diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_manager_test.cpp')
-rw-r--r-- | src/mongo/db/auth/authorization_manager_test.cpp | 82 |
1 files changed, 39 insertions, 43 deletions
diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp index cfb62e5ff50..e0ba470d4f5 100644 --- a/src/mongo/db/auth/authorization_manager_test.cpp +++ b/src/mongo/db/auth/authorization_manager_test.cpp @@ -46,8 +46,9 @@ #include "mongo/db/auth/sasl_options.h" #include "mongo/db/jsobj.h" #include "mongo/db/namespace_string.h" -#include "mongo/db/operation_context_noop.h" -#include "mongo/db/service_context_noop.h" +#include "mongo/db/operation_context.h" +#include "mongo/db/service_context_test_fixture.h" +#include "mongo/db/storage/recovery_unit_noop.h" #include "mongo/stdx/memory.h" #include "mongo/transport/session.h" #include "mongo/transport/transport_layer_mock.h" @@ -73,21 +74,29 @@ void setX509PeerInfo(const transport::SessionHandle& session, SSLPeerInfo info) using std::vector; -class AuthorizationManagerTest : public ::mongo::unittest::Test { +class AuthorizationManagerTest : public ServiceContextTest { public: virtual ~AuthorizationManagerTest() { if (authzManager) authzManager->invalidateUserCache(); } - void setUp() override { + AuthorizationManagerTest() { auto localExternalState = std::make_unique<AuthzManagerExternalStateMock>(); externalState = localExternalState.get(); - authzManager = std::make_unique<AuthorizationManagerImpl>( + auto localAuthzManager = std::make_unique<AuthorizationManagerImpl>( std::move(localExternalState), AuthorizationManagerImpl::InstallMockForTestingOrAuthImpl{}); - externalState->setAuthorizationManager(authzManager.get()); + authzManager = localAuthzManager.get(); + externalState->setAuthorizationManager(authzManager); authzManager->setAuthEnabled(true); + AuthorizationManager::set(getServiceContext(), std::move(localAuthzManager)); + + // Re-initialize the client after setting the AuthorizationManager to get an + // AuthorizationSession. + Client::releaseCurrent(); + Client::initThread(getThreadName(), session); + opCtx = makeOperationContext(); credentials = BSON("SCRAM-SHA-1" << scram::Secrets<SHA1Block>::generateCredentials( @@ -97,15 +106,18 @@ public: "password", saslGlobalParams.scramSHA256IterationCount.load())); } - std::unique_ptr<AuthorizationManager> authzManager; + transport::TransportLayerMock transportLayer; + transport::SessionHandle session = transportLayer.createSession(); + AuthorizationManager* authzManager; AuthzManagerExternalStateMock* externalState; BSONObj credentials; + ServiceContext::UniqueOperationContext opCtx; }; TEST_F(AuthorizationManagerTest, testAcquireV2User) { - OperationContextNoop opCtx; - ASSERT_OK(externalState->insertPrivilegeDocument(&opCtx, + + ASSERT_OK(externalState->insertPrivilegeDocument(opCtx.get(), BSON("_id" << "admin.v2read" << "user" @@ -120,7 +132,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { << "db" << "test"))), BSONObj())); - ASSERT_OK(externalState->insertPrivilegeDocument(&opCtx, + ASSERT_OK(externalState->insertPrivilegeDocument(opCtx.get(), BSON("_id" << "admin.v2cluster" << "user" @@ -137,7 +149,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { BSONObj())); User* v2read; - ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("v2read", "test"), &v2read)); + ASSERT_OK(authzManager->acquireUser(opCtx.get(), UserName("v2read", "test"), &v2read)); ASSERT_EQUALS(UserName("v2read", "test"), v2read->getName()); ASSERT(v2read->isValid()); ASSERT_EQUALS(1U, v2read->getRefCount()); @@ -151,7 +163,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { authzManager->releaseUser(v2read); User* v2cluster; - ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("v2cluster", "admin"), &v2cluster)); + ASSERT_OK(authzManager->acquireUser(opCtx.get(), UserName("v2cluster", "admin"), &v2cluster)); ASSERT_EQUALS(UserName("v2cluster", "admin"), v2cluster->getName()); ASSERT(v2cluster->isValid()); ASSERT_EQUALS(1U, v2cluster->getRefCount()); @@ -167,14 +179,9 @@ TEST_F(AuthorizationManagerTest, testAcquireV2User) { #ifdef MONGO_CONFIG_SSL TEST_F(AuthorizationManagerTest, testLocalX509Authorization) { - ServiceContextNoop serviceContext; - transport::TransportLayerMock transportLayer{}; - transport::SessionHandle session = transportLayer.createSession(); setX509PeerInfo( session, SSLPeerInfo(buildX509Name(), {RoleName("read", "test"), RoleName("readWrite", "test")})); - ServiceContext::UniqueClient client = serviceContext.makeClient("testClient", session); - ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext(); User* x509User; ASSERT_OK( @@ -202,14 +209,9 @@ TEST_F(AuthorizationManagerTest, testLocalX509Authorization) { #endif TEST_F(AuthorizationManagerTest, testLocalX509AuthorizationInvalidUser) { - ServiceContextNoop serviceContext; - transport::TransportLayerMock transportLayer{}; - transport::SessionHandle session = transportLayer.createSession(); setX509PeerInfo( session, SSLPeerInfo(buildX509Name(), {RoleName("read", "test"), RoleName("write", "test")})); - ServiceContext::UniqueClient client = serviceContext.makeClient("testClient", session); - ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext(); User* x509User; ASSERT_NOT_OK( @@ -217,12 +219,7 @@ TEST_F(AuthorizationManagerTest, testLocalX509AuthorizationInvalidUser) { } TEST_F(AuthorizationManagerTest, testLocalX509AuthenticationNoAuthorization) { - ServiceContextNoop serviceContext; - transport::TransportLayerMock transportLayer{}; - transport::SessionHandle session = transportLayer.createSession(); setX509PeerInfo(session, {}); - ServiceContext::UniqueClient client = serviceContext.makeClient("testClient", session); - ServiceContext::UniqueOperationContext opCtx = client->makeOperationContext(); User* x509User; ASSERT_NOT_OK( @@ -295,10 +292,10 @@ public: // Tests SERVER-21535, unrecognized actions should be ignored rather than causing errors. TEST_F(AuthorizationManagerTest, testAcquireV2UserWithUnrecognizedActions) { - OperationContextNoop opCtx; + ASSERT_OK(externalState->insertPrivilegeDocument( - &opCtx, + opCtx.get(), BSON("_id" << "admin.myUser" << "user" @@ -324,7 +321,7 @@ TEST_F(AuthorizationManagerTest, testAcquireV2UserWithUnrecognizedActions) { BSONObj())); User* myUser; - ASSERT_OK(authzManager->acquireUser(&opCtx, UserName("myUser", "test"), &myUser)); + ASSERT_OK(authzManager->acquireUser(opCtx.get(), UserName("myUser", "test"), &myUser)); ASSERT_EQUALS(UserName("myUser", "test"), myUser->getName()); ASSERT(myUser->isValid()); ASSERT_EQUALS(1U, myUser->getRefCount()); @@ -365,17 +362,16 @@ public: }; virtual void setUp() override { - opCtx.setRecoveryUnit(recoveryUnit, WriteUnitOfWork::RecoveryUnitState::kNotInUnitOfWork); + opCtx->setRecoveryUnit(recoveryUnit, WriteUnitOfWork::RecoveryUnitState::kNotInUnitOfWork); AuthorizationManagerTest::setUp(); } - OperationContextNoop opCtx; size_t registeredChanges = 0; MockRecoveryUnit* recoveryUnit = new MockRecoveryUnit(®isteredChanges); }; TEST_F(AuthorizationManagerLogOpTest, testDropDatabaseAddsRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("dropDatabase" @@ -385,7 +381,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropDatabaseAddsRecoveryUnits) { } TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -393,7 +389,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { nullptr); ASSERT_EQ(size_t(1), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -401,7 +397,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { nullptr); ASSERT_EQ(size_t(2), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -409,7 +405,7 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { nullptr); ASSERT_EQ(size_t(3), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("drop" @@ -419,21 +415,21 @@ TEST_F(AuthorizationManagerLogOpTest, testDropAuthCollectionAddsRecoveryUnits) { } TEST_F(AuthorizationManagerLogOpTest, testCreateAnyCollectionAddsNoRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("create" << "system.users"), nullptr); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("create" << "system.profile"), nullptr); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "c", {"admin", "$cmd"}, BSON("create" @@ -444,7 +440,7 @@ TEST_F(AuthorizationManagerLogOpTest, testCreateAnyCollectionAddsNoRecoveryUnits } TEST_F(AuthorizationManagerLogOpTest, testRawInsertToRolesCollectionAddsRecoveryUnits) { - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "i", {"admin", "system.profile"}, BSON("_id" @@ -452,7 +448,7 @@ TEST_F(AuthorizationManagerLogOpTest, testRawInsertToRolesCollectionAddsRecovery nullptr); ASSERT_EQ(size_t(0), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "i", {"admin", "system.users"}, BSON("_id" @@ -460,7 +456,7 @@ TEST_F(AuthorizationManagerLogOpTest, testRawInsertToRolesCollectionAddsRecovery nullptr); ASSERT_EQ(size_t(0), registeredChanges); - authzManager->logOp(&opCtx, + authzManager->logOp(opCtx.get(), "i", {"admin", "system.roles"}, BSON("_id" |