Skip to content

Commit a664f58

Browse files
committed
DRIVERS-3439 simplify spec prose for 4.2+ minimum
1 parent 02d2d3d commit a664f58

29 files changed

Lines changed: 90 additions & 1744 deletions

source/auth/auth.md

Lines changed: 9 additions & 110 deletions
Original file line numberDiff line numberDiff line change
@@ -103,8 +103,8 @@ Userinfo or authentication parameters in connection options MUST NOT be interpre
103103
#### Errors
104104

105105
Drivers SHOULD raise an error as early as possible when detecting invalid values in a credential. For instance, if a
106-
`mechanism_property` is specified for [MONGODB-CR](#mongodb-cr), the driver should raise an error indicating that the
107-
property does not apply.
106+
`mechanism_property` is specified for a mechanism that does not support it, the driver should raise an error indicating
107+
that the property does not apply.
108108

109109
Drivers MUST raise an error if any required information for a mechanism is missing. For instance, if a `username` is not
110110
specified for SCRAM-SHA-256, the driver must raise an error indicating the the property is missing.
@@ -162,8 +162,6 @@ All blocking operations executed as part of the authentication handshake MUST ap
162162

163163
#### Mechanism Negotiation via Handshake
164164

165-
- Since: 4.0
166-
167165
If an application provides a username but does not provide an authentication mechanism, drivers MUST negotiate a
168166
mechanism via a `hello` or legacy hello command requesting a user's supported SASL mechanisms:
169167

@@ -232,9 +230,6 @@ used when running the authentication spec tests.
232230

233231
### Default Authentication Methods
234232

235-
- Since: 3.0
236-
- Revised: 4.0
237-
238233
If the user did not provide a mechanism via the connection string or via code, the following logic describes how to
239234
select a default.
240235

@@ -255,98 +250,19 @@ be used as the default, regardless of whether SCRAM-SHA-1 is in the list. Driver
255250
mechanism (e.g. PLAIN) as the default.
256251

257252
If `saslSupportedMechs` is not present in the handshake response for mechanism negotiation, then SCRAM-SHA-1 MUST be
258-
used when talking to servers >= 3.0. Prior to server 3.0, MONGODB-CR MUST be used.
253+
used as the default.
259254

260255
When a user has specified a mechanism, regardless of the server version, the driver MUST honor this.
261256

262-
#### Determining Server Version
263-
264-
Drivers SHOULD use the server's wire version ranges to determine the server's version.
265-
266-
### MONGODB-CR
267-
268-
- Since: 1.4
269-
- Deprecated: 3.0
270-
- Removed: 4.0
271-
272-
MongoDB Challenge Response is a nonce and MD5 based system. The driver sends a `getnonce` command, encodes and hashes
273-
the password using the returned nonce, and then sends an `authenticate` command.
274-
275-
#### Conversation
276-
277-
1. Send `getnonce` command
278-
279-
```javascript
280-
CMD = { getnonce: 1 }
281-
RESP = { nonce: <nonce> }
282-
```
283-
284-
2. Compute key
285-
286-
```javascript
287-
passwordDigest = HEX( MD5( UTF8( username + ':mongo:' + password )))
288-
key = HEX( MD5( UTF8( nonce + username + passwordDigest )))
289-
```
290-
291-
3. Send `authenticate` command
292-
293-
```javascript
294-
CMD = { authenticate: 1, nonce: nonce, user: username, key: key }
295-
```
296-
297-
As an example, given a username of "user" and a password of "pencil", the conversation would appear as follows:
298-
299-
```javascript
300-
CMD = {getnonce : 1}
301-
RESP = {nonce: "2375531c32080ae8", ok: 1}
302-
CMD = {authenticate: 1, user: "user", nonce: "2375531c32080ae8", key: "21742f26431831d5cfca035a08c5bdf6"}
303-
RESP = {ok: 1}
304-
```
305-
306-
#### [MongoCredential](#mongocredential) Properties
307-
308-
- username
309-
310-
MUST be specified and non-zero length.
311-
312-
- source
313-
314-
MUST be specified. Defaults to the database name if supplied on the connection string or `admin`.
315-
316-
- password
317-
318-
MUST be specified.
319-
320-
- mechanism
321-
322-
MUST be "MONGODB-CR"
323-
324-
- mechanism_properties
325-
326-
MUST NOT be specified.
327-
328257
### MONGODB-X509
329258

330-
- Since: 2.6
331-
- Changed: 3.4
332-
333259
MONGODB-X509 is the usage of X.509 certificates to validate a client where the distinguished subject name of the client
334260
certificate acts as the username.
335261

