From cfd8f9f01b77ead892fe0fac9f849a32ed30a416 Mon Sep 17 00:00:00 2001 From: Nikola Irinchev Date: Wed, 20 Nov 2024 17:46:29 +0100 Subject: [PATCH] Update some readmes, add an e2e task --- .github/workflows/cron-tasks.yml | 15 ++++------ README.md | 1 + packages/cli-repl/README.md | 1 + packages/cli-repl/src/arg-parser.ts | 1 + packages/cli-repl/src/constants.ts | 3 ++ packages/e2e-tests/test/e2e-oidc.spec.ts | 36 +++++++++++++++--------- packages/i18n/src/locales/en_US.ts | 1 + packages/mongosh/README.md | 1 + 8 files changed, 36 insertions(+), 23 deletions(-) diff --git a/.github/workflows/cron-tasks.yml b/.github/workflows/cron-tasks.yml index c31173809..18886cc6c 100644 --- a/.github/workflows/cron-tasks.yml +++ b/.github/workflows/cron-tasks.yml @@ -13,24 +13,24 @@ jobs: name: Update automatically generated files runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # don't checkout a detatched HEAD ref: ${{ github.head_ref }} # this is important so git log can pick up on # the whole history to generate the list of AUTHORS - fetch-depth: '0' + fetch-depth: "0" - name: Set up Git run: | git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v4 with: node-version: ^16.x - cache: 'npm' + cache: "npm" - name: Install npm@8 run: | @@ -50,7 +50,6 @@ jobs: run: | npm run update-authors git add AUTHORS \*/AUTHORS - git commit --no-allow-empty -m "chore: update AUTHORS" || true - name: Generate Error Documentation run: | @@ -58,25 +57,21 @@ jobs: mv error-overview.md error-overview.rst packages/errors/generated/ npm run reformat git add packages/errors/generated - git commit --no-allow-empty -m "chore: update error documentation" || true - name: Regenerate Evergreen Config run: | npm run update-evergreen-config git add .evergreen.yml - git commit --no-allow-empty -m "chore: update evergreen config" || true - name: Update Security Test Summary run: | npm run update-security-test-summary git add docs/security-test-summary.md - git commit --no-allow-empty -m "chore: update security test summary" || true - name: Regenerate CLI usage text in README files run: | npm run update-cli-usage-text packages/*/*.md *.md git add packages/*/*.md *.md - git commit --no-allow-empty -m "chore: update CLI usage text" || true - name: Create pull request id: cpr @@ -84,7 +79,7 @@ jobs: with: commit-message: Update auto-generated files branch: ci/cron-tasks-update-files - title: 'chore: update auto-generated files' + title: "chore: update auto-generated files" body: | - Update auto-generated files diff --git a/README.md b/README.md index 39e44bcf5..c2c9b146e 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,7 @@ variable. For detailed instructions for each of our supported platforms, please --oidcTrustedEndpoint Treat the cluster/database mongosh as a trusted endpoint --oidcIdTokenAsAccessToken Use ID tokens in place of access tokens for auth --oidcDumpTokens[=mode] Debug OIDC by printing tokens to mongosh's output [full|include-secrets] + --oidcNoNonce Don't send a nonce argument in the OIDC auth request DB Address Examples: diff --git a/packages/cli-repl/README.md b/packages/cli-repl/README.md index fdc86ab0d..777481885 100644 --- a/packages/cli-repl/README.md +++ b/packages/cli-repl/README.md @@ -75,6 +75,7 @@ of mongosh, visit https://www.mongodb.com/try/download/shell. --oidcTrustedEndpoint Treat the cluster/database mongosh as a trusted endpoint --oidcIdTokenAsAccessToken Use ID tokens in place of access tokens for auth --oidcDumpTokens[=mode] Debug OIDC by printing tokens to