diff options
| author | Judah Schvimer <judah@mongodb.com> | 2016-04-12 19:11:23 -0400 |
|---|---|---|
| committer | Judah Schvimer <judah@mongodb.com> | 2016-04-12 19:11:23 -0400 |
| commit | 1272f90a5d0b34b340a68415c6f104a11ebf6ed6 (patch) | |
| tree | 7b95deb2b4cd06635f5f95e1d6d8faeb7b40e6f6 /jstests/replsets/user_management_wc.js | |
| parent | 889ca31c1a1e7725b14f291233a4ee4f7afea111 (diff) | |
| download | mongo-1272f90a5d0b34b340a68415c6f104a11ebf6ed6.tar.gz | |
SERVER-22422 Test that write commands support writeConcern
Diffstat (limited to 'jstests/replsets/user_management_wc.js')
| -rw-r--r-- | jstests/replsets/user_management_wc.js | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/jstests/replsets/user_management_wc.js b/jstests/replsets/user_management_wc.js new file mode 100644 index 00000000000..691a2520544 --- /dev/null +++ b/jstests/replsets/user_management_wc.js @@ -0,0 +1,168 @@ +load('jstests/libs/write_concern_util.js'); +load('jstests/multiVersion/libs/auth_helpers.js'); + +/** + * This file tests that user management commands accept write concern and wait for it properly. + * It tests that an invalid write concern leads to a writeConcernError, as well as an ok status + * of 0 to support backward compatibility. It also tests that a valid write concern works and does + * not yield any writeConcern errors. + */ + +(function() { + "use strict"; + var replTest = new ReplSetTest( + {name: 'UserManagementWCSet', nodes: 3, settings: {chainingAllowed: false}}); + replTest.startSet(); + replTest.initiate(); + + var master = replTest.getPrimary(); + var dbName = "user-management-wc-test"; + var db = master.getDB(dbName); + var adminDB = master.getDB('admin'); + + function dropUsersAndRoles() { + db.dropUser('username'); + db.dropUser('user1'); + db.dropUser('user2'); + } + + var commands = []; + + commands.push({ + req: {createUser: 'username', pwd: 'password', roles: jsTest.basicUserRoles}, + setupFunc: function() {}, + confirmFunc: function() { + assert(db.auth("username", "password"), "auth failed"); + assert(!db.auth("username", "passworda"), "auth should have failed"); + }, + admin: false + }); + + commands.push({ + req: {updateUser: 'username', pwd: 'password2', roles: jsTest.basicUserRoles}, + setupFunc: function() { + db.runCommand({createUser: 'username', pwd: 'password', roles: jsTest.basicUserRoles}); + }, + confirmFunc: function() { + assert(db.auth("username", "password2"), "auth failed"); + assert(!db.auth("username", "password"), "auth should have failed"); + }, + admin: false + }); + + commands.push({ + req: {dropUser: 'tempUser'}, + setupFunc: function() { + db.runCommand({createUser: 'tempUser', pwd: 'password', roles: jsTest.basicUserRoles}); + assert(db.auth("tempUser", "password"), "auth failed"); + }, + confirmFunc: function() { + assert(!db.auth("tempUser", "password"), "auth should have failed"); + }, + admin: false + }); + + commands.push({ + req: {authSchemaUpgrade: 1}, + setupFunc: function() { + adminDB.system.version.update( + {_id: "authSchema"}, {"currentVersion": 3}, {upsert: true}); + + db.createUser({user: 'user1', pwd: 'pass', roles: jsTest.basicUserRoles}); + assert(db.auth({mechanism: 'MONGODB-CR', user: 'user1', pwd: 'pass'})); + + db.createUser({user: 'user2', pwd: 'pass', roles: jsTest.basicUserRoles}); + assert(db.auth({mechanism: 'MONGODB-CR', user: 'user2', pwd: 'pass'})); + }, + confirmFunc: function() { + // All users should only have SCRAM credentials. + verifyUserDoc(db, 'user1', false, true); + verifyUserDoc(db, 'user2', false, true); + + // After authSchemaUpgrade MONGODB-CR no longer works. + verifyAuth(db, 'user1', 'pass', false, true); + verifyAuth(db, 'user2', 'pass', false, true); + }, + admin: true + }); + + commands.push({ + req: { + _mergeAuthzCollections: 1, + tempUsersCollection: 'admin.tempusers', + tempRolesCollection: 'admin.temproles', + db: "", + drop: false + }, + setupFunc: function() { + adminDB.system.users.remove({}); + adminDB.system.roles.remove({}); + adminDB.createUser({user: 'lorax', pwd: 'pwd', roles: ['read']}); + adminDB.createRole({role: 'role1', roles: ['read'], privileges: []}); + adminDB.system.users.find().forEach(function(doc) { + adminDB.tempusers.insert(doc); + }); + adminDB.system.roles.find().forEach(function(doc) { + adminDB.temproles.insert(doc); + }); + adminDB.system.users.remove({}); + adminDB.system.roles.remove({}); + + assert.eq(0, adminDB.system.users.count()); + assert.eq(0, adminDB.system.roles.count()); + + db.createUser({user: 'lorax2', pwd: 'pwd', roles: ['readWrite']}); + db.createRole({role: 'role2', roles: ['readWrite'], privileges: []}); + + assert.eq(1, adminDB.system.users.count()); + assert.eq(1, adminDB.system.roles.count()); + }, + confirmFunc: function() { + assert.eq(2, adminDB.system.users.count()); + assert.eq(2, adminDB.system.roles.count()); + }, + admin: true + }); + + function assertUserManagementWriteConcernError(res) { + assert(!res.ok); + assert(res.errmsg); + assert(res.code); + assertWriteConcernError(res); + } + + function testValidWriteConcern(cmd) { + cmd.req.writeConcern = { + w: 'majority', + wtimeout: 25000 + }; + jsTest.log("Testing " + tojson(cmd.req)); + + dropUsersAndRoles(); + cmd.setupFunc(); + var res = runCommandCheckAdmin(db, cmd); + assert.commandWorked(res); + assert(!res.writeConcernError, + 'command on a full replicaset had writeConcernError: ' + tojson(res)); + cmd.confirmFunc(); + } + + function testInvalidWriteConcern(cmd) { + cmd.req.writeConcern = { + w: 15 + }; + jsTest.log("Testing " + tojson(cmd.req)); + + dropUsersAndRoles(); + cmd.setupFunc(); + var res = runCommandCheckAdmin(db, cmd); + assertUserManagementWriteConcernError(res); + cmd.confirmFunc(); + } + + commands.forEach(function(cmd) { + testValidWriteConcern(cmd); + testInvalidWriteConcern(cmd); + }); + +})();
\ No newline at end of file |