? + evergreen_client_pem_path else local_client_pem_path end end + # Local TLS certificates & keys + + def local_client_key_path + "#{ssl_certs_dir}/client.key" + end + + def local_client_cert_path + "#{ssl_certs_dir}/client.crt" + end + + def local_client_pem_path + if (algo = ENV['OCSP_ALGORITHM'])&.empty? + "#{ssl_certs_dir}/client.pem" + else + Pathname.new("#{spec_root}/support/ocsp/#{algo}/server.pem") + end + end + def client_x509_pem_path "#{ssl_certs_dir}/client-x509.pem" end @@ -348,14 +378,6 @@ def local_ca_cert_path "#{ssl_certs_dir}/ca.crt" end - def ca_cert_path - if drivers_tools? && ENV['DRIVER_TOOLS_CA_PEM'] - ENV['DRIVER_TOOLS_CA_PEM'] - else - local_ca_cert_path - end - end - def multi_ca_path "#{ssl_certs_dir}/multi-ca.crt" end