diff options
| author | Dianna Hohensee <dianna.hohensee@mongodb.com> | 2023-01-27 22:24:59 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-02-02 15:35:22 +0000 |
| commit | 1c950544c073ee40adda396e5795cfb068a1ff7e (patch) | |
| tree | 2dcc70a058de36172bed3ea6090ddffb22713943 /jstests/auth/lib | |
| parent | b5d1b6c76c4c21a33caae6c967aa5f08ba84ec5f (diff) | |
| download | mongo-1c950544c073ee40adda396e5795cfb068a1ff7e.tar.gz | |
SERVER-73270 Add new authorization permissions and checks for the the mongod search commands
Diffstat (limited to 'jstests/auth/lib')
| -rw-r--r-- | jstests/auth/lib/commands_lib.js | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js index c6c6f868db2..3904d800ee2 100644 --- a/jstests/auth/lib/commands_lib.js +++ b/jstests/auth/lib/commands_lib.js @@ -3650,6 +3650,26 @@ export const authCommandsLib = { }] }, { + testname: "createSearchIndex", + command: {createSearchIndex: "x", indexDefinition: {"testBlob": "blob"}}, + skipSharded: true, // TODO (SERVER-73274): add mongos cmds + testcases: [{ + runOnDb: firstDbName, + roles: Object.extend({ + readWrite: 1, + readWriteAnyDatabase: 1, + dbAdmin: 1, + dbAdminAnyDatabase: 1, + dbOwner: 1, + restore: 1, + root: 1, + __system: 1 + }), + privileges: + [{resource: {db: firstDbName, collection: "x"}, actions: ["createSearchIndex"]}], + }] + }, + { testname: "currentOp_$ownOps_false", command: {currentOp: 1, $all: true, $ownOps: false}, testcases: [ @@ -4007,6 +4027,25 @@ export const authCommandsLib = { ] }, { + testname: "dropSearchIndex", + command: {dropSearchIndex: "x", indexDefinition: {"testBlob": "blob"}}, + skipSharded: true, // TODO (SERVER-73274): add mongos cmds + testcases: [ + { + runOnDb: firstDbName, + roles: roles_writeDbAdmin, + privileges: + [{resource: {db: firstDbName, collection: "x"}, actions: ["dropSearchIndex"]}], + }, + { + runOnDb: secondDbName, + roles: roles_writeDbAdminAny, + privileges: + [{resource: {db: secondDbName, collection: "x"}, actions: ["dropSearchIndex"]}], + } + ] + }, + { testname: "enableSharding", command: {enableSharding: "x"}, skipUnlessSharded: true, @@ -5095,6 +5134,28 @@ export const authCommandsLib = { }, { + testname: "listSearchIndexes", + command: {listSearchIndexes: "x"}, + skipSharded: true, // TODO (SERVER-73274): add mongos cmds + testcases: [{ + runOnDb: firstDbName, + roles: { + read: 1, + readAnyDatabase: 1, + readWrite: 1, + readWriteAnyDatabase: 1, + dbAdmin: 1, + dbAdminAnyDatabase: 1, + dbOwner: 1, + backup: 1, + root: 1, + __system: 1, + }, + privileges: + [{resource: {db: firstDbName, collection: ""}, actions: ["listSearchIndexes"]}], + }] + }, + { testname: "listShards", command: {listShards: 1}, skipUnlessSharded: true, @@ -5228,6 +5289,26 @@ export const authCommandsLib = { ] }, { + testname: "modifySearchIndex", + command: {modifySearchIndex: "foo", indexDefinition: {"textBlob": "blob"}}, + skipSharded: true, // TODO (SERVER-73274): add mongos cmds + testcases: [ + { + runOnDb: firstDbName, + roles: Object.extend({restore: 1}, roles_dbAdmin), + privileges: + [{resource: {db: firstDbName, collection: "foo"}, actions: ["modifySearchIndex"]}], + expectFail: true, + }, + { + runOnDb: secondDbName, + roles: Object.extend({restore: 1}, roles_dbAdminAny), + privileges: + [{resource: {db: secondDbName, collection: "foo"}, actions: ["modifySearchIndex"]}], + } + ] + }, + { testname: "s_moveChunk", command: {moveChunk: "test.x", find:{}, to:"a"}, skipUnlessSharded: true, |