diff options
author | Misha Tyulenev <misha@mongodb.com> | 2015-11-03 18:07:01 -0500 |
---|---|---|
committer | Misha Tyulenev <misha@mongodb.com> | 2015-11-03 18:07:33 -0500 |
commit | 730e2cfca84134d1564fb80d851a42cc17ebcdb3 (patch) | |
tree | d8a1bf5ed68d16a7406df384d299b022c37a4d18 /jstests | |
parent | a396bcd73c6e07c93f3336139ce9c074cc6721b1 (diff) | |
download | mongo-730e2cfca84134d1564fb80d851a42cc17ebcdb3.tar.gz |
SERVER-21146 restrict splitChunk, moveChunk, mergeChunks on mongod to internal user only
Diffstat (limited to 'jstests')
-rw-r--r-- | jstests/auth/lib/commands_lib.js | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js index 7b8f82b1c92..8f427c680c5 100644 --- a/jstests/auth/lib/commands_lib.js +++ b/jstests/auth/lib/commands_lib.js @@ -1817,7 +1817,7 @@ var authCommandsLib = { ] }, { - testname: "mergeChunks", + testname: "s_mergeChunks", command: {mergeChunks: "test.x", bounds: [{i : 0}, {i : 5}]}, skipStandalone: true, testcases: [ @@ -1834,8 +1834,26 @@ var authCommandsLib = { ] }, { - testname: "moveChunk", + testname: "d_mergeChunks", + command: {mergeChunks: "test.x", bounds: [{i : 0}, {i : 5}]}, + skipSharded: true, + testcases: [ + { + runOnDb: adminDbName, + roles: { __system: 1 }, + privileges: [ + { resource: {cluster: true}, actions: ["internal"] } + ], + expectFail: true + }, + { runOnDb: firstDbName, roles: {} }, + { runOnDb: secondDbName, roles: {} } + ] + }, + { + testname: "s_moveChunk", command: {moveChunk: "test.x"}, + skipStandalone: true, testcases: [ { runOnDb: adminDbName, @@ -1850,6 +1868,23 @@ var authCommandsLib = { ] }, { + testname: "d_moveChunk", + command: {moveChunk: "test.x"}, + skipSharded: true, + testcases: [ + { + runOnDb: adminDbName, + roles: { __system: 1 }, + privileges: [ + { resource: {cluster: true}, actions: ["internal"] } + ], + expectFail: true + }, + { runOnDb: firstDbName, roles: {} }, + { runOnDb: secondDbName, roles: {} } + ] + }, + { testname: "movePrimary", command: {movePrimary: "x"}, skipStandalone: true, @@ -2555,9 +2590,9 @@ var authCommandsLib = { testcases: [ { runOnDb: adminDbName, - roles: roles_clusterManager, + roles: { __system: 1 }, privileges: [ - { resource: {db: "test", collection: "x"}, actions: ["splitChunk"] } + { resource: {cluster: true}, actions: ["internal"] } ], expectFail: true }, |