SERVER-40529 Refresh pinned users in background thread

1 files changed, 56 insertions, 4 deletions

diff --git a/jstests/auth/pinned_users.js b/jstests/auth/pinned_users.js
index 758905f7503..f57bfa85f74 100644
--- a/jstests/auth/pinned_users.js
+++ b/jstests/auth/pinned_users.js
@@ -30,10 +30,10 @@
     // the deadlock
     assert.commandWorked(admin.runCommand({
         setParameter: 1,
+        logLevel: 2,
         authorizationManagerPinnedUsers: [
             {user: "admin2", db: "admin"},
         ],
-        logLevel: 1
     }));
 
     admin.createUser({user: "admin2", pwd: "admin", roles: ["root"]});
@@ -44,8 +44,13 @@
 
     // Invalidate the user cache so we know only "admin" is in there
     assert.commandWorked(admin.runCommand({invalidateUserCache: 1}));
-    print("User cache after initialization: ",
-          tojson(admin.aggregate([{$listCachedAndActiveUsers: {}}]).toArray()));
+    assert.soon(function() {
+        let cacheContents = admin.aggregate([{$listCachedAndActiveUsers: {}}]).toArray();
+        print("User cache after initialization: ", tojson(cacheContents));
+
+        const admin2Doc = sortDoc({"username": "admin2", "db": "admin", "active": true});
+        return cacheContents.some((doc) => friendlyEqual(admin2Doc, sortDoc(doc)));
+    });
 
     const waitForCommand = function(waitingFor, opFilter) {
         let opId = -1;
@@ -123,7 +128,7 @@
     // Mark the "admin2" user as pinned in memory
     assert.commandWorked(admin.runCommand({
         setParameter: 1,
-        logLevel: 1,
+        logLevel: 2,
         authorizationManagerPinnedUsers: [
             {user: "admin2", db: "admin"},
         ],
@@ -144,3 +149,50 @@
     assert.eq(admin.auth("admin2", "admin"), 0);
     MongoRunner.stopMongod(mongod);
 })();
+
+// This checks that clearing the pinned user list actually unpins a user.
+(function() {
+    'use strict';
+    jsTest.setOption("enableTestCommands", true);
+    // Start a mongod with the user cache size set to zero, so we know that users who have
+    // logged out always get fetched cleanly from disk.
+    const mongod =
+        MongoRunner.runMongod({auth: "", setParameter: "authorizationManagerCacheSize=0"});
+    let admin = mongod.getDB("admin");
+
+    admin.createUser({user: "admin", pwd: "admin", roles: ["root"]});
+    admin.auth("admin", "admin");
+
+    // Mark the "admin2" user as pinned in memory
+    assert.commandWorked(admin.runCommand({
+        setParameter: 1,
+        logLevel: 2,
+        authorizationManagerPinnedUsers: [
+            {user: "admin2", db: "admin"},
+        ],
+    }));
+
+    admin.createUser({user: "admin2", pwd: "admin", roles: ["root"]});
+    assert.soon(function() {
+        let cacheContents = admin.aggregate([{$listCachedAndActiveUsers: {}}]).toArray();
+        print("User cache after initialization: ", tojson(cacheContents));
+
+        const admin2Doc = sortDoc({"username": "admin2", "db": "admin", "active": true});
+        return cacheContents.some((doc) => friendlyEqual(admin2Doc, sortDoc(doc)));
+    });
+
+    // Clear the pinned users list
+    assert.commandWorked(admin.runCommand({setParameter: 1, authorizationManagerPinnedUsers: []}));
+
+    // Check that admin2 gets removed from the cache
+    assert.commandWorked(admin.runCommand({invalidateUserCache: 1}));
+    assert.soon(function() {
+        let cacheContents = admin.aggregate([{$listCachedAndActiveUsers: {}}]).toArray();
+        print("User cache after initialization: ", tojson(cacheContents));
+
+        const admin2Doc = sortDoc({"username": "admin2", "db": "admin", "active": true});
+        return !cacheContents.some((doc) => friendlyEqual(admin2Doc, sortDoc(doc)));
+    });
+
+    MongoRunner.stopMongod(mongod);
+})();