diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-02-15 18:28:31 -0800 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-02-16 08:10:24 -0800 |
commit | 1bd8b84c64214356f482fa3164d88e664f585243 (patch) | |
tree | 470406a00ee118a40f91a6e7592adfe826d1f350 | |
parent | 692090f1efd4a5a869abcddadefac1cdc5de69d0 (diff) | |
download | mongo-1bd8b84c64214356f482fa3164d88e664f585243.tar.gz |
SERVER-8597 Fix AuthorizationManager unit test now that invalid roles no longer prevent privilege acquisition
-rw-r--r-- | src/mongo/db/auth/authorization_manager_test.cpp | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp index 044b21ca724..9df59339dab 100644 --- a/src/mongo/db/auth/authorization_manager_test.cpp +++ b/src/mongo/db/auth/authorization_manager_test.cpp @@ -131,68 +131,81 @@ namespace { ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); } - TEST_F(PrivilegeDocumentParsing, VerifyRejectionOfInvalidRoleNames) { - ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet( + TEST_F(PrivilegeDocumentParsing, VerifyInvalidRoleGrantsNoPrivileges) { + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( "test", user, BSON("user" << "spencer" << "pwd" << "" << - "roles" << BSON_ARRAY("read" << "frim")), + "roles" << BSON_ARRAY("frim")), &privilegeSet)); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); } + TEST_F(PrivilegeDocumentParsing, VerifyInvalidRoleStillAllowsOtherRoles) { + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( + "test", + user, + BSON("user" << "spencer" << "pwd" << "" << + "roles" << BSON_ARRAY("read" << "frim")), + &privilegeSet)); + ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); + } + TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterAdminRoleFromNonAdminDatabase) { - ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet( + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( "test", user, BSON("user" << "spencer" << "pwd" << "" << "roles" << BSON_ARRAY("read" << "clusterAdmin")), &privilegeSet)); - ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); + ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::shutdown))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::dropDatabase))); } TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterReadFromNonAdminDatabase) { - ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet( + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( "test", user, BSON("user" << "spencer" << "pwd" << "" << "roles" << BSON_ARRAY("read" << "readAnyDatabase")), &privilegeSet)); - ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); + ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::find))); } TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterReadWriteFromNonAdminDatabase) { - ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet( + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( "test", user, BSON("user" << "spencer" << "pwd" << "" << "roles" << BSON_ARRAY("read" << "readWriteAnyDatabase")), &privilegeSet)); + ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::insert))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::insert))); } TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterUserAdminFromNonAdminDatabase) { - ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet( + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( "test", user, BSON("user" << "spencer" << "pwd" << "" << "roles" << BSON_ARRAY("read" << "userAdminAnyDatabase")), &privilegeSet)); + ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::userAdmin))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::userAdmin))); } TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterDBAdminFromNonAdminDatabase) { - ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet( + ASSERT_OK(AuthorizationManager::buildPrivilegeSet( "test", user, BSON("user" << "spencer" << "pwd" << "" << "roles" << BSON_ARRAY("read" << "dbAdminAnyDatabase")), &privilegeSet)); + ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::clean))); ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::clean))); } |