diff options
author | samantharitter <samantha.ritter@10gen.com> | 2017-03-27 13:50:42 -0400 |
---|---|---|
committer | samantharitter <samantha.ritter@10gen.com> | 2017-05-05 14:44:26 -0400 |
commit | 4aaf10cd49be1702adf877139925362a4e2460ad (patch) | |
tree | a1e4674baf48ea883755d48060d28ffc6d8f9a9e | |
parent | 02edad4ea3cd611e5428c9b8c191f70332c38994 (diff) | |
download | mongo-4aaf10cd49be1702adf877139925362a4e2460ad.tar.gz |
SERVER-28190 Add new tests for user continuity
4 files changed, 63 insertions, 0 deletions
diff --git a/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml b/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml index 629e4c0dfe8..2e0888b5f3d 100644 --- a/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml +++ b/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml @@ -21,6 +21,7 @@ selector: # New feature in v3.6 mongos and mongod. - jstests/sharding/logical_time_api.js - jstests/sharding/operation_time_api.js + - jstests/sharding/auth_drop_user_while_logged_in.js # New feature in v3.6 mongo shell. - jstests/sharding/causal_consistency_shell_support.js diff --git a/jstests/auth/drop_user_while_logged_in.js b/jstests/auth/drop_user_while_logged_in.js new file mode 100644 index 00000000000..20534c58f64 --- /dev/null +++ b/jstests/auth/drop_user_while_logged_in.js @@ -0,0 +1,9 @@ +// +// Test that privileges are dropped when a user is dropped and re-added while another +// client is logged in under that username (against a standalone). +// + +load('./jstests/libs/drop_user_while_logged_in.js'); + +var conn = MongoRunner.runMongod({auth: "", smallfiles: ""}); +testDroppingUsersWhileLoggedIn(conn); diff --git a/jstests/libs/drop_user_while_logged_in.js b/jstests/libs/drop_user_while_logged_in.js new file mode 100644 index 00000000000..43e1422d7b7 --- /dev/null +++ b/jstests/libs/drop_user_while_logged_in.js @@ -0,0 +1,42 @@ +// +// Test that privileges are dropped when a user is dropped and re-added while another +// client is logged in under that username. +// + +function testDroppingUsersWhileLoggedIn(conn) { + var admin = conn.getDB("admin"); + + // Add users + admin.createUser({ + user: "userAdmin", + pwd: "superSecret", + roles: [{role: "userAdminAnyDatabase", db: "admin"}] + }); + admin.auth("userAdmin", "superSecret"); + admin.createUser({user: "admin", pwd: "admin", roles: ["read"]}); + admin.logout(); + + // Test privileges for the first user + assert(admin.auth("admin", "admin")); + + // Should be able to read + admin.coll.findOne(); + + // Should not be able to write + assert.writeError(admin.coll.insert({a: 1})); + + // On a new connection, log in as the second user + var conn2 = new Mongo(conn.host); + var admin2 = conn2.getDB("admin"); + admin2.auth("userAdmin", "superSecret"); + + // Replace the first user with a new user with different privileges + admin2.dropUser("admin"); + admin2.createUser({user: "admin", pwd: "topSecret", roles: [{role: "root", db: "admin"}]}); + + // The first user should not be able to read or write + assert.writeError(admin.coll.insert({a: 1})); + assert.throws(function() { + admin.coll.findOne(); + }); +} diff --git a/jstests/sharding/auth_drop_user_while_logged_in.js b/jstests/sharding/auth_drop_user_while_logged_in.js new file mode 100644 index 00000000000..7a415553f22 --- /dev/null +++ b/jstests/sharding/auth_drop_user_while_logged_in.js @@ -0,0 +1,11 @@ +// +// Test that privileges are dropped when a user is dropped and re-added while another +// client is logged in under that username (against a sharded cluster). +// + +load('./jstests/libs/drop_user_while_logged_in.js'); + +var st = new ShardingTest({shards: 2, mongos: 1, keyFile: 'jstests/libs/key1'}); +var mongos = st.s0; + +testDroppingUsersWhileLoggedIn(mongos); |