diff options
author | Bernard Gorman <bernard.gorman@gmail.com> | 2018-04-02 06:18:06 +0100 |
---|---|---|
committer | Bernard Gorman <bernard.gorman@gmail.com> | 2018-04-04 17:00:32 +0100 |
commit | 718c71966f7a9350cd747604409cd0adb913fb5e (patch) | |
tree | b2b26a2d91de68867e623ab6c3e04136d4049f11 /jstests/change_streams | |
parent | 7e01d162e7d7dec44dfeca42d5e986bd241b2444 (diff) | |
download | mongo-718c71966f7a9350cd747604409cd0adb913fb5e.tar.gz |
SERVER-34040 Disallow $changeStream on internal databases and system collections
Diffstat (limited to 'jstests/change_streams')
-rw-r--r-- | jstests/change_streams/change_stream.js | 26 | ||||
-rw-r--r-- | jstests/change_streams/change_stream_whole_db.js | 16 |
2 files changed, 14 insertions, 28 deletions
diff --git a/jstests/change_streams/change_stream.js b/jstests/change_streams/change_stream.js index 7c745b33758..791e8fba9ac 100644 --- a/jstests/change_streams/change_stream.js +++ b/jstests/change_streams/change_stream.js @@ -6,33 +6,23 @@ "use strict"; load("jstests/libs/collection_drop_recreate.js"); // For assert[Drop|Create]Collection. - load("jstests/libs/change_stream_util.js"); // For ChangeStreamTest. - - function assertValidChangeStreamNss(dbName, collName = "test") { - // Verify the DB/collection exists. - const testDb = db.getSiblingDB(dbName); - const res = - testDb.runCommand({aggregate: collName, pipeline: [{$changeStream: {}}], cursor: {}}); - assert.commandWorked(res); - assert.commandWorked(testDb.runCommand({killCursors: "coll", cursors: [res.cursor.id]})); - } + load("jstests/libs/change_stream_util.js"); // For ChangeStreamTest and + // assert[Valid|Invalid]ChangeStreamNss. const isMongos = db.runCommand({isdbgrid: 1}).isdbgrid; // Test that a change stream cannot be opened on the "admin", "config", or "local" databases. - // TODO SERVER-34040 Should prevent change streams on these databases. - assertValidChangeStreamNss("admin"); - assertValidChangeStreamNss("config"); + assertInvalidChangeStreamNss("admin"); + assertInvalidChangeStreamNss("config"); // Not allowed to access 'local' database through mongos. if (!isMongos) { - assertValidChangeStreamNss("local"); + assertInvalidChangeStreamNss("local"); } // Test that a change stream cannot be opened on 'system.' collections. - // TODO SERVER-34040 Should prevent change streams on these collections. - assertValidChangeStreamNss("test", "system.users"); - assertValidChangeStreamNss("test", "system.profile"); - assertValidChangeStreamNss("test", "system.version"); + assertInvalidChangeStreamNss("test", "system.users"); + assertInvalidChangeStreamNss("test", "system.profile"); + assertInvalidChangeStreamNss("test", "system.version"); // Test that a change stream can be opened on namespaces with 'system' in the name, but not // considered an internal 'system dot' namespace. diff --git a/jstests/change_streams/change_stream_whole_db.js b/jstests/change_streams/change_stream_whole_db.js index e7e3b16dbd3..79c58dd3e0a 100644 --- a/jstests/change_streams/change_stream_whole_db.js +++ b/jstests/change_streams/change_stream_whole_db.js @@ -3,18 +3,14 @@ "use strict"; load("jstests/libs/collection_drop_recreate.js"); // For assert[Drop|Create]Collection. - load("jstests/libs/change_stream_util.js"); // For ChangeStreamTest. + load("jstests/libs/change_stream_util.js"); // For ChangeStreamTest and + // assert[Valid|Invalid]ChangeStreamNss. // Test that a change stream cannot be opened on the "admin", "config", or "local" databases. - // TODO SERVER-34040 Should prevent change streams on these databases. - assert.commandWorked(db.getSiblingDB("admin").runCommand( - {aggregate: 1, pipeline: [{$changeStream: {}}], cursor: {}})); - - assert.commandWorked(db.getSiblingDB("config").runCommand( - {aggregate: 1, pipeline: [{$changeStream: {}}], cursor: {}})); - - assert.commandWorked(db.getSiblingDB("local").runCommand( - {aggregate: 1, pipeline: [{$changeStream: {}}], cursor: {}})); + // TODO SERVER-34086: $changeStream may run against 'admin' if 'allChangesForCluster' is true. + assertInvalidChangeStreamNss("admin", 1); + assertInvalidChangeStreamNss("config", 1); + assertInvalidChangeStreamNss("local", 1); // Test that a change stream can be opened before a database exists. assert.commandWorked(db.dropDatabase()); |