diff options
-rwxr-xr-x | buildscripts/smoke.py | 2 | ||||
-rw-r--r-- | jstests/auth/iteration_count_control.js | 37 | ||||
-rw-r--r-- | jstests/auth/user_special_chars.js | 14 | ||||
-rw-r--r-- | jstests/multiVersion/auth_rolling_upgrade_cluster.js | 153 | ||||
-rw-r--r-- | jstests/multiVersion/auth_upgrade_downgrade_cluster.js | 99 | ||||
-rw-r--r-- | jstests/multiVersion/auth_upgrade_downgrade_standalone.js | 115 | ||||
-rw-r--r-- | jstests/multiVersion/libs/auth_helpers.js | 25 |
7 files changed, 1 insertions, 444 deletions
diff --git a/buildscripts/smoke.py b/buildscripts/smoke.py index b3f0f2753fa..383c24356d9 100755 --- a/buildscripts/smoke.py +++ b/buildscripts/smoke.py @@ -514,7 +514,7 @@ def runTest(test, result): if os.path.basename(path) in ('python', 'python.exe'): path = argv[1] elif ext == ".js": - argv = [shell_executable, "--port", mongod_port] + argv = [shell_executable, "--port", mongod_port, '--authenticationMechanism', authMechanism] setShellWriteModeForTest(path, argv) diff --git a/jstests/auth/iteration_count_control.js b/jstests/auth/iteration_count_control.js deleted file mode 100644 index 9fe12e24019..00000000000 --- a/jstests/auth/iteration_count_control.js +++ /dev/null @@ -1,37 +0,0 @@ -// Test SCRAM iterationCount control. -load('./jstests/multiVersion/libs/auth_helpers.js'); - -var conn = MongoRunner.runMongod({auth: ''}); - -var testIterationCountControl = function(){ - var adminDB = conn.getDB('admin'); - adminDB.createUser({user: 'user1', pwd: 'pass', - roles: jsTest.adminUserRoles}); - assert(adminDB.auth({user: 'user1', pwd: 'pass'})); - - var userDoc = getUserDoc(adminDB, 'user1'); - assert.eq(10000, userDoc.credentials['SCRAM-SHA-1'].iterationCount); - - // Changing iterationCount should not affect existing users. - assert.commandWorked(adminDB.runCommand({setParameter: 1, - scramIterationCount: 5000})); - userDoc = getUserDoc(adminDB, 'user1'); - assert.eq(10000, userDoc.credentials['SCRAM-SHA-1'].iterationCount); - - // But it should take effect when the user's password is changed. - adminDB.updateUser('user1', {pwd: 'pass', - roles: jsTest.adminUserRoles}); - userDoc = getUserDoc(adminDB, 'user1'); - assert.eq(5000, userDoc.credentials['SCRAM-SHA-1'].iterationCount); - - // Test invalid values for iterationCount. 5000 is the minimum value. - assert.commandFailed(adminDB.runCommand({setParameter: 1, - scramIterationCount: 4999})); - assert.commandFailed(adminDB.runCommand({setParameter: 1, - scramIterationCount: -5000})); - assert.commandFailed(adminDB.runCommand( - {setParameter: 1, scramIterationCount: 12345678901234567890})); -} - -testIterationCountControl(); -MongoRunner.stopMongod(conn); diff --git a/jstests/auth/user_special_chars.js b/jstests/auth/user_special_chars.js deleted file mode 100644 index f4dc218aeb7..00000000000 --- a/jstests/auth/user_special_chars.js +++ /dev/null @@ -1,14 +0,0 @@ -// Test creating and authenticating a user with special characters. -var conn = MongoRunner.runMongod({auth: ''}); - -var testUserSpecialCharacters = function(){ - // Create a user with special characters, make sure it can auth. - var adminDB = conn.getDB('admin'); - adminDB.createUser({user: '~`!@#$%^&*()-_+={}[]||;:",.//><', pwd: 'pass', - roles: jsTest.adminUserRoles}); - assert(adminDB.auth({user: '~`!@#$%^&*()-_+={}[]||;:",.