summaryrefslogtreecommitdiff
path: root/jstests/tool
diff options
context:
space:
mode:
authorJonathan <jonathan@mongodb.com>2014-06-12 09:58:50 -0400
committerBenety Goh <benety@mongodb.com>2014-06-12 11:33:06 -0400
commitff814c1da71ccdaf76de4afadb1dc646985af4f9 (patch)
tree6982abb26c5b33a1a54d6bee86985660c2b3b20c /jstests/tool
parentb208bb85e809e73a2f3c28584d27f6966e32e276 (diff)
downloadmongo-ff814c1da71ccdaf76de4afadb1dc646985af4f9.tar.gz
SERVER-14232 Add additional js tests for Backup and Restore roles with Auth
Signed-off-by: Benety Goh <benety@mongodb.com>
Diffstat (limited to 'jstests/tool')
-rw-r--r--jstests/tool/dumprestore_auth.js68
-rw-r--r--jstests/tool/dumprestore_auth3.js108
2 files changed, 133 insertions, 43 deletions
diff --git a/jstests/tool/dumprestore_auth.js b/jstests/tool/dumprestore_auth.js
index 55f18b018db..4c26ca54391 100644
--- a/jstests/tool/dumprestore_auth.js
+++ b/jstests/tool/dumprestore_auth.js
@@ -3,6 +3,8 @@
t = new ToolTest("dumprestore_auth", { auth : "" });
c = t.startDB("foo");
+var dbName = c.getDB().toString();
+print("DB is ",dbName);
adminDB = c.getDB().getSiblingDB('admin');
adminDB.createUser({user: 'admin', pwd: 'password', roles: ['root']});
@@ -10,26 +12,84 @@ adminDB.auth('admin','password');
adminDB.createUser({user: 'backup', pwd: 'password', roles: ['backup']});
adminDB.createUser({user: 'restore', pwd: 'password', roles: ['restore']});
+// Add user defined roles & users with those roles
+var testUserAdmin = c.getDB().getSiblingDB(dbName);
+var backupActions = ["find"];
+testUserAdmin.createRole({role: "backupFoo",
+ privileges: [{resource: {db: dbName, collection: "foo"}, actions:backupActions},
+ {resource: {db: dbName, collection: "system.indexes"},
+ actions: backupActions},
+ {resource: {db: dbName, collection: "system.namespaces"},
+ actions: backupActions}],
+ roles: []});
+testUserAdmin.createUser({user: 'backupFoo', pwd: 'password', roles: ['backupFoo']});
+
+var restoreActions = ["collMod", "createCollection","createIndex","dropCollection","insert"];
+var restoreActionsFind = restoreActions;
+restoreActionsFind.push("find");
+testUserAdmin.createRole({role: "restoreChester",
+ privileges: [{resource: {db: dbName, collection: "chester"}, actions: restoreActions},
+ {resource: {db: dbName, collection: "system.indexes"},
+ actions: restoreActions},
+ {resource: {db: dbName, collection: "system.namespaces"},
+ actions: restoreActionsFind}],
+ roles: []});
+testUserAdmin.createRole({role: "restoreFoo",
+ privileges: [{resource: {db: dbName, collection: "foo"}, actions:restoreActions},
+ {resource: {db: dbName, collection: "system.indexes"},
+ actions: restoreActions},
+ {resource: {db: dbName, collection: "system.namespaces"},
+ actions: restoreActionsFind}],
+ roles: []});
+testUserAdmin.createUser({user: 'restoreChester', pwd: 'password', roles: ['restoreChester']});
+testUserAdmin.createUser({user: 'restoreFoo', pwd: 'password', roles: ['restoreFoo']});
+
+var sysUsers = adminDB.system.users.count();
assert.eq(0 , c.count() , "setup1");
c.save({ a : 22 });
assert.eq(1 , c.count() , "setup2");
assert.commandWorked(c.runCommand("collMod", {usePowerOf2Sizes: false}));
-assert.eq(0, c.getDB().system.namespaces.findOne({name: c.getFullName()}).options.flags);
+assert.eq(0, c.getDB().system.namespaces.findOne(
+{name: c.getFullName()}).options.flags, "find namespaces 1");
t.runTool("dump" , "--out" , t.ext, "--username", "backup", "--password", "password");
c.drop();
assert.eq(0 , c.count() , "after drop");
-t.runTool("restore" , "--dir" , t.ext); // Should fail
+// Restore should fail without user & pass
+t.runTool("restore" , "--dir" , t.ext);
assert.eq(0 , c.count() , "after restore without auth");
+// Restore should pass with authorized user
t.runTool("restore" , "--dir" , t.ext, "--username", "restore", "--password", "password");
assert.soon("c.findOne()" , "no data after sleep");
