summaryrefslogtreecommitdiff
path: root/jstests/auth/lib
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/auth/lib')
-rw-r--r--jstests/auth/lib/commands_lib.js195
1 files changed, 117 insertions, 78 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index b61ab47137a..0a485990027 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -79,6 +79,11 @@ privileges causes an authorization failure. If an individual privilege specifies
"removeWhenTestingAuthzFailure: false", then that privilege will not be removed when testing for
authorization failure.
+9) commandArgs
+
+Set of options to be passed to your 'command' function. Can be used to send different versions of
+the command depending on the testcase being run.
+
*/
// constants
@@ -1052,10 +1057,18 @@ var authCommandsLib = {
},
{
testname: "aggregate_out_legacy",
- command: {aggregate: "foo", pipeline: [{$out: "foo_out"}], cursor: {}},
+ command: function(state, args) {
+ return {
+ aggregate: "foo",
+ pipeline: [{$out: "foo_out"}],
+ cursor: {},
+ bypassDocumentValidation: args.bypassDocumentValidation,
+ };
+ },
testcases: [
{
runOnDb: firstDbName,
+ commandArgs: {bypassDocumentValidation: false},
roles: {readWrite: 1, readWriteAnyDatabase: 1, dbOwner: 1, root: 1, __system: 1},
privileges: [
{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
@@ -1065,6 +1078,7 @@ var authCommandsLib = {
},
{
runOnDb: secondDbName,
+ commandArgs: {bypassDocumentValidation: false},
roles: {readWriteAnyDatabase: 1, root: 1, __system: 1},
privileges: [
{resource: {db: secondDbName, collection: "foo"}, actions: ["find"]},
@@ -1072,18 +1086,35 @@ var authCommandsLib = {
{resource: {db: secondDbName, collection: "foo_out"}, actions: ["remove"]}
]
},
+ {
+ runOnDb: firstDbName,
+ commandArgs: {bypassDocumentValidation: true},
+ // Note that the built-in role must have 'bypassDocumentValidation' for this test.
+ roles: {dbOwner: 1, root: 1, __system: 1},
+ privileges: [
+ {resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
+ {
+ resource: {db: firstDbName, collection: "foo_out"},
+ actions: ["insert", "remove", "bypassDocumentValidation"]
+ },
+ ]
+ },
]
},
{
testname: "aggregate_out_replace_collection",
- command: {
- aggregate: "foo",
- pipeline: [{$out: {to: "foo_out", mode: "replaceCollection"}}],
- cursor: {}
+ command: function(state, args) {
+ return {
+ aggregate: "foo",
+ pipeline: [{$out: {db: args.targetDB, to: "foo_out", mode: "replaceCollection"}}],
+ cursor: {},
+ bypassDocumentValidation: args.bypassDocumentValidation,
+ };
},
testcases: [
{
runOnDb: firstDbName,
+ commandArgs: {targetDB: firstDbName, bypassDocumentValidation: false},
roles: {readWrite: 1, readWriteAnyDatabase: 1, dbOwner: 1, root: 1, __system: 1},
privileges: [
{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
@@ -1093,6 +1124,7 @@ var authCommandsLib = {
},
{
runOnDb: secondDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: false},
roles: {readWriteAnyDatabase: 1, root: 1, __system: 1},
privileges: [
{resource: {db: secondDbName, collection: "foo"}, actions: ["find"]},
@@ -1100,18 +1132,36 @@ var authCommandsLib = {
{resource: {db: secondDbName, collection: "foo_out"}, actions: ["remove"]}
]
},
+ {
+ runOnDb: firstDbName,
+ commandArgs: {targetDB: firstDbName, bypassDocumentValidation: true},
+ // Note that the built-in role must have 'bypassDocumentValidation' for this test.
+ roles: {dbOwner: 1, root: 1, __system: 1},
+ privileges: [
+ {resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
+ {
+ resource: {db: firstDbName, collection: "foo_out"},
+ actions: ["insert", "remove", "bypassDocumentValidation"]
+ },
+ ]
+ },
+ // TODO SERVER-36832: Test with mode "replaceCollection" to a foreign database.
]
},
{
testname: "aggregate_out_insert_documents",
- command: {
- aggregate: "foo",
- pipeline: [{$out: {to: "foo_out", mode: "insertDocuments"}}],
- cursor: {}
+ command: function(state, args) {
+ return {
+ aggregate: "foo",
+ pipeline: [{$out: {db: args.targetDB, to: "foo_out", mode: "insertDocuments"}}],
+ cursor: {},
+ bypassDocumentValidation: args.bypassDocumentValidation,
+ };
},
testcases: [
{
runOnDb: firstDbName,
+ commandArgs: {targetDB: firstDbName, bypassDocumentValidation: false},
roles: {readWrite: 1, readWriteAnyDatabase: 1, dbOwner: 1, root: 1, __system: 1},
privileges: [
{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
@@ -1120,99 +1170,97 @@ var authCommandsLib = {
},
{
runOnDb: secondDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: false},
roles: {readWriteAnyDatabase: 1, root: 1, __system: 1},
privileges: [
{resource: {db: secondDbName, collection: "foo"}, actions: ["find"]},
{resource: {db: secondDbName, collection: "foo_out"}, actions: ["insert"]},
]
},
- ]
- },
- {
- testname: "aggregate_out_replace_documents",
- command: {
- aggregate: "foo",
- pipeline: [{$out: {to: "foo_out", mode: "replaceDocuments"}}],
- cursor: {}
- },
- testcases: [
{
runOnDb: firstDbName,
- roles: {readWrite: 1, readWriteAnyDatabase: 1, dbOwner: 1, root: 1, __system: 1},
- privileges: [
- {resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
- {resource: {db: firstDbName, collection: "foo_out"}, actions: ["insert"]},
- {resource: {db: firstDbName, collection: "foo_out"}, actions: ["update"]},
- ]
- },
- {
- runOnDb: secondDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: false},
roles: {readWriteAnyDatabase: 1, root: 1, __system: 1},
privileges: [
- {resource: {db: secondDbName, collection: "foo"}, actions: ["find"]},
+ {resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
{resource: {db: secondDbName, collection: "foo_out"}, actions: ["insert"]},
- {resource: {db: secondDbName, collection: "foo_out"}, actions: ["update"]},
]
},
- ]
- },
- {
- testname: "aggregate_out_legacy_bypass_doc_validation",
- command: {
- aggregate: "foo",
- pipeline: [{$out: "foo_out"}],
- cursor: {},
- bypassDocumentValidation: true,
- },
- testcases: [
+ // Test for bypassDocumentValidation.
{
runOnDb: firstDbName,
+ commandArgs: {targetDB: firstDbName, bypassDocumentValidation: true},
// Note that the built-in role must have 'bypassDocumentValidation' for this test.
roles: {dbOwner: 1, root: 1, __system: 1},
privileges: [
{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
{
resource: {db: firstDbName, collection: "foo_out"},
- actions: ["insert", "remove", "bypassDocumentValidation"]
+ actions: ["insert", "bypassDocumentValidation"]
},
]
},
- ]
- },
- {
- testname: "aggregate_out_replace_collection_bypass_doc_validation",
- command: {
- aggregate: "foo",
- pipeline: [{$out: {to: "foo_out", mode: "replaceCollection"}}],
- cursor: {},
- bypassDocumentValidation: true,
- },
- testcases: [
+ // Test for bypassDocumentValidation to a foreign database.
{
runOnDb: firstDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: true},
// Note that the built-in role must have 'bypassDocumentValidation' for this test.
