diff options
Diffstat (limited to 'jstests/sharding/cleanup_orphaned_auth.js')
| -rw-r--r-- | jstests/sharding/cleanup_orphaned_auth.js | 82 |
1 files changed, 40 insertions, 42 deletions
diff --git a/jstests/sharding/cleanup_orphaned_auth.js b/jstests/sharding/cleanup_orphaned_auth.js index f32a66ee242..a54030fbf12 100644 --- a/jstests/sharding/cleanup_orphaned_auth.js +++ b/jstests/sharding/cleanup_orphaned_auth.js @@ -3,60 +3,58 @@ // (function() { - 'use strict'; +'use strict'; - // TODO SERVER-35447: Multiple users cannot be authenticated on one connection within a session. - TestData.disableImplicitSessions = true; +// TODO SERVER-35447: Multiple users cannot be authenticated on one connection within a session. +TestData.disableImplicitSessions = true; - function assertUnauthorized(res, msg) { - if (assert._debug && msg) - print("in assert for: " + msg); +function assertUnauthorized(res, msg) { + if (assert._debug && msg) + print("in assert for: " + msg); - if (res.ok == 0 && (res.errmsg.startsWith('not authorized') || - res.errmsg.match(/requires authentication/))) - return; + if (res.ok == 0 && + (res.errmsg.startsWith('not authorized') || res.errmsg.match(/requires authentication/))) + return; - var finalMsg = "command worked when it should have been unauthorized: " + tojson(res); - if (msg) { - finalMsg += " : " + msg; - } - doassert(finalMsg); + var finalMsg = "command worked when it should have been unauthorized: " + tojson(res); + if (msg) { + finalMsg += " : " + msg; } + doassert(finalMsg); +} - // TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed. - var st = new ShardingTest({ - auth: true, - other: {keyFile: 'jstests/libs/key1', useHostname: false, shardAsReplicaSet: false} - }); +// TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed. +var st = new ShardingTest({ + auth: true, + other: {keyFile: 'jstests/libs/key1', useHostname: false, shardAsReplicaSet: false} +}); - var shardAdmin = st.shard0.getDB('admin'); - shardAdmin.createUser( - {user: 'admin', pwd: 'x', roles: ['clusterAdmin', 'userAdminAnyDatabase']}); - shardAdmin.auth('admin', 'x'); +var shardAdmin = st.shard0.getDB('admin'); +shardAdmin.createUser({user: 'admin', pwd: 'x', roles: ['clusterAdmin', 'userAdminAnyDatabase']}); +shardAdmin.auth('admin', 'x'); - var mongos = st.s0; - var mongosAdmin = mongos.getDB('admin'); - var coll = mongos.getCollection('foo.bar'); +var mongos = st.s0; +var mongosAdmin = mongos.getDB('admin'); +var coll = mongos.getCollection('foo.bar'); - mongosAdmin.createUser( - {user: 'admin', pwd: 'x', roles: ['clusterAdmin', 'userAdminAnyDatabase']}); - mongosAdmin.auth('admin', 'x'); +mongosAdmin.createUser({user: 'admin', pwd: 'x', roles: ['clusterAdmin', 'userAdminAnyDatabase']}); +mongosAdmin.auth('admin', 'x'); - assert.commandWorked(mongosAdmin.runCommand({enableSharding: coll.getDB().getName()})); +assert.commandWorked(mongosAdmin.runCommand({enableSharding: coll.getDB().getName()})); - assert.commandWorked( - mongosAdmin.runCommand({shardCollection: coll.getFullName(), key: {_id: 'hashed'}})); +assert.commandWorked( + mongosAdmin.runCommand({shardCollection: coll.getFullName(), key: {_id: 'hashed'}})); - // cleanupOrphaned requires auth as admin user. - assert.commandWorked(shardAdmin.logout()); - assertUnauthorized(shardAdmin.runCommand({cleanupOrphaned: 'foo.bar'})); +// cleanupOrphaned requires auth as admin user. +assert.commandWorked(shardAdmin.logout()); +assertUnauthorized(shardAdmin.runCommand({cleanupOrphaned: 'foo.bar'})); - var fooDB = st.shard0.getDB('foo'); - shardAdmin.auth('admin', 'x'); - fooDB.createUser({user: 'user', pwd: 'x', roles: ['readWrite', 'dbAdmin']}); - shardAdmin.logout(); - fooDB.auth('user', 'x'); - assertUnauthorized(shardAdmin.runCommand({cleanupOrphaned: 'foo.bar'})); +var fooDB = st.shard0.getDB('foo'); +shardAdmin.auth('admin', 'x'); +fooDB.createUser({user: 'user', pwd: 'x', roles: ['readWrite', 'dbAdmin']}); +shardAdmin.logout(); +fooDB.auth('user', 'x'); +assertUnauthorized(shardAdmin.runCommand({cleanupOrphaned: 'foo.bar'})); - st.stop(); +st.stop(); })(); |