prepare test environment

Author: idoqo

Makefile

@@ -109,7 +109,9 @@ test-cover: env              ## Run tests and collect cross-package coverage inf
 
 test-cluster: env           ## Starts MongoDB test cluster. Use env var TEST_MONGODB_IMAGE to set flavor and version. Example: TEST_MONGODB_IMAGE=mongo:3.6 make test-cluster
 	docker compose up --build -d
-	./docker/scripts/setup-pbm.sh
+	./docker/scripts/init-psmdb-kerberos.sh
+	./docker/scripts/init-pbm.sh
 
 test-cluster-clean: env     ## Stops MongoDB test cluster.
 	docker compose down --remove-orphans --volumes
+	rm -f ./docker/kerberos/cache/*

docker-compose.yml

@@ -265,7 +265,7 @@ services:
             - PORT2=27017
             - PORT3=27017
             - VERSION=${TEST_MONGODB_IMAGE}
-        entrypoint: [ "/scripts/init-shard.sh" ]
+        entrypoint: [ "/scripts/setup-shard.sh" ]
         restart: on-failure:20
 
     standalone:
@@ -317,12 +317,13 @@ services:
         container_name: psmdb-kerberos
         hostname: psmdb-kerberos
         ports:
-            - 27017:27017
+            - 29017:27017
         environment:
             - KRB5_KTNAME=/tmp/mongodb.keytab
             - KRB5CCNAME=/tmp/krb5cc_0
             - MONGO_INITDB_ROOT_USERNAME=admin
             - MONGO_INITDB_ROOT_PASSWORD=adminpassword
+            - MONGODB_HOST=psmdb-kerberos
         volumes:
             - ./docker/kerberos/conf/krb5.conf:/etc/krb5.conf
             - ./docker/scripts:/scripts

docker/scripts/setup-pbm.sh docker/scripts/init-pbm.shdocker/scripts/setup-pbm.sh renamed to docker/scripts/init-pbm.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker exec -it psmdb-kerberos bash -c '/scripts/setup-krb5-mongo.sh'

docker/scripts/init-psmdb-kerberos.sh

@@ -2,11 +2,24 @@
 
 username=${MONGO_INITDB_ROOT_USERNAME}
 password=${MONGO_INITDB_ROOT_PASSWORD}
-port=${PORT:-27017}
 
-docker exec ${KERBEROS_HOST} bash -c "kinit [email protected] -kt /tmp/mongodb.keytab"
+echo "Waiting for startup.."
+until mongosh --host 127.0.0.1:27017 -u ${username} -p ${password} --eval 'quit(db.runCommand({ ping: 1 }).ok ? 0 : 2)' &>/dev/null; do
+  printf '.'
+  sleep 1
+done
 
-#docker exec --user root ${MONGO_HOST} bash -c "chown -R mongodb:root /tmp/krb5cc_0"
-docker exec --user root ${MONGO_HOST} bash -c "chown -R mongodb:root /tmp/mongodb.keytab"
-docker exec ${MONGO_HOST} mongosh "${MONGO_HOST}:${port}" -u ${username} -p ${password} --eval ''
-db.getSiblingDB("$external").createUser({user: "[email protected]",roles: [{role: "read", db: "admin"}]});
+echo "Started.."
+
+# create role with anyAction on all resources (needed to allow exporter run execute commands)
+# create mongodb user using the same username as the kerberos principal
+mongosh --host 127.0.0.1:27017 -u ${username} -p ${password} <<EOF
+db.getSiblingDB("admin").createRole({
+  role: "anyAction",
+  privileges: [
+    { resource: { anyResource: true }, actions: [ "anyAction" ] }
+  ],
+  roles: []
+});
+db.getSiblingDB("\$external").createUser({user: "[email protected]",roles: [{role: "anyAction", db: "admin"}]});
+EOF

docker/scripts/setup-krb5-mongo.sh

@@ -12,7 +12,6 @@ cat > /etc/krb5.conf <<EOL
     dns_lookup_kdc = false
     ignore_acceptor_hostname = true
     rdns = false
-    noaddresses = TRUE
 [realms]
     PERCONATEST.COM = {
         kdc_ports = 88
@@ -27,13 +26,6 @@ EOL
 kdb5_util create -s -P password
 kadmin.local -q "addprinc -pw password root/admin"
 kadmin.local -q "addprinc -pw mongodb mongodb/${mongohost}"
-kadmin.local -q "addprinc -pw mongodb mongodb/${gateway_ip}"
 kadmin.local -q "addprinc -pw password1 pmm-test"
-
 kadmin.local -q "ktadd -k /tmp/mongodb.keytab mongodb/${mongohost}@PERCONATEST.COM"
-kadmin.local -q "ktadd -k /tmp/exporter.keytab mongodb/${gateway_ip}@PERCONATEST.COM"
-
-kadmin.local -q "ktadd -k /tmp/mongodb.keytab [email protected]"
-kadmin.local -q "ktadd -k /tmp/exporter.keytab [email protected]"
-
 krb5kdc -n

docker/scripts/setup-krb5-server.sh

@@ -36,7 +36,7 @@ done
 
 echo "Started.."
 