assert.eq(1 , c.count() , "after restore 2");
assert.eq(22 , c.findOne().a , "after restore 2");
-assert.eq(0, c.getDB().system.namespaces.findOne({name: c.getFullName()}).options.flags);
-assert.eq(3, adminDB.system.users.count());
+assert.eq(0, c.getDB().system.namespaces.findOne(
+{name: c.getFullName()}).options.flags, "find namespaces 2");
+assert.eq(sysUsers, adminDB.system.users.count());
+
+// Ddump & restore DB/colection with user defined roles
+t.runTool("dump" , "--out" , t.ext, "--username", "backupFoo", "--password", "password",
+ "--db", dbName, "--collection", "foo");
+c.drop();
+assert.eq(0 , c.count() , "after drop");
+
+// Restore with wrong user
+t.runTool("restore" , "--username", "restoreChester", "--password", "password",
+ "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson");
+assert.eq(0 , c.count() , "after restore with wrong user");
+
+// Restore with proper user
+t.runTool("restore" , "--username", "restoreFoo", "--password", "password",
+ "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson");
+assert.soon("c.findOne()" , "no data after sleep");
+assert.eq(1 , c.count() , "after restore 3");
+assert.eq(22 , c.findOne().a , "after restore 3");
+assert.eq(0, c.getDB().system.namespaces.findOne(
+{name: c.getFullName()}).options.flags, "find namespaces 3");
+assert.eq(sysUsers, adminDB.system.users.count());
t.stop();
diff --git a/jstests/tool/dumprestore_auth3.js b/jstests/tool/dumprestore_auth3.js
index 591e7fb0900..172fed4500f 100644
--- a/jstests/tool/dumprestore_auth3.js
+++ b/jstests/tool/dumprestore_auth3.js
@@ -25,23 +25,42 @@ function runTool(toolName, mongod, shutdownServer, options) {
// files directly
function runTest(shutdownServer) {
var mongod = MongoRunner.runMongod();
+ var admindb = mongod.getDB("admin");
var db = mongod.getDB("foo");
+ var shutMessage = "(no shutdown)";
+ if (shutdownServer) {
+ shutMessage = "(shutdown)"
+ }
- jsTestLog("Creating initial data");
- db.createUser({user: 'user', pwd: 'password', roles: jsTest.basicUserRoles});
+ jsTestLog("Creating Admin user & initial data "+shutMessage);
+ admindb.createUser({user: 'root', pwd: 'pass', roles: ['root']});
+ admindb.createUser({user: 'backup', pwd: 'pass', roles: ['backup']});
+ admindb.createUser({user: 'restore', pwd: 'pass', roles: ['restore']});
+ db.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles});
db.createRole({role: 'role', roles: [], privileges:[]});
- // Legacy system.users collections should still be handled properly
- db.system.users.insert({user:'dbuser', pwd: 'pwd', roles: ['readWrite']});
+ var backupActions = ['find'];
+ db.createRole({role: 'backupFooChester',
+ privileges: [{resource: {db: 'foo', collection: 'chester'}, actions: backupActions}],
+ roles: []});
+ db.createUser({user: 'backupFooChester', pwd: 'pass', roles: ['backupFooChester']});
+
+ var userCount = db.getUsers().length;
+ var rolesCount = db.getRoles().length;
+ var systemUsersCount = admindb.system.users.count();
+ var systemVersionCount = admindb.system.version.count();
+
db.bar.insert({a:1});
assert.eq(1, db.bar.findOne().a);
- assert.eq(1, db.getUsers().length, "setup");
- assert.eq(1, db.getRoles().length, "setup2");
- assert.eq(1, db.system.users.count(), "setup3");
- assert.eq(1, db.getSiblingDB('admin').system.version.count());
- var versionDoc = db.getSiblingDB('admin').system.version.findOne();
-
- jsTestLog("Dump foo database without dumping user data");
+ assert.eq(userCount, db.getUsers().length, "setup");
+ assert.eq(rolesCount, db.getRoles().length, "setup2");
+ assert.eq(systemUsersCount, admindb.system.users.count(), "setup3");
+ assert.eq(systemVersionCount, admindb.system.version.count(),"system version");
+ assert.eq(1, admindb.system.users.count({user: "restore"}), "Restore user is missing");
+ assert.eq(1, admindb.system.users.count({user: "backup"}), "Backup user is missing");
