From 60bbae0c136904f2aac56a1c6c1a75d554030f83 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Thu, 6 Jul 2023 16:26:18 +0200 Subject: [PATCH 1/4] feat!(NODE-5376): remove deprecated ssl options --- src/connection_string.ts | 52 ------------------ src/mongo_client.ts | 55 ++++--------------- .../bson-options/ignore_undefined.test.js | 3 +- .../types/community/changes_from_36.test-d.ts | 11 ---- test/types/community/client.test-d.ts | 2 +- test/unit/mongo_client.test.js | 25 ++++----- 6 files changed, 23 insertions(+), 125 deletions(-) diff --git a/src/connection_string.ts b/src/connection_string.ts index ac8a3315f76..6b8effffc87 100644 --- a/src/connection_string.ts +++ b/src/connection_string.ts @@ -1096,50 +1096,6 @@ export const OPTIONS = { target: 'tls', type: 'boolean' }, - sslCA: { - deprecated: - 'sslCA is deprecated and will be removed in the next major version. Please use tlsCAFile instead.', - target: 'ca', - transform({ values: [value] }) { - return fs.readFileSync(String(value), { encoding: 'ascii' }); - } - }, - sslCRL: { - deprecated: - 'sslCRL is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', - target: 'crl', - transform({ values: [value] }) { - return fs.readFileSync(String(value), { encoding: 'ascii' }); - } - }, - sslCert: { - deprecated: - 'sslCert is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', - target: 'cert', - transform({ values: [value] }) { - return fs.readFileSync(String(value), { encoding: 'ascii' }); - } - }, - sslKey: { - deprecated: - 'sslKey is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', - target: 'key', - transform({ values: [value] }) { - return fs.readFileSync(String(value), { encoding: 'ascii' }); - } - }, - sslPass: { - deprecated: - 'sslPass is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFilePassword instead.', - target: 'passphrase', - type: 'string' - }, - sslValidate: { - deprecated: - 'sslValidate is deprecated and will be removed in the next major version. Please use tlsAllowInvalidCertificates instead.', - target: 'rejectUnauthorized', - type: 'boolean' - }, tls: { type: 'boolean' }, @@ -1163,14 +1119,6 @@ export const OPTIONS = { return fs.readFileSync(String(value), { encoding: 'ascii' }); } }, - tlsCertificateFile: { - deprecated: - 'tlsCertificateFile is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', - target: 'cert', - transform({ values: [value] }) { - return fs.readFileSync(String(value), { encoding: 'ascii' }); - } - }, tlsCertificateKeyFile: { target: 'key', transform({ values: [value] }) { diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 95fc229ab5f..027092d2c93 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -108,11 +108,6 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC tls?: boolean; /** A boolean to enable or disables TLS/SSL for the connection. (The ssl option is equivalent to the tls option.) */ ssl?: boolean; - /** - * Specifies the location of a local TLS Certificate - * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. - */ - tlsCertificateFile?: string; /** Specifies the location of a local .pem file that contains either the client's TLS/SSL certificate and key or only the client's TLS/SSL key when tlsCertificateFile is used to provide the certificate. */ tlsCertificateKeyFile?: string; /** Specifies the password to de-crypt the tlsCertificateKeyFile. */ @@ -211,36 +206,6 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC * @see https://www.mongodb.com/docs/manual/reference/write-concern/ */ writeConcern?: WriteConcern | WriteConcernSettings; - /** - * Validate mongod server certificate against Certificate Authority - * @deprecated Will be removed in the next major version. Please use tlsAllowInvalidCertificates instead. - */ - sslValidate?: boolean; - /** - * SSL Certificate file path. - * @deprecated Will be removed in the next major version. Please use tlsCAFile instead. - */ - sslCA?: string; - /** - * SSL Certificate file path. - * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. - */ - sslCert?: string; - /** - * SSL Key file file path. - * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. - */ - sslKey?: string; - /** - * SSL Certificate pass phrase. - * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFilePassword instead. - */ - sslPass?: string; - /** - * SSL Certificate revocation list file path. - * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. - */ - sslCRL?: string; /** TCP