summaryrefslogtreecommitdiff
path: root/jstests/replsets/rollback_auth.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/replsets/rollback_auth.js')
-rw-r--r--jstests/replsets/rollback_auth.js146
1 files changed, 79 insertions, 67 deletions
diff --git a/jstests/replsets/rollback_auth.js b/jstests/replsets/rollback_auth.js
index 77684550d3e..0c0b35b91ed 100644
--- a/jstests/replsets/rollback_auth.js
+++ b/jstests/replsets/rollback_auth.js
@@ -10,7 +10,7 @@
// run on ephemeral storage engines.
// @tags: [requires_persistence]
-(function () {
+(function() {
"use strict";
// helper function for verifying contents at the end of the test
var checkFinalResults = function(db) {
@@ -26,17 +26,17 @@
jsTestLog("Setting up replica set");
var name = "rollbackAuth";
- var replTest = new ReplSetTest({name: name,
- nodes: 3,
- keyFile: 'jstests/libs/key1' });
+ var replTest = new ReplSetTest({name: name, nodes: 3, keyFile: 'jstests/libs/key1'});
var nodes = replTest.nodeList();
var conns = replTest.startSet();
- replTest.initiate({ "_id": "rollbackAuth",
- "members": [
- { "_id": 0, "host": nodes[0], "priority": 3 },
- { "_id": 1, "host": nodes[1] },
- { "_id": 2, "host": nodes[2], arbiterOnly: true}
- ]});
+ replTest.initiate({
+ "_id": "rollbackAuth",
+ "members": [
+ {"_id": 0, "host": nodes[0], "priority": 3},
+ {"_id": 1, "host": nodes[1]},
+ {"_id": 2, "host": nodes[2], arbiterOnly: true}
+ ]
+ });
// Make sure we have a master
replTest.waitForState(replTest.nodes[0], ReplSetTest.State.PRIMARY, 60 * 1000);
@@ -53,45 +53,49 @@
assert.eq(a_conn, master);
// Make sure we have an arbiter
- assert.soon(function () {
- var res = conns[2].getDB("admin").runCommand({ replSetGetStatus: 1 });
- return res.myState == 7;
- }, "Arbiter failed to initialize.");
-
+ assert.soon(function() {
+ var res = conns[2].getDB("admin").runCommand({replSetGetStatus: 1});
+ return res.myState == 7;
+ }, "Arbiter failed to initialize.");
jsTestLog("Creating initial data");
// Create collections that will be used in test
A.createUser({user: 'admin', pwd: 'pwd', roles: ['root']});
A.auth('admin', 'pwd');
- a.foo.insert({a:1});
- a.bar.insert({a:1});
- a.baz.insert({a:1});
- a.foobar.insert({a:1});
+ a.foo.insert({a: 1});
+ a.bar.insert({a: 1});
+ a.baz.insert({a: 1});
+ a.foobar.insert({a: 1});
// Set up user admin user
A.createUser({user: 'userAdmin', pwd: 'pwd', roles: ['userAdminAnyDatabase']});
- A.auth('userAdmin', 'pwd'); // Logs out of admin@admin user
+ A.auth('userAdmin', 'pwd'); // Logs out of admin@admin user
B.auth('userAdmin', 'pwd');
// Create a basic user and role
- A.createRole({role: 'replStatusRole', // To make awaitReplication() work
- roles: [],
- privileges: [{resource: {cluster: true}, actions: ['replSetGetStatus']},
- {resource: {db: 'local', collection: ''}, actions: ['find']},
- {resource: {db: 'local', collection: 'system.replset'},
- actions: ['find']}]});
- a.createRole({role: 'myRole', roles: [], privileges: [{resource: {db: 'test', collection: ''},
- actions: ['dbStats']}]});
- a.createUser({user: 'spencer',
- pwd: 'pwd',
- roles: ['myRole', {role: 'replStatusRole', db: 'admin'}]});
+ A.createRole({
+ role: 'replStatusRole', // To make awaitReplication() work
+ roles: [],
+ privileges: [
+ {resource: {cluster: true}, actions: ['replSetGetStatus']},
+ {resource: {db: 'local', collection: ''}, actions: ['find']},
+ {resource: {db: 'local', collection: 'system.replset'}, actions: ['find']}
+ ]
+ });
+ a.createRole({
+ role: 'myRole',
+ roles: [],
+ privileges: [{resource: {db: 'test', collection: ''}, actions: ['dbStats']}]
+ });
+ a.createUser(
+ {user: 'spencer', pwd: 'pwd', roles: ['myRole', {role: 'replStatusRole', db: 'admin'}]});
assert(a.auth('spencer', 'pwd'));
// wait for secondary to get this data
assert.soon(function() {
- return b.auth('spencer', 'pwd');
- });
+ return b.auth('spencer', 'pwd');
+ });
assert.commandWorked(a.runCommand({dbStats: 1}));
assert.commandFailedWithCode(a.runCommand({collStats: 'foo'}), authzErrorCode);
@@ -105,30 +109,34 @@
assert.commandFailedWithCode(b.runCommand({collStats: 'baz'}), authzErrorCode);
assert.commandFailedWithCode(b.runCommand({collStats: 'foobar'}), authzErrorCode);
-
jsTestLog("Doing writes that will eventually be rolled back");
// down A and wait for B to become master
replTest.stop(0);
- assert.soon(function () { try { return B.isMaster().ismaster; } catch(e) { return false; } },
- "B didn't become master",
- 60000,
- 1000);
+ assert.soon(function() {
+ try {
+ return B.isMaster().ismaster;
+ } catch (e) {
+ return false;
+ }
+ }, "B didn't become master", 60000, 1000);
printjson(b.adminCommand('replSetGetStatus'));
-
// Modify the the user and role in a way that will be rolled back.
