mirror of https://github.com/mongodb/mongo
135 lines
4.9 KiB
JavaScript
135 lines
4.9 KiB
JavaScript
/**
|
|
* Tests the behavior of the _mergeAuthzCollections command.
|
|
* @tags: [requires_sharding]
|
|
*/
|
|
|
|
import {ShardingTest} from "jstests/libs/shardingtest.js";
|
|
|
|
function assertUsersAndRolesHaveRole(admin, role) {
|
|
admin.system.users.find().forEach(function (doc) {
|
|
assert.eq(1, doc.roles.length);
|
|
assert.eq(role, doc.roles[0].role);
|
|
});
|
|
admin.system.roles.find().forEach(function (doc) {
|
|
assert.eq(1, doc.roles.length);
|
|
assert.eq(role, doc.roles[0].role);
|
|
});
|
|
}
|
|
function runTest(conn) {
|
|
let db = conn.getDB("test");
|
|
let admin = conn.getDB("admin");
|
|
|
|
jsTestLog("Creating users and roles in temp collections");
|
|
db.createUser({user: "spencer", pwd: "pwd", roles: ["read"]});
|
|
admin.createUser({user: "andreas", pwd: "pwd", roles: ["read"]});
|
|
db.createRole({role: "role1", roles: ["read"], privileges: []});
|
|
admin.createRole({role: "adminRole1", roles: ["read"], privileges: []});
|
|
|
|
// Move the newly created users/roles to the temp collections to be used later by
|
|
// _mergeAuthzCollections
|
|
admin.system.users.find().forEach(function (doc) {
|
|
admin.tempusers.insert(doc);
|
|
});
|
|
admin.system.roles.find().forEach(function (doc) {
|
|
admin.temproles.insert(doc);
|
|
});
|
|
|
|
admin.system.users.remove({});
|
|
admin.system.roles.remove({});
|
|
|
|
jsTestLog("Creating users and roles that should be overriden by _mergeAuthzCollections");
|
|
db.createUser({user: "spencer", pwd: "pwd", roles: ["readWrite"]});
|
|
db.createUser({user: "andy", pwd: "pwd", roles: ["readWrite"]});
|
|
admin.createUser({user: "andreas", pwd: "pwd", roles: ["readWrite"]});
|
|
db.createRole({role: "role1", roles: ["readWrite"], privileges: []});
|
|
db.createRole({role: "role2", roles: ["readWrite"], privileges: []});
|
|
admin.createRole({role: "adminRole1", roles: ["readWrite"], privileges: []});
|
|
|
|
assert.eq(3, admin.system.users.count());
|
|
assert.eq(3, admin.system.roles.count());
|
|
assertUsersAndRolesHaveRole(admin, "readWrite");
|
|
|
|
jsTestLog("Overriding existing system.users and system.roles collections");
|
|
assert.commandWorked(
|
|
admin.runCommand({
|
|
_mergeAuthzCollections: 1,
|
|
tempUsersCollection: "admin.tempusers",
|
|
tempRolesCollection: "admin.temproles",
|
|
db: "",
|
|
drop: true,
|
|
}),
|
|
);
|
|
|
|
assert.eq(2, admin.system.users.count());
|
|
assert.eq(2, admin.system.roles.count());
|
|
assertUsersAndRolesHaveRole(admin, "read");
|
|
|
|
admin.system.users.remove({});
|
|
admin.system.roles.remove({});
|
|
|
|
jsTestLog("Creating users and roles that should be persist after _mergeAuthzCollections");
|
|
db.createUser({user: "bob", pwd: "pwd", roles: ["read"]});
|
|
admin.createUser({user: "george", pwd: "pwd", roles: ["read"]});
|
|
db.createRole({role: "role3", roles: ["read"], privileges: []});
|
|
admin.createRole({role: "adminRole2", roles: ["read"], privileges: []});
|
|
|
|
assert.eq(2, admin.system.users.count());
|
|
assert.eq(2, admin.system.roles.count());
|
|
assertUsersAndRolesHaveRole(admin, "read");
|
|
|
|
jsTestLog("Adding users/roles from temp collections to the existing users/roles");
|
|
assert.commandWorked(
|
|
admin.runCommand({
|
|
_mergeAuthzCollections: 1,
|
|
tempUsersCollection: "admin.tempusers",
|
|
tempRolesCollection: "admin.temproles",
|
|
db: "",
|
|
drop: false,
|
|
}),
|
|
);
|
|
|
|
assert.eq(4, admin.system.users.count());
|
|
assert.eq(4, admin.system.roles.count());
|
|
assertUsersAndRolesHaveRole(admin, "read");
|
|
|
|
jsTestLog("Make sure adding duplicate users/roles fails to change anything if 'drop' is false");
|
|
|
|
admin.system.users.remove({});
|
|
admin.system.roles.remove({});
|
|
|
|
// Create users/roles with the same names as those in the dump but different roles
|
|
db.createUser({user: "spencer", pwd: "pwd", roles: ["readWrite"]});
|
|
admin.createUser({user: "andreas", pwd: "pwd", roles: ["readWrite"]});
|
|
db.createRole({role: "role1", roles: ["readWrite"], privileges: []});
|
|
admin.createRole({role: "adminRole1", roles: ["readWrite"], privileges: []});
|
|
|
|
assert.eq(2, admin.system.users.count());
|
|
assert.eq(2, admin.system.roles.count());
|
|
assertUsersAndRolesHaveRole(admin, "readWrite");
|
|
|
|
// This should succeed but have no effect as every user/role it tries to restore already exists
|
|
assert.commandWorked(
|
|
admin.runCommand({
|
|
_mergeAuthzCollections: 1,
|
|
tempUsersCollection: "admin.tempusers",
|
|
tempRolesCollection: "admin.temproles",
|
|
db: "",
|
|
drop: false,
|
|
}),
|
|
);
|
|
|
|
assert.eq(2, admin.system.users.count());
|
|
assert.eq(2, admin.system.roles.count());
|
|
assertUsersAndRolesHaveRole(admin, "readWrite");
|
|
}
|
|
|
|
jsTest.log("Test standalone");
|
|
let conn = MongoRunner.runMongod({});
|
|
runTest(conn);
|
|
MongoRunner.stopMongod(conn);
|
|
|
|
jsTest.log("Test sharding");
|
|
let st = new ShardingTest({shards: 2, config: 3});
|
|
runTest(st.s);
|
|
st.stop();
|