Combined Database backend: Add Static Account support to MongoDB (#7003)

* Implement SetCredentials for MongoDB, adding support for static accounts * rework SetCredentials to split from CreateUser, and to parse the url for database * Add integration test for mongodb static account rotation * check the length of the password results to avoid out-of-bounds * remove unused method * use the pre-existing test helper for this. Add parse method to helper * remove unused command
2025-10-31 18:48:08 +00:00 · 2019-07-05 13:57:01 -05:00
parent 27e295ace8
commit 30de18eb23
7 changed files with 388 additions and 22 deletions
--- a/plugins/database/mongodb/mongodb_test.go
+++ b/plugins/database/mongodb/mongodb_test.go
@@ -165,3 +165,78 @@ func testCredsExist(t testing.TB, connURL, username, password string) error {
 	session.SetSocketTimeout(1 * time.Minute)
 	return session.Ping()
 }
+
+func TestMongoDB_SetCredentials(t *testing.T) {
+	cleanup, connURL := mongodb.PrepareTestContainer(t, "latest")
+	defer cleanup()
+
+	// The docker test method PrepareTestContainer defaults to a database "test"
+	// if none is provided
+	connURL = connURL + "/test"
+	connectionDetails := map[string]interface{}{
+		"connection_url": connURL,
+	}
+
+	db := new()
+	_, err := db.Init(context.Background(), connectionDetails, true)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	// create the database user in advance, and test the connection
+	dbUser := "testmongouser"
+	startingPassword := "password"
+	testCreateDBUser(t, connURL, dbUser, startingPassword)
+	if err := testCredsExist(t, connURL, dbUser, startingPassword); err != nil {
+		t.Fatalf("Could not connect with new credentials: %s", err)
+	}
+
+	newPassword, err := db.GenerateCredentials(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	usernameConfig := dbplugin.StaticUserConfig{
+		Username: dbUser,
+		Password: newPassword,
+	}
+
+	username, password, err := db.SetCredentials(context.Background(), dbplugin.Statements{}, usernameConfig)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if err := testCredsExist(t, connURL, username, password); err != nil {
+		t.Fatalf("Could not connect with new credentials: %s", err)
+	}
+	// confirm the original creds used to set still work (should be the same)
+	if err := testCredsExist(t, connURL, dbUser, newPassword); err != nil {
+		t.Fatalf("Could not connect with new credentials: %s", err)
+	}
+
+	if (dbUser != username) || (newPassword != password) {
+		t.Fatalf("username/password mismatch: (%s)/(%s) vs (%s)/(%s)", dbUser, username, newPassword, password)
+	}
+}
+
+func testCreateDBUser(t testing.TB, connURL, username, password string) {
+	dialInfo, err := parseMongoURL(connURL)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	session, err := mgo.DialWithInfo(dialInfo)
+	if err != nil {
+		t.Fatal(err)
+	}
+	session.SetSyncTimeout(1 * time.Minute)
+	session.SetSocketTimeout(1 * time.Minute)
+	mUser := mgo.User{
+		Username: username,
+		Password: password,
+	}
+
+	if err := session.DB(dialInfo.Database).UpsertUser(&mUser); err != nil {
+		t.Fatal(err)
+	}
+}