start mongodb with auth enabled to ensure we're testing it correctly

mongodb-js · Dec 18, 2023 · d002731 · d002731
1 parent 0799920
commit d002731
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 2 deletions.
diff --git a/docker/oidc/mock-oidc-provider/Dockerfile b/docker/oidc/mock-oidc-provider/Dockerfile
@@ -2,14 +2,17 @@ FROM mongodb/mongodb-enterprise-server:latest
 USER root
 RUN apt-get update && apt-get install -y \
     ca-certificates \
-    curl
+    curl jq netcat
+ARG TARGETARCH
 ARG NODE_VERSION=20.10.0
 ARG NODE_PACKAGE=node-v$NODE_VERSION-linux-arm64
 ARG NODE_HOME=/opt/$NODE_PACKAGE
 ENV NODE_PATH $NODE_HOME/lib/node_modules
 ENV PATH $NODE_HOME/bin:$PATH
 RUN curl https://nodejs.org/dist/v$NODE_VERSION/$NODE_PACKAGE.tar.gz | tar -xzC /opt/
 RUN mkdir -p /tmp/mock-provider && cd /tmp/mock-provider && npm init -y && npm install @mongodb-js/oidc-mock-provider
+COPY install-mongosh.sh /install-mongosh.sh
+RUN bash install-mongosh.sh
 COPY start-server.sh /start-server.sh
 COPY oidc-mock-provider.js /tmp/mock-provider/oidc-mock-provider.js
 COPY proxy.js /tmp/mock-provider/proxy.js

diff --git a/docker/oidc/mock-oidc-provider/install-mongosh.sh b/docker/oidc/mock-oidc-provider/install-mongosh.sh
@@ -0,0 +1,14 @@
+set -e
+
+if [ "$TARGETARCH" = "arm64" ];
+  then export BUILT_MONGOSH_ARCH=arm64;
+  else export BUILT_MONGOSH_ARCH=amd64;
+fi
+
+LATEST_MONGOSH_VERSION=$(curl https://info-mongodb-com.s3.amazonaws.com/com-download-center/mongosh.json | jq -r '.versions[0]._id')
+
+echo "Building for $TARGETARCH"
+echo "mongosh arch: ${BUILT_MONGOSH_ARCH}"
+curl -f "https://downloads.mongodb.com/compass/mongodb-mongosh_${LATEST_MONGOSH_VERSION}_${BUILT_MONGOSH_ARCH}.deb" > "/mongodb-mongosh.deb"
+dpkg -i "mongodb-mongosh.deb"
+mongosh --version
diff --git a/docker/oidc/mock-oidc-provider/start-server.sh b/docker/oidc/mock-oidc-provider/start-server.sh
@@ -8,10 +8,42 @@ echo Waiting to make sure that oidc mock provider and proxy are running
 until $(curl --output /dev/null --silent --head --fail http://localhost:$OIDC_PROVIDER_PROXY_PORT/.well-known/openid-configuration); do
     sleep 0.3
 done
+
+echo Setting up user roles
+# Start the server (without auth).
+# This is original mongodb/mongodb-enterprise-server entrypoint
+python3 /usr/local/bin/docker-entrypoint.py \
+    --setParameter authenticationMechanisms="MONGODB-OIDC" \
+    --setParameter enableTestCommands="true" \
+    --setParameter oidcIdentityProviders="$OIDC_IDENTITY_PROVIDERS" > /dev/null &
+MDB_PID="$!"
+
+# Wait for the mongodb server to start.
+# sleep 5
+until nc -z localhost 27017; do
+    sleep 1
+done
+
+# Creates the OIDC user role in the database.
+mongosh "mongodb://localhost:27017/admin" --eval "JSON.stringify(db.createRole({ role: \"dev/groups\", privileges: [ ], roles: [ \"dbOwner\" ] }));"
+
+# Stop the no auth database (we re-start it with auth enabled next).
+echo Stopping no-auth server pid $MDB_PID
+kill $MDB_PID
+
+pkill mongod
+
+# Wait for the mongodb server to shut down.
+# sleep 15
+until ! nc -z localhost 27017; do
+    sleep 1
+done
+
 echo Starting server
 OIDC_IDENTITY_PROVIDERS="[$(curl --fail http://localhost:29091/server-oidc-config)]"
 # This is original mongodb/mongodb-enterprise-server entrypoint
 python3 /usr/local/bin/docker-entrypoint.py \
-    --setParameter authenticationMechanisms="SCRAM-SHA-256,MONGODB-OIDC" \
+    --setParameter authenticationMechanisms="MONGODB-OIDC" \
     --setParameter enableTestCommands="true" \
+    --auth \
     --setParameter oidcIdentityProviders="$OIDC_IDENTITY_PROVIDERS"