+ var versionDoc = admindb.system.version.findOne();
+
+ jsTestLog("Dump foo database without dumping user data "+shutMessage);
var dumpDir = MongoRunner.getAndPrepareDumpDirectory("dumprestore_auth3");
mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir, db: "foo"});
db = mongod.getDB('foo');
@@ -50,36 +69,27 @@ function runTest(shutdownServer) {
db.dropAllUsers();
db.dropAllRoles();
- assert.eq(0, db.getUsers().length, "didn't drop users");
- assert.eq(0, db.getRoles().length, "didn't drop roles");
- assert.eq(0, db.system.users.count(), "didn't drop legacy system.users collection");
- assert.eq(0, db.bar.count(), "didn't drop 'bar' collection");
-
-
- jsTestLog("Restore foo database from dump that doesn't contain user data");
+ jsTestLog("Restore foo database from dump that doesn't contain user data "+shutMessage);
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/",
db: 'foo',
restoreDbUsersAndRoles: ""});
+
db = mongod.getDB('foo');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(0, db.getUsers().length, "Restore created users somehow");
assert.eq(0, db.getRoles().length, "Restore created roles somehow");
- assert.eq(0, db.system.users.count(), "Restore created legacy system.users collection somehow");
// Re-create user data
db.createUser({user: 'user', pwd: 'password', roles: jsTest.basicUserRoles});
db.createRole({role: 'role', roles: [], privileges:[]});
- assert.writeOK(db.system.users.insert({user:'dbuser', pwd: 'pwd', roles: ['readWrite']}));
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't create user");
assert.eq(1, db.getRoles().length, "didn't create role");
- assert.eq(1, db.system.users.count(), "didn't create legacy system.users collection");
-
- jsTestLog("Dump foo database *with* user data");
+ jsTestLog("Dump foo database *with* user data "+shutMessage);
mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir,
db: "foo",
dumpDbUsersAndRoles: ""});
@@ -91,64 +101,62 @@ function runTest(shutdownServer) {
assert.eq(0, db.getUsers().length, "didn't drop users");
assert.eq(0, db.getRoles().length, "didn't drop roles");
- assert.eq(0, db.system.users.count(), "didn't drop legacy system.users collection");
assert.eq(0, db.bar.count(), "didn't drop 'bar' collection");
- jsTestLog("Restore foo database without restoring user data, even though it's in the dump");
+ jsTestLog("Restore foo database without restoring user data, even though it's in the dump "+shutMessage);
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo'});
db = mongod.getDB('foo');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(0, db.getUsers().length, "Restored users even though it shouldn't have");
- assert.eq(0, db.getRoles().length, "Restored users even though it shouldn't have");
+ assert.eq(0, db.getRoles().length, "Restored roles even though it shouldn't have");
- jsTestLog("Restore foo database *with* user data");
+ jsTestLog("Restore foo database *with* user data "+shutMessage);
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/",
db: 'foo',
restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
+ admindb = mongod.getDB('admin');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't restore users");
assert.eq(1, db.getRoles().length, "didn't restore roles");
- assert.eq(1, db.system.users.count(), "didn't restore legacy system.users collection");
+ assert.eq(1, admindb.system.users.count({user: "restore", db: "admin"}), "Restore user is missing");
assert.docEq(versionDoc,
db.getSiblingDB('admin').system.version.findOne(),
"version doc was changed by restore");
-
- jsTestLog("Make modifications to user data that should be overridden by the restore");
+ jsTestLog("Make modifications to user data that should be overridden by the restore "+shutMessage);
db.dropUser('user')
db.createUser({user: 'user2', pwd: 'password2', roles: jsTest.basicUserRoles});
db.dropRole('role')
