diff options
author | Shane Harvey <shane.harvey@mongodb.com> | 2016-04-14 10:58:35 -0400 |
---|---|---|
committer | Shane Harvey <shane.harvey@mongodb.com> | 2016-04-14 14:02:45 -0400 |
commit | ca300c07c735144358034adbcaec93b6070ffbc5 (patch) | |
tree | a0d102f3ae10ab5bd7918ba6080aa3e133b38002 | |
parent | c558a396d221ee5c13278ca76667cca5adf8bdf5 (diff) | |
download | mongo-ca300c07c735144358034adbcaec93b6070ffbc5.tar.gz |
SERVER-23184 Fix connection_status.js test.
(cherry picked from commit 10e70cabf340199e6dccaced6fb7dd12cfb6e689)
-rw-r--r-- | jstests/core/connection_status.js | 119 |
1 files changed, 65 insertions, 54 deletions
diff --git a/jstests/core/connection_status.js b/jstests/core/connection_status.js index 2ecfb211b6d..728e3d8a131 100644 --- a/jstests/core/connection_status.js +++ b/jstests/core/connection_status.js @@ -1,80 +1,91 @@ // Tests the connectionStatus command (function() { + "use strict"; var dbName = 'connection_status'; var myDB = db.getSiblingDB(dbName); myDB.dropAllUsers(); - function test(userName) { - myDB.createUser( - {user: userName, pwd: "weak password", roles: [{db: "admin", role: "root"}]}); - myDB.auth(userName, "weak password"); - - var output = myDB.runCommand("connectionStatus"); - assert.commandWorked(output); + /** + * Test that the output of connectionStatus makes sense. + */ + function validateConnectionStatus(expectedUser, expectedRole, showPrivileges) { + var connectionStatus = + myDB.runCommand({"connectionStatus": 1, "showPrivileges": showPrivileges}); + assert.commandWorked(connectionStatus); + var authInfo = connectionStatus.authInfo; // Test that authenticated users are properly returned. - var users = output.authInfo.authenticatedUsers; - + var users = authInfo.authenticatedUsers; var matches = 0; + var infoStr = tojson(authInfo); for (var i = 0; i < users.length; i++) { - if (users[i].db != dbName) - continue; - - assert.eq(users[i].user, userName); - matches++; + var user = users[i].user; + var db = users[i].db; + assert(isString(user), + "each authenticatedUsers should have a 'user' string:" + infoStr); + assert(isString(db), "each authenticatedUsers should have a 'db' string:" + infoStr); + if (user === expectedUser.user && db === expectedUser.db) { + matches++; + } } - assert.eq(matches, 1); + assert.eq( + matches, 1, "expected user should be present once in authenticatedUsers:" + infoStr); // Test that authenticated roles are properly returned. - var roles = output.authInfo.authenticatedUserRoles; - + var roles = authInfo.authenticatedUserRoles; matches = 0; for (var i = 0; i < roles.length; i++) { - if (roles[i].db != "admin") - continue; - - assert.eq(roles[i].role, "root"); - matches++; - } - assert(matches >= 1); - - // Test roles/ privileges for a non-root user. - myDB.createUser({user: "foo", pwd: "weak password", roles: [{db: "foo", role: "read"}]}); - myDB.logout(); - myDB.auth("foo", "weak password"); - - output = myDB.runCommand({"connectionStatus": 1, "showPrivileges": 1}); - assert.commandWorked(output); - - var users = output.authInfo.authenticatedUsers; - var authedAsSystem = false; - for (var i = 0; i < users.length; i++) { - var authed = users[i]; - if (authed.user === "__system" && authed.db === "local") { - authedAsSystem = true; + var role = roles[i].role; + var db = roles[i].db; + assert(isString(role), + "each authenticatedUserRole should have a 'role' string:" + infoStr); + assert(isString(db), "each authenticatedUserRole should have a 'db' string:" + infoStr); + if (role === expectedRole.role && db === expectedRole.db) { + matches++; } } - - var privileges = output.authInfo.authenticatedUserPrivileges; - - for (var i = 0; i < privileges.length; i++) { - if (privileges[i].resource.anyResource) { - if (authedAsSystem) { - assert.eq(["anyAction"], - privileges[i].actions, - "__system user should only have anyResource/anyAction privilege:" + - tojson(output)); - } else { - assert(false, - "read role should not have anyResource privileges:" + tojson(output)); + // Role will be duplicated when users with the same role are logged in at the same time. + assert.gte( + matches, 1, "expected role should be present in authenticatedUserRoles:" + infoStr); + + var privileges = authInfo.authenticatedUserPrivileges; + if (showPrivileges) { + for (var i = 0; i < privileges.length; i++) { + assert( + isObject(privileges[i].resource), + "each authenticatedUserPrivilege should have a 'resource' object:" + infoStr); + var actions = privileges[i].actions; + for (var j = 0; j < actions.length; j++) { + assert(isString(actions[j]), + "each authenticatedUserPrivilege action should be a string:" + infoStr); } } + + } else { + // Test that privileges are not returned without asking + assert.eq(privileges, + undefined, + "authenticatedUserPrivileges should not be returned by default:" + infoStr); } + } - myDB.logout(); + function test(userName) { + var user = { + user: userName, + db: dbName + }; + var role = { + role: "root", + db: "admin" + }; + myDB.createUser({user: userName, pwd: "weak password", roles: [role]}); + myDB.auth(userName, "weak password"); + + // Validate with and without showPrivileges + validateConnectionStatus(user, role, true); + validateConnectionStatus(user, role, false); // Clean up. - myDB.auth(userName, "weak password"); myDB.dropAllUsers(); myDB.logout(); } |