chore: export getTestCertificatePath

gagik · gagik · commit 9b59aaa874fd · 2025-11-18T10:43:51.000+01:00
diff --git a/packages/e2e-tests/test/e2e-oidc.spec.ts b/packages/e2e-tests/test/e2e-oidc.spec.ts
@@ -2,6 +2,7 @@ import {
   MongoRunnerSetup,
   skipIfApiStrict,
   skipIfEnvServerVersion,
+  getTestCertificatePath,
 } from '@mongosh/testing';
 import { promises as fs } from 'fs';
 import type { OIDCMockProviderConfig } from '@mongodb-js/oidc-mock-provider';
@@ -10,7 +11,7 @@ import type { TestShell } from './test-shell';
 import path from 'path';
 import { expect } from 'chai';
 import { createServer as createHTTPSServer } from 'https';
-import { getCertPath, readReplLogFile, useTmpdir } from './repl-helpers';
+import { readReplLogFile, useTmpdir } from './repl-helpers';
 import {
   baseOidcServerConfig,
   commonOidcServerArgs,
@@ -67,7 +68,7 @@ describe('OIDC auth e2e', function () {
       },
     };
     const httpsServerKeyCertBundle = await fs.readFile(
-      getCertPath('server.bundle.pem')
+      getTestCertificatePath('server.bundle.pem')
     );
     [oidcMockProvider, oidcMockProviderHttps] = await Promise.all([
       OIDCMockProvider.create(oidcMockProviderConfig),
@@ -411,7 +412,7 @@ describe('OIDC auth e2e', function () {
   it('can specify --tlsUseSystemCA as a no-op', async function () {
     await fs.mkdir(path.join(tmpdir.path, 'certs'), { recursive: true });
     await fs.copyFile(
-      getCertPath('ca.crt'),
+      getTestCertificatePath('ca.crt'),
       path.join(tmpdir.path, 'certs', 'somefilename.crt')
     );
 
@@ -441,7 +442,7 @@ describe('OIDC auth e2e', function () {
   it('uses system ca by default when calling the IdP https endpoint', async function () {
     await fs.mkdir(path.join(tmpdir.path, 'certs'), { recursive: true });
     await fs.copyFile(
-      getCertPath('ca.crt'),
+      getTestCertificatePath('ca.crt'),
       path.join(tmpdir.path, 'certs', 'somefilename.crt')
     );
 
diff --git a/packages/e2e-tests/test/e2e-proxy.spec.ts b/packages/e2e-tests/test/e2e-proxy.spec.ts
@@ -10,14 +10,11 @@ import {
   skipIfEnvServerVersion,
   startSharedTestServer,
   startTestServer,
+  getTestCertificatePath,
 } from '@mongosh/testing';
 import type { Server as HTTPSServer } from 'https';
 import { createServer as createHTTPSServer } from 'https';
-import {
-  connectionStringWithLocalhost,
-  getCertPath,
-  useTmpdir,
-} from './repl-helpers';
+import { connectionStringWithLocalhost, useTmpdir } from './repl-helpers';
 import { once } from 'events';
 import { connect } from 'net';
 import type { AddressInfo, Socket } from 'net';
@@ -32,8 +29,8 @@ import {
   skipOIDCTestsDueToPlatformOrServerVersion,
 } from './oidc-helpers';
 
-const CA_CERT = getCertPath('ca.crt');
-const SERVER_BUNDLE = getCertPath('server.bundle.pem');
+const CA_CERT = getTestCertificatePath('ca.crt');
+const SERVER_BUNDLE = getTestCertificatePath('server.bundle.pem');
 
 describe('e2e proxy support', function () {
   skipIfApiStrict();
diff --git a/packages/e2e-tests/test/e2e-tls.spec.ts b/packages/e2e-tests/test/e2e-tls.spec.ts
@@ -1,27 +1,32 @@
 import { expect } from 'chai';
 import { promises as fs } from 'fs';
 import path from 'path';
-import { startTestServer } from '@mongosh/testing';
+import { startTestServer, getTestCertificatePath } from '@mongosh/testing';
 import {
   useTmpdir,
   setTemporaryHomeDirectory,
   readReplLogFile,
-  getCertPath,
   connectionStringWithLocalhost,
 } from './repl-helpers';
 
-const CA_CERT = getCertPath('ca.crt');
-const NON_CA_CERT = getCertPath('non-ca.crt');
-const CLIENT_CERT = getCertPath('client.bundle.pem');
-const CLIENT_CERT_PFX = getCertPath('client.bundle.pfx');
-const CLIENT_CERT_ENCRYPTED = getCertPath('client.bundle.encrypted.pem');
+const CA_CERT = getTestCertificatePath('ca.crt');
+const NON_CA_CERT = getTestCertificatePath('non-ca.crt');
+const CLIENT_CERT = getTestCertificatePath('client.bundle.pem');
+const CLIENT_CERT_PFX = getTestCertificatePath('client.bundle.pfx');
+const CLIENT_CERT_ENCRYPTED = getTestCertificatePath(
+  'client.bundle.encrypted.pem'
+);
 const CLIENT_CERT_PASSWORD = 'p4ssw0rd';
-const INVALID_CLIENT_CERT = getCertPath('invalid-client.bundle.pem');
-const SERVER_KEY = getCertPath('server.bundle.pem');
-const SERVER_INVALIDHOST_KEY = getCertPath('server-invalidhost.bundle.pem');
-const CRL_INCLUDING_SERVER = getCertPath('ca-server.crl');
-const PARTIAL_TRUST_CHAIN_CA = getCertPath('partial-trust-chain/ca.pem');
-const PARTIAL_TRUST_CHAIN_KEY_AND_CERT = getCertPath(
+const INVALID_CLIENT_CERT = getTestCertificatePath('invalid-client.bundle.pem');
+const SERVER_KEY = getTestCertificatePath('server.bundle.pem');
+const SERVER_INVALIDHOST_KEY = getTestCertificatePath(
+  'server-invalidhost.bundle.pem'
+);
+const CRL_INCLUDING_SERVER = getTestCertificatePath('ca-server.crl');
+const PARTIAL_TRUST_CHAIN_CA = getTestCertificatePath(
+  'partial-trust-chain/ca.pem'
+);
+const PARTIAL_TRUST_CHAIN_KEY_AND_CERT = getTestCertificatePath(
   'partial-trust-chain/key-and-cert.pem'
 );
 