db.createRole({role: 'role2', roles: [], privileges:[]});
- db.system.users.remove({});
- db.system.users.insert({user:'dbuser2', pwd: 'pwd', roles: ['readWrite']});
- jsTestLog("Restore foo database (and user data) with --drop so it overrides the changes made");
+ jsTestLog("Restore foo database (and user data) with --drop so it overrides the changes made "+shutMessage);
// Restore with --drop to override the changes to user data
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/",
db: 'foo',
drop: "",
restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
+ admindb = mongod.getDB('admin');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
+ // Admin users not restored: SERVER-14212
+ //assert.eq(1, admindb.system.users.count({user: "restore"}), "Restore user is missing");
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't restore users");
assert.eq("user", db.getUsers()[0].user, "didn't update user");
assert.eq(1, db.getRoles().length, "didn't restore roles");
assert.eq("role", db.getRoles()[0].role, "didn't update role");
- assert.eq(1, db.system.users.count(), "didn't restore legacy system.users collection");
- assert.eq("dbuser", db.system.users.findOne().user, "didn't update legacy user");
assert.docEq(versionDoc,
db.getSiblingDB('admin').system.version.findOne(),
"version doc was changed by restore");
- jsTestLog("Dump just the admin database. User data should be dumped by default");
+ jsTestLog("Dump just the admin database. User data should be dumped by default "+shutMessage);
// Make a user in another database to make sure it is properly captured
db.getSiblingDB('bar').createUser({user: "user", pwd: 'pwd', roles: []});
db.getSiblingDB('admin').createUser({user: "user", pwd: 'pwd', roles: []});
@@ -160,7 +168,7 @@ function runTest(shutdownServer) {
db.getSiblingDB('bar').createUser({user: "user2", pwd: 'pwd', roles: []});
db.getSiblingDB('admin').dropAllUsers();
- jsTestLog("Restore just the admin database. User data should be restored by default");
+ jsTestLog("Restore just the admin database. User data should be restored by default "+shutMessage);
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "admin/",
db: 'admin',
drop: ""});
@@ -174,8 +182,6 @@ function runTest(shutdownServer) {
assert.eq("user", db.getUsers()[0].user, "didn't restore user");
assert.eq(1, db.getRoles().length, "didn't restore roles");
assert.eq("role", db.getRoles()[0].role, "didn't restore role");
- assert.eq(1, db.system.users.count(), "didn't restore legacy system.users collection");
- assert.eq("dbuser", db.system.users.findOne().user, "didn't restore legacy user");
assert.eq(1, db.getUsers().length, "didn't restore users for bar database");
assert.eq("user", db.getUsers()[0].user, "didn't restore user for bar database");
assert.eq(1, admindb.getUsers().length, "didn't restore users for admin database");
@@ -187,6 +193,30 @@ function runTest(shutdownServer) {
"version doc was changed by restore");
+ jsTestLog("Dump all databases "+shutMessage);
+ mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir});
+ db = mongod.getDB('foo');
+
+ db.dropDatabase();
+ db.dropAllUsers();
+ db.dropAllRoles();
+
+ assert.eq(0, db.getUsers().length, "didn't drop users");
+ assert.eq(0, db.getRoles().length, "didn't drop roles");
+ assert.eq(0, db.bar.count(), "didn't drop 'bar' collection");
+
+ jsTestLog("Restore all databases "+shutMessage);
+ mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir});
+ db = mongod.getDB('foo');
+
+ assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
+ assert.eq(1, db.bar.findOne().a);
+ assert.eq(1, db.getUsers().length, "didn't restore users");
+ assert.eq(1, db.getRoles().length, "didn't restore roles");
+ assert.docEq(versionDoc,
+ db.getSiblingDB('admin').system.version.findOne(),
+ "version doc was changed by restore");
+
MongoRunner.stopMongod(mongod);
}
View Lorry Controller Status