diff options
| author | Randolph Tan <randolph@10gen.com> | 2014-03-14 11:43:25 -0400 |
|---|---|---|
| committer | Randolph Tan <randolph@10gen.com> | 2014-03-26 15:34:37 -0400 |
| commit | 386f1b32babc38daafad97949056ac953d53b3b0 (patch) | |
| tree | 343a72e2d26b7b3d7c86ddc59250835b59e00d2d /jstests/auth | |
| parent | fd1ac5955a4f2d4d0c74ab3e88d4b49169973b11 (diff) | |
| download | mongo-386f1b32babc38daafad97949056ac953d53b3b0.tar.gz | |
SERVER-13191 migrate auth jstest suite to use write commands api
Diffstat (limited to 'jstests/auth')
| -rw-r--r-- | jstests/auth/auth1.js | 5 | ||||
| -rw-r--r-- | jstests/auth/basic_role_auth.js | 45 | ||||
| -rw-r--r-- | jstests/auth/db_multiple_login.js | 32 | ||||
| -rw-r--r-- | jstests/auth/indexSystemUsers.js | 20 | ||||
| -rw-r--r-- | jstests/auth/js_scope_leak.js | 1 | ||||
| -rw-r--r-- | jstests/auth/localhostAuthBypass.js | 27 | ||||
| -rw-r--r-- | jstests/auth/mongos_cache_invalidation.js | 55 | ||||
| -rw-r--r-- | jstests/auth/repl.js | 3 | ||||
| -rw-r--r-- | jstests/auth/role_management_commands.js | 94 | ||||
| -rw-r--r-- | jstests/auth/server-4892.js | 3 | ||||
| -rw-r--r-- | jstests/auth/user_defined_roles.js | 40 | ||||
| -rw-r--r-- | jstests/auth/user_management_commands.js | 25 |
12 files changed, 131 insertions, 219 deletions
diff --git a/jstests/auth/auth1.js b/jstests/auth/auth1.js index a7b67cdb04b..f5e9a877ad4 100644 --- a/jstests/auth/auth1.js +++ b/jstests/auth/auth1.js @@ -64,9 +64,8 @@ assert.eq( 1000, tRO.count() , "B1" ); assert.eq( 1000, tRO.find().toArray().length , "B2" ); // make sure we have a getMore in play assert.commandWorked( dbRO.runCommand( {ismaster:1} ) , "B3" ); -assert( !dbRO.getLastError() , "B4" ); -tRO.save( {} ); // fail -assert( dbRO.getLastError() , "B5: " + tojson( dbRO.getLastErrorObj() ) ); +assert.writeError(tRO.save({})); + assert.eq( 1000, tRO.count() , "B6" ); assert.eq( 1000, tRO.group( p ).length , "C1" ); diff --git a/jstests/auth/basic_role_auth.js b/jstests/auth/basic_role_auth.js index 0530edda062..35e6b468164 100644 --- a/jstests/auth/basic_role_auth.js +++ b/jstests/auth/basic_role_auth.js @@ -99,9 +99,8 @@ var CLUSTER_PERM = { killOp: 1, currentOp: 1, fsync_unlock: 1, killCursor: 1, pr * * @param shouldPass {Boolean} true means that the operation should succeed. * @param opFunc {function()} a function object which contains the operation to perform. - * @param db {DB?} an optional parameter that will be used to call getLastError if present. */ -var checkErr = function(shouldPass, opFunc, db) { +var checkErr = function(shouldPass, opFunc) { var success = true; var exception = null; @@ -112,17 +111,10 @@ var checkErr = function(shouldPass, opFunc, db) { success = false; } - var gle = null; - if (db != null) { - gle = db.getLastError(); - success = success && (gle == null); - } - assert(success == shouldPass, 'expected shouldPass: ' + shouldPass + ', got: ' + success + ', op: ' + tojson(opFunc) + - ', exception: ' + tojson(exception) + - ', gle: ' + tojson(gle)); + ', exception: ' + tojson(exception)); }; /** @@ -138,16 +130,19 @@ var checkErr = function(shouldPass, opFunc, db) { */ var testOps = function(db, allowedActions) { checkErr(allowedActions.hasOwnProperty('insert'), function() { - db.user.insert({ y: 1 }); - }, db); + var res = db.user.insert({ y: 1 }); + if (res.hasWriteError()) throw Error("insert failed: " + tojson(res.getRawResponse())); + }); checkErr(allowedActions.hasOwnProperty('update'), function() { - db.user.update({ y: 1 }, { z: 3 }); - }, db); + var res = db.user.update({ y: 1 }, { z: 3 }); + if (res.hasWriteError()) throw Error("update failed: " + tojson(res.getRawResponse())); + }); checkErr(allowedActions.hasOwnProperty('remove'), function() { - db.user.remove({ y: 1 }); - }, db); + var res = db.user.remove({ y: 1 }); + if (res.hasWriteError()) throw Error("remove failed: " + tojson(res.getRawResponse())); + }); checkErr(allowedActions.hasOwnProperty('query'), function() { db.user.findOne({ y: 1 }); @@ -174,16 +169,22 @@ var testOps = function(db, allowedActions) { }); checkErr(allowedActions.hasOwnProperty('index_w'), function() { - db.user.ensureIndex({ x: 1 }); - }, db); + var res = db.user.ensureIndex({ x: 1 }); + if (res.code == 13) { // Unauthorized + throw 'unauthorized currentOp'; + } + }); checkErr(allowedActions.hasOwnProperty('profile_r'), function() { db.system.profile.findOne(); }); checkErr(allowedActions.hasOwnProperty('profile_w'), function() { - db.system.profile.insert({ x: 1 }); - }, db); + var res = db.system.profile.insert({ x: 1 }); + if (res.hasWriteError()) { + throw Error("profile insert failed: " + tojson(res.getRawResponse())); + } + }); checkErr(allowedActions.hasOwnProperty('user_r'), function() { var result = db.runCommand({usersInfo: 1}); @@ -194,8 +195,8 @@ var testOps = function(db, allowedActions) { checkErr(allowedActions.hasOwnProperty('user_w'), function() { db.createUser({user:'a', pwd: 'a', roles: jsTest.basicUserRoles}); - db.dropUser('a'); - }, db); + assert(db.dropUser('a')); + }); // Test for kill cursor (function() { diff --git a/jstests/auth/db_multiple_login.js b/jstests/auth/db_multiple_login.js index 44aa496441c..13bef7bcc59 100644 --- a/jstests/auth/db_multiple_login.js +++ b/jstests/auth/db_multiple_login.js @@ -3,32 +3,6 @@ // authentication. // // Regression test for SERVER-8144. - -// Raises an exception if "status" is not a GetLastError object indicating success. -function assertGLEOK(status) { - assert(status.ok && status.err === null, - "Expected OK status object; found " + tojson(status)); -} - -// Raises an exception if "status" is not a GetLastError object indicating failure. -function assertGLENotOK(status) { - assert(status.ok && status.err !== null, - "Expected not-OK status object; found " + tojson(status)); -} - -// Asserts that inserting "obj" into "collection" succeeds. -function assertInsertSucceeds(collection, obj) { - collection.insert(obj); - assertGLEOK(collection.getDB().getLastErrorObj()); -} - -// Asserts that inserting "obj" into "collection" fails. -function assertInsertFails(collection, obj) { - collection.insert(obj); - assertGLENotOK(collection.getDB().getLastErrorObj()); -} - - var conn = MongoRunner.runMongod({ auth: "", smallfiles: "" }); var admin = conn.getDB("admin"); var test = conn.getDB("test"); @@ -40,15 +14,15 @@ test.createUser({user: 'writer', pwd: 'a', roles: [ "readWrite" ]}); admin.logout(); // Nothing logged in, can neither read nor write. -assertInsertFails(test.docs, { value: 0 }); +assert.writeError(test.docs.insert({ value: 0 })); assert.throws(function() { test.foo.findOne() }); // Writer logged in, can read and write. test.auth('writer', 'a'); -assertInsertSucceeds(test.docs, { value: 1 }); +assert.writeOK(test.docs.insert({ value: 1 })); test.foo.findOne(); // Reader logged in, replacing writer, can only read. test.auth('reader', 'a'); -assertInsertFails(test.docs, { value: 2 }); +assert.writeError(test.docs.insert({ value: 2 })); test.foo.findOne(); diff --git a/jstests/auth/indexSystemUsers.js b/jstests/auth/indexSystemUsers.js index d8979dc89ae..abe188194ea 100644 --- a/jstests/auth/indexSystemUsers.js +++ b/jstests/auth/indexSystemUsers.js @@ -2,11 +2,6 @@ // dropDups. var conn = MongoRunner.runMongod({auth : ""}); -function assertGLENotOK(status) { - assert(status.ok && status.err !