-echo init-shard.sh time now: `date +"%T" `
+echo setup-shard.sh time now: `date +"%T" `
 echo "Configuring sharding.."
 echo  "${RS1}/${mongodb11}:${PORT1},${mongodb12}:${PORT2},${mongodb13}:${PORT3}"
 echo  "${RS2}/${mongodb21}:${PORT1},${mongodb22}:${PORT2},${mongodb23}:${PORT3}"

docker/scripts/init-shard.sh docker/scripts/setup-shard.shdocker/scripts/init-shard.sh renamed to docker/scripts/setup-shard.sh

@@ -18,10 +18,12 @@ package exporter
 import (
 	"context"
 	"fmt"
+	"github.com/stretchr/testify/require"
 	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -197,6 +199,75 @@ func TestMongoS(t *testing.T) {
 	}
 }
 
+func TestMongoWithGSSAPI(t *testing.T) {
+	logger := logrus.New()
+
+	kerberosHost, err := tu.IpForContainer("kerberos")
+	require.NoError(t, err)
+	mongoHost, err := tu.IpForContainer("psmdb-kerberos")
+	require.NoError(t, err)
+
+	config := fmt.Sprintf(`
+[libdefaults]
+    default_realm = PERCONATEST.COM
+    forwardable = true
+    dns_lookup_realm = false
+    dns_lookup_kdc = false
+    ignore_acceptor_hostname = true
+    rdns = false
+[realms]
+    PERCONATEST.COM = {
+        kdc_ports = 88
+        kdc = %s
+    }
+[domain_realm]
+    .perconatest.com = PERCONATEST.COM
+    perconatest.com = PERCONATEST.COM
+    %s = PERCONATEST.COM
+`, kerberosHost, kerberosHost)
+
+	configFile, err := os.Create(t.TempDir() + "krb5.conf")
+	require.NoError(t, err)
+	_, err = configFile.WriteString(config)
+	require.NoError(t, err)
+
+	t.Setenv("KRB5_CONFIG", configFile.Name())
+	ctx := context.Background()
+
+	username := "pmm-test%40PERCONATEST.COM"
+	password := "password1"
+	uri := fmt.Sprintf("mongodb://%s:%s@%s:27017/?authSource=$external&authMechanism=GSSAPI", username, password, mongoHost)
+	exporterOpts := &Opts{
+		URI:            uri,
+		Logger:         logger,
+		CollectAll:     true,
+		GlobalConnPool: false,
+		DirectConnect:  true,
+	}
+
+	client, err := connect(ctx, exporterOpts)
+	assert.NoError(t, err)
+
+	e := New(exporterOpts)
+	nodeType, _ := getNodeType(ctx, client)
+	gc := newGeneralCollector(ctx, client, nodeType, e.opts.Logger)
+	r := e.makeRegistry(ctx, client, new(labelsGetterMock), *e.opts)
+
+	expected := strings.NewReader(fmt.Sprintf(`
+		# HELP mongodb_up Whether MongoDB is up.
+		# TYPE mongodb_up gauge
+		mongodb_up {cluster_role="mongod"} 1`) + "\n")
+
+	filter := []string{
+		"mongodb_up",
+	}
+	err = testutil.CollectAndCompare(gc, expected, filter...)
+	assert.NoError(t, err, "mongodb_up metric should be 1")
+
+	res := r.Unregister(gc)
+	assert.Equal(t, true, res)
+}
+
 func TestMongoUpMetric(t *testing.T) {
 	ctx := context.Background()
 

exporter/exporter_test.go

@@ -199,6 +199,19 @@ func PortForContainer(name string) (string, error) {
 	return ports[0].HostPort, nil
 }
 
+func IpForContainer(name string) (string, error) {
+	di, err := InspectContainer(name)
+	if err != nil {
+		return "", errors.Wrapf(err, "cannot get error for container %q", name)
+	}
+
+	if len(di) == 0 {
+		return "", errors.Wrapf(err, "cannot get error for container %q (empty array)", name)
+	}
+
+	return di[0].NetworkSettings.Networks.MongodbExporterDefault.IPAddress, nil
+}
+
 // SetupFakeResolver sets up Fake DNS server to resolve SRV records.
 func SetupFakeResolver() *mockdns.Server {
 	p1, err1 := strconv.ParseInt(GetenvDefault("TEST_MONGODB_S1_PRIMARY_PORT", "17001"), 10, 64)