336-
When connected to MongoDB 3.4:
337-
338262
- You MUST NOT raise an error when the application only provides an X.509 certificate and no username.
339263
- If the application does not provide a username you MUST NOT send a username to the server.
340264
- If the application provides a username you MUST send that username to the server.
341265

342-
When connected to MongoDB 3.2 or earlier:
343-
344-
- You MUST send a username to the server.
345-
- If no username is provided by the application, you MAY extract the username from the X.509 certificate instead of
346-
requiring the application to provide it.
347-
- If you choose not to automatically extract the username from the certificate you MUST error when no username is
348-
provided by the application.
349-
350266
#### Conversation
351267

352268
1. Send `authenticate` command (MongoDB 3.4+)
@@ -371,7 +287,7 @@ When connected to MongoDB 3.2 or earlier:
371287

372288
- username
373289

374-
SHOULD NOT be provided for MongoDB 3.4+ MUST be specified and non-zero length for MongoDB prior to 3.4
290+
SHOULD NOT be provided
375291

376292
- source
377293

@@ -393,8 +309,6 @@ TODO: Errors
393309
394310
### SASL Mechanisms
395311
396-
- Since: 2.4 Enterprise
397-
398312
SASL mechanisms are all implemented using the same sasl commands and interpreted as defined by the
399313
[SASL specification RFC 4422](http://tools.ietf.org/html/rfc4422).
400314
@@ -428,12 +342,6 @@ SASL mechanisms are all implemented using the same sasl commands and interpreted
428342
429343
### GSSAPI
430344
431-
- Since:
432-
433-
2.4 Enterprise
434-
435-
2.6 Enterprise on Windows
436-
437345
GSSAPI is kerberos authentication as defined in [RFC 4752](http://tools.ietf.org/html/rfc4752). Microsoft has a
438346
proprietary implementation called SSPI which is compatible with both Windows and Linux clients.
439347
@@ -557,8 +465,6 @@ configuration option is set to `false`.
557465

558466
### PLAIN
559467

560-
- Since: 2.6 Enterprise
561-
562468
The PLAIN mechanism, as defined in [RFC 4616](http://tools.ietf.org/html/rfc4616), is used in MongoDB to perform LDAP
563469
authentication. It cannot be used to perform any other type of authentication. Since the credentials are stored outside
564470
of MongoDB, the `$external` database must be used for authentication.
@@ -605,8 +511,6 @@ MongoDB supports either of these forms.
605511

606512
### SCRAM-SHA-1
607513

608-
- Since: 3.0
609-
610514
SCRAM-SHA-1 is defined in [RFC 5802](http://tools.ietf.org/html/rfc5802).
611515

612516
[Page 11 of the RFC](http://tools.ietf.org/html/rfc5802#page-11) specifies that user names be prepared with SASLprep,
@@ -691,8 +595,6 @@ RESP = {conversationId: 1, payload: BinData(0,"dj1VTVdlSTI1SkQxeU5ZWlJNcFo0Vkh2a
691595
692596
### SCRAM-SHA-256
693597
694-
- Since: 4.0
695-
696598
SCRAM-SHA-256 extends [RFC 5802](http://tools.ietf.org/html/rfc5802) and is formally defined in
697599
[RFC 7677](https://tools.ietf.org/html/rfc7677).
698600
@@ -757,8 +659,6 @@ RESP = {conversationId: 1, payload: BinData(0, "dj02cnJpVFJCaTIzV3BSUi93dHVwK21N
757659

758660
### MONGODB-AWS
759661

760-
- Since: 4.4
761-
762662
MONGODB-AWS authenticates using AWS IAM credentials (an access key ID and a secret access key),
763663
[temporary AWS IAM credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) obtained from
764664
an [AWS Security Token Service (STS)](https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html)
@@ -1903,19 +1803,18 @@ def reauth(connection):
19031803

19041804
- authMechanism
19051805

1906-
MONGODB-CR, MONGODB-X509, GSSAPI, PLAIN, SCRAM-SHA-1, SCRAM-SHA-256, MONGODB-AWS
1806+
MONGODB-X509, GSSAPI, PLAIN, SCRAM-SHA-1, SCRAM-SHA-256, MONGODB-AWS
19071807

1908-
Sets the Mechanism property on the MongoCredential. When not set, the default will be one of SCRAM-SHA-256,
1909-
SCRAM-SHA-1 or MONGODB-CR, following the auth spec default mechanism rules.
1808+
Sets the Mechanism property on the MongoCredential. When not set, the default will be SCRAM-SHA-256 or SCRAM-SHA-1,
1809+
following the auth spec default mechanism rules.
19101810