== null, - "Expected not-OK status object; found " + tojson(status)); -} - var adminDB = conn.getDB("admin"); var testDB = conn.getDB("test"); adminDB.createUser({user:'admin', pwd:'x', roles:['userAdminAnyDatabase']}); @@ -17,11 +12,14 @@ assert.eq(3, adminDB.system.users.count()); adminDB.logout(); adminDB.auth('mallory', 'x'); -adminDB.system.users.createIndex({haxx:1}, {unique:true, dropDups:true}); -assertGLENotOK(adminDB.getLastErrorObj()); -adminDB.exploit.system.indexes.insert({ns: "admin.system.users", key: { haxx: 1.0 }, name: "haxx_1", - unique: true, dropDups: true}); -assertGLENotOK(testDB.getLastErrorObj()); +var res = adminDB.system.users.createIndex({ haxx: 1 }, { unique: true, dropDups: true }); +assert(!res.ok); +assert.eq(13, res.code); // unauthorized +assert.writeError(adminDB.exploit.system.indexes.insert({ ns: "admin.system.users", + key: { haxx: 1.0 }, + name: "haxx_1", + unique: true, + dropDups: true })); // Make sure that no indexes were built. assert.eq(null, adminDB.system.namespaces.findOne( @@ -32,4 +30,4 @@ adminDB.logout(); adminDB.auth('admin','x'); // Make sure that no users were actually dropped -assert.eq(3, adminDB.system.users.count());
\ No newline at end of file +assert.eq(3, adminDB.system.users.count()); diff --git a/jstests/auth/js_scope_leak.js b/jstests/auth/js_scope_leak.js index e418157c195..0d4285306ea 100644 --- a/jstests/auth/js_scope_leak.js +++ b/jstests/auth/js_scope_leak.js @@ -12,7 +12,6 @@ var test = conn.getDB("test"); // insert a single document and add two test users test.foo.insert({a:1}); -test.getLastError(); assert.eq(1, test.foo.findOne().a); test.createUser({user:'a', pwd: 'a', roles: jsTest.basicUserRoles}); test.createUser({user:'b', pwd: 'b', roles: jsTest.basicUserRoles}); diff --git a/jstests/auth/localhostAuthBypass.js b/jstests/auth/localhostAuthBypass.js index 1b72f7ea3ac..ecd16268aa2 100644 --- a/jstests/auth/localhostAuthBypass.js +++ b/jstests/auth/localhostAuthBypass.js @@ -21,16 +21,12 @@ var assertCannotRunCommands = function(mongo) { var test = mongo.getDB("test"); assert.throws( function() { test.system.users.findOne(); }); - test.foo.save({_id:0}); - assert(test.getLastError()); - + assert.writeError(test.foo.save({ _id: 0 })); + assert.throws( function() { test.foo.findOne({_id:0}); }); - - test.foo.update({_id:0}, {$set:{x:20}}); - assert(test.getLastError()); - - test.foo.remove({_id:0}); - assert(test.getLastError()); + + assert.writeError(test.foo.update({ _id: 0 }, { $set: { x: 20 }})); + assert.writeError(test.foo.remove({ _id: 0 })); assert.throws(function() { test.foo.mapReduce( @@ -47,15 +43,10 @@ var assertCanRunCommands = function(mongo) { // will throw on failure test.system.users.findOne(); - test.foo.save({_id: 0}); - assert(test.getLastError() == null); - - test.foo.update({_id: 0}, {$set:{x:20}}); - assert(test.getLastError() == null); - - test.foo.remove({_id: 0}); - assert(test.getLastError() == null); - + assert.writeOK(test.foo.save({ _id: 0 })); + assert.writeOK(test.foo.update({ _id: 0 }, { $set: { x: 20 }})); + assert.writeOK(test.foo.remove({ _id: 0 })); + test.foo.mapReduce( function() { emit(1, 1); }, function(id, count) { return Array.sum(count); }, diff --git a/jstests/auth/mongos_cache_invalidation.js b/jstests/auth/mongos_cache_invalidation.js index 1cedf92c4d9..36ca253b3a7 100644 --- a/jstests/auth/mongos_cache_invalidation.js +++ b/jstests/auth/mongos_cache_invalidation.js @@ -4,6 +4,11 @@ */ var authzErrorCode = 13; +var hasAuthzError = function (result) { + assert(result.hasWriteError()); + assert.eq(authzErrorCode, result.getWriteError().code); +}; + var st = new ShardingTest({ shards: 2, config: 3, mongos: [{}, @@ -53,31 +58,26 @@ db3.auth('spencer', 'pwd'); (function testGrantingPrivileges() { jsTestLog("Testing propagation of granting privileges"); - db1.