mirror of https://github.com/mongodb/mongo
108 lines
3.4 KiB
JavaScript
108 lines
3.4 KiB
JavaScript
// Test that only users with releaseMemoryAnyCursor permission can use releaseMemory command
|
|
|
|
const db1Name = "release_memory_base_1";
|
|
const db2Name = "release_memory_base_2";
|
|
const coll1Name = "coll1";
|
|
const coll2Name = "coll2";
|
|
|
|
function setupCollections(conn) {
|
|
const db1 = conn.getDB(db1Name);
|
|
const db2 = conn.getDB(db2Name);
|
|
db1.dropDatabase();
|
|
db2.dropDatabase();
|
|
db1[coll1Name].insertMany([{}, {}, {}]);
|
|
db1[coll2Name].insertMany([{}, {}, {}]);
|
|
db2[coll1Name].insertMany([{}, {}, {}]);
|
|
}
|
|
|
|
function assertCorrectResult(res, shouldWork, user) {
|
|
if (shouldWork) {
|
|
assert.commandWorked(res, "user: " + user);
|
|
} else {
|
|
assert.commandFailedWithCode(res, [ErrorCodes.Unauthorized], "user: " + user);
|
|
}
|
|
}
|
|
|
|
const createInactiveCursor = function (db, collName) {
|
|
const cmdRes = db.runCommand({find: collName, filter: {}, batchSize: 1});
|
|
assert.commandWorked(cmdRes);
|
|
return cmdRes.cursor.id;
|
|
};
|
|
|
|
function testReleaseMemory(conn, user, shouldWorkCollection, shouldWorkDatabase, shouldWorkCluster) {
|
|
const admin = conn.getDB("admin");
|
|
admin.auth(user, "pass");
|
|
|
|
const db1 = conn.getDB(db1Name);
|
|
const db2 = conn.getDB(db2Name);
|
|
|
|
assertCorrectResult(
|
|
db1.runCommand({releaseMemory: [createInactiveCursor(db1, coll1Name)]}),
|
|
shouldWorkCollection,
|
|
user,
|
|
);
|
|
assertCorrectResult(
|
|
db1.runCommand({releaseMemory: [createInactiveCursor(db1, coll2Name)]}),
|
|
shouldWorkDatabase,
|
|
user,
|
|
);
|
|
assertCorrectResult(
|
|
db2.runCommand({releaseMemory: [createInactiveCursor(db2, coll1Name)]}),
|
|
shouldWorkCluster,
|
|
user,
|
|
);
|
|
|
|
admin.logout();
|
|
}
|
|
|
|
export function runTest(conn) {
|
|
const admin = conn.getDB("admin");
|
|
admin.createUser({user: "admin", pwd: "pass", roles: jsTest.adminUserRoles});
|
|
|
|
assert(admin.auth("admin", "pass"));
|
|
setupCollections(conn);
|
|
|
|
const db1 = conn.getDB(db1Name);
|
|
assert.commandFailedWithCode(
|
|
db1.runCommand({releaseMemory: [createInactiveCursor(db1, coll1Name)]}),
|
|
[ErrorCodes.Unauthorized],
|
|
"releaseMemory should not work without releaseMemoryAnyCursor permission",
|
|
);
|
|
|
|
admin.createRole({
|
|
createRole: "releaseCollection",
|
|
roles: ["readAnyDatabase"],
|
|
privileges: [
|
|
{
|
|
resource: {db: "release_memory_base_1", collection: "coll1"},
|
|
actions: ["releaseMemoryAnyCursor"],
|
|
},
|
|
],
|
|
});
|
|
admin.createRole({
|
|
createRole: "releaseDatabase",
|
|
roles: ["readAnyDatabase"],
|
|
privileges: [
|
|
{
|
|
resource: {db: "release_memory_base_1", collection: ""},
|
|
actions: ["releaseMemoryAnyCursor"],
|
|
},
|
|
],
|
|
});
|
|
admin.createRole({
|
|
createRole: "releaseCluster",
|
|
roles: ["readAnyDatabase"],
|
|
privileges: [{resource: {cluster: true}, actions: ["releaseMemoryAnyCursor"]}],
|
|
});
|
|
|
|
admin.createUser({user: "userCollection", pwd: "pass", roles: ["releaseCollection"]});
|
|
admin.createUser({user: "userDatabase", pwd: "pass", roles: ["releaseDatabase"]});
|
|
admin.createUser({user: "userCluster", pwd: "pass", roles: ["releaseCluster"]});
|
|
|
|
admin.logout();
|
|
|
|
testReleaseMemory(conn, "userCollection", true, false, false);
|
|
testReleaseMemory(conn, "userDatabase", true, true, false);
|
|
testReleaseMemory(conn, "userCluster", true, true, true);
|
|
}
|