Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-5549

Allow setting TLS CRL through connection string

    • 3
    • Needed
    • Hide

      Review the ticket description for general accuracy and completeness

      • Bug - Confirm that the bug still exists
      • Task / Feature / Improvement - Ensure every section of the template is filled out and makes sense
      • Build failure - Investigate and confirm the cause of the build failure
      • Spec change - Check whether any more recent changes have been made to the spec that might affect the implementation requirements

      What is the expected behavior?

      • What do the official driver or server docs currently say about this functionality?
        • What should they say?
          • If revisions or additions are needed, mark the ticket as docs changes needed and fill out the doc changes form
      • What do our api or readme docs currently say about this functionality?
        • What should they say?
        • Capture any revisions or additions in the ticket documentation AC
      • If applicable, what does the common drivers spec say? (Note: your kickoff partner should independently review the spec)
        • Are any clarifications or revisions needed?
      • If applicable, what do other drivers do?
        • If there is no common spec, is a common spec needed?
      • What should the behavior be?
      • Update the ticket description and implementation requirements as needed

      Review and address any unknowns explicitly called out in the ticket

      What will be the impact on users?

      • Who will be impacted?
      • Why might users care about this change?
      • Capture relevant detail in the "User Impact" section of the ticket description

      What will be the impact on any downstream projects? (e.g., shell, mongoose)

      • Update follow up requirements and create subtasks for follow up or coordination actions

      What variables affect the feature in question?

      • Server versions
      • Deployment types
      • Auth settings
      • Server and client configuration options
      • Specific apis / api options
      • Runtime or bundler settings
      • Special sequences of operations
      • Any other special conditions

      How should all the identified variables be tested?

      • Identify happy path and error case combinations of variables
        • Given [variables], when [action is performed], [feature] should [behave in the expected way]
      • How will we achieve the necessary coverage for these cases?
        • Automated spec tests?
          • Are there test runner changes required?
          • How up to date are our current tests and runners?
        • New integration or prose tests?
        • Unit tests?
      • Will we need to modify any existing tests?
      • Is there technical debt that will affect the implementation of new or existing tests?
      • Do we have the necessary tooling infrastructure already in place for any new tests?
      • Update test requirements on the ticket to reflect reality
      • Create subtasks for any testing groundwork that can happen independently of the implementation

      What is the scope of the code changes?

      • List the code bases and the areas of each code base that will need changes
      • Is there technical debt in any of these areas that will affect the implementation?
      • Identify any existing adjacent functionality that could be impacted by these changes
        • Is there sufficient existing test coverage for the adjacent functionality?
          • Update ticket test AC and create subtask(s) to cover existing functionality if coverage is missing
      • If multiple libraries are affected, determine the order in which changes need to go in
      • Create subtasks for the implementation (at least one per affected codebase)

      What is the expected impact on performance?

      • Do we have existing performance coverage for the affected areas?
      • Do we need to add new coverage?
        • Update ticket test AC and create subtask(s) as needed

      Consider backport requirements

      • Should this be backported?
      • What would be the cost of a backport?

      Is the metadata of this ticket accurate and complete?