19111811
- authSource
19121812

19131813
Sets the Source property on the MongoCredential.
19141814

19151815
For GSSAPI, MONGODB-X509 and MONGODB-AWS authMechanisms the authSource defaults to `$external`. For PLAIN the authSource
1916-
defaults to the database name if supplied on the connection string or `$external`. For MONGODB-CR, SCRAM-SHA-1 and
1917-
SCRAM-SHA-256 authMechanisms, the authSource defaults to the database name if supplied on the connection string or
1918-
`admin`.
1816+
defaults to the database name if supplied on the connection string or `$external`. For SCRAM-SHA-1 and SCRAM-SHA-256
1817+
authMechanisms, the authSource defaults to the database name if supplied on the connection string or `admin`.
19191818

19201819
- authMechanismProperties=PROPERTY_NAME:PROPERTY_VALUE,PROPERTY_NAME2:PROPERTY_VALUE2
19211820

source/bson-decimal128/decimal128.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@ ______________________________________________________________________
77

88
## Abstract
99

10-
MongoDB 3.4 introduces a new BSON type representing high precision decimal (`"\x13"`), known as Decimal128. 3.4
11-
compatible drivers must support this type by creating a Value Object for it, possibly with accessor functions for
12-
retrieving its value in data types supported by the respective languages.
10+
Decimal128 is a BSON type representing high precision decimal (`"\x13"`). Drivers must support this type by creating a
11+
Value Object for it, possibly with accessor functions for retrieving its value in data types supported by the respective
12+
languages.
1313

1414
Round-tripping Decimal128 types between driver and server MUST not change its value or representation in any way.
1515
Conversion to and from native language types is complicated and there are many pitfalls to represent Decimal128

source/causal-consistency/causal-consistency.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -196,9 +196,9 @@ started with `causalConsistency = true` then all operations using that session w
196196

197197
There are no new server commands related to causal consistency. Instead, causal consistency is implemented by:
198198

199-
1. Saving the `operationTime` returned by 3.6+ servers for all operations in a property of the `ClientSession` object.
200-
The server reports the `operationTime` whether the operation succeeded or not and drivers MUST save the
201-
`operationTime` in the `ClientSession` whether the operation succeeded or not.
199+
1. Saving the `operationTime` returned by servers for all operations in a property of the `ClientSession` object. The
200+
server reports the `operationTime` whether the operation succeeded or not and drivers MUST save the `operationTime`
201+
in the `ClientSession` whether the operation succeeded or not.
202202
2. Passing that `operationTime` in the `afterClusterTime` field of the `readConcern` field for subsequent causally
203203
consistent read and write operations (for all commands that support a `readConcern`)
204204
3. Gossiping clusterTime (described in the Driver Session Specification)
@@ -284,7 +284,7 @@ that causally consistent operations are not causally consistent with unacknowled
284284
Below is a list of test cases to write.
285285

286286
Note: some tests are only relevant to certain deployments. For the purpose of deciding which tests to run assume that
287-
any deployment that is version 3.6 or higher and is either a replica set or a sharded cluster supports cluster times.
287+
any deployment that is either a replica set or a sharded cluster supports cluster times.
288288

289289
1. When a `ClientSession` is first created the `operationTime` has no value.
290290
- `session = client.startSession()`
@@ -374,7 +374,7 @@ any deployment that is version 3.6 or higher and is either a replica set or a sh
374374

375375
## Motivation
376376

377-
To support causal consistency. Only supported with server version 3.6 or newer.
377+
To support causal consistency.
378378

379379
## Design Rationale
380380

source/change-streams/change-streams.md

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -325,9 +325,6 @@ The responses to a change stream aggregate or getMore have the following structu
325325
ns: String,
326326
id: Int64,
327327
firstBatch: Array<ChangeStreamDocument>,
328-
/**
329-
* postBatchResumeToken is returned in MongoDB 4.0.7 and later.
330-
*/
331328
postBatchResumeToken: Document
332329
},
333330
operationTime: Timestamp,
@@ -343,9 +340,6 @@ The responses to a change stream aggregate or getMore have the following structu
343340
ns: String,
344341
id: Int64,
345342
nextBatch: Array<ChangeStreamDocument>
346-
/**
347-
* postBatchResumeToken is returned in MongoDB 4.0.7 and later.
348-
*/
349343
postBatchResumeToken: Document
350344
},
351345
operationTime: Timestamp,
@@ -784,11 +778,9 @@ thrown by opening, writing to, or reading from the socket.
784778

785779
##### Exposing All Resume Tokens
786780

787-
- Since: 4.0.7
788-
789-
Users can inspect the \_id on each `ChangeDocument` to use as a resume token. But since MongoDB 4.0.7, aggregate and
790-
getMore responses also include a `postBatchResumeToken`. Drivers use one or the other when automatically resuming, as
791-
described in [Resume Process](#resume-process).
781+
Users can inspect the \_id on each `ChangeDocument` to use as a resume token. Aggregate and getMore responses also
782+
include a `postBatchResumeToken`. Drivers use one or the other when automatically resuming, as described in
783+
[Resume Process](#resume-process).
792784

