diff options
Diffstat (limited to 'jstests/replsets/libs/tenant_migration_util.js')
-rw-r--r-- | jstests/replsets/libs/tenant_migration_util.js | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/jstests/replsets/libs/tenant_migration_util.js b/jstests/replsets/libs/tenant_migration_util.js index de4ca29b447..0ab2c45b09d 100644 --- a/jstests/replsets/libs/tenant_migration_util.js +++ b/jstests/replsets/libs/tenant_migration_util.js @@ -332,6 +332,64 @@ var TenantMigrationUtil = (function() { } } + /** + * Creates a role for tenant migration donor if it doesn't exist. + */ + function createTenantMigrationDonorRoleIfNotExist(rst) { + const adminDB = rst.getPrimary().getDB("admin"); + + if (roleExists(adminDB, "tenantMigrationDonorRole")) { + return; + } + + assert.commandWorked(adminDB.runCommand({ + createRole: "tenantMigrationDonorRole", + privileges: [ + {resource: {cluster: true}, actions: ["runTenantMigration"]}, + {resource: {db: "admin", collection: "system.keys"}, actions: ["find"]} + ], + roles: [] + })); + } + + /** + * Creates a role for tenant migration recipient if it doesn't exist. + */ + function createTenantMigrationRecipientRoleIfNotExist(rst) { + const adminDB = rst.getPrimary().getDB("admin"); + + if (roleExists(adminDB, "tenantMigrationRecipientRole")) { + return; + } + + assert.commandWorked(adminDB.runCommand({ + createRole: "tenantMigrationRecipientRole", + privileges: [ + {resource: {cluster: true}, actions: ["listDatabases", "useUUID"]}, + {resource: {db: "", collection: ""}, actions: ["listCollections"]}, + { + resource: {anyResource: true}, + actions: ["dbStats", "collStats", "find", "listIndexes"] + } + ], + roles: [] + })); + } + + /** + * Returns true if the given database role already exists. + */ + function roleExists(db, roleName) { + const roles = db.getRoles({rolesInfo: 1, showPrivileges: false, showBuiltinRoles: false}); + const fullRoleName = `${db.getName()}.${roleName}`; + for (let role of roles) { + if (role._id == fullRoleName) { + return true; + } + } + return false; + } + return { kExternalKeysNs, getExternalKeys, @@ -351,6 +409,9 @@ var TenantMigrationUtil = (function() { getNumBlockedReads, getNumBlockedWrites, isNamespaceForTenant, - checkTenantDBHashes + checkTenantDBHashes, + createTenantMigrationDonorRoleIfNotExist, + createTenantMigrationRecipientRoleIfNotExist, + roleExists }; })(); |