{ "tests": [ { "description": "should use the default source and mechanism", "uri": "mongodb://user:password@localhost", "valid": true, "credential": { "username": "user", "password": "password", "source": "admin", "mechanism": null, "mechanism_properties": null } }, { "description": "should use the database when no authSource is specified", "uri": "mongodb://user:password@localhost/foo", "valid": true, "credential": { "username": "user", "password": "password", "source": "foo", "mechanism": null, "mechanism_properties": null } }, { "description": "should use the authSource when specified", "uri": "mongodb://user:password@localhost/foo?authSource=bar", "valid": true, "credential": { "username": "user", "password": "password", "source": "bar", "mechanism": null, "mechanism_properties": null } }, { "description": "should recognise the mechanism (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": null, "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "mongodb" } } }, { "description": "should ignore the database (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/foo?authMechanism=GSSAPI", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": null, "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "mongodb" } } }, { "description": "should accept valid authSource (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authSource=$external", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": null, "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "mongodb" } } }, { "description": "should accept generic mechanism property (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forward,SERVICE_HOST:example.com", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": null, "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "other", "SERVICE_HOST": "example.com", "CANONICALIZE_HOST_NAME": "forward" } } }, { "description": "should accept forwardAndReverse hostname canonicalization (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forwardAndReverse", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": null, "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "other", "CANONICALIZE_HOST_NAME": "forwardAndReverse" } } }, { "description": "should accept no hostname canonicalization (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:none", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": null, "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "other", "CANONICALIZE_HOST_NAME": "none" } } }, { "description": "must raise an error when the hostname canonicalization is invalid", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:invalid", "valid": false }, { "description": "should accept the password (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI&authSource=$external", "valid": true, "credential": { "username": "user@DOMAIN.COM", "password": "password", "source": "$external", "mechanism": "GSSAPI", "mechanism_properties": { "SERVICE_NAME": "mongodb" } } }, { "description": "must raise an error when the authSource is empty", "uri": "mongodb://user:password@localhost/foo?authSource=", "valid": false }, { "description": "must raise an error when the authSource is empty without credentials", "uri": "mongodb://localhost/admin?authSource=", "valid": false }, { "description": "should throw an exception if authSource is invalid (GSSAPI)", "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authSource=foo", "valid": false }, { "description": "should throw an exception if no username (GSSAPI)", "uri": "mongodb://localhost/?authMechanism=GSSAPI", "valid": false }, { "description": "should recognize the mechanism (MONGODB-X509)", "uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509", "valid": true, "credential": { "username": "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry", "password": null, "source": "$external", "mechanism": "MONGODB-X509", "mechanism_properties": null } }, { "description": "should ignore the database (MONGODB-X509)", "uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509", "valid": true, "credential": { "username": "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry", "password": null, "source": "$external", "mechanism": "MONGODB-X509", "mechanism_properties": null } }, { "description": "should accept valid authSource (MONGODB-X509)", "uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509&authSource=$external", "valid": true, "credential": { "username": "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry", "password": null, "source": "$external", "mechanism": "MONGODB-X509", "mechanism_properties": null } }, { "description": "should recognize the mechanism with no username (MONGODB-X509)", "uri": "mongodb://localhost/?authMechanism=MONGODB-X509", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-X509", "mechanism_properties": null } }, { "description": "should recognize the mechanism with no username when auth source is explicitly specified (MONGODB-X509)", "uri": "mongodb://localhost/?authMechanism=MONGODB-X509&authSource=$external", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-X509", "mechanism_properties": null } }, { "description": "should throw an exception if supplied a password (MONGODB-X509)", "uri": "mongodb://user:password@localhost/?authMechanism=MONGODB-X509", "valid": false }, { "description": "should throw an exception if authSource is invalid (MONGODB-X509)", "uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509&authSource=bar", "valid": false }, { "description": "should recognize the mechanism (PLAIN)", "uri": "mongodb://user:password@localhost/?authMechanism=PLAIN", "valid": true, "credential": { "username": "user", "password": "password", "source": "$external", "mechanism": "PLAIN", "mechanism_properties": null } }, { "description": "should use the database when no authSource is specified (PLAIN)", "uri": "mongodb://user:password@localhost/foo?authMechanism=PLAIN", "valid": true, "credential": { "username": "user", "password": "password", "source": "foo", "mechanism": "PLAIN", "mechanism_properties": null } }, { "description": "should use the authSource when specified (PLAIN)", "uri": "mongodb://user:password@localhost/foo?authMechanism=PLAIN&authSource=bar", "valid": true, "credential": { "username": "user", "password": "password", "source": "bar", "mechanism": "PLAIN", "mechanism_properties": null } }, { "description": "should throw an exception if no username (PLAIN)", "uri": "mongodb://localhost/?authMechanism=PLAIN", "valid": false }, { "description": "should recognize the mechanism (SCRAM-SHA-1)", "uri": "mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-1", "valid": true, "credential": { "username": "user", "password": "password", "source": "admin", "mechanism": "SCRAM-SHA-1", "mechanism_properties": null } }, { "description": "should use the database when no authSource is specified (SCRAM-SHA-1)", "uri": "mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-1", "valid": true, "credential": { "username": "user", "password": "password", "source": "foo", "mechanism": "SCRAM-SHA-1", "mechanism_properties": null } }, { "description": "should accept valid authSource (SCRAM-SHA-1)", "uri": "mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-1&authSource=bar", "valid": true, "credential": { "username": "user", "password": "password", "source": "bar", "mechanism": "SCRAM-SHA-1", "mechanism_properties": null } }, { "description": "should throw an exception if no username (SCRAM-SHA-1)", "uri": "mongodb://localhost/?authMechanism=SCRAM-SHA-1", "valid": false }, { "description": "should recognize the mechanism (SCRAM-SHA-256)", "uri": "mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-256", "valid": true, "credential": { "username": "user", "password": "password", "source": "admin", "mechanism": "SCRAM-SHA-256", "mechanism_properties": null } }, { "description": "should use the database when no authSource is specified (SCRAM-SHA-256)", "uri": "mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-256", "valid": true, "credential": { "username": "user", "password": "password", "source": "foo", "mechanism": "SCRAM-SHA-256", "mechanism_properties": null } }, { "description": "should accept valid authSource (SCRAM-SHA-256)", "uri": "mongodb://user:password@localhost/foo?authMechanism=SCRAM-SHA-256&authSource=bar", "valid": true, "credential": { "username": "user", "password": "password", "source": "bar", "mechanism": "SCRAM-SHA-256", "mechanism_properties": null } }, { "description": "should throw an exception if no username (SCRAM-SHA-256)", "uri": "mongodb://localhost/?authMechanism=SCRAM-SHA-256", "valid": false }, { "description": "URI with no auth-related info doesn't create credential", "uri": "mongodb://localhost/", "valid": true, "credential": null }, { "description": "database in URI path doesn't create credentials", "uri": "mongodb://localhost/foo", "valid": true, "credential": null }, { "description": "authSource without username doesn't create credential (default mechanism)", "uri": "mongodb://localhost/?authSource=foo", "valid": true, "credential": null }, { "description": "should throw an exception if no username provided (userinfo implies default mechanism)", "uri": "mongodb://@localhost.com/", "valid": false }, { "description": "should throw an exception if no username/password provided (userinfo implies default mechanism)", "uri": "mongodb://:@localhost.com/", "valid": false }, { "description": "should recognise the mechanism (MONGODB-AWS)", "uri": "mongodb://localhost/?authMechanism=MONGODB-AWS", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-AWS", "mechanism_properties": null } }, { "description": "should recognise the mechanism when auth source is explicitly specified (MONGODB-AWS)", "uri": "mongodb://localhost/?authMechanism=MONGODB-AWS&authSource=$external", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-AWS", "mechanism_properties": null } }, { "description": "should throw an exception if username and no password (MONGODB-AWS)", "uri": "mongodb://user@localhost/?authMechanism=MONGODB-AWS", "valid": false, "credential": null }, { "description": "should use username and password if specified (MONGODB-AWS)", "uri": "mongodb://user%21%40%23%24%25%5E%26%2A%28%29_%2B:pass%21%40%23%24%25%5E%26%2A%28%29_%2B@localhost/?authMechanism=MONGODB-AWS", "valid": true, "credential": { "username": "user!@#$%^&*()_+", "password": "pass!@#$%^&*()_+", "source": "$external", "mechanism": "MONGODB-AWS", "mechanism_properties": null } }, { "description": "should use username, password and session token if specified (MONGODB-AWS)", "uri": "mongodb://user:password@localhost/?authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:token%21%40%23%24%25%5E%26%2A%28%29_%2B", "valid": true, "credential": { "username": "user", "password": "password", "source": "$external", "mechanism": "MONGODB-AWS", "mechanism_properties": { "AWS_SESSION_TOKEN": "token!