793785
Drivers MUST expose a mechanism to retrieve the same resume token that would be used to automatically resume. It MUST be
794786
possible to use this mechanism after iterating every document. It MUST be possible for users to use this mechanism

source/collation/collation.md

Lines changed: 3 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,10 @@ ______________________________________________________________________
77

88
## Abstract
99

10-
As of MongoDB server version 3.4 (maxWireVersion 5), a collation option is supported by the query system for matching
11-
and sorting on language strings in a locale-aware fashion.
10+
A collation option is supported by the query system for matching and sorting on language strings in a locale-aware
11+
fashion.
1212

13-
A driver MUST support a Collation option for each of the relevant operations in server versions >= 3.4 (maxWireVersion
14-
5\) and MUST throw an error if a user supplies a Collation option for the operation and the selected server has
15-
maxWireVersion < 5 or if the user is using opcode-based unacknowledged writes.
13+
A driver MUST support a Collation option for each of the relevant operations.
1614

1715
The CRUD and Index Management specs include the collation option in descriptions of API elements where it is supported.
1816
This document provides more details on the specific driver behavior required to handle the collation option.
@@ -38,13 +36,6 @@ eventually the majority of users wishing to use Collations on all operations on
3836
with a server-side default. We chose to favor user verbosity right now over abstracting the feature for short-term
3937
gains.
4038

41-
### Drivers throw an error if a user supplies Collation and the selected server does not support the feature
42-
43-
Server versions earlier than 3.4 don't always throw an error if an unknown option is supplied to certain operations.
44-
Because a Collation defines how documents are matched and sorted for both read and write operations, behavior
45-
differences between server versions are significant. Drivers therefore MUST throw an error if a user specifies a
46-
Collation and the selected server has a maxWireVersion < 5 or if using opcode-based unacknowledged writes.
47-
4839
## Specification
4940

5041
### Collation Document Model
@@ -137,11 +128,6 @@ The collation option is sent to the server in the form of a BSON Document. See t
137128
Driver helpers manipulating or using indexes MUST support a collation option. These include creating, deleting, and
138129
hinting an index. See the [Index Management specification](../index-management/index-management.md) for details.
139130

140-
### Require maxWireVersion 5
141-
142-
Drivers MUST require the server's maxWireVersion >= 5 to support Collations. When a collation is explicitly specified
143-
for a server with maxWireVersion < 5, the driver MUST raise an error.
144-
145131
### Opcode-based Unacknowledged Writes
146132

147133
The driver MUST NOT allow collation with opcodes, because the server doesn't support it. If a driver uses opcode-based
@@ -158,30 +144,6 @@ db.command({
158144
});
159145
```
160146

161-
### BulkWrite API
162-
163-
If maxWireVersion < 5, the driver MUST inspect each BulkWrite operation model for a collation and MUST raise an error
164-
and MUST NOT send any operations to the server if a collation is explicitly specified on an operation. For example, the
165-
user will provide BulkWrite operation models as in the following example:
166-
167-
```typescript
168-
db.collection.bulkWrite([
169-
{insertOne: { ... }},
170-
171-
{updateOne: { filter: { name: "PING" },
172-
update: { $set: { name: "pong" }},
173-
collation: { locale: "en_US", strength: 2 }}},
174-
{updateMany: {..., collation: {...}}},
175-
{replaceOne: {..., collation: {...}}},
176-
{deleteOne: {..., collation: {...}}},
177-
{deleteMany: {..., collation: {...}}}
178-
]);
179-
```
180-
181-
The driver MUST inspect all operations before sending any to the server. If any operation specifies a Collation, the
182-
driver MUST raise an error and MUST NOT send any operations to the server. In the example above, even the insertOne
183-
(which has no Collation) MUST NOT be sent.
184-
185147
## Test Plan
186148

187149
There is no specific test plan for driver Collation support; however drivers should test each affected CRUD, Index
@@ -191,9 +153,6 @@ In addition, drivers should test that two indexes can be created with identical
191153
custom name must be provided for one of them. Then, the test should ensure that the correct index is dropped when
192154
delete_one is called with an index name.
193155

194-
Drivers should also test that errors are raised in each place Collation can be provided to a API method and the selected
195-
server has maxWireVersion < 5.
196-
197156
## Backwards Compatibility
198157

199158
There should be no backwards compatibility concerns.

0 commit comments

Comments
 (0)