diff options
Diffstat (limited to 'jstests/replsets/rollback_auth.js')
-rw-r--r-- | jstests/replsets/rollback_auth.js | 146 |
1 files changed, 79 insertions, 67 deletions
diff --git a/jstests/replsets/rollback_auth.js b/jstests/replsets/rollback_auth.js index 77684550d3e..0c0b35b91ed 100644 --- a/jstests/replsets/rollback_auth.js +++ b/jstests/replsets/rollback_auth.js @@ -10,7 +10,7 @@ // run on ephemeral storage engines. // @tags: [requires_persistence] -(function () { +(function() { "use strict"; // helper function for verifying contents at the end of the test var checkFinalResults = function(db) { @@ -26,17 +26,17 @@ jsTestLog("Setting up replica set"); var name = "rollbackAuth"; - var replTest = new ReplSetTest({name: name, - nodes: 3, - keyFile: 'jstests/libs/key1' }); + var replTest = new ReplSetTest({name: name, nodes: 3, keyFile: 'jstests/libs/key1'}); var nodes = replTest.nodeList(); var conns = replTest.startSet(); - replTest.initiate({ "_id": "rollbackAuth", - "members": [ - { "_id": 0, "host": nodes[0], "priority": 3 }, - { "_id": 1, "host": nodes[1] }, - { "_id": 2, "host": nodes[2], arbiterOnly: true} - ]}); + replTest.initiate({ + "_id": "rollbackAuth", + "members": [ + {"_id": 0, "host": nodes[0], "priority": 3}, + {"_id": 1, "host": nodes[1]}, + {"_id": 2, "host": nodes[2], arbiterOnly: true} + ] + }); // Make sure we have a master replTest.waitForState(replTest.nodes[0], ReplSetTest.State.PRIMARY, 60 * 1000); @@ -53,45 +53,49 @@ assert.eq(a_conn, master); // Make sure we have an arbiter - assert.soon(function () { - var res = conns[2].getDB("admin").runCommand({ replSetGetStatus: 1 }); - return res.myState == 7; - }, "Arbiter failed to initialize."); - + assert.soon(function() { + var res = conns[2].getDB("admin").runCommand({replSetGetStatus: 1}); + return res.myState == 7; + }, "Arbiter failed to initialize."); jsTestLog("Creating initial data"); // Create collections that will be used in test A.createUser({user: 'admin', pwd: 'pwd', roles: ['root']}); A.auth('admin', 'pwd'); - a.foo.insert({a:1}); - a.bar.insert({a:1}); - a.baz.insert({a:1}); - a.foobar.insert({a:1}); + a.foo.insert({a: 1}); + a.bar.insert({a: 1}); + a.baz.insert({a: 1}); + a.foobar.insert({a: 1}); // Set up user admin user A.createUser({user: 'userAdmin', pwd: 'pwd', roles: ['userAdminAnyDatabase']}); - A.auth('userAdmin', 'pwd'); // Logs out of admin@admin user + A.auth('userAdmin', 'pwd'); // Logs out of admin@admin user B.auth('userAdmin', 'pwd'); // Create a basic user and role - A.createRole({role: 'replStatusRole', // To make awaitReplication() work - roles: [], - privileges: [{resource: {cluster: true}, actions: ['replSetGetStatus']}, - {resource: {db: 'local', collection: ''}, actions: ['find']}, - {resource: {db: 'local', collection: 'system.replset'}, - actions: ['find']}]}); - a.createRole({role: 'myRole', roles: [], privileges: [{resource: {db: 'test', collection: ''}, - actions: ['dbStats']}]}); - a.createUser({user: 'spencer', - pwd: 'pwd', - roles: ['myRole', {role: 'replStatusRole', db: 'admin'}]}); + A.createRole({ + role: 'replStatusRole', // To make awaitReplication() work + roles: [], + privileges: [ + {resource: {cluster: true}, actions: ['replSetGetStatus']}, + {resource: {db: 'local', collection: ''}, actions: ['find']}, + {resource: {db: 'local', collection: 'system.replset'}, actions: ['find']} + ] + }); + a.createRole({ + role: 'myRole', + roles: [], + privileges: [{resource: {db: 'test', collection: ''}, actions: ['dbStats']}] + }); + a.createUser( + {user: 'spencer', pwd: 'pwd', roles: ['myRole', {role: 'replStatusRole', db: 'admin'}]}); assert(a.auth('spencer', 'pwd')); // wait for secondary to get this data assert.soon(function() { - return b.auth('spencer', 