- b.grantPrivilegesToRole('myRole',
- [{resource: {db: 'test', collection: 'foo'}, actions: ['collStats']}],
- {}); // Default write concern will wait for majority, which will time out.
- b.createRole({role: 'temporaryRole',
- roles: [],
- privileges: [{resource: {db: 'test', collection: 'bar'}, actions: ['collStats']}]},
- {}); // Default write concern will wait for majority, which will time out.
+ b.grantPrivilegesToRole(
+ 'myRole',
+ [{resource: {db: 'test', collection: 'foo'}, actions: ['collStats']}],
+ {}); // Default write concern will wait for majority, which will time out.
+ b.createRole(
+ {
+ role: 'temporaryRole',
+ roles: [],
+ privileges: [{resource: {db: 'test', collection: 'bar'}, actions: ['collStats']}]
+ },
+ {}); // Default write concern will wait for majority, which will time out.
b.grantRolesToUser('spencer',
['temporaryRole'],
- {}); // Default write concern will wait for majority, which will time out.
-
+ {}); // Default write concern will wait for majority, which will time out.
assert.commandWorked(b.runCommand({dbStats: 1}));
assert.commandWorked(b.runCommand({collStats: 'foo'}));
@@ -141,10 +149,13 @@
replTest.stop(1);
replTest.restart(0);
- assert.soon(function () { try { return A.isMaster().ismaster; } catch(e) { return false; } },
- "A didn't become master",
- 60000,
- 1000);
+ assert.soon(function() {
+ try {
+ return A.isMaster().ismaster;
+ } catch (e) {
+ return false;
+ }
+ }, "A didn't become master", 60000, 1000);
// A should not have the new data as it was down
assert.commandWorked(a.runCommand({dbStats: 1}));
@@ -158,18 +169,17 @@
A.auth('userAdmin', 'pwd');
// Default write concern will wait for majority, which would time out
// so we override it with an empty write concern
- a.grantPrivilegesToRole('myRole',
- [{resource: {db: 'test', collection: 'baz'}, actions: ['collStats']}],
- {});
-
- a.createRole({role: 'persistentRole',
- roles: [],
- privileges: [{resource: {db: 'test', collection: 'foobar'},
- actions: ['collStats']}]},
- {});
- a.grantRolesToUser('spencer',
- ['persistentRole'],
- {});
+ a.grantPrivilegesToRole(
+ 'myRole', [{resource: {db: 'test', collection: 'baz'}, actions: ['collStats']}], {});
+
+ a.createRole(
+ {
+ role: 'persistentRole',
+ roles: [],
+ privileges: [{resource: {db: 'test', collection: 'foobar'}, actions: ['collStats']}]
+ },
+ {});
+ a.grantRolesToUser('spencer', ['persistentRole'], {});
A.logout();
a.auth('spencer', 'pwd');
@@ -183,10 +193,12 @@
replTest.restart(1);
authutil.asCluster(replTest.nodes,
'jstests/libs/key1',
- function() { replTest.awaitReplication(); });
+ function() {
+ replTest.awaitReplication();
+ });
assert.soon(function() {
- return b.auth('spencer', 'pwd');
- });
+ return b.auth('spencer', 'pwd');
+ });
// Now both A and B should agree
checkFinalResults(a);
checkFinalResults(b);
View Lorry Controller Status