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db1, authzErrorCode); - db2.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db2, authzErrorCode); - db3.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db3, authzErrorCode); + hasAuthzError(db1.foo.update({}, { $inc: { a: 1 }})); + hasAuthzError(db2.foo.update({}, { $inc: { a: 1 }})); + hasAuthzError(db3.foo.update({}, { $inc: { a: 1 }})); assert.eq(1, db1.foo.findOne().a); assert.eq(1, db2.foo.findOne().a); assert.eq(1, db3.foo.findOne().a); - db1.getSiblingDB('admin').grantPrivilegesToRole("myRole", [{resource: {db: 'test', collection: ''}, actions: ['update']}]); // s0/db1 should update its cache instantly - db1.foo.update({}, {$inc: {a:1}}); - assert.gleSuccess(db1); + assert.writeOK(db1.foo.update({}, { $inc: { a: 1 }})); assert.eq(2, db1.foo.findOne().a); // s1/db2 should update its cache in 30 seconds. assert.soon(function() { - db2.foo.update({}, {$inc: {a:1}}); - if (db2.getLastError()) { + var res = db2.foo.update({}, { $inc: { a: 1 }}); + if (res.hasWriteError()) { return false; } return db2.foo.findOne().a == 3; @@ -87,8 +87,7 @@ db3.auth('spencer', 'pwd'); // We manually invalidate the cache on s2/db3. db3.adminCommand("invalidateUserCache"); - db3.foo.update({}, {$inc: {a:1}}); - assert.gleSuccess(db3); + assert.writeOK(db3.foo.update({}, { $inc: { a: 1 }})); assert.eq(4, db3.foo.findOne().a); })(); @@ -101,53 +100,43 @@ db3.auth('spencer', 'pwd'); actions: ['update']}]); // s0/db1 should update its cache instantly - db1.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db1, authzErrorCode); + hasAuthzError(db1.foo.update({}, { $inc: { a: 1 }})); // s1/db2 should update its cache in 30 seconds. assert.soon(function() { - db2.foo.update({}, {$inc: {a:1}}); - return db2.getLastErrorObj().code == authzErrorCode; + var res = db2.foo.update({}, { $inc: { a: 1 }}); + return res.hasWriteError() && res.getWriteError().code == authzErrorCode; }, "Mongos did not update its user cache after 30 seconds", 31 * 1000); // Give an extra 1 second to avoid races // We manually invalidate the cache on s1/db3. db3.adminCommand("invalidateUserCache"); - db3.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db3, authzErrorCode); - + hasAuthzError(db3.foo.update({}, { $inc: { a: 1 }})); })(); (function testModifyingUser() { jsTestLog("Testing propagation modifications to a user, rather than to a role"); - db1.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db1, authzErrorCode); - db2.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db2, authzErrorCode); - db3.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db3, authzErrorCode); + hasAuthzError(db1.foo.update({}, { $inc: { a: 1 }})); + hasAuthzError(db2.foo.update({}, { $inc: { a: 1 }})); + hasAuthzError(db3.foo.update({}, { $inc: { a: 1}})); db1.getSiblingDB('test').grantRolesToUser("spencer", ['readWrite']); // s0/db1 should update its cache instantly - db1.foo.update({}, {$inc: {a:1}}); - assert.gleSuccess(db1); + assert.writeOK(db1.foo.update({}, { $inc: { a: 1 }})); // s1/db2 should update its cache in 30 seconds. assert.soon(function() { - db2.foo.update({}, {$inc: {a:1}}); - return !db2.getLastError(); + return !db2.foo.update({}, { $inc: { a: 1 }}).hasWriteError(); }, "Mongos did not update its user cache after 30 seconds", 31 * 1000); // Give an extra 1 second to avoid races // We manually invalidate the cache on s1/db3. db3.adminCommand("invalidateUserCache"); - db3.foo.update({}, {$inc: {a:1}}); - assert.gleSuccess(db3); - + assert.writeOK(db3.foo.update({}, { $inc: { a: 1 }})); })(); (function testDroppingUser() { diff --git a/jstests/auth/repl.js b/jstests/auth/repl.js index d581d7f633e..3dfd01df6f5 100644 --- a/jstests/auth/repl.js +++ b/jstests/auth/repl.js @@ -236,8 +236,7 @@ slave = rt.start(false, mongoOptions, true); var masterDB = master.getDB("admin"); // ensure that master/slave replication is up and running -masterDB.foo.save({}); -masterDB.runCommand({getLastError: 1, w: 2, wtimeout: 5000}); +masterDB.foo.save({}, { writeConcern: { w: 2, wtimeout: 5000 }}); masterDB.foo.drop(); authReplTest = AuthReplTest({ diff --git a/jstests/auth/role_management_commands.js b/jstests/auth/role_management_commands.js index 8c110f413f0..ef445615b6f 100644 --- a/jstests/auth/role_management_commands.js +++ b/jstests/auth/role_management_commands.js @@ -5,6 +5,10 @@ function runTest(conn) { var authzErrorCode = 13; + var hasAuthzError = function(result) { + assert(result.hasWriteError()); + assert.eq(authzErrorCode, result.getWriteError().code); + }; var userAdminConn = new Mongo(conn.host); var testUserAdmin = userAdminConn.getDB('test'); @@ -46,46 +50,36 @@ function runTest(conn) { testUserAdmin.updateUser('testUser', {roles: [{role: 'adminRole', db: 'admin'}]}); assert.throws(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.commandWorked(db.adminCommand('connPoolSync')); testUserAdmin.updateUser('testUser', {roles: ['testRole1']}); assert.doesNotThrow(function() {db.foo.findOne();}); assert.eq(0, db.foo.count()); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); testUserAdmin.updateUser('testUser', {roles: ['testRole2']}); assert.throws(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleSuccess(db); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + assert.writeOK(db.foo.insert({ a: 1 })); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); testUserAdmin.updateUser('testUser', {roles: ['testRole3']}); assert.doesNotThrow(function() {db.foo.findOne();}); assert.eq(1, db.foo.count()); - db.foo.insert({a:1}); - assert.gleSuccess(db); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(2, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(1, db.foo.findOne().a); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); testUserAdmin.updateUser('testUser', {roles: [{role: 'testRole4', db: 'test'}]}); assert.throws(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); })(); @@ -95,10 +89,8 @@ function runTest(conn) { testUserAdmin.updateRole('testRole4', {roles: [{role: 'testRole2', db: 'test'}, "testRole2"]}); assert.throws(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleSuccess(db); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + assert.writeOK(db.foo.insert({ a: 1 })); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); testUserAdmin.updateRole('testRole4', @@ -106,22 +98,18 @@ function runTest(conn) { actions: ['find']}]}); assert.doesNotThrow(function() {db.foo.findOne();}); assert.eq(3, db.foo.count()); - db.foo.insert({a:1}); - assert.gleSuccess(db); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(4, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(1, db.foo.findOne().a); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); testUserAdmin.updateRole('testRole4', {roles: []}); assert.doesNotThrow(function() {db.foo.findOne();}); assert.eq(4, db.foo.count()); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); assert.eq(4, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(1, db.foo.findOne().a); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); @@ -129,11 +117,9 @@ function runTest(conn) { adminUserAdmin.updateRole('adminRole', {roles: [{role: 'read', db: 'test'}]}); assert.doesNotThrow(function() {db.foo.findOne();}); assert.eq(4, db.foo.count()); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); assert.eq(4, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(1, db.foo.findOne().a); assert.commandWorked(db.adminCommand('connPoolSync')); })(); @@ -149,11 +135,9 @@ function runTest(conn) { {role: 'testRole2', db: 'test'}]); assert.doesNotThrow(function() {db.foo.findOne();}); assert.eq(4, db.foo.count()); - db.foo.insert({a:1}); - assert.gleSuccess(db); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(5, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, {$inc: {a:1}}, false, true)); assert.eq(1, db.foo.findOne().a); assert.commandWorked(db.adminCommand('connPoolSync')); assert.commandWorked(db.adminCommand('serverStatus')); @@ -167,10 +151,8 @@ function runTest(conn) { {role: 'read', db: 'test'}, {role: 'testRole2', db: 'test'}]); assert.throws(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.commandWorked(db.adminCommand('connPoolSync')); assert.commandFailedWithCode(db.adminCommand('serverStatus'), authzErrorCode); })(); @@ -184,11 +166,9 @@ function runTest(conn) { {resource: {db:"", collection: ""}, actions: ['find']}]); assert.doesNotThrow(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); assert.eq(5, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(1, db.foo.findOne().a); assert.commandWorked(db.adminCommand('connPoolSync')); assert.commandWorked(db.adminCommand('serverStatus')); @@ -200,11 +180,9 @@ function runTest(conn) { {resource: {db: 'test', collection: 'foo'}, actions: ['find']}]); assert.doesNotThrow(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleSuccess(db, authzErrorCode); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(6, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleSuccess(db); + assert.writeOK(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(2, db.foo.findOne().a); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); assert.commandFailedWithCode(db.adminCommand('serverStatus'), authzErrorCode); @@ -217,11 +195,9 @@ function runTest(conn) { [{resource: {db: 'test', collection: ''}, actions: ['insert', 'update', 'find']}]); assert.doesNotThrow(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleSuccess(db); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(7, db.foo.count()); - db.foo.update({}, {$inc: {a:1}}, false, true); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }}, false, true)); assert.eq(2, db.foo.findOne().a); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); assert.commandFailedWithCode(db.adminCommand('serverStatus'), authzErrorCode); @@ -267,15 +243,13 @@ function runTest(conn) { testUserAdmin.grantRolesToUser('testUser', ['testRole4']) assert.doesNotThrow(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleSuccess(db, authzErrorCode); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(8, db.foo.count()); assert.commandWorked(testUserAdmin.runCommand({dropRole: 'testRole2'})); assert.doesNotThrow(function() {db.foo.findOne();}); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); assert.eq(8, db.foo.count()); assert.eq(3, testUserAdmin.getRoles().length); diff --git a/jstests/auth/server-4892.js b/jstests/auth/server-4892.js index f8bafed82f3..779462da4fd 100644 --- a/jstests/auth/server-4892.js +++ b/jstests/auth/server-4892.js @@ -54,8 +54,7 @@ with_mongod( ['--noauth'], function setupTest( mongod ) { somedb.createUser({user: 'frim', pwd: 'fram', roles: jsTest.basicUserRoles}); somedb.data.drop(); for (var i = 0; i < 10; ++i) { - somedb.data.insert( { val: i } ); - assert ( ! somedb.getLastError() ); + assert.writeOK(somedb.data.insert( { val: i } )); } admin.logout(); } ); diff --git a/jstests/auth/user_defined_roles.js b/jstests/auth/user_defined_roles.js index 79e2bf22792..961e2be2aeb 100644 --- a/jstests/auth/user_defined_roles.js +++ b/jstests/auth/user_defined_roles.js @@ -5,6 +5,10 @@ function runTest(conn) { var authzErrorCode = 13; + var hasAuthzError = function(result) { + assert(result.hasWriteError()); + assert.eq(authzErrorCode, result.getWriteError().code); + }; conn.getDB('admin').createUser({user: 'admin', pwd: 'pwd', roles: ['root']}); conn.getDB('admin').auth('admin', 'pwd'); @@ -37,15 +41,13 @@ function runTest(conn) { // test CRUD - testDB.foo.insert({a:1}); - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.foo.insert({ a: 1 })); assert.throws(function() { testDB.foo.findOne()}); testUserAdmin.grantPrivilegesToRole('testRole1', [{resource: {db: 'test', collection: ''}, actions:['find']}]); - testDB.foo.insert({a:1}); - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.foo.insert({ a: 1 })); assert.doesNotThrow(function() { testDB.foo.findOne()}); assert.eq(0, testDB.foo.count()); assert.eq(0, testDB.foo.find().itcount()); @@ -53,50 +55,40 @@ function runTest(conn) { testUserAdmin.grantPrivilegesToRole('testRole1', [{resource: {db: 'test', collection: 'foo'}, actions:['insert']}]); - testDB.foo.insert({a:1}); - assert.gleSuccess(testDB); + assert.writeOK(testDB.foo.insert({ a: 1 })); assert.eq(1, testDB.foo.findOne().a) assert.eq(1, testDB.foo.count()); assert.eq(1, testDB.foo.find().itcount()); - testDB.foo.update({a:1}, {$inc: {a:1}}); - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.foo.update({ a: 1 }, { $inc: { a: 1 }})); assert.eq(1, testDB.foo.findOne().a) - testDB.bar.insert({a:1}); - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.bar.insert({ a: 1 })); assert.eq(0, testDB.bar.count()); adminUserAdmin.grantPrivilegesToRole('adminRole', [{resource: {db: '', collection: 'foo'}, actions:['update']}]); - testDB.foo.update({a:1}, {$inc: {a:1}}); - assert.gleSuccess(testDB); + assert.writeOK(testDB.foo.update({ a: 1 }, { $inc: { a: 1 }})); assert.eq(2, testDB.foo.findOne().a) - testDB.foo.update({b:1}, {$inc: {b:1}}, true); // upsert - assert.gleSuccess(testDB); + assert.writeOK(testDB.foo.update({ b: 1 }, { $inc: { b: 1 }}, true)); // upsert assert.eq(2, testDB.foo.count()); assert.eq(2, testDB.foo.findOne({b: {$exists: true}}).b); - testDB.foo.remove({b:2}); - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.foo.remove({ b: 2 })); assert.eq(2, testDB.foo.count()); adminUserAdmin.grantPrivilegesToRole('adminRole', [{resource: {db: '', collection: ''}, actions:['remove']}]); - testDB.foo.remove({b:2}); - assert.gleSuccess(testDB); + assert.writeOK(testDB.foo.remove({ b: 2 })); assert.eq(1, testDB.foo.count()); // Test revoking privileges testUserAdmin.revokePrivilegesFromRole('testRole1', [{resource: {db: 'test', collection: 'foo'}, actions:['insert']}]); - testDB.foo.insert({a:1}); - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.foo.insert({ a: 1 })); assert.eq(1, testDB.foo.count()); - testDB.foo.update({a:2}, {$inc: {a:1}}); - assert.gleSuccess(testDB); + assert.writeOK(testDB.foo.update({ a: 2 }, { $inc: { a: 1 }})); assert.eq(3, testDB.foo.findOne({a: {$exists: true}}).a); - testDB.foo.update({c:1}, {$inc: {c:1}}, true); // upsert should fail - assert.gleErrorCode(testDB, authzErrorCode); + hasAuthzError(testDB.foo.update({ c: 1 }, { $inc: { c: 1 }}, true)); // upsert should fail assert.eq(1, testDB.foo.count()); diff --git a/jstests/auth/user_management_commands.js b/jstests/auth/user_management_commands.js index 494a159bb3a..1a428d9d409 100644 --- a/jstests/auth/user_management_commands.js +++ b/jstests/auth/user_management_commands.js @@ -5,6 +5,10 @@ function runTest(conn) { var authzErrorCode = 13; + var hasAuthzError = function(result) { + assert(result.hasWriteError()); + assert.eq(authzErrorCode, result.getWriteError().code); + }; conn.getDB('admin').createUser({user: 'admin', pwd: 'pwd', roles: ['root']}); conn.getDB('admin').auth('admin', 'pwd'); @@ -49,16 +53,14 @@ function runTest(conn) { var user = testUserAdmin.getUser('spencer'); assert.eq(10028, user.customData.zipCode); assert(db.auth('spencer', 'pwd')); - db.foo.insert({a:1}); - assert.gleSuccess(db); + assert.writeOK(db.foo.insert({ a: 1 })); assert.eq(1, db.foo.findOne().a); assert.doesNotThrow(function() {db.getRole('testRole')}); assert.commandWorked(db.adminCommand('connPoolSync')); db.logout(); assert(db.auth('andy', 'pwd')); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); assert.throws(function() { db.foo.findOne();}); assert.throws(function() {db.getRole('testRole')}); })(); @@ -76,8 +78,7 @@ function runTest(conn) { roles: ["read", "testRole"]}); var user = testUserAdmin.getUser('spencer'); assert.eq(10036, user.customData.zipCode); - db.foo.insert({a:1}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.insert({ a: 1 })); assert.eq(1, db.foo.findOne().a); assert.eq(1, db.foo.count()); assert.doesNotThrow(function() {db.getRole('testRole')}); @@ -85,8 +86,7 @@ function runTest(conn) { testUserAdmin.updateUser('spencer', {roles: ["readWrite", {role: 'adminRole', db:'admin'}]}); - db.foo.update({}, {$inc: {a:1}}); - assert.gleSuccess(db); + assert.writeOK(db.foo.update({}, { $inc: { a: 1 }})); assert.eq(2, db.foo.findOne().a); assert.eq(1, db.foo.count()); assert.throws(function() {db.getRole('testRole')}); @@ -107,8 +107,7 @@ function runTest(conn) { 'readWrite']); assert.commandWorked(db.runCommand({collMod: 'foo', usePowerOf2Sizes: true})); - db.foo.update({}, {$inc: {a:1}}); - assert.gleSuccess(db); + assert.writeOK(db.foo.update({}, { $inc: { a: 1 }})); assert.eq(3, db.foo.findOne().a); assert.eq(1, db.foo.count()); assert.doesNotThrow(function() {db.getRole('testRole')}); @@ -124,8 +123,7 @@ function runTest(conn) { "testRole"]); assert.commandWorked(db.runCommand({collMod: 'foo', usePowerOf2Sizes: true})); - db.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }})); assert.throws(function() { db.foo.findOne();}); assert.throws(function() {db.getRole('testRole')}); assert.commandWorked(db.adminCommand('connPoolSync')); @@ -133,8 +131,7 @@ function runTest(conn) { testUserAdmin.revokeRolesFromUser('spencer', [{role: 'adminRole', db: 'admin'}]); - db.foo.update({}, {$inc: {a:1}}); - assert.gleErrorCode(db, authzErrorCode); + hasAuthzError(db.foo.update({}, { $inc: { a: 1 }})); assert.throws(function() { db.foo.findOne();}); assert.throws(function() {db.getRole('testRole')}); assert.commandFailedWithCode(db.adminCommand('connPoolSync'), authzErrorCode); |