Skip to content

Commit

Permalink
feat: add proxy support MONGOSH-1827 (#2123)
Browse files Browse the repository at this point in the history
This PR mostly just adds tests on top of the work done in devtools-shared.
  • Loading branch information
addaleax authored Aug 14, 2024
1 parent 320f674 commit 8401a73
Show file tree
Hide file tree
Showing 17 changed files with 1,015 additions and 528 deletions.
757 changes: 292 additions & 465 deletions package-lock.json

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion packages/arg-parser/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"mongodb-connection-string-url": "^3.0.1"
},
"devDependencies": {
"@mongodb-js/devtools-connect": "^3.2.2",
"@mongodb-js/devtools-connect": "^3.2.4",
"@mongodb-js/eslint-config-mongosh": "^1.0.0",
"@mongodb-js/prettier-config-devtools": "^1.0.1",
"@mongodb-js/tsconfig-mongosh": "^1.0.0",
Expand Down
3 changes: 2 additions & 1 deletion packages/cli-repl/.depcheckrc
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,6 @@ ignores:
- emphasize
- ipv6-normalize
- bindings
- system-ca
ignore-patterns:
- .eslintrc.js
- .eslintrc.js
2 changes: 1 addition & 1 deletion packages/cli-repl/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
}
},
"dependencies": {
"@mongodb-js/devtools-proxy-support": "^0.3.4",
"@mongosh/arg-parser": "0.0.0-dev.0",
"@mongosh/autocomplete": "0.0.0-dev.0",
"@mongosh/editor": "0.0.0-dev.0",
Expand All @@ -87,7 +88,6 @@
"mongodb-log-writer": "^1.4.2",
"numeral": "^2.0.6",
"pretty-repl": "^4.0.1",
"proxy-agent": "^6.4.0",
"semver": "^7.5.4",
"strip-ansi": "^6.0.0",
"text-table": "^0.2.0",
Expand Down
22 changes: 4 additions & 18 deletions packages/cli-repl/src/cli-repl.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1174,24 +1174,10 @@ export class CliRepl implements MongoshIOProvider {
)}\nWaiting...\n`
);
};
if (process.env.MONGOSH_EXPERIMENTAL_OIDC_PROXY_SUPPORT) {
const ProxyAgent = (await import('proxy-agent')).ProxyAgent;
const tlsCAFile =
driverOptions.tlsCAFile ??
new ConnectionString(driverUri)
.typedSearchParams<DevtoolsConnectOptions>()
.get('tlsCAFile');
const ca = tlsCAFile ? await fs.readFile(tlsCAFile) : undefined;
driverOptions.oidc.customHttpOptions = (_url, opts) => {
if (ca && !opts.ca) {
opts = { ...opts, ca };
}
return {
...opts,
agent: new ProxyAgent({ ...opts }),
};
};
}
driverOptions.proxy ??= {
useEnvironmentVariableProxies: true,
};
driverOptions.applyProxyToOIDC ??= true;

const [redirectURI, trustedEndpoints, browser] = await Promise.all([
this.getConfig('oidcRedirectURI'),
Expand Down
7 changes: 7 additions & 0 deletions packages/cli-repl/src/run.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import net from 'net';
import v8 from 'v8';
import { TimingCategories } from '@mongosh/types';
import './webpack-self-inspection';
import { systemCA } from '@mongodb-js/devtools-proxy-support';

// TS does not yet have type definitions for v8.startupSnapshot
if ((v8 as any)?.startupSnapshot?.isBuildingSnapshot?.()) {
Expand All @@ -41,6 +42,7 @@ if ((v8 as any)?.startupSnapshot?.isBuildingSnapshot?.()) {
require('emphasize'); // Dependency of pretty-repl
require('ipv6-normalize'); // Dependency of devtools-connect via os-dns-native
require('bindings'); // Used by various native dependencies but not a native dep itself
require('system-ca'); // Dependency of devtools-proxy-support

{
const console = require('console');
Expand Down Expand Up @@ -195,6 +197,11 @@ async function main() {
}
}

markTime(TimingCategories.Main, 'scheduling system-ca loading');
// asynchronously populate the system CA cache in devtools-proxy-support
systemCA().catch(() => undefined);
markTime(TimingCategories.Main, 'scheduled system-ca loading');

const connectionInfo = generateConnectionInfoFromCliArgs(options);
connectionInfo.driverOptions = {
...connectionInfo.driverOptions,
Expand Down
1 change: 1 addition & 0 deletions packages/e2e-tests/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
"@types/chai-as-promised": "^7.1.3",
"@types/node": "^14.14.6",
"@types/rimraf": "^3.0.0",
"bson": "^6.7.0",
"chai-as-promised": "^7.1.1",
"depcheck": "^1.4.3",
"eslint": "^7.25.0",
Expand Down
27 changes: 7 additions & 20 deletions packages/e2e-tests/test/e2e-oidc.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ import path from 'path';
import { expect } from 'chai';
import { createServer as createHTTPSServer } from 'https';
import { getCertPath, useTmpdir } from './repl-helpers';
import {
baseOidcServerConfig,
commonOidcServerArgs,
skipOIDCTestsDueToPlatformOrServerVersion,
} from './oidc-helpers';

/**
* @securityTest OIDC Authentication End-to-End Tests
Expand Down Expand Up @@ -47,17 +52,10 @@ describe('OIDC auth e2e', function () {
skipIfEnvServerVersion('< 7.0');

before(async function () {
if (
process.platform !== 'linux' ||
!process.env.MONGOSH_SERVER_TEST_VERSION ||
!process.env.MONGOSH_SERVER_TEST_VERSION.includes('-enterprise') ||
+process.version.slice(1).split('.')[0] < 16
) {
if (skipOIDCTestsDueToPlatformOrServerVersion()) {
// OIDC is only supported on Linux in the 7.0+ enterprise server,
// and we can't skip based on the dynamically detected server version because
// the OIDC config is something that needs to be available at server startup time.
// Our mock OIDC provider does not work with Node.js 14, so we also need to skip
// tests there.
return this.skip();
}

Expand Down Expand Up @@ -87,19 +85,8 @@ describe('OIDC auth e2e', function () {
]);
const serverOidcConfig = {
issuer: oidcMockProvider.issuer,
clientId: 'testServer',
requestScopes: ['mongodbGroups'],
authorizationClaim: 'groups',
audience: 'resource-server-audience-value',
authNamePrefix: 'dev',
...baseOidcServerConfig,
};
const commonOidcServerArgs = [
'--setParameter',
'authenticationMechanisms=SCRAM-SHA-256,MONGODB-OIDC',
// enableTestCommands allows using http:// issuers such as http://localhost
'--setParameter',
'enableTestCommands=true',
];
testServer = new MongoRunnerSetup('e2e-oidc-test1', {
args: [
'--setParameter',
Expand Down
Loading

0 comments on commit 8401a73

Please sign in to comment.