//><', - pwd: 'pass'})); -} - -testUserSpecialCharacters(); -MongoRunner.stopMongod(conn); diff --git a/jstests/multiVersion/auth_rolling_upgrade_cluster.js b/jstests/multiVersion/auth_rolling_upgrade_cluster.js deleted file mode 100644 index 954f76dd8ab..00000000000 --- a/jstests/multiVersion/auth_rolling_upgrade_cluster.js +++ /dev/null @@ -1,153 +0,0 @@ -// This tests a few different things: -// 1. That we can upgrade a cluster with keyfile auth from 2.6 to 2.8. -// 2. That after upgrade but before authSchemaUpgrade both MONGODB-CR and -// SCRAM-SHA-1 work. -// 3. That in 2. user documents only have MONGODB-CR credentials. -// 4. That after authSchemaUpgrade only SCRAM-SHA-1 works. -// 5. That in 4. user documents only have SCRAM-SHA-1 credentials. -// 6. That after authSchemaUpgrade a downgraded cluster can no longer auth. -load('./jstests/multiVersion/libs/auth_helpers.js'); -load('./jstests/multiVersion/libs/multi_cluster.js'); - -var oldVersion = "2.6"; -var newVersion = "2.8"; - -// enableBalancer: true is required to get auth working with 2.6 -var options = { - mongosOptions: {binVersion: oldVersion}, - configOptions: {binVersion: oldVersion}, - shardOptions: {binVersion: oldVersion}, - nopreallocj: 1, - separateConfig: true, - sync: true, - useHostname: true, - enableBalancer: true -} - -// Step 1. Create a new 2.6 cluster with keyfile auth, add a user, test -// that auth works, upgrade the cluster to 2.8 and test auth again. -var st = new ShardingTest({shards: 2, mongos: 1, other: options, - keyFile: 'jstests/libs/key1'}); - -var mongos = st.s; -var configConnStr = st._configDB; -var adminDB = mongos.getDB('admin'); - -adminDB.createUser({user: 'user1', pwd: 'password', - roles: jsTest.adminUserRoles}); - -assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'password'})); -// 2.6 doesn't support SCRAM so this should fail. -assert.eq(false, adminDB.auth({mechanism: 'SCRAM-SHA-1', - user: 'user1', pwd: 'password'})); - -// Authenticate so stopBalancer will work. Don't specify mechanism here to test -// that a 2.8 shell uses the correct default for a 2.6 server. -assert(adminDB.auth({user: 'user1', pwd: 'password'})); -// The balancer has to be off to upgrade the config server from v5 to v6. -st.stopBalancer(); - -// Upgrade config server from v5 to v6. -var mongos = MongoRunner.runMongos({binVersion: newVersion, - configdb: configConnStr, - keyFile: 'jstests/libs/key1', - upgrade: ""}); - -// Upgrade both config server and mongos. Both are necessary for SCRAM to work. -st.upgradeCluster(newVersion, {upgradeShards: false, - upgradeConfigs: true, - upgradeMongos: true}); - -// Solve a race condition. During upgradeCluster mongos instances are -// restarted first, then the config servers. Restart the mongoses here -// again to force them to reconnect to the config servers quickly before -// we move on. -st.restartMongoses(); - -mongos = st.s; -adminDB = mongos.getDB('admin'); - -// Step 2. We haven't run authSchemaUpgrade so MONGODB-CR should still work. -assert(adminDB.auth({mechanism: 'MONGODB-CR', user: 'user1', - pwd: 'password'})); -verifyUserDoc(adminDB, 'user1', true, false); - -adminDB.updateUser('user1', {pwd: 'newpassword', - roles: jsTest.adminUserRoles}); -adminDB.createUser({user: 'user2', pwd: 'password', - roles: jsTest.adminUserRoles}); - -// Step 3. We haven't run authSchemaUpgrade so there shouldn't be -// any stored SCRAM-SHA-1 credentials. -verifyUserDoc(adminDB, 'user1', true, false); -verifyUserDoc(adminDB, 'user2', true, false); - -// Regardless, SCRAM-SHA-1 and MONGODB-CR should still work. -verifyAuth(adminDB, 'user1', 'newpassword', true, true); -verifyAuth(adminDB, 'user2', 'password', true, true); - -// Upgrade the shards, then run the same tests again. -st.upgradeCluster(newVersion, {upgradeShards: true, - upgradeConfigs: false, - upgradeMongos: false}); - -assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'newpassword'})); -verifyUserDoc(adminDB, 'user1', true, false); -verifyUserDoc(adminDB, 