Skip to content

Commit

Permalink
DRIVERS-2836 OIDC: More Clarification and Test Cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@blink1073
blink1073 committed May 3, 2024
1 parent e6d1c0e commit bcf3d72
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 3 deletions.
5 changes: 4 additions & 1 deletion source/auth/auth.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1393,7 +1393,7 @@ use asynchronous functions.
Drivers MUST provide a way for the callback to be either automatically canceled, or to cancel itself. This can be as a
timeout argument to the callback, a cancellation context passed to the callback, or some other language-appropriate
mechanism. The timeout value MUST be `min(remaining connectTimeoutMS, remaining timeoutMS)` as described in the Server
Selection section of the CSOT spec.
Selection section of the CSOT spec. If CSOT is not applied, then the driver MUST use 1 minute as the timeout.

The driver MUST pass the following information to the callback:

Expand Down Expand Up @@ -2049,6 +2049,9 @@ to EC2 instance metadata in ECS, for security reasons, Amazon states it's best p

## Changelog

- 2024-05-03: Clarify timeout behavior for OIDC machine callback. Add `serverless:forbid` to OIDC unified tests. Add an
additional prose test for the behavior of `ALLOWED_HOSTS`.

- 2024-04-24: Clarify that TOKEN_RESOURCE for MONGODB-OIDC must be url-encoded.

- 2024-04-22: Fix API description for GCP built-in OIDC provider.
Expand Down
7 changes: 6 additions & 1 deletion source/auth/tests/mongodb-oidc.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ source the `secrets-export.sh` file and use the associated env variables in your
- Create an OIDC configured client with an OIDC callback and auth mechanism property `ENVIRONMENT:test`.
- Assert it returns a client configuration error.

**2.5 Invalid use of ALLOWED_HOSTS**

- Create an OIDC configured client with auth mechanism properties `{"ENVIRONMENT": "azure", "ALLOWED_HOSTS": []}`.
- Assert it returns a client configuration error.

### (3) Authentication Failure

**3.1 Authentication failure with cached tokens fetch a new token and retry auth**
Expand All @@ -96,7 +101,7 @@ source the `secrets-export.sh` file and use the associated env variables in your

**3.3 Unexpected error code does not clear the cache**

- Create a `MongoClient` with a human callback that returns a valid token.
- Create a `MongoClient` with an OIDC callback that returns a valid token.
- Set a fail point for `saslStart` commands of the form:

```javascript
Expand Down
3 changes: 2 additions & 1 deletion source/auth/tests/unified/mongodb-oidc-no-retry.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions source/auth/tests/unified/mongodb-oidc-no-retry.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ runOnRequirements:
- minServerVersion: "7.0"
auth: true
authMechanism: "MONGODB-OIDC"
serverless: forbid
createEntities:
- client:
id: &failPointClient failPointClient
Expand Down

0 comments on commit bcf3d72

Please sign in to comment.