File: kerberos_spec.rb

package info (click to toggle)
ruby-mongo 2.21.3-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 14,764 kB
  • sloc: ruby: 108,806; makefile: 5; sh: 2
file content (98 lines) | stat: -rw-r--r-- 2,225 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# frozen_string_literal: true
# rubocop:todo all

require 'lite_spec_helper'

describe 'kerberos authentication' do
  require_mongo_kerberos

  before(:all) do
    unless %w(1 yes true).include?(ENV['MONGO_RUBY_DRIVER_KERBEROS_INTEGRATION']&.downcase)
      skip "Set MONGO_RUBY_DRIVER_KERBEROS_INTEGRATION=1 in environment to run the Kerberos integration tests"
    end
  end

  def require_env_value(key)
    ENV[key].tap do |value|
      if value.nil? || value.empty?
        raise "Value for key #{key} is not present in environment as required"
      end
    end
  end

  after do
    client&.close
  end

  let(:user) do
   "#{require_env_value('SASL_USER')}%40#{realm}"
  end

  let(:host) do
    require_env_value('SASL_HOST')
  end

  let(:realm) do
    require_env_value('SASL_REALM')
  end

  let(:kerberos_db) do
    require_env_value('KERBEROS_DB')
  end

  let(:auth_source) do
    require_env_value('SASL_DB')
  end

  let(:uri) do
    uri = "mongodb://#{user}@#{host}/#{kerberos_db}?authMechanism=GSSAPI&authSource=#{auth_source}"
  end

  let(:client) do
    Mongo::Client.new(uri, server_selection_timeout: 6.31)
  end

  let(:doc) do
    client.database[:test].find.first
  end

  shared_examples_for 'correctly authenticates' do
    it 'correctly authenticates' do
      expect(doc['kerberos']).to eq(true)
      expect(doc['authenticated']).to eq('yeah')
    end
  end

  it_behaves_like 'correctly authenticates'

  context 'when host is lowercased' do
    let(:host) do
      require_env_value('SASL_HOST').downcase
    end

    it_behaves_like 'correctly authenticates'
  end

  context 'when host is uppercased' do
    let(:host) do
      require_env_value('SASL_HOST').upcase
    end

    it_behaves_like 'correctly authenticates'
  end

  context 'when canonicalize_host_name is true' do
    let(:host) do
      "#{require_env_value('IP_ADDR')}"
    end

    let(:uri) do
      uri = "mongodb://#{user}@#{host}/#{kerberos_db}?authMechanism=GSSAPI&authSource=#{auth_source}&authMechanismProperties=CANONICALIZE_HOST_NAME:true"
    end

    it 'correctly authenticates when using the IP' do
      expect(doc['kerberos']).to eq(true)
      expect(doc['authenticated']).to eq('yeah')
    end
  end
end