- roles: {dbOwner: 1, root: 1, __system: 1},
+ roles: {root: 1, __system: 1},
privileges: [
{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
{
- resource: {db: firstDbName, collection: "foo_out"},
- actions: ["insert", "remove", "bypassDocumentValidation"]
+ resource: {db: secondDbName, collection: "foo_out"},
+ actions: ["insert", "bypassDocumentValidation"]
},
]
},
]
},
{
- testname: "aggregate_out_replace_documents_bypass_doc_validation",
- command: {
- aggregate: "foo",
- pipeline: [{$out: {to: "foo_out", mode: "replaceDocuments"}}],
- cursor: {},
- bypassDocumentValidation: true,
+ testname: "aggregate_out_replace_documents",
+ command: function(state, args) {
+ return {
+ aggregate: "foo",
+ pipeline: [{$out: {db: args.targetDB, to: "foo_out", mode: "replaceDocuments"}}],
+ cursor: {},
+ bypassDocumentValidation: args.bypassDocumentValidation,
+ };
},
testcases: [
{
runOnDb: firstDbName,
+ commandArgs: {targetDB: firstDbName, bypassDocumentValidation: false},
+ roles: {readWrite: 1, readWriteAnyDatabase: 1, dbOwner: 1, root: 1, __system: 1},
+ privileges: [
+ {resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
+ {resource: {db: firstDbName, collection: "foo_out"}, actions: ["insert"]},
+ {resource: {db: firstDbName, collection: "foo_out"}, actions: ["update"]},
+ ]
+ },
+ {
+ runOnDb: secondDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: false},
+ roles: {readWriteAnyDatabase: 1, root: 1, __system: 1},
+ privileges: [
+ {resource: {db: secondDbName, collection: "foo"}, actions: ["find"]},
+ {resource: {db: secondDbName, collection: "foo_out"}, actions: ["insert"]},
+ {resource: {db: secondDbName, collection: "foo_out"}, actions: ["update"]},
+ ]
+ },
+ {
+ runOnDb: firstDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: false},
+ roles: {readWriteAnyDatabase: 1, root: 1, __system: 1},
+ privileges: [
+ {resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
+ {resource: {db: secondDbName, collection: "foo_out"}, actions: ["insert"]},
+ {resource: {db: secondDbName, collection: "foo_out"}, actions: ["update"]},
+ ]
+ },
+ // Test for bypassDocumentValidation.
+ {
+ runOnDb: firstDbName,
+ commandArgs: {targetDB: firstDbName, bypassDocumentValidation: true},
// Note that the built-in role must have 'bypassDocumentValidation' for this test.
roles: {dbOwner: 1, root: 1, __system: 1},
privileges: [
@@ -1223,26 +1271,17 @@ var authCommandsLib = {
},
]
},
- ]
- },
- {
- testname: "aggregate_out_insert_documents_bypass_doc_validation",
- command: {
- aggregate: "foo",
- pipeline: [{$out: {to: "foo_out", mode: "insertDocuments"}}],
- cursor: {},
- bypassDocumentValidation: true,
- },
- testcases: [
+ // Test for bypassDocumentValidation to a foreign database.
{
runOnDb: firstDbName,
+ commandArgs: {targetDB: secondDbName, bypassDocumentValidation: true},
// Note that the built-in role must have 'bypassDocumentValidation' for this test.
- roles: {dbOwner: 1, root: 1, __system: 1},
+ roles: {root: 1, __system: 1},
privileges: [
{resource: {db: firstDbName, collection: "foo"}, actions: ["find"]},
{
- resource: {db: firstDbName, collection: "foo_out"},
- actions: ["insert", "bypassDocumentValidation"]
+ resource: {db: secondDbName, collection: "foo_out"},
+ actions: ["insert", "update", "bypassDocumentValidation"]
},
]
},
@@ -5965,11 +6004,11 @@ var authCommandsLib = {
return impls.runOneTest(conn, t);
},
- setup: function(conn, t, runOnDb) {
+ setup: function(conn, t, runOnDb, testcase) {
var adminDb = conn.getDB(adminDbName);
if (t.setup) {
adminDb.auth("admin", "password");
- var state = t.setup(runOnDb);
+ var state = t.setup(runOnDb, testcase);
runOnDb.getLastError();
adminDb.logout();
return state;
View Lorry Controller Status