diff options
Diffstat (limited to 'jstests/auth')
-rw-r--r-- | jstests/auth/auth-counters.js | 85 | ||||
-rw-r--r-- | jstests/auth/speculative-auth-replset.js | 11 | ||||
-rw-r--r-- | jstests/auth/speculative-auth-sharding.js | 45 | ||||
-rw-r--r-- | jstests/auth/speculative-sasl-start.js | 34 |
4 files changed, 50 insertions, 125 deletions
diff --git a/jstests/auth/auth-counters.js b/jstests/auth/auth-counters.js index f3f2af6a758..bbb66a619ae 100644 --- a/jstests/auth/auth-counters.js +++ b/jstests/auth/auth-counters.js @@ -3,15 +3,9 @@ (function() { 'use strict'; -const keyfile = 'jstests/libs/key1'; -const badKeyfile = 'jstests/libs/key2'; -let replTest = new ReplSetTest({nodes: 1, keyFile: keyfile, nodeOptions: {auth: ""}}); -replTest.startSet(); -replTest.initiate(); -let primary = replTest.getPrimary(); - -const admin = primary.getDB('admin'); -const test = primary.getDB('test'); +const mongod = MongoRunner.runMongod({auth: ''}); +const admin = mongod.getDB('admin'); +const test = mongod.getDB('test'); admin.createUser({user: 'admin', pwd: 'pwd', roles: ['root'], mechanisms: ['SCRAM-SHA-256']}); admin.auth('admin', 'pwd'); @@ -21,22 +15,21 @@ test.createUser({user: 'user256', pwd: 'pwd', roles: [], mechanisms: ['SCRAM-SHA test.createUser( {user: 'user', pwd: 'pwd', roles: [], mechanisms: ['SCRAM-SHA-1', 'SCRAM-SHA-256']}); -// Count the number of authentications performed during setup -const expected = - assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms; +// admin.auth() above provides an initial count for SCRAM-SHA-256 +const expected = { + 'SCRAM-SHA-256': { + received: 1, + successful: 1, + }, +}; function assertStats() { const mechStats = assert.commandWorked(admin.runCommand({serverStatus: 1})) .security.authentication.mechanisms; Object.keys(expected).forEach(function(mech) { try { - assert.eq(mechStats[mech].authenticate.received, expected[mech].authenticate.received); - assert.eq(mechStats[mech].authenticate.successful, - expected[mech].authenticate.successful); - assert.eq(mechStats[mech].clusterAuthenticate.received, - expected[mech].clusterAuthenticate.received); - assert.eq(mechStats[mech].clusterAuthenticate.successful, - expected[mech].clusterAuthenticate.successful); + assert.eq(mechStats[mech].authenticate.received, expected[mech].received); + assert.eq(mechStats[mech].authenticate.successful, expected[mech].successful); } catch (e) { print("Mechanism: " + mech); print("mechStats: " + tojson(mechStats)); @@ -46,42 +39,23 @@ function assertStats() { }); } -function assertSuccess(creds, mech, db = test) { - assert.eq(db.auth(creds), true); - if (db !== admin) { - db.logout(); +function assertSuccess(creds, mech) { + if (expected[mech] === undefined) { + expected[mech] = {received: 0, successful: 0}; } - ++expected[mech].authenticate.received; - ++expected[mech].authenticate.successful; - assertStats(); -} - -function assertFailure(creds, mech, db = test) { - assert.eq(db.auth(creds), false); - ++expected[mech].authenticate.received; + assert.eq(test.auth(creds), true); + test.logout(); + ++expected[mech].received; + ++expected[mech].successful; assertStats(); } -function assertSuccessInternal() { - const mech = "SCRAM-SHA-1"; - // asCluster exiting cleanly indicates successful auth - assert.eq(authutil.asCluster(replTest.nodes, keyfile, () => true), true); - ++expected[mech].authenticate.received; - ++expected[mech].authenticate.successful; - ++expected[mech].clusterAuthenticate.received; - ++expected[mech].clusterAuthenticate.successful; - // we have to re-auth as admin to get stats, which are validated at the end of assertSuccess - assertSuccess({user: 'admin', pwd: 'pwd'}, 'SCRAM-SHA-256', admin); -} - -function assertFailureInternal() { - const mech = "SCRAM-SHA-1"; - // If asCluster fails, it explodes. - assert.throws(authutil.asCluster, [replTest.nodes, badKeyfile, () => true]); - ++expected[mech].authenticate.received; - ++expected[mech].clusterAuthenticate.received; - // we have to re-auth as admin to get stats, which are validated at the end of assertSuccess - assertSuccess({user: 'admin', pwd: 'pwd'}, 'SCRAM-SHA-256', admin); +function assertFailure(creds, mech) { + if (expected[mech] === undefined) { + expected[mech] = {received: 0, successful: 0}; + } + assert.eq(test.auth(creds), false); + ++expected[mech].received; assertStats(); } @@ -112,16 +86,9 @@ assertFailure({user: 'user', pwd: 'haxx', mechanism: 'SCRAM-SHA-1'}, 'SCRAM-SHA- assertFailure({user: 'user1', pwd: 'pwd', mechanism: 'SCRAM-SHA-256'}, 'SCRAM-SHA-256'); assertFailure({user: 'user256', pwd: 'pwd', mechanism: 'SCRAM-SHA-1'}, 'SCRAM-SHA-1'); -// Cluster auth counter checks. -assertSuccessInternal(); -assertFailureInternal(); - -// Need to auth as admin one more time to get final stats. -admin.auth('admin', 'pwd'); - const finalStats = assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms; -replTest.stopSet(); +MongoRunner.stopMongod(mongod); printjson(finalStats); })(); diff --git a/jstests/auth/speculative-auth-replset.js b/jstests/auth/speculative-auth-replset.js index d6f9a52c03a..dfa985321a3 100644 --- a/jstests/auth/speculative-auth-replset.js +++ b/jstests/auth/speculative-auth-replset.js @@ -39,17 +39,14 @@ const mechStats = printjson(mechStats); assert(mechStats['SCRAM-SHA-256'] !== undefined); Object.keys(mechStats).forEach(function(mech) { - const specStats = mechStats[mech].speculativeAuthenticate; - const clusterStats = mechStats[mech].clusterAuthenticate; + const stats = mechStats[mech].speculativeAuthenticate; if (mech === 'SCRAM-SHA-256') { - assert.gte(specStats.received, 2); - assert.gte(clusterStats.received, 2); + assert.gte(stats.received, 2); } else { - assert.eq(specStats.received, 0); + assert.eq(stats.received, 0); } - assert.eq(specStats.received, specStats.successful); - assert.eq(clusterStats.received, clusterStats.successful); + assert.eq(stats.received, stats.successful); }); test(baseURI); diff --git a/jstests/auth/speculative-auth-sharding.js b/jstests/auth/speculative-auth-sharding.js index d8bcae94ed9..008eafac08d 100644 --- a/jstests/auth/speculative-auth-sharding.js +++ b/jstests/auth/speculative-auth-sharding.js @@ -20,37 +20,26 @@ let lastStats = assert.commandWorked(admin.runCommand({serverStatus: 1})).security.authentication.mechanisms; jsTest.log('Inintial stats: ' + lastStats); -function test(uri, incrMech, isClusterAuth = false) { +function test(uri, incrMech) { jsTest.log('Connecting to: ' + uri); assert.eq(runMongoProgram('mongo', uri, '--eval', ';'), 0); const stats = assert.commandWorked(admin.runCommand({serverStatus: 1})) .security.authentication.mechanisms; - try { - assert.eq(Object.keys(lastStats).length, Object.keys(stats).length); - Object.keys(lastStats).forEach(function(mech) { - const inc = (mech === incrMech) ? 1 : 0; - const clusterInc = (mech === incrMech && isClusterAuth) ? 