'user2', true, false); - -adminDB.updateUser('user2', {pwd: 'newpassword', - roles: jsTest.adminUserRoles}); -adminDB.createUser({user: 'user3', pwd: 'password', - roles: jsTest.adminUserRoles }); - -verifyUserDoc(adminDB, 'user2', true, false); -verifyUserDoc(adminDB, 'user3', true, false); - -verifyAuth(adminDB, 'user2', 'newpassword', true, true); -verifyAuth(adminDB, 'user3', 'password', true, true); - -// Step 4. After authSchemaUpgrade MONGODB-CR will no longer work since -// MONGODB-CR credentials have been removed. -assert(adminDB.runCommand('authSchemaUpgrade')); - -adminDB.createUser({user: 'user4', pwd: 'password', - roles: jsTest.adminUserRoles}); - -verifyAuth(adminDB, 'user4', 'password', false, true); -verifyAuth(adminDB, 'user1', 'newpassword', false, true); - -// Step 5. After authSchemaUpgrade there shouldn't be MONGODB-CR credentials. -verifyUserDoc(adminDB, 'user1', false, true); -verifyUserDoc(adminDB, 'user2', false, true); -verifyUserDoc(adminDB, 'user3', false, true); -verifyUserDoc(adminDB, 'user4', false, true); - -assert.eq(false, adminDB.auth({mechanism: 'NOT-A-MECHANISM', - user: 'user4', pwd: 'password'})); - -// Step 6. Finally, downgrade the cluster back to 2.6. - -// Downgrade shards -st.upgradeCluster(oldVersion, {upgradeShards: true, - upgradeConfigs: false, - upgradeMongos: false}); -// Downgrade configs -st.upgradeCluster(oldVersion, {upgradeShards: false, - upgradeConfigs: true, - upgradeMongos: false}); -// Downgrade mongoses -st.upgradeCluster(oldVersion, {upgradeShards: false, - upgradeConfigs: false, - upgradeMongos: true }); - -mongos = st.s; -adminDB = mongos.getDB('admin'); - -// Since we ran authSchemaUpgrade before the downgrade it is no longer -// possible to authenticate. -verifyAuth(adminDB, 'user4', 'password', false, false); -verifyAuth(adminDB, 'user1', 'newpassword', false, false); - -st.stop(); diff --git a/jstests/multiVersion/auth_upgrade_downgrade_cluster.js b/jstests/multiVersion/auth_upgrade_downgrade_cluster.js deleted file mode 100644 index 08794d65b25..00000000000 --- a/jstests/multiVersion/auth_upgrade_downgrade_cluster.js +++ /dev/null @@ -1,99 +0,0 @@ -// Test that we can upgrade a cluster using keyfile auth from 2.6 to 2.8, -// downgrade back again and MONGODB-CR auth will continue to work -// regardless of server version. SCRAM-SHA-1 should work when mongos -// and the config servers are version 2.8. -load('./jstests/multiVersion/libs/auth_helpers.js'); -load('./jstests/multiVersion/libs/multi_cluster.js'); - -var oldVersion = "2.6"; -var newVersion = "2.8"; - -// enableBalancer: true is required to get auth working with 2.6 -var options = { - mongosOptions: {binVersion: oldVersion}, - configOptions: {binVersion: oldVersion}, - shardOptions: {binVersion: oldVersion}, - nopreallocj: 1, - separateConfig: true, - sync: true, - useHostname: true, - enableBalancer: true -} - -var st = new ShardingTest({shards: 2, mongos: 1, other: options, - keyFile: 'jstests/libs/key1'}); - -var mongos = st.s; -var configConnStr = st._configDB; -var adminDB = mongos.getDB('admin'); - -adminDB.createUser({user: 'admin', pwd: 'password', - roles: jsTest.adminUserRoles}); - -assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'admin', pwd: 'password'})); - -// The balancer has to be off to upgrade the config server from v5 to v6. -st.stopBalancer(); -// Upgrade config server from v5 to v6 -var mongos = MongoRunner.runMongos({binVersion: newVersion, - configdb: configConnStr, - keyFile: 'jstests/libs/key1', - upgrade: ""}); - -// Upgrade cluster -st.upgradeCluster(newVersion, {upgradeShards: true, - upgradeConfigs: true, upgradeMongos: true }); - -// Solve a race condition. During upgradeCluster mongos instances are -// restarted first, then the config servers. Restart the mongoses here -// again to force them to reconnect to the config servers quickly before -// we move on. -st.restartMongoses(); - -mongos = st.s; -adminDB = mongos.getDB('admin'); - -// We haven't run authSchemaUpgrade so MONGODB-CR should still work. -assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'admin', pwd: 'password'})); - -adminDB.createUser({user: 'user1', pwd: 'password', - roles: jsTest.adminUserRoles}); -verifyUserDoc(adminDB, 'user1', true, false); - -verifyAuth(adminDB, 'user1', 'password', true, true); - -// Downgrade shards -st.upgradeCluster(oldVersion, {upgradeShards: true, - upgradeConfigs: false, - upgradeMongos: false}); -// Downgrade configs -st.upgradeCluster(oldVersion, {upgradeShards: false, - upgradeConfigs: true, - upgradeMongos: false}); -// Downgrade mongoses -st.upgradeCluster(oldVersion, {upgradeShards: false, - upgradeConfigs: false, - upgradeMongos: true}); - -mongos = st.s; -adminDB = mongos.getDB('admin'); - -// We never ran authSchemaUpgrade so MONGODB-CR should still work -// after downgrade. SCRAM, obviously, will no longer work. -assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'admin', pwd: 'password'})); - -adminDB.updateUser('user1', {pwd: 'newpassword', - roles: jsTest.adminUserRoles}); -adminDB.createUser({user: 'user2', - pwd: 'password', roles: jsTest.adminUserRoles}); - -verifyUserDoc(adminDB, 'user1', true, false); -verifyUserDoc(adminDB, 'user2', true, false); - -verifyAuth(adminDB, 'user1', 'newpassword', true, false); -verifyAuth(adminDB, 'user2', 'password', true, false); - -st.stop(); diff --git a/jstests/multiVersion/auth_upgrade_downgrade_standalone.js b/jstests/multiVersion/auth_upgrade_downgrade_standalone.js deleted file mode 100644 index cee9b23ac23..00000000000 --- a/jstests/multiVersion/auth_upgrade_downgrade_standalone.js +++ /dev/null @@ -1,115 +0,0 @@ -// Standalone upgrade / downgrade tests. -load('./jstests/multiVersion/libs/auth_helpers.js'); - -var legacyVersion = "2.4" -var oldVersion = "2.6" -var newVersion = "2.8" - -var conn = MongoRunner.runMongod({binVersion: legacyVersion, - auth: ''}); - -var test28Shell24Mongod = function(){ - // Test that the 2.8 shell can authenticate a 2.4 mongod. - var adminDB = conn.getDB('admin'); - - // Note - the 2.8 shell no longer includes addUser, so we - // have to manually create the user here, including the - // password hash. - adminDB.system.users.insert({user: 'user1', - pwd: 'e7e8a26d330dbb8bef5b1886ceb5e290'}); - - // Test auth with and without explicit mechanism. - assert(adminDB.auth({user: 'user1', pwd: 'password'})); - assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'password'})); -} - -var testUpgrade26 = function(){ - // Upgrade mongod to 2.6, do authSchemaUpgrade, add another user. - MongoRunner.stopMongod(conn); - conn = MongoRunner.runMongod({restart: conn.runId, binVersion: oldVersion}); - var adminDB = conn.getDB('admin'); - - // Test auth with and without explicit mechanism. - assert(adminDB.auth({user: 'user1', pwd: 'password'})); - assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'password'})); - - adminDB.runCommand('authSchemaUpgrade'); - assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'password'})); - - adminDB.updateUser('user1', {pwd: 'pass', - roles: jsTest.adminUserRoles}); - assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'pass'})); - - adminDB.createUser({user: 'user2', pwd: 'pass', - roles: jsTest.adminUserRoles}); - assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user2', pwd: 