SERVER-12384 Add tests for dropUser and dropRole functionality

2 files changed, 63 insertions, 2 deletions

diff --git a/jstests/auth/role_management_commands.js b/jstests/auth/role_management_commands.js
index 1eaa973e125..8c110f413f0 100644
--- a/jstests/auth/role_management_commands.js
+++ b/jstests/auth/role_management_commands.js
@@ -9,7 +9,10 @@ function runTest(conn) {
     var userAdminConn = new Mongo(conn.host);
     var testUserAdmin = userAdminConn.getDB('test');
     var adminUserAdmin = userAdminConn.getDB('admin');
-    adminUserAdmin.createUser({user: 'userAdmin', pwd: 'pwd', roles: ['userAdminAnyDatabase']});
+    adminUserAdmin.createRole({role: 'myUserAdminRole',
+                               roles: ['userAdminAnyDatabase'],
+                               privileges: []});
+    adminUserAdmin.createUser({user: 'userAdmin', pwd: 'pwd', roles: ['myUserAdminRole']});
     adminUserAdmin.auth('userAdmin', 'pwd');
     testUserAdmin.createUser({user: 'testUser', pwd: 'pwd', roles:[]});
     var db = conn.getDB('test');
@@ -215,7 +218,7 @@ function runTest(conn) {
                                                   actions: ['insert', 'update', 'find']}]);
          assert.doesNotThrow(function() {db.foo.findOne();});
          db.foo.insert({a:1});
-         assert.gleSuccess(db, authzErrorCode);
+         assert.gleSuccess(db);
          assert.eq(7, db.foo.count());
          db.foo.update({}, {$inc: {a:1}}, false, true);
          assert.gleErrorCode(db, authzErrorCode);
@@ -257,6 +260,38 @@ function runTest(conn) {
          res = testUserAdmin.runCommand({rolesInfo: 1, showBuiltinRoles: 1});
          assert.eq(9, res.roles.length);
      })();
+
+    (function testDropRole() {
+         jsTestLog("Testing dropRole");
+
+         testUserAdmin.grantRolesToUser('testUser', ['testRole4'])
+
+         assert.doesNotThrow(function() {db.foo.findOne();});
+         db.foo.insert({a:1});
+         assert.gleSuccess(db, authzErrorCode);
+         assert.eq(8, db.foo.count());
+
+         assert.commandWorked(testUserAdmin.runCommand({dropRole: 'testRole2'}));
+
+         assert.doesNotThrow(function() {db.foo.findOne();});
+         db.foo.insert({a:1});
+         assert.gleErrorCode(db, authzErrorCode);
+         assert.eq(8, db.foo.count());
+
+         assert.eq(3, testUserAdmin.getRoles().length);
+     })();
+
+    (function testDropAllRolesFromDatabase() {
+         jsTestLog("Testing dropAllRolesFromDatabase");
+
+         assert.doesNotThrow(function() {db.foo.findOne();});
+         assert.eq(3, testUserAdmin.getRoles().length);
+
+         assert.commandWorked(testUserAdmin.runCommand({dropAllRolesFromDatabase: 1}));
+
+         assert.throws(function() {db.foo.findOne();});
+         assert.eq(0, testUserAdmin.getRoles().length);
+     })();
 }
 
 jsTest.log('Test standalone');
diff --git a/jstests/auth/user_management_commands.js b/jstests/auth/user_management_commands.js
index 5f94f4aa217..494a159bb3a 100644
--- a/jstests/auth/user_management_commands.js
+++ b/jstests/auth/user_management_commands.js
@@ -184,6 +184,32 @@ function runTest(conn) {
          }
 
      })();
+
+    (function testDropUser() {
+         jsTestLog("Testing dropUser");
+
+         assert(db.auth('spencer', 'password'));
+         assert(db.auth('andy', 'pwd'));
+
+         assert.commandWorked(testUserAdmin.runCommand({dropUser: 'spencer'}));
+
+         assert(!db.auth('spencer', 'password'));
+         assert(db.auth('andy', 'pwd'));
+
+         assert.eq(1, testUserAdmin.getUsers().length);
+     })();
+
+    (function testDropAllUsersFromDatabase() {
+         jsTestLog("Testing dropAllUsersFromDatabase");
+
+         assert.eq(1, testUserAdmin.getUsers().length);
+         assert(db.auth('andy', 'pwd'));
+
+         assert.commandWorked(testUserAdmin.runCommand({dropAllUsersFromDatabase: 1}));
+
+         assert(!db.auth('andy', 'pwd'));
+         assert.eq(0, testUserAdmin.getUsers().length);
+     })();
 }
 
 jsTest.log('Test standalone');