diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-04-21 18:49:20 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-04-22 13:52:12 -0400 |
commit | 3e6a04652806e752c0c004fa72bc95025c3a9d54 (patch) | |
tree | 8426e72ec63c97cee130a71568ffabfadaaaf4a3 /jstests | |
parent | dd7427d7acf2aac9fe7b0caa7e892fe8a856c186 (diff) | |
download | mongo-3e6a04652806e752c0c004fa72bc95025c3a9d54.tar.gz |
SERVER-23503 Expand localhost exception to include role creation
Diffstat (limited to 'jstests')
-rw-r--r-- | jstests/auth/localhostAuthBypass.js | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/jstests/auth/localhostAuthBypass.js b/jstests/auth/localhostAuthBypass.js index fdaf4386794..6cb315650ef 100644 --- a/jstests/auth/localhostAuthBypass.js +++ b/jstests/auth/localhostAuthBypass.js @@ -15,6 +15,12 @@ var createUser = function(mongo) { mongo.getDB("admin").createUser({user: username, pwd: password, roles: jsTest.adminUserRoles}); }; +var createRole = function(mongo) { + print("============ adding a role."); + mongo.getDB("admin").createRole( + {role: "roleAdministrator", roles: [{role: "userAdmin", db: "admin"}], privileges: []}); +}; + var assertCannotRunCommands = function(mongo) { print("============ ensuring that commands cannot be run."); @@ -171,7 +177,25 @@ var runNonlocalTest = function(host) { shutdown(conn); }; +// Per SERVER-23503, the existence of roles in the admin database should disable the localhost +// exception. +// Start the server without auth. Create a role. Restart the server with auth. The exception is +// now enabled. +var runRoleTest = function() { + var conn = MongoRunner.runMongod({dbpath: dbpath}); + var mongo = new Mongo("localhost:" + conn.port); + assertCanRunCommands(mongo); + createRole(mongo); + assertCanRunCommands(mongo); + MongoRunner.stopMongod(conn); + conn = MongoRunner.runMongod({auth: '', dbpath: dbpath, restart: true, cleanData: false}); + mongo = new Mongo("localhost:" + conn.port); + assertCannotRunCommands(mongo); +}; + runTest(false); runTest(true); runNonlocalTest(get_ipaddr()); + +runRoleTest(); |