chore(ci): add kerberos auth tests

NODE-876
mongodb · Aug 7, 2020 · 3cda5c4 · 3cda5c4
1 parent d3a1d54
commit 3cda5c4
Show file tree

Hide file tree

Showing 7 changed files with 166 additions and 454 deletions.
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -172,6 +172,15 @@ functions:
           rm -f ./prepare_atlas_connectivity.sh
 
           NODE_LTS_NAME='${NODE_LTS_NAME}' bash ${PROJECT_DIRECTORY}/.evergreen/run-atlas-tests.sh
+  run kerberos tests:
+    - command: shell.exec
+      type: test
+      params:
+        working_dir: src
+        script: |
+          KRB5_KEYTAB='${gssapi_auth_keytab_base64}' KRB5_PRINCIPAL='${gssapi_auth_principal}' \
+          MONGODB_URI='${gssapi_auth_mongodb_uri}' \
+          NODE_LTS_NAME='${NODE_LTS_NAME}' bash ${PROJECT_DIRECTORY}/.evergreen/run-kerberos-tests.sh
   run ldap tests:
     - command: shell.exec
       type: test
@@ -1065,6 +1074,20 @@ tasks:
     commands:
       - func: install dependencies
       - func: run atlas tests
+  - name: test-auth-kerberos
+    tags:
+      - auth
+      - kerberos
+    commands:
+      - func: install dependencies
+      - func: run kerberos tests
+  - name: test-auth-ldap
+    tags:
+      - auth
+      - ldap
+    commands:
+      - func: install dependencies
+      - func: run ldap tests
   - name: test-tls-support
     tags:
       - tls-support
@@ -1076,13 +1099,6 @@ tasks:
           VERSION: latest
           TOPOLOGY: server
       - func: run tls tests
-  - name: test-auth-ldap
-    tags:
-      - auth
-      - ldap
-    commands:
-      - func: install dependencies
-      - func: run ldap tests
   - name: test-latest-ocsp-valid-cert-server-staples
     tags:
       - ocsp
@@ -1377,8 +1393,9 @@ buildvariants:
       - test-2.6-replica_set-unified
       - test-2.6-sharded_cluster-unified
       - test-atlas-connectivity
-      - test-tls-support
+      - test-auth-kerberos
       - test-auth-ldap
+      - test-tls-support
       - test-latest-ocsp-valid-cert-server-staples
       - test-latest-ocsp-invalid-cert-server-staples
       - test-latest-ocsp-valid-cert-server-does-not-staple
@@ -1490,6 +1507,7 @@ buildvariants:
       - test-2.6-replica_set-unified
       - test-2.6-sharded_cluster-unified
       - test-atlas-connectivity
+      - test-auth-kerberos
       - test-auth-ldap
   - name: ubuntu-14.04-dubnium
     display_name: Ubuntu 14.04 Node Dubnium
@@ -1565,8 +1583,9 @@ buildvariants:
       - test-3.2-replica_set-unified
       - test-3.2-sharded_cluster-unified
       - test-atlas-connectivity
-      - test-tls-support
+      - test-auth-kerberos
       - test-auth-ldap
+      - test-tls-support
       - test-latest-ocsp-valid-cert-server-staples
       - test-latest-ocsp-invalid-cert-server-staples
       - test-latest-ocsp-valid-cert-server-does-not-staple

diff --git a/.evergreen/config.yml.in b/.evergreen/config.yml.in
@@ -211,6 +211,16 @@ functions:
 
           NODE_LTS_NAME='${NODE_LTS_NAME}' bash ${PROJECT_DIRECTORY}/.evergreen/run-atlas-tests.sh
 
+  "run kerberos tests":
+    - command: shell.exec
+      type: test
+      params:
+        working_dir: src
+        script: |
+          KRB5_KEYTAB='${gssapi_auth_keytab_base64}' KRB5_PRINCIPAL='${gssapi_auth_principal}' \
+          MONGODB_URI='${gssapi_auth_mongodb_uri}' \
+          NODE_LTS_NAME='${NODE_LTS_NAME}' bash ${PROJECT_DIRECTORY}/.evergreen/run-kerberos-tests.sh
+
   "run ldap tests":
     - command: shell.exec
       type: test

diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js
@@ -106,11 +106,21 @@ TASKS.push(
   {
     name: 'test-atlas-connectivity',
     tags: ['atlas-connect'],
+    commands: [{ func: 'install dependencies' }, { func: 'run atlas tests' }]
+  },
+  {
+    name: 'test-auth-kerberos',
+    tags: ['auth', 'kerberos'],
     commands: [
       { func: 'install dependencies' },
-      { func: 'run atlas tests' }
+      { func: 'run kerberos tests' }
     ]
   },
+  {
+    name: 'test-auth-ldap',
+    tags: ['auth', 'ldap'],
+    commands: [{ func: 'install dependencies' }, { func: 'run ldap tests' }]
+  },
   {
     name: 'test-tls-support',
     tags: ['tls-support'],
@@ -126,11 +136,6 @@ TASKS.push(
       },
       { func: 'run tls tests' }
     ]
-  },
-  {
-    name: 'test-auth-ldap',
-    tags: ['auth', 'ldap'],
-    commands: [{ func: 'install dependencies' }, { func: 'run ldap tests' }]
   }
 );
 

diff --git a/.evergreen/run-kerberos-tests.sh b/.evergreen/run-kerberos-tests.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -o errexit  # Exit the script with error if any of the commands fail
+
+export PROJECT_DIRECTORY="$(pwd)"
+NODE_ARTIFACTS_PATH="${PROJECT_DIRECTORY}/node-artifacts"
+export NVM_DIR="${NODE_ARTIFACTS_PATH}/nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+
+# set up keytab
+mkdir -p "$(pwd)/.evergreen"
+touch "$(pwd)/.evergreen/krb5.conf.empty"
+export KRB5_CONFIG="$(pwd)/.evergreen/krb5.conf.empty"
+echo "Writing keytab"
+# DON'T PRINT KEYTAB TO STDOUT
+set +o verbose
+if [[ "$OSTYPE" == "darwin"* ]]; then
+    echo ${KRB5_KEYTAB} | base64 -D > "$(pwd)/.evergreen/drivers.keytab"
+else
+    echo ${KRB5_KEYTAB} | base64 -d > "$(pwd)/.evergreen/drivers.keytab"
+fi
+echo "Running kinit"
+kinit -k -t "$(pwd)/.evergreen/drivers.keytab" -p ${KRB5_PRINCIPAL}
+
+npm install kerberos
+npm run check:kerberos
+
+# destroy ticket
+kdestroy
diff --git a/package.json b/package.json
@@ -65,8 +65,9 @@
   },
   "scripts": {
     "atlas": "mocha --opts '{}' ./test/manual/atlas_connectivity.test.js",
-    "check:tls": "mocha --opts '{}' test/manual/tls_support.test.js",
+    "check:kerberos": "mocha --opts '{}' test/manual/kerberos.test.js",
     "check:ldap": "mocha --opts '{}' test/manual/ldap.test.js",
+    "check:tls": "mocha --opts '{}' test/manual/tls_support.test.js",
     "test": "npm run lint && mocha --recursive test/functional test/unit test/core",
     "test-nolint": "mocha --recursive test/functional test/unit test/core",
     "coverage": "istanbul cover mongodb-test-runner -- -t 60000 test/core test/unit test/functional",