diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-09-08 09:46:53 -0400 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-09-08 10:47:48 -0400 |
commit | d9a98b851736689d5913e4817179889ee75a475c (patch) | |
tree | a0c11f364f2b38a4576e73990eca5dbf5ca80f5c /jstests/auth | |
parent | 526742267e208954e531c102784c0599ceba579f (diff) | |
download | mongo-d9a98b851736689d5913e4817179889ee75a475c.tar.gz |
SERVER-19721 Restore the authSchemaUpgrade command
Fixed mongos rebase error for catalogManager(txn)
Diffstat (limited to 'jstests/auth')
-rw-r--r-- | jstests/auth/auth_schema_upgrade.js | 86 | ||||
-rw-r--r-- | jstests/auth/lib/commands_lib.js | 19 |
2 files changed, 105 insertions, 0 deletions
diff --git a/jstests/auth/auth_schema_upgrade.js b/jstests/auth/auth_schema_upgrade.js new file mode 100644 index 00000000000..001e5c04a1b --- /dev/null +++ b/jstests/auth/auth_schema_upgrade.js @@ -0,0 +1,86 @@ +// Standalone test of authSchemaUpgrade +load('./jstests/multiVersion/libs/auth_helpers.js'); + +var setupCRUsers = function(conn){ + jsTest.log("setting up legacy users"); + var adminDB = conn.getDB('admin'); + + adminDB.system.version.update({_id:"authSchema"},{"currentVersion":3},{upsert:true}) + + adminDB.createUser({user: 'user1', pwd: 'pass', + roles: jsTest.adminUserRoles}); + assert(adminDB.auth({mechanism: 'MONGODB-CR', + user: 'user1', pwd: 'pass'})); + + adminDB.createUser({user: 'user2', pwd: 'pass', + roles: jsTest.adminUserRoles}); + assert(adminDB.auth({mechanism: 'MONGODB-CR', + user: 'user2', pwd: 'pass'})); + + // Add $external no-op user to verify that it does not affect + // authSchemaUpgrade SERVER-18475 + adminDB.getSiblingDB('$external').createUser({user: "evil", roles: []}); + + jsTest.log("Verifying user documents before upgrading"); + + // We haven't run authSchemaUpgrade so there shouldn't be + // any stored SCRAM-SHA-1 credentials. + verifyUserDoc(adminDB, 'user1', true, false); + verifyUserDoc(adminDB, 'user2', true, false); + verifyUserDoc(adminDB.getSiblingDB('$external'), "evil", false, false, true); + + adminDB.updateUser('user1', {pwd: 'newpass', + roles: jsTest.adminUserRoles}); + verifyAuth(adminDB, 'user1', 'newpass', true, true); + + verifyUserDoc(adminDB, 'user1', true, false); +} + +var verifySchemaUpgrade = function(adminDB) { + // All users should only have SCRAM credentials. + verifyUserDoc(adminDB, 'user1', false, true); + verifyUserDoc(adminDB, 'user2', false, true); + verifyUserDoc(adminDB.getSiblingDB('$external'), "evil", false, false, true); + + // After authSchemaUpgrade MONGODB-CR no longer works. + verifyAuth(adminDB, 'user1', 'newpass', false, true); + verifyAuth(adminDB, 'user2', 'pass', false, true); +} + +var runAndVerifySchemaUpgrade = function(conn){ + jsTest.log("run authSchemaUpgrade"); + var adminDB = conn.getDB('admin'); + + assert.commandWorked(adminDB.runCommand('authSchemaUpgrade')); + verifySchemaUpgrade(adminDB); +} + +var testAuthSchemaUpgrade = function(conn) { + setupCRUsers(conn); + runAndVerifySchemaUpgrade(conn); +} + +// Test authSchemaUpgrade and upgrade shards +var testUpgradeShards = function(mongos, shard) { + setupCRUsers(shard); + + assert.commandWorked(mongos.adminCommand({"authSchemaUpgrade":1,"upgradeShards":1})); + verifySchemaUpgrade(shard.getDB('admin')); +} + +jsTest.log('Test authSchemUpgrade standalone'); +var conn = MongoRunner.runMongod(); +testAuthSchemaUpgrade(conn); +MongoRunner.stopMongod(conn); + +jsTest.log('Test authSchemUpgrade sharded'); +var dopts = { smallfiles: "", nopreallocj: ""} +var st = new ShardingTest( + { shards: 1, + mongos: 1, + config: 1, + useHostname: false, // Needed when relying on the localhost exception + other: { shardOptions: dopts, configOptions: dopts, mongosOptions: { verbose: 1 } } } ); +testAuthSchemaUpgrade(st.s); +testUpgradeShards(st.s, st.shard0); +st.stop(); diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js index 2ce024ade88..f677f5a2ebc 100644 --- a/jstests/auth/lib/commands_lib.js +++ b/jstests/auth/lib/commands_lib.js @@ -374,6 +374,25 @@ var authCommandsLib = { ] }, { + testname: "authSchemaUpgrade", + command: {authSchemaUpgrade: 1}, + testcases: [ + { + runOnDb: adminDbName, + roles: { + userAdminAnyDatabase: 1, + root: 1, + __system: 1 + }, + privileges: [ + { resource: {cluster: true}, actions: ["authSchemaUpgrade"] } + ] + }, + { runOnDb: firstDbName, roles: {} }, + { runOnDb: secondDbName, roles: {} } + ] + }, + { testname: "buildInfo", command: {buildInfo: 1}, testcases: [ |