diff --git a/packages/e2e-tests/test/repl-helpers.ts b/packages/e2e-tests/test/repl-helpers.ts
@@ -140,10 +140,6 @@ const setTemporaryHomeDirectory = () => {
   return { homedir, env };
 };
 
-function getCertPath(filename: string): string {
-  return path.join(__dirname, '..', '..', 'testing', 'certificates', filename);
-}
-
 // TLS requires matching hostnames, so here we need to explicitly
 // specify `localhost` + IPv4 instead of `127.0.0.1`
 async function connectionStringWithLocalhost(
@@ -166,7 +162,6 @@ export {
   readReplLogFile,
   fakeExternalEditor,
   setTemporaryHomeDirectory,
-  getCertPath,
   connectionStringWithLocalhost,
   MongoLogEntryFromFile,
 };
diff --git a/packages/shell-api/src/field-level-encryption.spec.ts b/packages/shell-api/src/field-level-encryption.spec.ts
@@ -11,7 +11,6 @@ import * as bson from 'bson';
 import { expect } from 'chai';
 import { EventEmitter } from 'events';
 import { promises as fs } from 'fs';
-import path from 'path';
 import { Duplex } from 'stream';
 import sinon from 'sinon';
 import type { StubbedInstance } from 'ts-sinon';
@@ -33,6 +32,7 @@ import {
   startSharedTestServer,
   makeFakeHTTPConnection,
   fakeAWSHandlers,
+  getTestCertificatePath,
 } from '@mongosh/testing';
 import { Collection } from './collection';
 import { dummyOptions } from './helpers.spec';
@@ -84,10 +84,6 @@ const exampleUUID = new bson.Binary(
   4
 ).toUUID();
 
-function getCertPath(filename: string): string {
-  return path.join(__dirname, '..', '..', 'testing', 'certificates', filename);
-}
-
 describe('Field Level Encryption', function () {
   let sp: StubbedInstance<ServiceProvider>;
   let mongo: Mongo;
@@ -871,9 +867,11 @@ srDVjIT3LsvTqw==`,
         {
           endpoint: 'kmip.example.com:123',
           tlsOptions: {
-            tlsCertificateKeyFile: getCertPath('client.bundle.encrypted.pem'),
+            tlsCertificateKeyFile: getTestCertificatePath(
+              'client.bundle.encrypted.pem'
+            ),
             tlsCertificateKeyFilePassword: 'p4ssw0rd',
-            tlsCAFile: getCertPath('ca.crt'),
+            tlsCAFile: getTestCertificatePath('ca.crt'),
           },
         },
       ],
@@ -941,19 +939,20 @@ srDVjIT3LsvTqw==`,
                     servername: 'kmip.example.com',
                     port: 123,
                     passphrase: 'p4ssw0rd',
-                    ca: await fs.readFile(getCertPath('ca.crt')),
+                    ca: await fs.readFile(getTestCertificatePath('ca.crt')),
                     cert: await fs.readFile(
-                      getCertPath('client.bundle.encrypted.pem')
+                      getTestCertificatePath('client.bundle.encrypted.pem')
                     ),
                     key: await fs.readFile(
-                      getCertPath('client.bundle.encrypted.pem')
+                      getTestCertificatePath('client.bundle.encrypted.pem')
                     ),
                   },
                 },
               ]);
               return;
             }
             expect.fail('missed exception');
+            break;
           default:
             throw new Error(`unreachable ${kmsName}`);
         }
diff --git a/packages/testing/README.md b/packages/testing/README.md
@@ -1,6 +1,6 @@
 # @mongosh/testing
 
-Internal testing utilities for mongosh packages. This package is only used for testing purposes within the mongosh monorepo.
+Internal testing utilities for mongosh packages. This package is private and only used for testing purposes within the mongosh monorepo.
 
 ## Contents
 
@@ -18,7 +18,3 @@ import {
   makeFakeHTTPServer,
 } from '@mongosh/testing';
 ```
-
-## Note
-
-This package is marked as private and will not be published to npm.
diff --git a/packages/testing/src/index.ts b/packages/testing/src/index.ts
@@ -1,3 +1,15 @@
+import path from 'path';
+
 export * from './integration-testing-hooks';
 export * from './eventually';
 export * from './fake-kms';
+
+/**
+ * Path to the certificates directory containing test certificates
+ */
+const TEST_CERTIFICATES_DIR = path.resolve(__dirname, '..', 'certificates');
+
+/** Get the path to a test certificate */
+export function getTestCertificatePath(filename: string): string {
+  return path.join(TEST_CERTIFICATES_DIR, filename);
+}
