SERVER-29259: Ensure creation of authorization indexes

(cherry picked from commit 763396a466b74548bcf76b23482247b668d04db5)
author: Spencer Jackson <spencer.jackson@mongodb.com> 2017-05-18 12:30:58 -0400
committer: Spencer Jackson <spencer.jackson@mongodb.com> 2017-11-21 10:13:00 -0500
commit: 1055dafd8d1693d48200fb492ef0912e33b60bbc (patch)
tree: fddadb4eacf143bf00de64052706830c320cf95c /jstests/auth
parent: 51e4c2a68701fb00b51beb15c8cf8868c057f035 (diff)
download: mongo-1055dafd8d1693d48200fb492ef0912e33b60bbc.tar.gz
2 files changed, 68 insertions, 0 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index 4f12330e1e3..3facc667005 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -3025,12 +3025,17 @@ var authCommandsLib = {
         {
           testname: "insert_system_users",
           command: {insert: "system.users", documents: [{data: 5}]},
+          setup: function(db) {
+              // Ensure unique indexes consistently cause insertion failure
+              db.system.users.insert({data: 5});
+          },
           testcases: [
               {
                 runOnDb: "admin",
                 roles: {"root": 1, "__system": 1, "restore": 1},
                 privileges:
                     [{resource: {db: "admin", collection: "system.users"}, actions: ["insert"]}],
+                expectFail: true,
               },
           ]
         },
diff --git a/jstests/auth/system_authorization_indexes.js b/jstests/auth/system_authorization_indexes.js
new file mode 100644
index 00000000000..75c7b098916
--- /dev/null
+++ b/jstests/auth/system_authorization_indexes.js
@@ -0,0 +1,63 @@
+/** Ensure that authorization system collections' indexes are correctly generated.
+ */
+
+(function() {
+    let conn = MongoRunner.runMongod({smallfiles: ""});
+    let db = conn.getDB("admin");
+
+    // TEST: User and role collections start off with no indexes
+    assert.eq(0, db.system.users.getIndexes().length);
+    assert.eq(0, db.system.roles.getIndexes().length);
+
+    // TEST: User and role creation generates indexes
+    db.createUser({user: "user", pwd: "pwd", roles: []});
+    assert.eq(2, db.system.users.getIndexes().length);
+
+    db.createRole({role: "role", privileges: [], roles: []});
+    assert.eq(2, db.system.roles.getIndexes().length);
+
+    // TEST: Destroying admin.system.users index and restarting will recreate it
+    assert.commandWorked(db.system.users.dropIndexes());
+    MongoRunner.stopMongod(conn);
+    conn = MongoRunner.runMongod({restart: conn, cleanData: false});
+    db = conn.getDB("admin");
+    assert.eq(2, db.system.users.getIndexes().length);
+    assert.eq(2, db.system.roles.getIndexes().length);
+
+    // TEST: Destroying admin.system.roles index and restarting will recreate it
+    assert.commandWorked(db.system.roles.dropIndexes());
+    MongoRunner.stopMongod(conn);
+    conn = MongoRunner.runMongod({restart: conn, cleanData: false});
+    db = conn.getDB("admin");
+    assert.eq(2, db.system.users.getIndexes().length);
+    assert.eq(2, db.system.roles.getIndexes().length);
+
+    // TEST: Destroying both authorization indexes and restarting will recreate them
+    assert.commandWorked(db.system.users.dropIndexes());
+    assert.commandWorked(db.system.roles.dropIndexes());
+    MongoRunner.stopMongod(conn);
+    conn = MongoRunner.runMongod({restart: conn, cleanData: false});
+    db = conn.getDB("admin");
+    assert.eq(2, db.system.users.getIndexes().length);
+    assert.eq(2, db.system.roles.getIndexes().length);
+
+    // TEST: Destroying the admin.system.users index and restarting will recreate it, even if
+    // admin.system.roles does not exist
+    db.dropDatabase();
+    db.createUser({user: "user", pwd: "pwd", roles: []});
+    assert.commandWorked(db.system.users.dropIndexes());
+    MongoRunner.stopMongod(conn);
+    conn = MongoRunner.runMongod({restart: conn, cleanData: false});
+    db = conn.getDB("admin");
+    assert.eq(2, db.system.users.getIndexes().length);
+
+    // TEST: Destroying the admin.system.roles index and restarting will recreate it, even if
+    // admin.system.users does not exist
+    db.dropDatabase();
+    db.createRole({role: "role", privileges: [], roles: []});
+    assert.commandWorked(db.system.roles.dropIndexes());
+    MongoRunner.stopMongod(conn);
+    conn = MongoRunner.runMongod({restart: conn, cleanData: false});
+    db = conn.getDB("admin");
+    assert.eq(2, db.system.roles.getIndexes().length);
+})();
author	Spencer Jackson <spencer.jackson@mongodb.com>	2017-05-18 12:30:58 -0400
committer	Spencer Jackson <spencer.jackson@mongodb.com>	2017-11-21 10:13:00 -0500
commit	1055dafd8d1693d48200fb492ef0912e33b60bbc (patch)
tree	fddadb4eacf143bf00de64052706830c320cf95c /jstests/auth
parent	51e4c2a68701fb00b51beb15c8cf8868c057f035 (diff)
download	mongo-1055dafd8d1693d48200fb492ef0912e33b60bbc.tar.gz