Skip to content

Commit

Permalink
feat(cli-repl): add experimental HTTP OIDC proxying capability MONGOS…
Browse files Browse the repository at this point in the history 
…H-1779 (#1995)

This is just an experiment, *not* a production-ready change with tests or
documentation, with the goal being to verify that an implementation of this
sort can satisfy specific customer needs.
  • Loading branch information
@addaleax
addaleax authored May 16, 2024
1 parent 5ec9eb3 commit fcc9bf4
Show file tree
Hide file tree
Showing 8 changed files with 272 additions and 159 deletions.
394 changes: 242 additions & 152 deletions package-lock.json
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion packages/arg-parser/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"mongodb-connection-string-url": "^3.0.1"
},
"devDependencies": {
"@mongodb-js/devtools-connect": "^2.6.2",
"@mongodb-js/devtools-connect": "^2.6.3",
"@mongodb-js/eslint-config-mongosh": "^1.0.0",
"@mongodb-js/prettier-config-devtools": "^1.0.1",
"@mongodb-js/tsconfig-mongosh": "^1.0.0",
Expand Down
1 change: 1 addition & 0 deletions packages/cli-repl/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@
"mongodb-log-writer": "^1.4.2",
"numeral": "^2.0.6",
"pretty-repl": "^4.0.1",
"proxy-agent": "^6.4.0",
"semver": "^7.5.4",
"strip-ansi": "^6.0.0",
"text-table": "^0.2.0",
Expand Down
7 changes: 5 additions & 2 deletions packages/cli-repl/src/cli-repl.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2447,7 +2447,10 @@ describe('CliRepl', function () {
cliRepl = new CliRepl(cliReplOptions);
await cliRepl.start('', {});

const o = await cliRepl.prepareOIDCOptions({} as any);
const o = await cliRepl.prepareOIDCOptions(
'mongodb://localhost/',
{} as any
);
expect(o.oidc?.allowedFlows).to.deep.equal(['auth-code']);
expect(o.oidc?.notifyDeviceFlow).to.be.a('function');
expect(o.authMechanismProperties).to.deep.equal({});
Expand All @@ -2470,7 +2473,7 @@ describe('CliRepl', function () {
let o: DevtoolsConnectOptions;
process.env.MONGOSH_OIDC_PARENT_HANDLE = 'foo-bar';
try {
o = await cliRepl.prepareOIDCOptions({} as any);
o = await cliRepl.prepareOIDCOptions('mongodb://localhost/', {} as any);
} finally {
delete process.env.MONGOSH_OIDC_PARENT_HANDLE;
}
Expand Down
21 changes: 20 additions & 1 deletion packages/cli-repl/src/cli-repl.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,7 @@ export class CliRepl implements MongoshIOProvider {
delete driverOptions.autoEncryption;
}

driverOptions = await this.prepareOIDCOptions(driverOptions);
driverOptions = await this.prepareOIDCOptions(driverUri, driverOptions);
markTime(TimingCategories.DriverSetup, 'prepared OIDC options');

let initialServiceProvider;
Expand Down Expand Up @@ -1143,6 +1143,7 @@ export class CliRepl implements MongoshIOProvider {

/** Adjust `driverOptionsIn` with OIDC-specific settings from this CLI instance. */
async prepareOIDCOptions(
driverUri: string,
driverOptionsIn: Readonly<DevtoolsConnectOptions>
): Promise<DevtoolsConnectOptions> {
const driverOptions = {
Expand All @@ -1165,6 +1166,24 @@ export class CliRepl implements MongoshIOProvider {
)}\nWaiting...\n`
);
};
if (process.env.MONGOSH_EXPERIMENTAL_OIDC_PROXY_SUPPORT) {
const ProxyAgent = (await import('proxy-agent')).ProxyAgent;
const tlsCAFile =
driverOptions.tlsCAFile ??
new ConnectionString(driverUri)
.typedSearchParams<DevtoolsConnectOptions>()
.get('tlsCAFile');
const ca = tlsCAFile ? await fs.readFile(tlsCAFile) : undefined;
driverOptions.oidc.customHttpOptions = (_url, opts) => {
if (ca && !opts.ca) {
opts = { ...opts, ca };
}
return {
...opts,
agent: new ProxyAgent({ ...opts }),
};
};
}

const [redirectURI, trustedEndpoints, browser] = await Promise.all([
this.getConfig('oidcRedirectURI'),
Expand Down
2 changes: 1 addition & 1 deletion packages/logging/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"node": ">=14.15.1"
},
"dependencies": {
"@mongodb-js/devtools-connect": "^2.6.2",
"@mongodb-js/devtools-connect": "^2.6.3",
"@mongosh/errors": "0.0.0-dev.0",
"@mongosh/history": "0.0.0-dev.0",
"@mongosh/types": "0.0.0-dev.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/service-provider-server/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
}
},
"dependencies": {
"@mongodb-js/devtools-connect": "^2.6.2",
"@mongodb-js/devtools-connect": "^2.6.3",
"@mongodb-js/oidc-plugin": "^0.4.0",
"@mongosh/errors": "0.0.0-dev.0",
"@mongosh/service-provider-core": "0.0.0-dev.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/types/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
"unitTestsOnly": true
},
"dependencies": {
"@mongodb-js/devtools-connect": "^2.6.2"
"@mongodb-js/devtools-connect": "^2.6.3"
},
"devDependencies": {
"@mongodb-js/eslint-config-mongosh": "^1.0.0",
Expand Down

0 comments on commit fcc9bf4

Please sign in to comment.