'pwd'); - }); + return b.auth('spencer', 'pwd'); + }); assert.commandWorked(a.runCommand({dbStats: 1})); assert.commandFailedWithCode(a.runCommand({collStats: 'foo'}), authzErrorCode); @@ -105,30 +109,34 @@ assert.commandFailedWithCode(b.runCommand({collStats: 'baz'}), authzErrorCode); assert.commandFailedWithCode(b.runCommand({collStats: 'foobar'}), authzErrorCode); - jsTestLog("Doing writes that will eventually be rolled back"); // down A and wait for B to become master replTest.stop(0); - assert.soon(function () { try { return B.isMaster().ismaster; } catch(e) { return false; } }, - "B didn't become master", - 60000, - 1000); + assert.soon(function() { + try { + return B.isMaster().ismaster; + } catch (e) { + return false; + } + }, "B didn't become master", 60000, 1000); printjson(b.adminCommand('replSetGetStatus')); - // Modify the the user and role in a way that will be rolled back. - b.grantPrivilegesToRole('myRole', - [{resource: {db: 'test', collection: 'foo'}, actions: ['collStats']}], - {}); // Default write concern will wait for majority, which will time out. - b.createRole({role: 'temporaryRole', - roles: [], - privileges: [{resource: {db: 'test', collection: 'bar'}, actions: ['collStats']}]}, - {}); // Default write concern will wait for majority, which will time out. + b.grantPrivilegesToRole( + 'myRole', + [{resource: {db: 'test', collection: 'foo'}, actions: ['collStats']}], + {}); // Default write concern will wait for majority, which will time out. + b.createRole( + { + role: 'temporaryRole', + roles: [], + privileges: [{resource: {db: 'test', collection: 'bar'}, actions: ['collStats']}] + }, + {}); // Default write concern will wait for majority, which will time out. b.grantRolesToUser('spencer', ['temporaryRole'], - {}); // Default write concern will wait for majority, which will time out. - + {}); // Default write concern will wait for majority, which will time out. assert.commandWorked(b.runCommand({dbStats: 1})); assert.commandWorked(b.runCommand({collStats: 'foo'})); @@ -141,10 +149,13 @@ replTest.stop(1); replTest.restart(0); - assert.soon(function () { try { return A.isMaster().ismaster; } catch(e) { return false; } }, - "A didn't become master", - 60000, - 1000); + assert.soon(function() { + try { + return A.isMaster().ismaster; + } catch (e) { + return false; + } + }, "A didn't become master", 60000, 1000); // A should not have the new data as it was down assert.commandWorked(a.runCommand({dbStats: 1})); @@ -158,18 +169,17 @@ A.auth('userAdmin', 'pwd'); // Default write concern will wait for majority, which would time out // so we override it with an empty write concern - a.grantPrivilegesToRole('myRole', - [{resource: {db: 'test', collection: 'baz'}, actions: ['collStats']}], - {}); - - a.createRole({role: 'persistentRole', - roles: [], - privileges: [{resource: {db: 'test', collection: 'foobar'}, - actions: ['collStats']}]}, - {}); - a.grantRolesToUser('spencer', - ['persistentRole'], - {}); + a.grantPrivilegesToRole( + 'myRole', [{resource: {db: 'test', collection: 'baz'}, actions: ['collStats']}], {}); + + a.createRole( + { + role: 'persistentRole', + roles: [], + privileges: [{resource: {db: 'test', collection: 'foobar'}, actions: ['collStats']}] + }, + {}); + a.grantRolesToUser('spencer', ['persistentRole'], {}); A.logout(); a.auth('spencer', 'pwd'); @@ -183,10 +193,12 @@ replTest.restart(1); authutil.asCluster(replTest.nodes, 'jstests/libs/key1', - function() { replTest.awaitReplication(); }); + function() { + replTest.awaitReplication(); + }); assert.soon(function() { - return b.auth('spencer', 'pwd'); - }); + return b.auth('spencer', 'pwd'); + }); // Now both A and B should agree checkFinalResults(a); checkFinalResults(b); |