Connection no delay */ noDelay?: boolean; /** @deprecated TCP Connection keep alive enabled. Will not be able to turn off in the future. */ @@ -805,16 +770,16 @@ export interface MongoOptions * * ### Additional options: * - * | nodejs native option | driver spec compliant option name | legacy option name | driver option type | - * |:----------------------|:----------------------------------------------|:-------------------|:-------------------| - * | `ca` | `tlsCAFile` | `sslCA` | `string` | - * | `crl` | N/A | `sslCRL` | `string` | - * | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` | - * | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` | - * | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` | - * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` | - * | `checkServerIdentity` | `tlsAllowInvalidHostnames` | N/A | `boolean` | - * | see note below | `tlsInsecure` | N/A | `boolean` | + * | nodejs native option | driver spec compliant option name | driver option type | + * |:----------------------|:----------------------------------------------|:-------------------| + * | `ca` | `tlsCAFile` | `string` | + * | `crl` | N/A | `string` | + * | `cert` | `tlsCertificateKeyFile` | `string` | + * | `key` | `tlsCertificateKeyFile` | `string` | + * | `passphrase` | `tlsCertificateKeyFilePassword` | `string` | + * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `boolean` | + * | `checkServerIdentity` | `tlsAllowInvalidHostnames` | `boolean` | + * | see note below | `tlsInsecure` | `boolean` | * * If `tlsInsecure` is set to `true`, then it will set the node native options `checkServerIdentity` * to a no-op and `rejectUnauthorized` to `false`. diff --git a/test/integration/node-specific/bson-options/ignore_undefined.test.js b/test/integration/node-specific/bson-options/ignore_undefined.test.js index eb342e1121a..f1d70b89260 100644 --- a/test/integration/node-specific/bson-options/ignore_undefined.test.js +++ b/test/integration/node-specific/bson-options/ignore_undefined.test.js @@ -56,8 +56,7 @@ describe('Ignore Undefined', function () { const client = configuration.newClient( {}, { - ignoreUndefined: true, - sslValidate: false + ignoreUndefined: true } ); diff --git a/test/types/community/changes_from_36.test-d.ts b/test/types/community/changes_from_36.test-d.ts index 0b21702fc5e..2cb706b9f5e 100644 --- a/test/types/community/changes_from_36.test-d.ts +++ b/test/types/community/changes_from_36.test-d.ts @@ -25,16 +25,6 @@ expectNotType(options.readPreference); expectNotType<{}>(options.pkFactory); // .checkServerIdentity cannot be `true` expectNotType(options.checkServerIdentity); -// .sslCA cannot be string[] -expectNotType(options.sslCA); -// .sslCRL cannot be string[] -expectNotType(options.sslCRL); -// .sslCert cannot be a Buffer -expectNotType(options.sslCert); -// .sslKey cannot be a Buffer -expectNotType(options.sslKey); -// .sslPass cannot be a Buffer -expectNotType(options.sslPass); // Legacy option kept expectType>(true); @@ -60,7 +50,6 @@ expectType(options.readPreferen expectType(options.promoteValues); expectType(options.family); expectType(options.ssl); -expectType(options.sslValidate); expectAssignable<((host: string, cert: PeerCertificate) => Error | undefined) | undefined>( options.checkServerIdentity ); diff --git a/test/types/community/client.test-d.ts b/test/types/community/client.test-d.ts index 4161d209d98..69c022f8718 100644 --- a/test/types/community/client.test-d.ts +++ b/test/types/community/client.test-d.ts @@ -25,7 +25,7 @@ const options: MongoClientOptions = { maxPoolSize: 1, family: 4, ssl: true, - sslValidate: false, + tlsAllowInvalidCertificates: false, // eslint-disable-next-line @typescript-eslint/no-unused-vars checkServerIdentity(host, cert) { return undefined; diff --git a/test/unit/mongo_client.test.js b/test/unit/mongo_client.test.js index 0a2e6130bf1..01f84a3038a 100644 --- a/test/unit/mongo_client.test.js +++ b/test/unit/mongo_client.test.js @@ -36,9 +36,7 @@ describe('MongoOptions', function () { tlsCertificateKeyFile: filename, tlsCertificateFile: filename, tlsCAFile: filename, - sslCRL: filename, - tlsCertificateKeyFilePassword: 'tlsCertificateKeyFilePassword', - sslValidate: false + tlsCertificateKeyFilePassword: 'tlsCertificateKeyFilePassword' }); fs.unlinkSync(filename); @@ -47,19 +45,20 @@ describe('MongoOptions', function () { * * ### Additional options: * - * | nodejs option | MongoDB equivalent | type | - * |:---------------------|----------------------------------------------------|:---------------------------------------| - * | `ca` | sslCA, tlsCAFile | `string \| Buffer \| Buffer[]` | - * | `crl` | sslCRL | `string \| Buffer \| Buffer[]` | - * | `cert` | sslCert, tlsCertificateFile | `string \| Buffer \| Buffer[]` | - * | `key` | sslKey, tlsCertificateKeyFile | `string \| Buffer \| KeyObject[]` | - * | `passphrase` | sslPass, tlsCertificateKeyFilePassword | `string` | - * | `rejectUnauthorized` | sslValidate | `boolean` | + * | nodejs native option | driver spec compliant option name | driver option type | + * |:----------------------|:----------------------------------------------|:-------------------| + * | `ca` | `tlsCAFile` | `string` | + * | `crl` | N/A | `string` | + * | `cert` | `tlsCertificateKeyFile` | `string` | + * | `key` | `tlsCertificateKeyFile` | `string` | + * | `passphrase` | `tlsCertificateKeyFilePassword` | `string` | + * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `boolean` | + * | `checkServerIdentity` | `tlsAllowInvalidHostnames` | `boolean` | + * | see note below | `tlsInsecure` | `boolean` | * */ expect(options).to.not.have.property('tlsCertificateKeyFile'); expect(options).to.not.have.property('tlsCAFile'); - expect(options).to.not.have.property('sslCRL'); expect(options).to.not.have.property('tlsCertificateKeyFilePassword'); expect(options).has.property('ca', ''); expect(options).has.property('crl', ''); @@ -126,8 +125,6 @@ describe('MongoOptions', function () { serverApi: { version: '1' }, socketTimeoutMS: 3, ssl: true, - sslPass: 'pass', - sslValidate: true, tls: true, tlsAllowInvalidCertificates: true, tlsAllowInvalidHostnames: true, From 16715677575c8a5dc98056488cf137b500c8d5e4 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Thu, 6 Jul 2023 16:50:26 +0200 Subject: [PATCH 2/4] chore: update changes --- etc/notes/CHANGES_6.0.0.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 etc/notes/CHANGES_6.0.0.md diff --git a/etc/notes/CHANGES_6.0.0.md b/etc/notes/CHANGES_6.0.0.md new file mode 100644 index 00000000000..452427fe529 --- /dev/null +++ b/etc/notes/CHANGES_6.0.0.md @@ -0,0 +1,24 @@ +# Changes in the MongoDB Node.js Driver v6 + +## About + +The following is a detailed collection of the changes in the major v6 release of the `mongodb` package for Node.js. + +## Contents + +- [Changes](#changes) + - [Deprecated SSL options removed](#deprecated-ssl-options-removed) + +## Changes + +### Deprecated SSL options removed + +The following deprecated SSL/TLS options have now been removed (-> indicating the corresponding option): + + - `sslCA` -> `tlsCAFile` + - `sslCRL` + - `sslCert` -> `tlsCertificateKeyFile` + - `sslKey` -> `tlsCertificateKeyFile` + - `sslPass` -> `tlsCertificateKeyFilePassword` + - `sslValidate` -> `tlsAllowInvalidCertificates` + - `tlsCertificateFile` -> `tlsCertificateKeyFile` \ No newline at end of file From b6ec3b975c14cdebc73deaefe74d770f6e49f69b Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Thu, 6 Jul 2023 19:15:28 +0200 Subject: [PATCH 3/4] test: unit --- src/mongo_client.ts | 1 - test/unit/mongo_client.test.js | 22 ---------------------- 2 files changed, 23 deletions(-) diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 027092d2c93..df7e2dd4709 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -774,7 +774,6 @@ export interface MongoOptions * |:----------------------|:----------------------------------------------|:-------------------| * | `ca` | `tlsCAFile` | `string` | * | `crl` | N/A | `string` | - * | `cert` | `tlsCertificateKeyFile` | `string` | * | `key` | `tlsCertificateKeyFile` | `string` | * | `passphrase` | `tlsCertificateKeyFilePassword` | `string` | * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `boolean` | diff --git a/test/unit/mongo_client.test.js b/test/unit/mongo_client.test.js index 01f84a3038a..1eb0d60f0d2 100644 --- a/test/unit/mongo_client.test.js +++ b/test/unit/mongo_client.test.js @@ -34,7 +34,6 @@ describe('MongoOptions', function () { fs.closeSync(fs.openSync(filename, 'w')); const options = parseOptions('mongodb://localhost:27017/?ssl=true', { tlsCertificateKeyFile: filename, - tlsCertificateFile: filename, tlsCAFile: filename, tlsCertificateKeyFilePassword: 'tlsCertificateKeyFilePassword' }); @@ -49,7 +48,6 @@ describe('MongoOptions', function () { * |:----------------------|:----------------------------------------------|:-------------------| * | `ca` | `tlsCAFile` | `string` | * | `crl` | N/A | `string` | - * | `cert` | `tlsCertificateKeyFile` | `string` | * | `key` | `tlsCertificateKeyFile` | `string` | * | `passphrase` | `tlsCertificateKeyFilePassword` | `string` | * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `boolean` | @@ -61,12 +59,9 @@ describe('MongoOptions', function () { expect(options).to.not.have.property('tlsCAFile'); expect(options).to.not.have.property('tlsCertificateKeyFilePassword'); expect(options).has.property('ca', ''); - expect(options).has.property('crl', ''); - expect(options).has.property('cert', ''); expect(options).has.property('key'); expect(options.key).has.length(0); expect(options).has.property('passphrase', 'tlsCertificateKeyFilePassword'); - expect(options).has.property('rejectUnauthorized', false); expect(options).has.property('tls', true); }); @@ -401,28 +396,11 @@ describe('MongoOptions', function () { const optsFromObject = parseOptions('mongodb://localhost/', { tlsCertificateKeyFile: 'testCertKey.pem' }); - expect(optsFromObject).to.have.property('cert', 'cert key'); expect(optsFromObject).to.have.property('key', 'cert key'); const optsFromUri = parseOptions('mongodb://localhost?tlsCertificateKeyFile=testCertKey.pem'); - expect(optsFromUri).to.have.property('cert', 'cert key'); expect(optsFromUri).to.have.property('key', 'cert key'); }); - - it('correctly sets the cert and key if both tlsCertificateKeyFile and tlsCertificateFile is provided', function () { - const optsFromObject = parseOptions('mongodb://localhost/', { - tlsCertificateKeyFile: 'testKey.pem', - tlsCertificateFile: 'testCert.pem' - }); - expect(optsFromObject).to.have.property('cert', 'test cert'); - expect(optsFromObject).to.have.property('key', 'test key'); - - const optsFromUri = parseOptions( - 'mongodb://localhost?tlsCertificateKeyFile=testKey.pem&tlsCertificateFile=testCert.pem' - ); - expect(optsFromUri).to.have.property('cert', 'test cert'); - expect(optsFromUri).to.have.property('key', 'test key'); - }); }); it('throws an error if multiple tls parameters are not all set to the same value', () => { From bd864a17c90c8c8398b70f04bafed05043a44b3c Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Mon, 10 Jul 2023 00:05:04 +0200 Subject: [PATCH 4/4] fix: comments --- src/connection_string.ts | 7 ------- src/deps.ts | 4 +--- src/mongo_client.ts | 2 +- 3 files changed, 2 insertions(+), 11 deletions(-) diff --git a/src/connection_string.ts b/src/connection_string.ts index 6b8effffc87..61c7a77864a 100644 --- a/src/connection_string.ts +++ b/src/connection_string.ts @@ -347,13 +347,6 @@ export function parseOptions( allProvidedOptions.set(key, values); } - if ( - allProvidedOptions.has('tlsCertificateKeyFile') && - !allProvidedOptions.has('tlsCertificateFile') - ) { - allProvidedOptions.set('tlsCertificateFile', allProvidedOptions.get('tlsCertificateKeyFile')); - } - if (allProvidedOptions.has('tls') || allProvidedOptions.has('ssl')) { const tlsAndSslOpts = (allProvidedOptions.get('tls') || []) .concat(allProvidedOptions.get('ssl') || []) diff --git a/src/deps.ts b/src/deps.ts index df2efada116..8aa3890c16c 100644 --- a/src/deps.ts +++ b/src/deps.ts @@ -208,9 +208,7 @@ export type AutoEncryptionLoggerLevel = export interface AutoEncryptionTlsOptions { /** * Specifies the location of a local .pem file that contains - * either the client's TLS/SSL certificate and key or only the - * client's TLS/SSL key when tlsCertificateFile is used to - * provide the certificate. + * either the client's TLS/SSL certificate and key. */ tlsCertificateKeyFile?: string; /** diff --git a/src/mongo_client.ts b/src/mongo_client.ts index df7e2dd4709..3b95fd85239 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -108,7 +108,7 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC tls?: boolean; /** A boolean to enable or disables TLS/SSL for the connection. (The ssl option is equivalent to the tls option.) */ ssl?: boolean; - /** Specifies the location of a local .pem file that contains either the client's TLS/SSL certificate and key or only the client's TLS/SSL key when tlsCertificateFile is used to provide the certificate. */ + /** Specifies the location of a local .pem file that contains either the client's TLS/SSL certificate and key. */ tlsCertificateKeyFile?: string; /** Specifies the password to de-crypt the tlsCertificateKeyFile. */ tlsCertificateKeyFilePassword?: string;