      • Double check the acceptance criteria to ensure it accurately captures the expected behavior, test, and follow-up requirements
      • Double check the documentation requirements
      • Double check the task breakdown to ensure it covers all actionable items in the ticket AC
      Show
      Review the ticket description for general accuracy and completeness Bug - Confirm that the bug still exists Task / Feature / Improvement - Ensure every section of the template is filled out and makes sense Build failure - Investigate and confirm the cause of the build failure Spec change - Check whether any more recent changes have been made to the spec that might affect the implementation requirements What is the expected behavior? What do the official driver or server docs currently say about this functionality? What should they say? If revisions or additions are needed, mark the ticket as docs changes needed and fill out the doc changes form What do our api or readme docs currently say about this functionality? What should they say? Capture any revisions or additions in the ticket documentation AC If applicable, what does the common drivers spec say? (Note: your kickoff partner should independently review the spec) Are any clarifications or revisions needed? If applicable, what do other drivers do? If there is no common spec, is a common spec needed? What should the behavior be? Update the ticket description and implementation requirements as needed Review and address any unknowns explicitly called out in the ticket What will be the impact on users? Who will be impacted? Why might users care about this change? Capture relevant detail in the "User Impact" section of the ticket description What will be the impact on any downstream projects? (e.g., shell, mongoose) Update follow up requirements and create subtasks for follow up or coordination actions What variables affect the feature in question? Server versions Deployment types Auth settings Server and client configuration options Specific apis / api options Runtime or bundler settings Special sequences of operations Any other special conditions How should all the identified variables be tested? Identify happy path and error case combinations of variables Given [variables] , when [action is performed] , [feature] should [behave in the expected way] How will we achieve the necessary coverage for these cases? Automated spec tests? Are there test runner changes required? How up to date are our current tests and runners? New integration or prose tests? Unit tests? Will we need to modify any existing tests? Is there technical debt that will affect the implementation of new or existing tests? Do we have the necessary tooling infrastructure already in place for any new tests? Update test requirements on the ticket to reflect reality Create subtasks for any testing groundwork that can happen independently of the implementation What is the scope of the code changes? List the code bases and the areas of each code base that will need changes Is there technical debt in any of these areas that will affect the implementation? Identify any existing adjacent functionality that could be impacted by these changes Is there sufficient existing test coverage for the adjacent functionality? Update ticket test AC and create subtask(s) to cover existing functionality if coverage is missing If multiple libraries are affected, determine the order in which changes need to go in Create subtasks for the implementation (at least one per affected codebase) What is the expected impact on performance? Do we have existing performance coverage for the affected areas? Do we need to add new coverage? Update ticket test AC and create subtask(s) as needed Consider backport requirements Should this be backported? What would be the cost of a backport? Is the metadata of this ticket accurate and complete? Double check the acceptance criteria to ensure it accurately captures the expected behavior, test, and follow-up requirements Double check the documentation requirements Double check the task breakdown to ensure it covers all actionable items in the ticket AC
    • Needed
    • Hide

      1. What would you like to communicate to the user about this feature?

      The driver has added a new option, tlsCRLFile in 6.0 that replaces the old `sslCRL` option in previous drivers.

      2. Would you like the user to see examples of the syntax and/or executable code and its output?

      If we have examples using CRLs in the docs they should be updated.

      3. Which versions of the driver/connector does this apply to?

      6.0

      Show
      1. What would you like to communicate to the user about this feature? The driver has added a new option, tlsCRLFile in 6.0 that replaces the old `sslCRL` option in previous drivers. 2. Would you like the user to see examples of the syntax and/or executable code and its output? If we have examples using CRLs in the docs they should be updated. 3. Which versions of the driver/connector does this apply to? 6.0

      Use Case

      As a... mongosh user or developer
      I want... to be able to specify a CRL file in the connection string
      So that... I can keep connecting the way I have done before the 6.x driver was being used

      User Impact

      NODE-5376 removed the sslCRL connection string option without a replacement. crl=... could be used, but would expect the file content as part of the connection string rather than a filename.

      Ideally, this option would match the other TLS options, and could be specified in a connection string parameter.

      Dependencies

      This is for mongosh --tlsCRLFile support.

      If this option is not available as part of the 6.0.0 driver release, mongosh will need to manually read the file specified in --tlsCRLFile, and users who specified it in the connection string will need to adjust their code to use the command line option.

      Unknowns

      • Why isn't there a drivers spec option for this? Should there be one?
        • Some driver SSL implementations do not support supplying a CRL
      • How do other drivers currently allow this to be set?
        • Python uses the same option, tlsCRLFile, php uses crl_file

      Acceptance Criteria

      Implementation Requirements

      • Determine an option name that is as consistent as possible with other drivers
      • Allow option to be passed in the URI & constructor to specify a crl file name
      • Read file contents async

      Testing Requirements

      • Unit tests at a minimum
      • Integration tests if possible

      Documentation Requirements

      • Update existing MongoDB manual docs
      • Update the tls options API docs table
      • Update 5.x api deprecation message for sslCrl to point to the new option

      Follow Up Requirements

      • N/A

            Assignee:
            durran.jordan@mongodb.com Durran Jordan
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: