diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_manager_test.cpp')
-rw-r--r-- | src/mongo/db/auth/authorization_manager_test.cpp | 122 |
1 files changed, 0 insertions, 122 deletions
diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp index f5e5598af4b..001433e82f9 100644 --- a/src/mongo/db/auth/authorization_manager_test.cpp +++ b/src/mongo/db/auth/authorization_manager_test.cpp @@ -258,127 +258,5 @@ TEST_F(AuthorizationManagerTest, testAcquireV2UserWithUnrecognizedActions) { ASSERT(actions.empty()); } -TEST_F(AuthorizationManagerTest, testRefreshExternalV2User) { - constexpr auto kUserFieldName = "user"_sd; - constexpr auto kDbFieldName = "db"_sd; - constexpr auto kRoleFieldName = "role"_sd; - - // Insert one user on db test and two users on db $external. - BSONObj externalCredentials = BSON("external" << true); - std::vector<BSONObj> userDocs{BSON("_id" - << "admin.v2read" - << "user" - << "v2read" - << "db" - << "test" - << "credentials" << credentials << "roles" - << BSON_ARRAY(BSON("role" - << "read" - << "db" - << "test"))), - BSON("_id" - << "admin.v2externalOne" - << "user" - << "v2externalOne" - << "db" - << "$external" - << "credentials" << externalCredentials << "roles" - << BSON_ARRAY(BSON("role" - << "read" - << "db" - << "test"))), - BSON("_id" - << "admin.v2externalTwo" - << "user" - << "v2externalTwo" - << "db" - << "$external" - << "credentials" << externalCredentials << "roles" - << BSON_ARRAY(BSON("role" - << "read" - << "db" - << "test")))}; - - std::vector<BSONObj> initialRoles{BSON("role" - << "read" - << "db" - << "test")}; - std::vector<BSONObj> updatedRoles{BSON("role" - << "readWrite" - << "db" - << "test")}; - - for (const auto& userDoc : userDocs) { - ASSERT_OK(externalState->insertPrivilegeDocument(opCtx.get(), userDoc, BSONObj())); - } - - // Acquire these users to force the AuthorizationManager to load these users into the user - // cache. - for (const auto& userDoc : userDocs) { - auto swUser = authzManager->acquireUser( - opCtx.get(), - UserName(userDoc.getStringField(kUserFieldName), userDoc.getStringField(kDbFieldName))); - ASSERT_OK(swUser.getStatus()); - auto user = std::move(swUser.getValue()); - ASSERT_EQUALS( - UserName(userDoc.getStringField(kUserFieldName), userDoc.getStringField(kDbFieldName)), - user->getName()); - ASSERT(user.isValid()); - - RoleNameIterator cachedUserRoles = user->getRoles(); - for (const auto& userDocRole : initialRoles) { - ASSERT_EQUALS(cachedUserRoles.next(), - RoleName(userDocRole.getStringField(kRoleFieldName), - userDocRole.getStringField(kDbFieldName))); - } - ASSERT_FALSE(cachedUserRoles.more()); - } - - // Update each of the users added into the external state so that they gain the readWrite role. - for (const auto& userDoc : userDocs) { - BSONObj updateQuery = BSON("user" << userDoc.getStringField(kUserFieldName)); - ASSERT_OK( - externalState->updateOne(opCtx.get(), - AuthorizationManager::usersCollectionNamespace, - updateQuery, - BSON("$set" << BSON("roles" << BSON_ARRAY(updatedRoles[0]))), - true, - BSONObj())); - } - - // Refresh all external entries in the authorization manager's cache. - ASSERT_OK(authzManager->refreshExternalUsers(opCtx.get())); - - // Retrieve all users from the cache and verify that only the external ones contain the newly - // added role. - for (const auto& userDoc : userDocs) { - auto swUser = authzManager->acquireUser( - opCtx.get(), - UserName(userDoc.getStringField(kUserFieldName), userDoc.getStringField(kDbFieldName))); - ASSERT_OK(swUser.getStatus()); - auto user = std::move(swUser.getValue()); - ASSERT_EQUALS( - UserName(userDoc.getStringField(kUserFieldName), userDoc.getStringField(kDbFieldName)), - user->getName()); - ASSERT(user.isValid()); - - RoleNameIterator cachedUserRolesIt = user->getRoles(); - if (userDoc.getStringField(kDbFieldName) == "$external"_sd) { - for (const auto& userDocRole : updatedRoles) { - ASSERT_EQUALS(cachedUserRolesIt.next(), - RoleName(userDocRole.getStringField(kRoleFieldName), - userDocRole.getStringField(kDbFieldName))); - } - } else { - for (const auto& userDocRole : initialRoles) { - ASSERT_EQUALS(cachedUserRolesIt.next(), - RoleName(userDocRole.getStringField(kRoleFieldName), - userDocRole.getStringField(kDbFieldName))); - } - } - ASSERT_FALSE(cachedUserRolesIt.more()); - } -} - } // namespace } // namespace mongo |