diff options
Diffstat (limited to 'jstests/auth/sbe_plan_cache_user_roles.js')
-rw-r--r-- | jstests/auth/sbe_plan_cache_user_roles.js | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/jstests/auth/sbe_plan_cache_user_roles.js b/jstests/auth/sbe_plan_cache_user_roles.js new file mode 100644 index 00000000000..a42e36bf372 --- /dev/null +++ b/jstests/auth/sbe_plan_cache_user_roles.js @@ -0,0 +1,56 @@ +/** + * Test $$USER_ROLES works correctly with the SBE plan cache. The same query should return the + * updated user role info when a different user logs in. + * @tags: [ + * featureFlagUserRoles, + * # Multiple servers can mess up the plan cache list. + * assumes_standalone_mongod, + * ] + */ +(function() { +"use strict"; +load("jstests/libs/sbe_util.js"); // For checkSBEEnabled. + +const mongod = MongoRunner.runMongod(); +const dbName = "test"; +const db = mongod.getDB(dbName); + +// Create two users, each with different roles. +assert.commandWorked( + db.runCommand({createUser: "user1", pwd: "pwd", roles: [{role: "read", db: dbName}]})); +assert.commandWorked( + db.runCommand({createUser: "user2", pwd: "pwd", roles: [{role: "readWrite", db: dbName}]})); + +const coll = db.sbe_plan_cache_user_roles; +coll.drop(); + +const verifyPlanCache = function(role) { + if (checkSBEEnabled(db, ["featureFlagSbeFull"])) { + const caches = coll.getPlanCache().list(); + assert.eq(1, caches.length, caches); + assert.eq(caches[0].cachedPlan.stages.includes(role), false, caches); + } +}; + +assert.commandWorked(coll.insert({_id: 1})); + +// While logged in as user1, we should see user1's roles. +db.auth("user1", "pwd"); +let results = coll.find({}, {roles: "$$USER_ROLES"}).toArray(); +assert.eq(results.length, 1); +assert.eq(results[0].roles, [{_id: "test.read", role: "read", db: "test"}]); +// It can take two executions of a query for a plan to get cached. +coll.find({}, {roles: "$$USER_ROLES"}).toArray(); +verifyPlanCache("test.read"); +db.logout(); + +// While logged in as user2, we should see user2's roles. +db.auth("user2", "pwd"); +results = coll.find({}, {roles: "$$USER_ROLES"}).toArray(); +assert.eq(results.length, 1); +assert.eq(results[0].roles, [{_id: "test.readWrite", role: "readWrite", db: "test"}]); +verifyPlanCache("test.readWrite"); +db.logout(); + +MongoRunner.stopMongod(mongod); +})();
\ No newline at end of file |