summaryrefslogtreecommitdiff
path: root/jstests/auth/resource_pattern_matching.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/auth/resource_pattern_matching.js')
-rw-r--r--jstests/auth/resource_pattern_matching.js245
1 files changed, 127 insertions, 118 deletions
diff --git a/jstests/auth/resource_pattern_matching.js b/jstests/auth/resource_pattern_matching.js
index 7acad4f5f1f..5a4da66871c 100644
--- a/jstests/auth/resource_pattern_matching.js
+++ b/jstests/auth/resource_pattern_matching.js
@@ -17,17 +17,9 @@ function setup_users(granter) {
admindb.auth("admin", "admin");
- printjson(admindb.runCommand({
- createRole: "test_role",
- privileges: [],
- roles: []
- }));
-
- printjson(admindb.runCommand({
- createUser: "test_user",
- pwd: "password",
- roles: [ "test_role" ]
- }));
+ printjson(admindb.runCommand({createRole: "test_role", privileges: [], roles: []}));
+
+ printjson(admindb.runCommand({createUser: "test_user", pwd: "password", roles: ["test_role"]}));
}
function setup_dbs_and_cols(db) {
@@ -54,7 +46,7 @@ function grant_privileges(granter, privileges) {
var result = admindb.runCommand({
grantPrivilegesToRole: "test_role",
privileges: privileges,
- writeConcern: { w: 'majority'}
+ writeConcern: {w: 'majority'}
});
admindb.logout();
@@ -70,7 +62,7 @@ function revoke_privileges(granter, privileges) {
var result = admindb.runCommand({
revokePrivilegesFromRole: "test_role",
privileges: privileges,
- writeConcern: { w: 'majority'}
+ writeConcern: {w: 'majority'}
});
admindb.logout();
@@ -107,118 +99,135 @@ function run_test(name, granter, verifier, privileges, collections) {
}
function run_test_bad_resource(name, granter, resource) {
- print("\n=== testing resource fail " + name + "() ===\n");
- var admindb = granter.getSiblingDB("admin");
- assert.commandFailed(
- grant_privileges(granter, [{ resource: resource, actions: [ "find" ] }])
- );
+ print("\n=== testing resource fail " + name + "() ===\n");
+ var admindb = granter.getSiblingDB("admin");
+ assert.commandFailed(grant_privileges(granter, [{resource: resource, actions: ["find"]}]));
}
function should_insert(testdb, testcol) {
- assert.doesNotThrow(function() { testcol.insert({ a : "b" }); });
+ assert.doesNotThrow(function() {
+ testcol.insert({a: "b"});
+ });
}
function should_fail_insert(testdb, testcol) {
- assert.throws(function() { testcol.insert({ a : "b" }); });
+ assert.throws(function() {
+ testcol.insert({a: "b"});
+ });
}
function should_find(testdb, testcol) {
- assert.doesNotThrow(function() { testcol.findOne(); });
+ assert.doesNotThrow(function() {
+ testcol.findOne();
+ });
}
function should_fail_find(testdb, testcol) {
- assert.throws(function() { testcol.findOne(); });
+ assert.throws(function() {
+ testcol.findOne();
+ });
}
function run_tests(granter, verifier) {
setup_users(granter);
setup_dbs_and_cols(granter);
- run_test("specific", granter, verifier,
- [ { resource: { db: "a", collection: "a" }, actions: [ "find" ]} ],
- {
- "a.a" : should_find,
- "a.b" : should_fail_find,
- "b.a" : should_fail_find,
- "b.b" : should_fail_find
- }
- );
-
- run_test("glob_collection", granter, verifier,
- [ { resource: { db: "a", collection: "" }, actions: [ "find" ]} ],
- {
- "a.a" : should_find,
- "a.b" : should_find,
- "b.a" : should_fail_find,
- "b.b" : should_fail_find
- }
- );
-
- run_test("glob_database", granter, verifier,
- [ { resource: { db: "", collection: "a" }, actions: [ "find" ]} ],
- {
- "a.a" : should_find,
- "a.b" : should_fail_find,
- "b.a" : should_find,
- "b.b" : should_fail_find
- }
- );
-
- run_test("glob_all", granter, verifier,
- [ { resource: { db: "", collection: "" }, actions: [ "find" ]} ],
- {
- "a.a" : should_find,
- "a.b" : should_find,
- "b.a" : should_find,
- "b.b" : should_find
- }
- );
-
- run_test("any_resource", granter, verifier,
- [ { resource: { anyResource: true }, actions: [ "find" ]} ],
- {
- "a.a" : should_find,
- "a.b" : should_find,
- "b.a" : should_find,
- "b.b" : should_find,
- "c.a" : should_find
- }
- );
-
- run_test("no_global_access", granter, verifier,
- [ { resource: { db: "$", collection: "cmd" }, actions: [ "find" ]} ],
- {
- "a.a" : function (testdb, testcol) {
- var r = testdb.stats();
-
- if (r["ok"]) throw ("db.$.cmd shouldn't give a.stats()");
- }
- }
- );
-
- run_test_bad_resource("empty_resource", granter, { });
- run_test_bad_resource("users_collection_any_db", granter, { collection: "users" });
- run_test_bad_resource("bad_key", granter, { myResource: "users" });
- run_test_bad_resource("extra_key", granter, { db: "test", collection: "users", cluster: true });
- run_test_bad_resource("bad_value_type", granter, { cluster: "false" });
- run_test_bad_resource("bad_collection", granter, { db: "test", collection: "$$$$" });
-
- run_test("mixed_find_write", granter, verifier,
- [
- { resource: { db: "a", collection: "a" }, actions: [ "find" ]},
- { resource: { db: "", collection: "" }, actions: [ "insert" ]}
- ],
- {
- "a.a" : function(testdb, testcol) { should_insert(testdb, testcol);
- should_find(testdb, testcol); },
- "a.b" : function(testdb, testcol) { should_insert(testdb, testcol);
- should_fail_find(testdb, testcol); },
- "b.a" : function(testdb, testcol) { should_insert(testdb, testcol);
- should_fail_find(testdb, testcol); },
- "b.b" : function(testdb, testcol) { should_insert(testdb, testcol);
- should_fail_find(testdb, testcol); },
- }
- );
+ run_test("specific",
+ granter,
+ verifier,
+ [{resource: {db: "a", collection: "a"}, actions: ["find"]}],
+ {
+ "a.a": should_find,
+ "a.b": should_fail_find,
+ "b.a": should_fail_find,
+ "b.b": should_fail_find
+ });
+
+ run_test("glob_collection",
+ granter,
+ verifier,
+ [{resource: {db: "a", collection: ""}, actions: ["find"]}],
+ {
+ "a.a": should_find,
+ "a.b": should_find,
+ "b.a": should_fail_find,
+ "b.b": should_fail_find
+ });
+
+ run_test("glob_database",
+ granter,
+ verifier,
+ [{resource: {db: "", collection: "a"}, actions: ["find"]}],
+ {
+ "a.a": should_find,
+ "a.b": should_fail_find,
+ "b.a": should_find,
+ "b.b": should_fail_find
+ });
+
+ run_test("glob_all",
+ granter,
+ verifier,
+ [{resource: {db: "", collection: ""}, actions: ["find"]}],
+ {"a.a": should_find, "a.b": should_find, "b.a": should_find, "b.b": should_find});
+
+ run_test("any_resource",
+ granter,
+ verifier,
+ [{resource: {anyResource: true}, actions: ["find"]}],
+ {
+ "a.a": should_find,
+ "a.b": should_find,
+ "b.a": should_find,
+ "b.b": should_find,
+ "c.a": should_find
+ });
+
+ run_test("no_global_access",
+ granter,
+ verifier,
+ [{resource: {db: "$", collection: "cmd"}, actions: ["find"]}],
+ {
+ "a.a": function(testdb, testcol) {
+ var r = testdb.stats();
+
+ if (r["ok"])
+ throw("db.$.cmd shouldn't give a.stats()");
+ }
+ });
+
+ run_test_bad_resource("empty_resource", granter, {});
+ run_test_bad_resource("users_collection_any_db", granter, {collection: "users"});
+ run_test_bad_resource("bad_key", granter, {myResource: "users"});
+ run_test_bad_resource("extra_key", granter, {db: "test", collection: "users", cluster: true});
+ run_test_bad_resource("bad_value_type", granter, {cluster: "false"});
+ run_test_bad_resource("bad_collection", granter, {db: "test", collection: "$$$$"});
+
+ run_test("mixed_find_write",
+ granter,
+ verifier,
+ [
+ {resource: {db: "a", collection: "a"}, actions: ["find"]},
+ {resource: {db: "", collection: ""}, actions: ["insert"]}
+ ],
+ {
+ "a.a": function(testdb, testcol) {
+ should_insert(testdb, testcol);
+ should_find(testdb, testcol);
+ },
+ "a.b": function(testdb, testcol) {
+ should_insert(testdb, testcol);
+ should_fail_find(testdb, testcol);
+ },
+ "b.a": function(testdb, testcol) {
+ should_insert(testdb, testcol);
+ should_fail_find(testdb, testcol);
+ },
+ "b.b": function(testdb, testcol) {
+ should_insert(testdb, testcol);
+ should_fail_find(testdb, testcol);
+ },
+ });
}
var keyfile = "jstests/libs/key1";
@@ -231,9 +240,9 @@ print('--- done standalone node test ---');
print('--- replica set test ---');
var rst = new ReplSetTest({
- name: 'testset',
- nodes: 2,
- nodeOptions: { 'auth': null, 'httpinterface': null, 'keyFile': keyfile }
+ name: 'testset',
+ nodes: 2,
+ nodeOptions: {'auth': null, 'httpinterface': null, 'keyFile': keyfile}
});
rst.startSet();
@@ -247,14 +256,14 @@ print('--- done with the rs tests ---');
print('--- sharding test ---');
var st = new ShardingTest({
- mongos: 2,
- shard: 1,
- keyFile: keyfile,
- other: {
- mongosOptions: { 'auth': null, 'httpinterface': null },
- configOptions: { 'auth': null, 'httpinterface': null },
- shardOptions: { 'auth': null, 'httpinterface': null }
- }
+ mongos: 2,
+ shard: 1,
+ keyFile: keyfile,
+ other: {
+ mongosOptions: {'auth': null, 'httpinterface': null},
+ configOptions: {'auth': null, 'httpinterface': null},
+ shardOptions: {'auth': null, 'httpinterface': null}
+ }
});
run_tests(st.s0.getDB('admin'), st.s1.getDB('admin'));
st.stop();
View Lorry Controller Status