From d002731185da651c62c17115ba83937eb20b1990 Mon Sep 17 00:00:00 2001
From: Rhys Howell <rhys.howell@mongodb.com>
Date: Mon, 18 Dec 2023 16:01:13 -0500
Subject: [PATCH] start mongodb with auth enabled to ensure we're testing it
 correctly

---
 docker/oidc/mock-oidc-provider/Dockerfile     |  5 ++-
 .../mock-oidc-provider/install-mongosh.sh     | 14 ++++++++
 .../oidc/mock-oidc-provider/start-server.sh   | 34 ++++++++++++++++++-
 3 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 docker/oidc/mock-oidc-provider/install-mongosh.sh

diff --git a/docker/oidc/mock-oidc-provider/Dockerfile b/docker/oidc/mock-oidc-provider/Dockerfile
index 79f64df..c00f67d 100644
--- a/docker/oidc/mock-oidc-provider/Dockerfile
+++ b/docker/oidc/mock-oidc-provider/Dockerfile
@@ -2,7 +2,8 @@ FROM mongodb/mongodb-enterprise-server:latest
 USER root
 RUN apt-get update && apt-get install -y \
     ca-certificates \
-    curl
+    curl jq netcat
+ARG TARGETARCH
 ARG NODE_VERSION=20.10.0
 ARG NODE_PACKAGE=node-v$NODE_VERSION-linux-arm64
 ARG NODE_HOME=/opt/$NODE_PACKAGE
@@ -10,6 +11,8 @@ ENV NODE_PATH $NODE_HOME/lib/node_modules
 ENV PATH $NODE_HOME/bin:$PATH
 RUN curl https://nodejs.org/dist/v$NODE_VERSION/$NODE_PACKAGE.tar.gz | tar -xzC /opt/
 RUN mkdir -p /tmp/mock-provider && cd /tmp/mock-provider && npm init -y && npm install @mongodb-js/oidc-mock-provider
+COPY install-mongosh.sh /install-mongosh.sh
+RUN bash install-mongosh.sh
 COPY start-server.sh /start-server.sh
 COPY oidc-mock-provider.js /tmp/mock-provider/oidc-mock-provider.js
 COPY proxy.js /tmp/mock-provider/proxy.js
diff --git a/docker/oidc/mock-oidc-provider/install-mongosh.sh b/docker/oidc/mock-oidc-provider/install-mongosh.sh
new file mode 100644
index 0000000..13e460e
--- /dev/null
+++ b/docker/oidc/mock-oidc-provider/install-mongosh.sh
@@ -0,0 +1,14 @@
+set -e
+
+if [ "$TARGETARCH" = "arm64" ];
+  then export BUILT_MONGOSH_ARCH=arm64;
+  else export BUILT_MONGOSH_ARCH=amd64;
+fi
+
+LATEST_MONGOSH_VERSION=$(curl https://info-mongodb-com.s3.amazonaws.com/com-download-center/mongosh.json | jq -r '.versions[0]._id')
+
+echo "Building for $TARGETARCH"
+echo "mongosh arch: ${BUILT_MONGOSH_ARCH}"
+curl -f "https://downloads.mongodb.com/compass/mongodb-mongosh_${LATEST_MONGOSH_VERSION}_${BUILT_MONGOSH_ARCH}.deb" > "/mongodb-mongosh.deb"
+dpkg -i "mongodb-mongosh.deb"
+mongosh --version
diff --git a/docker/oidc/mock-oidc-provider/start-server.sh b/docker/oidc/mock-oidc-provider/start-server.sh
index 5878624..18053f1 100755
--- a/docker/oidc/mock-oidc-provider/start-server.sh
+++ b/docker/oidc/mock-oidc-provider/start-server.sh
@@ -8,10 +8,42 @@ echo Waiting to make sure that oidc mock provider and proxy are running
 until $(curl --output /dev/null --silent --head --fail http://localhost:$OIDC_PROVIDER_PROXY_PORT/.well-known/openid-configuration); do
     sleep 0.3
 done
+
+echo Setting up user roles
+# Start the server (without auth).
+# This is original mongodb/mongodb-enterprise-server entrypoint
+python3 /usr/local/bin/docker-entrypoint.py \
+    --setParameter authenticationMechanisms="MONGODB-OIDC" \
+    --setParameter enableTestCommands="true" \
+    --setParameter oidcIdentityProviders="$OIDC_IDENTITY_PROVIDERS" > /dev/null &
+MDB_PID="$!"
+
+# Wait for the mongodb server to start.
+# sleep 5
+until nc -z localhost 27017; do
+    sleep 1
+done
+
+# Creates the OIDC user role in the database.
+mongosh "mongodb://localhost:27017/admin" --eval "JSON.stringify(db.createRole({ role: \"dev/groups\", privileges: [ ], roles: [ \"dbOwner\" ] }));"
+
+# Stop the no auth database (we re-start it with auth enabled next).
+echo Stopping no-auth server pid $MDB_PID
+kill $MDB_PID
+
+pkill mongod
+
+# Wait for the mongodb server to shut down.
+# sleep 15
+until ! nc -z localhost 27017; do
+    sleep 1
+done
+
 echo Starting server
 OIDC_IDENTITY_PROVIDERS="[$(curl --fail http://localhost:29091/server-oidc-config)]"
 # This is original mongodb/mongodb-enterprise-server entrypoint
 python3 /usr/local/bin/docker-entrypoint.py \
-    --setParameter authenticationMechanisms="SCRAM-SHA-256,MONGODB-OIDC" \
+    --setParameter authenticationMechanisms="MONGODB-OIDC" \
     --setParameter enableTestCommands="true" \
+    --auth \
     --setParameter oidcIdentityProviders="$OIDC_IDENTITY_PROVIDERS"