mongosh's output [full|include-secrets] + --oidcNoNonce Don't send a nonce argument in the OIDC auth request DB Address Examples: diff --git a/packages/cli-repl/src/arg-parser.ts b/packages/cli-repl/src/arg-parser.ts index 809639b22..6d6c9840f 100644 --- a/packages/cli-repl/src/arg-parser.ts +++ b/packages/cli-repl/src/arg-parser.ts @@ -65,6 +65,7 @@ const OPTIONS = { 'norc', 'oidcTrustedEndpoint', 'oidcIdTokenAsAccessToken', + 'oidcNoNonce', 'perfTests', 'quiet', 'retryWrites', diff --git a/packages/cli-repl/src/constants.ts b/packages/cli-repl/src/constants.ts index 1a1993977..94bfc5c37 100644 --- a/packages/cli-repl/src/constants.ts +++ b/packages/cli-repl/src/constants.ts @@ -152,6 +152,9 @@ export const USAGE = ` --oidcDumpTokens[=mode] ${i18n.__( 'cli-repl.args.oidcDumpTokens' )} + --oidcNoNonce ${i18n.__( + 'cli-repl.args.oidcNoNonce' + )} ${clr(i18n.__('cli-repl.args.dbAddressOptions'), 'mongosh:section-header')} diff --git a/packages/e2e-tests/test/e2e-oidc.spec.ts b/packages/e2e-tests/test/e2e-oidc.spec.ts index a8ddaa7f3..ba464f882 100644 --- a/packages/e2e-tests/test/e2e-oidc.spec.ts +++ b/packages/e2e-tests/test/e2e-oidc.spec.ts @@ -180,20 +180,30 @@ describe('OIDC auth e2e', function () { ); } - it('can successfully authenticate using OIDC Auth Code Flow', async function () { - shell = this.startTestShell({ - args: [ - await testServer.connectionString(), - '--authenticationMechanism=MONGODB-OIDC', - '--oidcRedirectUri=http://localhost:0/', - `--browser=${fetchBrowserFixture}`, - ], + for (const useNonce of [true, false]) { + describe(`with nonce=${useNonce}`, function () { + it('can successfully authenticate using OIDC Auth Code Flow', async function () { + const args = [ + await testServer.connectionString(), + '--authenticationMechanism=MONGODB-OIDC', + '--oidcRedirectUri=http://localhost:0/', + `--browser=${fetchBrowserFixture}`, + ]; + + if (!useNonce) { + args.push('--oidcNoNonce'); + } + + shell = this.startTestShell({ + args, + }); + await shell.waitForPrompt(); + + await verifyUser(shell, 'testuser', 'testServer-group'); + shell.assertNoErrors(); + }); }); - await shell.waitForPrompt(); - - await verifyUser(shell, 'testuser', 'testServer-group'); - shell.assertNoErrors(); - }); + } it('can successfully authenticate using OIDC Auth Code Flow when a username is specified', async function () { shell = this.startTestShell({ diff --git a/packages/i18n/src/locales/en_US.ts b/packages/i18n/src/locales/en_US.ts index c78a1da83..3e9478989 100644 --- a/packages/i18n/src/locales/en_US.ts +++ b/packages/i18n/src/locales/en_US.ts @@ -92,6 +92,7 @@ const translations: Catalog = { 'Use ID tokens in place of access tokens for auth', oidcDumpTokens: "Debug OIDC by printing tokens to mongosh's output [full|include-secrets]", + oidcNoNonce: "Don't send a nonce argument in the OIDC auth request", }, 'arg-parser': { 'unknown-option': 'Error parsing command line: unrecognized option:', diff --git a/packages/mongosh/README.md b/packages/mongosh/README.md index 5e86059b2..1a2c500f2 100644 --- a/packages/mongosh/README.md +++ b/packages/mongosh/README.md @@ -79,6 +79,7 @@ of mongosh, visit https://www.mongodb.com/try/download/shell. --oidcTrustedEndpoint Treat the cluster/database mongosh as a trusted endpoint --oidcIdTokenAsAccessToken Use ID tokens in place of access tokens for auth --oidcDumpTokens[=mode] Debug OIDC by printing tokens to mongosh's output [full|include-secrets] + --oidcNoNonce Don't send a nonce argument in the OIDC auth request DB Address Examples: