SERVER-99749 Create testing certificates during installation (#46314)

GitOrigin-RevId: 528e5772525fb141a0077c2ba41fc70ebae70026
2026-01-15 17:40:56 -05:00 · 2026-01-15 17:40:56 -05:00 · 2e5c772a22
commit 2e5c772a22
parent b2b17fae30
5 changed files with 34 additions and 1 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -859,6 +859,7 @@ WORKSPACE.bazel @10gen/devprod-build @svc-auto-approve-bot

 # The following patterns are parsed from ./jstests/core/testing/OWNERS.yml
 /jstests/core/testing/**/* @10gen/server-programmability @svc-auto-approve-bot
+/jstests/core/testing/**/certs_are_generated.js @10gen/server-security @svc-auto-approve-bot

 # The following patterns are parsed from ./jstests/core/timeseries/OWNERS.yml
 /jstests/core/timeseries/**/* @10gen/server-collection-write-path @svc-auto-approve-bot
--- a/BUILD.bazel
+++ b/BUILD.bazel
@ -180,6 +180,9 @@ mongo_install(
 mongo_install(
    name = "devcore",
    srcs = [],
+    root_files = {
+        "//x509:generate_main_certificates": "bin/x509",
+    },
    deps = [
        "mongo",
        "mongod",
@ -305,8 +308,11 @@ mongo_install(
    root_files = select({
        "@platforms//os:linux": {
            "//src/mongo/db/extension/test_examples:extension_options_configs": "etc/mongo/extensions",
+            "//x509:generate_main_certificates": "bin/x509",
+        },
+        "//conditions:default": {
+            "//x509:generate_main_certificates": "bin/x509",
        },
-        "//conditions:default": {},
    }),
    try_zstd = True,
    deps = [
--- a/buildscripts/resmokeconfig/BUILD.bazel
+++ b/buildscripts/resmokeconfig/BUILD.bazel
@ -44,6 +44,7 @@ resmoke_suite_test(
        "//jstests/sharding/libs:last_lts_mongos_commands.js",
        "//jstests/third_party/fast_check:fc-3.1.0.js",
        "//src/third_party/schemastore.org:schemas",
+        "//x509:generate_main_certificates",
    ],
    exclude_files = [
        # Transactions are not supported on MongoDB standalone nodes, so we do not run these tests in the
--- a/jstests/core/testing/OWNERS.yml
+++ b/jstests/core/testing/OWNERS.yml
@ -3,3 +3,6 @@ filters:
  - "*":
    approvers:
      - 10gen/server-programmability
+  - "certs_are_generated.js":
+    approvers:
+      - 10gen/server-security
--- a/jstests/core/testing/certs_are_generated.js
+++ b/jstests/core/testing/certs_are_generated.js
@ -0,0 +1,22 @@
+/**
+ * Tests that certificate generation is always complete when running resmoke tests.
+ * @tags: [
+ *   # This test relies on the installation directory structure, and thus does not work properly on
+ *   # SELinux.
+ *   no_selinux,
+ * ]
+ */
+
+let installDir = _getEnv("INSTALL_DIR");
+if (installDir === "") {
+    installDir = ".";
+}
+const pathsep = _isWindows() ? "\\" : "/";
+const certDir = installDir + pathsep + "x509";
+jsTest.log.info(certDir);
+
+jsTest.log.info(ls(installDir));
+jsTest.log.info(ls(certDir));
+
+assert(fileExists(certDir + pathsep + "ca.pem"));
+assert(fileExists(certDir + pathsep + "crl.pem.digest.sha1"));