'pass'})); -} - -var testUpgrade28NoSchemaUpgrade = function(){ - // Upgrade mongod to 2.8, test that MONGODB-CR and SCRAM both work, - // update a user, make sure both still work. - MongoRunner.stopMongod(conn); - conn = MongoRunner.runMongod({restart: conn.runId, binVersion: newVersion}); - var adminDB = conn.getDB('admin'); - verifyAuth(adminDB, 'user1', 'pass', true, true); - - // We haven't run authSchemaUpgrade so there shouldn't be - // any stored SCRAM-SHA-1 credentials. - verifyUserDoc(adminDB, 'user1', true, false); - verifyUserDoc(adminDB, 'user2', true, false); - - adminDB.updateUser('user1', {pwd: 'newpass', - roles: jsTest.adminUserRoles}); - verifyAuth(adminDB, 'user1', 'newpass', true, true); - verifyUserDoc(adminDB, 'user1', true, false); -} - -var testDowngrade26PreSchemaUpgrade = function(){ - // Downgrade to 2.6, make sure MONGODB-CR still works. - MongoRunner.stopMongod(conn); - conn = MongoRunner.runMongod({restart: conn.runId, binVersion: oldVersion}); - var adminDB = conn.getDB('admin'); - assert(adminDB.auth({user: 'user1', pwd: 'newpass'})); - assert(adminDB.auth({mechanism: 'MONGODB-CR', - user: 'user1', pwd: 'newpass'})); -} - -var testUpgrade28WithSchemaUpgrade = function(){ - // Upgrade back to 2.8, do authSchemaUpgrade, verify auth and user docs. - MongoRunner.stopMongod(conn); - conn = MongoRunner.runMongod({restart: conn.runId, binVersion: newVersion}); - var adminDB = conn.getDB('admin'); - verifyAuth(adminDB, 'user1', 'newpass', true, true); - adminDB.runCommand('authSchemaUpgrade'); - - // After authSchemaUpgrade MONGODB-CR no longer works. - verifyAuth(adminDB, 'user1', 'newpass', false, true); - verifyAuth(adminDB, 'user2', 'pass', false, true); - - // All users should only have SCRAM credentials. - verifyUserDoc(adminDB, 'user1', false, true); - verifyUserDoc(adminDB, 'user2', false, true); -} - -var testDowngrade26PostSchemaUpgrade = function(){ - // Downgrade to 2.6 again, nothing should work. - MongoRunner.stopMongod(conn); - conn = MongoRunner.runMongod({restart: conn.runId, binVersion: oldVersion}); - var adminDB = conn.getDB('admin'); - verifyAuth(adminDB, 'user1', 'pass', false, false); - verifyAuth(adminDB, 'user2', 'pass', false, false); -} - -test28Shell24Mongod(); -testUpgrade26(); -testUpgrade28NoSchemaUpgrade(); -testDowngrade26PreSchemaUpgrade(); -testUpgrade28WithSchemaUpgrade(); -testDowngrade26PostSchemaUpgrade(); - -MongoRunner.stopMongod(conn); diff --git a/jstests/multiVersion/libs/auth_helpers.js b/jstests/multiVersion/libs/auth_helpers.js deleted file mode 100644 index 39566da3d1b..00000000000 --- a/jstests/multiVersion/libs/auth_helpers.js +++ /dev/null @@ -1,25 +0,0 @@ -// Helpers for auth upgrade tests. - -// Get a user document for username in db. -var getUserDoc = function(db, username){ - return db.runCommand({'usersInfo': {user: username, db: db._name}, - showCredentials: true}).users[0] -} - -// Verify that the user document for username in db -// has MONGODB-CR credentials (or not) and SCRAM-SHA-1 -// credentials (or not). -var verifyUserDoc = function(db, username, hasCR, hasSCRAM){ - var userDoc = getUserDoc(db, username); - assert.eq(hasCR, 'MONGODB-CR' in userDoc.credentials); - assert.eq(hasSCRAM, 'SCRAM-SHA-1' in userDoc.credentials); -} - -// Verify that that we can authenticate (or not) using MONGODB-CR -// and SCRAM-SHA-1 to db using username and password. -var verifyAuth = function(db, username, password, passCR, passSCRAM){ - assert.eq(passCR, db.auth({mechanism: 'MONGODB-CR', - user: username, pwd: password})); - assert.eq(passSCRAM, db.auth({mechanism: 'SCRAM-SHA-1', - user: username, pwd: password})); -} |