summaryrefslogtreecommitdiff
path: root/jstests
diff options
context:
space:
mode:
authorSara Golemon <sara.golemon@mongodb.com>2022-06-28 17:20:38 -0500
committerEvergreen Agent <no-reply@evergreen.mongodb.com>2022-07-29 03:01:45 +0000
commit1177192f57b0cec44a0984d2c833fdf4b733224a (patch)
treea2869c361fb5162814078ea070109495a393409a /jstests
parentb8f9163fe3316a0287ddb056a7adb3d44b3e2a1f (diff)
downloadmongo-1177192f57b0cec44a0984d2c833fdf4b733224a.tar.gz
SERVER-66651 restore builtin role needs applyOps permissions
(cherry picked from commit 0ba2a32577ed1d8b2bcf33ca195dce5516a484be)
Diffstat (limited to 'jstests')
-rw-r--r--jstests/auth/lib/commands_lib.js16
-rw-r--r--jstests/auth/restore_role_create_collection_via_apply_ops.js61
2 files changed, 70 insertions, 7 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index 4c0c26e8e7a..a9b2a6960cc 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -371,7 +371,8 @@ var authCommandsLib = {
roles: {
dbAdminAnyDatabase: 1,
root: 1,
- __system: 1
+ __system: 1,
+ restore: 1,
},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["createCollection"]},
@@ -400,7 +401,7 @@ var authCommandsLib = {
testcases: [
{
runOnDb: adminDbName,
- roles: {__system: 1, root: 1},
+ roles: {__system: 1, root: 1, restore: 1},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["createCollection"]},
{resource: {cluster: true}, actions: ["useUUID", "forceUUID", "applyOps"]},
@@ -458,7 +459,8 @@ var authCommandsLib = {
roles: {
dbAdminAnyDatabase: 1,
root: 1,
- __system: 1
+ __system: 1,
+ restore: 1,
},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["dropCollection"]},
@@ -497,7 +499,7 @@ var authCommandsLib = {
testcases: [
{
runOnDb: adminDbName,
- roles: {__system: 1, root: 1},
+ roles: {__system: 1, root: 1, restore: 1},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["dropCollection"]},
{resource: {cluster: true}, actions: ["useUUID", "applyOps"]},
@@ -623,7 +625,7 @@ var authCommandsLib = {
testcases: [
{
runOnDb: adminDbName,
- roles: {__system: 1, root: 1},
+ roles: {__system: 1, root: 1, restore: 1},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["insert"]},
{resource: {cluster: true}, actions: ["applyOps"]},
@@ -659,7 +661,7 @@ var authCommandsLib = {
testcases: [
{
runOnDb: adminDbName,
- roles: {__system: 1, root: 1},
+ roles: {__system: 1, root: 1, restore: 1},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["insert"]},
{resource: {cluster: true}, actions: ["useUUID", "applyOps"]},
@@ -699,7 +701,7 @@ var authCommandsLib = {
// failure.
expectFail: true,
runOnDb: adminDbName,
- roles: {__system: 1, root: 1},
+ roles: {__system: 1, root: 1, restore: 1},
privileges: [
{resource: {db: firstDbName, collection: "x"}, actions: ["insert"]},
{resource: {cluster: true}, actions: ["useUUID", "applyOps"]},
diff --git a/jstests/auth/restore_role_create_collection_via_apply_ops.js b/jstests/auth/restore_role_create_collection_via_apply_ops.js
new file mode 100644
index 00000000000..be30be7db47
--- /dev/null
+++ b/jstests/auth/restore_role_create_collection_via_apply_ops.js
@@ -0,0 +1,61 @@
+// Verify that mongorestore can create a collection via applyOps
+
+(function() {
+'use strict';
+
+function makeCreateOp(collName, uuid = undefined) {
+ const op = {
+ op: 'c',
+ ns: 'test.$cmd',
+ o: {
+ create: collName,
+ idIndex: {
+ key: {_id: 1},
+ v: 2,
+ name: "_id_",
+ ns: "test." + collName,
+ },
+ },
+ };
+ if (uuid) {
+ op.ui = uuid;
+ }
+ return op;
+}
+
+function assertHasCollection(db, collName, expectUUID = undefined) {
+ const colls = db.getCollectionInfos({name: collName});
+ assert.eq(colls.length, 1, colls);
+ if (expectUUID !== undefined) {
+ assert.eq(colls[0].info.uuid, expectUUID, colls);
+ }
+}
+
+function runTest(conn) {
+ const admin = conn.getDB('admin');
+ const test = conn.getDB('test');
+ assert.commandWorked(admin.runCommand({createUser: 'admin', pwd: 'admin', roles: ['root']}));
+ assert(admin.auth('admin', 'admin'));
+
+ assert.commandWorked(
+ admin.runCommand({createUser: 'restore1', pwd: 'pwd', roles: ['restore']}));
+ admin.logout();
+
+ assert(admin.auth('restore1', 'pwd'));
+
+ // Simple create collection op.
+ assert.commandWorked(admin.runCommand({applyOps: [makeCreateOp('test1')]}));
+ assertHasCollection(test, 'test1');
+
+ // Create collection with UUID.
+ const kSpecificUUID = UUID();
+ assert.commandWorked(admin.runCommand({applyOps: [makeCreateOp('test2', kSpecificUUID)]}));
+ assertHasCollection(test, 'test2', kSpecificUUID);
+
+ admin.logout();
+}
+
+const standalone = MongoRunner.runMongod({auth: ''});
+runTest(standalone);
+MongoRunner.stopMongod(standalone);
+})(); \ No newline at end of file