This is just a cleanup work to hide some of the private state of ReplSetTest so it is easier to encapsulate and add new logic. Also enables strict mode.
48 lines
2.0 KiB
JavaScript
48 lines
2.0 KiB
JavaScript
/**
|
|
* This test checks the upgrade path for mixed mode ssl
|
|
* from allowSSL up to requireSSL
|
|
*
|
|
* NOTE: This test is similar to upgrade_to_ssl_nossl.js in the
|
|
* sslSpecial test suite. This test uses ssl communication
|
|
* and therefore cannot test modes that do not allow ssl.
|
|
*/
|
|
|
|
load("jstests/ssl/libs/ssl_helpers.js");
|
|
|
|
// "sslAllowInvalidCertificates" is enabled to avoid hostname conflicts with our testing certs
|
|
var opts = {sslMode:"allowSSL",
|
|
sslPEMKeyFile: SERVER_CERT,
|
|
sslAllowInvalidCertificates: "",
|
|
sslAllowConnectionsWithoutCertificates: "",
|
|
sslCAFile: "jstests/libs/ca.pem"};
|
|
var rst = new ReplSetTest({ name: 'sslSet', nodes: 3, nodeOptions : opts });
|
|
rst.startSet();
|
|
rst.initiate();
|
|
|
|
var rstConn1 = rst.getPrimary();
|
|
rstConn1.getDB("test").a.insert({a:1, str:"TESTTESTTEST"});
|
|
assert.eq(1, rstConn1.getDB("test").a.count(), "Error interacting with replSet");
|
|
|
|
print("===== UPGRADE allowSSL -> preferSSL =====");
|
|
opts.sslMode = "preferSSL";
|
|
rst.upgradeSet(opts);
|
|
var rstConn2 = rst.getPrimary();
|
|
rstConn2.getDB("test").a.insert({a:2, str:"CHECKCHECK"});
|
|
assert.eq(2, rstConn2.getDB("test").a.count(), "Error interacting with replSet");
|
|
|
|
// Check that non-ssl connections can still be made
|
|
var canConnectNoSSL = runMongoProgram("mongo", "--port", rst.ports[0], "--eval", ";");
|
|
assert.eq(0, canConnectNoSSL, "non-SSL Connection attempt failed when it should succeed");
|
|
|
|
print("===== UPGRADE preferSSL -> requireSSL =====");
|
|
opts.sslMode = "requireSSL";
|
|
rst.upgradeSet(opts);
|
|
var rstConn3 = rst.getPrimary();
|
|
rstConn3.getDB("test").a.insert({a:3, str:"GREENEGGSANDHAM"});
|
|
assert.eq(3, rstConn3.getDB("test").a.count(), "Error interacting with replSet");
|
|
|
|
// Check that ssl connections can be made
|
|
var canConnectSSL = runMongoProgram("mongo", "--port", rst.ports[0],
|
|
"--ssl", "--sslAllowInvalidCertificates", "--eval", ";");
|
|
assert.eq(0, canConnectSSL, "SSL Connection attempt failed when it should succeed");
|