1 : 0; - - const specBefore = lastStats[mech].speculativeAuthenticate; - const specAfter = stats[mech].speculativeAuthenticate; - assert.eq(specAfter.received, specBefore.received + inc); - assert.eq(specAfter.successful, specBefore.successful + inc); - - const clusterBefore = lastStats[mech].clusterAuthenticate; - const clusterAfter = stats[mech].clusterAuthenticate; - assert.eq(clusterAfter.received, clusterBefore.received + clusterInc); - assert.eq(clusterAfter.successful, clusterBefore.successful + clusterInc); - - const allBefore = lastStats[mech].authenticate; - const allAfter = stats[mech].authenticate; - assert.eq(allAfter.received, allBefore.received + inc); - assert.eq(allAfter.successful, allBefore.successful + inc); - }); - } catch (e) { - print("Stats: " + tojson(stats)); - throw e; - } + assert.eq(Object.keys(lastStats).length, Object.keys(stats).length); + Object.keys(lastStats).forEach(function(mech) { + const inc = (mech == incrMech) ? 1 : 0; + + const specBefore = lastStats[mech].speculativeAuthenticate; + const specAfter = stats[mech].speculativeAuthenticate; + assert.eq(specAfter.received, specBefore.received + inc); + assert.eq(specAfter.successful, specBefore.successful + inc); + + const allBefore = lastStats[mech].authenticate; + const allAfter = stats[mech].authenticate; + assert.eq(allAfter.received, allBefore.received + inc); + assert.eq(allAfter.successful, allBefore.successful + inc); + }); lastStats = stats; } @@ -59,10 +48,6 @@ const baseURI = 'mongodb://admin:pwd@' + st.s.host + '/admin'; test(baseURI, fallbackMech); test(baseURI + '?authMechanism=SCRAM-SHA-1', 'SCRAM-SHA-1'); test(baseURI + '?authMechanism=SCRAM-SHA-256', 'SCRAM-SHA-256'); -const systemPass = cat(keyfile).replace(/\s/g, ''); -test('mongodb://__system:' + systemPass + '@' + st.s.host + '/admin?authMechanisms=SCRAM-SHA-256', - 'SCRAM-SHA-256', - true); admin.logout(); st.stop(); diff --git a/jstests/auth/speculative-sasl-start.js b/jstests/auth/speculative-sasl-start.js index 1518cceeb01..8db5d03dcb7 100644 --- a/jstests/auth/speculative-sasl-start.js +++ b/jstests/auth/speculative-sasl-start.js @@ -3,8 +3,7 @@ (function() { 'use strict'; -const keyFile = 'jstests/libs/key1'; -const mongod = MongoRunner.runMongod({auth: '', keyFile: keyFile}); +const mongod = MongoRunner.runMongod({auth: ''}); const admin = mongod.getDB('admin'); admin.createUser( @@ -36,22 +35,10 @@ assertStats(function(mechStats) { }); }); -// No "intra-cluster" auth attempts yet. -assertStats(function(mechStats) { - Object.keys(mechStats).forEach(function(mech) { - const stats = mechStats[mech].clusterAuthenticate; - assert.eq(stats.received, 0); - assert.eq(stats.successful, 0); - }); -}); - -function expectN(mechStats, mech, N1, M1, N2 = 0, M2 = 0) { - const specStats = mechStats[mech].speculativeAuthenticate; - const clusterStats = mechStats[mech].clusterAuthenticate; - assert.eq(N1, specStats.received); - assert.eq(M1, specStats.successful); - assert.eq(N2, clusterStats.received); - assert.eq(M2, clusterStats.successful); +function expectN(mechStats, mech, N, M) { + const stats = mechStats[mech].speculativeAuthenticate; + assert.eq(N, stats.received); + assert.eq(M, stats.successful); } const baseOKURI = 'mongodb://admin:pwd@localhost:' + mongod.port + '/admin'; @@ -110,16 +97,5 @@ mongod.getDB('test').createUser({user: 'alice', pwd: 'secret', roles: []}); test('mongodb://alice:secret@localhost:' + mongod.port + '/test', true); assertStats((s) => expectN(s, 'SCRAM-SHA-256', 7, 3)); -// Test "intra-cluster" speculative authentication. -const systemPass = cat(keyFile).replace(/\s/g, ''); -test('mongodb://__system:' + systemPass + '@localhost:' + mongod.port + '/admin' + - '?authMechanism=SCRAM-SHA-256', - true); -assertStats((s) => expectN(s, 'SCRAM-SHA-256', 8, 4, 1, 1)); -test('mongodb://__system:hunter2@localhost:' + mongod.port + '/admin' + - '?authMechanism=SCRAM-SHA-256', - false); -assertStats((s) => expectN(s, 'SCRAM-SHA-256', 9, 4, 3, 1)); - MongoRunner.stopMongod(mongod); })(); |