SERVER-12748 Tests for invalid transitions of clusterAuthMode without outgoing SSL

1 files changed, 25 insertions, 19 deletions

diff --git a/jstests/ssl/set_parameter_ssl.js b/jstests/ssl/set_parameter_ssl.js
index 34a5c101087..19d11b9047f 100644
--- a/jstests/ssl/set_parameter_ssl.js
+++ b/jstests/ssl/set_parameter_ssl.js
@@ -18,13 +18,13 @@ function testSSLTransition(oldMode, newMode, shouldSucceed) {
     var res = adminDB.runCommand({ "setParameter" : 1,
                                    "sslMode" : newMode });
 
-    assert(res["ok"] == shouldSucceed);
+    assert(res["ok"] == shouldSucceed, tojson(res));
     stopMongod(port);
 }
 
-function testAuthModeTransition(oldMode, newMode, shouldSucceed) {
+function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) {
     var conn = MongoRunner.runMongod({port: port,
-                           sslMode: "requireSSL", 
+                           sslMode: sslMode,
                            sslPEMKeyFile: SERVER_CERT,
                            sslCAFile: CA_CERT,
                            clusterAuthMode: oldMode});
@@ -35,7 +35,7 @@ function testAuthModeTransition(oldMode, newMode, shouldSucceed) {
     var res = adminDB.runCommand({ "setParameter" : 1,
                                    "clusterAuthMode" : newMode });
 
-    assert(res["ok"] == shouldSucceed);
+    assert(res["ok"] == shouldSucceed, tojson(res));
     stopMongod(port);
 }
 
@@ -55,18 +55,24 @@ testSSLTransition("requireSSL", "allowSSL", false);
 testSSLTransition("requireSSL", "preferSSL", false);
 testSSLTransition("requireSSL", "requireSSL", false);
 
-testAuthModeTransition("sendKeyFile", "invalid", false);
-testAuthModeTransition("sendKeyFile", "keyFile", false);
-testAuthModeTransition("sendKeyFile", "sendKeyFile", false);
-testAuthModeTransition("sendKeyFile", "sendX509", true);
-testAuthModeTransition("sendKeyFile", "x509", false);
-testAuthModeTransition("sendX509", "invalid", false);
-testAuthModeTransition("sendX509", "keyFile", false);
-testAuthModeTransition("sendX509", "sendKeyFile", false);
-testAuthModeTransition("sendX509", "sendX509", false);
-testAuthModeTransition("sendX509", "x509", true);
-testAuthModeTransition("x509", "invalid", false);
-testAuthModeTransition("x509", "keyFile", false);
-testAuthModeTransition("x509", "sendKeyFile", false);
-testAuthModeTransition("x509", "sendX509", false);
-testAuthModeTransition("x509", "x509", false);
+testAuthModeTransition("sendKeyFile", "invalid", "requireSSL", false);
+testAuthModeTransition("sendKeyFile", "keyFile", "requireSSL", false);
+testAuthModeTransition("sendKeyFile", "sendKeyFile", "requireSSL", false);
+testAuthModeTransition("sendKeyFile", "sendX509", "requireSSL", true);
+testAuthModeTransition("sendKeyFile", "x509", "requireSSL", false);
+testAuthModeTransition("sendX509", "invalid", "requireSSL", false);
+testAuthModeTransition("sendX509", "keyFile", "requireSSL", false);
+testAuthModeTransition("sendX509", "sendKeyFile", "requireSSL", false);
+testAuthModeTransition("sendX509", "sendX509", "requireSSL", false);
+testAuthModeTransition("sendX509", "x509", "requireSSL", true);
+testAuthModeTransition("x509", "invalid", "requireSSL", false);
+testAuthModeTransition("x509", "keyFile", "requireSSL", false);
+testAuthModeTransition("x509", "sendKeyFile", "requireSSL", false);
+testAuthModeTransition("x509", "sendX509", "requireSSL", false);
+testAuthModeTransition("x509", "x509", "requireSSL", false);
+
+testAuthModeTransition("sendKeyFile", "invalid", "allowSSL", false);
+testAuthModeTransition("sendKeyFile", "keyFile", "allowSSL", false);
+testAuthModeTransition("sendKeyFile", "sendKeyFile", "allowSSL", false);
+testAuthModeTransition("sendKeyFile", "sendX509", "allowSSL", false);
+testAuthModeTransition("sendKeyFile", "x509", "allowSSL", false);