@#$%^&*()_+" } } }, { "description": "should throw an exception if username provided (MONGODB-AWS)", "uri": "mongodb://user@localhost.com/?authMechanism=MONGODB-AWS", "valid": false }, { "description": "should throw an exception if username and password provided (MONGODB-AWS)", "uri": "mongodb://user:pass@localhost.com/?authMechanism=MONGODB-AWS", "valid": false }, { "description": "should throw an exception if AWS_SESSION_TOKEN provided (MONGODB-AWS)", "uri": "mongodb://localhost/?authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:token", "valid": false }, { "description": "should recognise the mechanism with test environment (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "test" } } }, { "description": "should recognise the mechanism when auth source is explicitly specified and with environment (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authSource=$external&authMechanismProperties=ENVIRONMENT:test", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "test" } } }, { "description": "should throw an exception if supplied a password (MONGODB-OIDC)", "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test", "valid": false, "credential": null }, { "description": "should throw an exception if username is specified for test (MONGODB-OIDC)", "uri": "mongodb://principalName@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:test", "valid": false, "credential": null }, { "description": "should throw an exception if specified environment is not supported (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:invalid", "valid": false, "credential": null }, { "description": "should throw an exception if neither environment nor callbacks specified (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC", "valid": false, "credential": null }, { "description": "should throw an exception when unsupported auth property is specified (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=UnsupportedProperty:unexisted", "valid": false, "credential": null }, { "description": "should recognise the mechanism with azure provider (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "azure", "TOKEN_RESOURCE": "foo" } } }, { "description": "should accept a username with azure provider (MONGODB-OIDC)", "uri": "mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo", "valid": true, "credential": { "username": "user", "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "azure", "TOKEN_RESOURCE": "foo" } } }, { "description": "should accept a url-encoded TOKEN_RESOURCE (MONGODB-OIDC)", "uri": "mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:mongodb%3A%2F%2Ftest-cluster", "valid": true, "credential": { "username": "user", "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "azure", "TOKEN_RESOURCE": "mongodb://test-cluster" } } }, { "description": "should accept an un-encoded TOKEN_RESOURCE (MONGODB-OIDC)", "uri": "mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:mongodb://test-cluster", "valid": true, "credential": { "username": "user", "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "azure", "TOKEN_RESOURCE": "mongodb://test-cluster" } } }, { "description": "should handle a complicated url-encoded TOKEN_RESOURCE (MONGODB-OIDC)", "uri": "mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:abcd%25ef%3Ag%26hi", "valid": true, "credential": { "username": "user", "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "azure", "TOKEN_RESOURCE": "abcd%ef:g&hi" } } }, { "description": "should url-encode a TOKEN_RESOURCE (MONGODB-OIDC)", "uri": "mongodb://user@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:a$b", "valid": true, "credential": { "username": "user", "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "azure", "TOKEN_RESOURCE": "a$b" } } }, { "description": "should accept a username and throw an error for a password with azure provider (MONGODB-OIDC)", "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:foo", "valid": false, "credential": null }, { "description": "should throw an exception if no token audience is given for azure provider (MONGODB-OIDC)", "uri": "mongodb://username@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure", "valid": false, "credential": null }, { "description": "should recognise the mechanism with gcp provider (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "foo" } } }, { "description": "should throw an error for a username and password with gcp provider (MONGODB-OIDC)", "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:foo", "valid": false, "credential": null }, { "description": "should throw an error if not TOKEN_RESOURCE with gcp provider (MONGODB-OIDC)", "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp", "valid": false, "credential": null }, { "description": "should recognise the mechanism with k8s provider (MONGODB-OIDC)", "uri": "mongodb://localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s", "valid": true, "credential": { "username": null, "password": null, "source": "$external", "mechanism": "MONGODB-OIDC", "mechanism_properties": { "ENVIRONMENT": "k8s" } } }, { "description": "should throw an error for a username and password with k8s provider (MONGODB-OIDC)", "uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:k8s", "valid": false, "credential": null } ] }