diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_session_test.cpp')
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 62 |
1 files changed, 31 insertions, 31 deletions
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 0c242b6c13d..ec82f193947 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -59,7 +59,7 @@ public: _findsShouldFail = enable; } - virtual Status findOne(OperationContext* txn, + virtual Status findOne(OperationContext* opCtx, const NamespaceString& collectionName, const BSONObj& query, BSONObj* result) { @@ -67,7 +67,7 @@ public: return Status(ErrorCodes::UnknownError, "findOne on admin.system.users set to fail in mock."); } - return AuthzManagerExternalStateMock::findOne(txn, collectionName, query, result); + return AuthzManagerExternalStateMock::findOne(opCtx, collectionName, query, result); } private: @@ -77,7 +77,7 @@ private: class AuthorizationSessionTest : public ::mongo::unittest::Test { public: FailureCapableAuthzManagerExternalStateMock* managerState; - OperationContextNoop _txn; + OperationContextNoop _opCtx; AuthzSessionExternalStateMock* sessionState; std::unique_ptr<AuthorizationManager> authzManager; std::unique_ptr<AuthorizationSessionForTest> authzSession; @@ -143,10 +143,10 @@ TEST_F(AuthorizationSessionTest, AddUserAndCheckAuthorization) { // Check that you can't authorize a user that doesn't exist. ASSERT_EQUALS(ErrorCodes::UserNotFound, - authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); + authzSession->addAndAuthorizeUser(&_opCtx, UserName("spencer", "test"))); // Add a user with readWrite and dbAdmin on the test DB - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "spencer" << "db" @@ -164,7 +164,7 @@ TEST_F(AuthorizationSessionTest, AddUserAndCheckAuthorization) { << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("spencer", "test"))); ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::insert)); @@ -175,7 +175,7 @@ TEST_F(AuthorizationSessionTest, AddUserAndCheckAuthorization) { // Add an admin user with readWriteAnyDatabase ASSERT_OK( - managerState->insertPrivilegeDocument(&_txn, + managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "admin" << "db" @@ -189,7 +189,7 @@ TEST_F(AuthorizationSessionTest, AddUserAndCheckAuthorization) { << "db" << "admin"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("admin", "admin"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("admin", "admin"))); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( ResourcePattern::forExactNamespace(NamespaceString("anydb.somecollection")), @@ -222,7 +222,7 @@ TEST_F(AuthorizationSessionTest, AddUserAndCheckAuthorization) { TEST_F(AuthorizationSessionTest, DuplicateRolesOK) { // Add a user with doubled-up readWrite and single dbAdmin on the test DB - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "spencer" << "db" @@ -244,7 +244,7 @@ TEST_F(AuthorizationSessionTest, DuplicateRolesOK) { << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("spencer", "test"))); ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::insert)); @@ -255,7 +255,7 @@ TEST_F(AuthorizationSessionTest, DuplicateRolesOK) { } TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "rw" << "db" @@ -273,7 +273,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { << "db" << "test"))), BSONObj())); - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "useradmin" << "db" @@ -288,7 +288,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { << "test"))), BSONObj())); ASSERT_OK( - managerState->insertPrivilegeDocument(&_txn, + managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "rwany" << "db" @@ -307,7 +307,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { << "admin"))), BSONObj())); ASSERT_OK( - managerState->insertPrivilegeDocument(&_txn, + managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "useradminany" << "db" @@ -322,7 +322,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { << "admin"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("rwany", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("rwany", "test"))); ASSERT_FALSE( authzSession->isAuthorizedForActionsOnResource(testUsersCollResource, ActionType::insert)); @@ -342,7 +342,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { authzSession->isAuthorizedForActionsOnResource(otherProfileCollResource, ActionType::find)); // Logging in as useradminany@test implicitly logs out rwany@test. - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("useradminany", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("useradminany", "test"))); ASSERT_FALSE( authzSession->isAuthorizedForActionsOnResource(testUsersCollResource, ActionType::insert)); ASSERT_TRUE( @@ -361,7 +361,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { authzSession->isAuthorizedForActionsOnResource(otherProfileCollResource, ActionType::find)); // Logging in as rw@test implicitly logs out useradminany@test. - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("rw", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("rw", "test"))); ASSERT_FALSE( authzSession->isAuthorizedForActionsOnResource(testUsersCollResource, ActionType::insert)); @@ -382,7 +382,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { // Logging in as useradmin@test implicitly logs out rw@test. - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("useradmin", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("useradmin", "test"))); ASSERT_FALSE( authzSession->isAuthorizedForActionsOnResource(testUsersCollResource, ActionType::insert)); ASSERT_FALSE( @@ -403,7 +403,7 @@ TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { TEST_F(AuthorizationSessionTest, InvalidateUser) { // Add a readWrite user - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "spencer" << "db" @@ -417,7 +417,7 @@ TEST_F(AuthorizationSessionTest, InvalidateUser) { << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("spencer", "test"))); ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); @@ -430,8 +430,8 @@ TEST_F(AuthorizationSessionTest, InvalidateUser) { // Change the user to be read-only int ignored; managerState->remove( - &_txn, AuthorizationManager::usersCollectionNamespace, BSONObj(), BSONObj(), &ignored); - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + &_opCtx, AuthorizationManager::usersCollectionNamespace, BSONObj(), BSONObj(), &ignored); + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "spencer" << "db" @@ -448,7 +448,7 @@ TEST_F(AuthorizationSessionTest, InvalidateUser) { // Make sure that invalidating the user causes the session to reload its privileges. authzManager->invalidateUserByName(user->getName()); - authzSession->startRequest(&_txn); // Refreshes cached data for invalid users + authzSession->startRequest(&_opCtx); // Refreshes cached data for invalid users ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); ASSERT_FALSE( @@ -459,10 +459,10 @@ TEST_F(AuthorizationSessionTest, InvalidateUser) { // Delete the user. managerState->remove( - &_txn, AuthorizationManager::usersCollectionNamespace, BSONObj(), BSONObj(), &ignored); + &_opCtx, AuthorizationManager::usersCollectionNamespace, BSONObj(), BSONObj(), &ignored); // Make sure that invalidating the user causes the session to reload its privileges. authzManager->invalidateUserByName(user->getName()); - authzSession->startRequest(&_txn); // Refreshes cached data for invalid users + authzSession->startRequest(&_opCtx); // Refreshes cached data for invalid users ASSERT_FALSE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); ASSERT_FALSE( @@ -472,7 +472,7 @@ TEST_F(AuthorizationSessionTest, InvalidateUser) { TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { // Add a readWrite user - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "spencer" << "db" @@ -486,7 +486,7 @@ TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_opCtx, UserName("spencer", "test"))); ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); @@ -500,8 +500,8 @@ TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { int ignored; managerState->setFindsShouldFail(true); managerState->remove( - &_txn, AuthorizationManager::usersCollectionNamespace, BSONObj(), BSONObj(), &ignored); - ASSERT_OK(managerState->insertPrivilegeDocument(&_txn, + &_opCtx, AuthorizationManager::usersCollectionNamespace, BSONObj(), BSONObj(), &ignored); + ASSERT_OK(managerState->insertPrivilegeDocument(&_opCtx, BSON("user" << "spencer" << "db" @@ -520,7 +520,7 @@ TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { // document lookup to fail, the authz session should continue to use its known out-of-date // privilege data. authzManager->invalidateUserByName(user->getName()); - authzSession->startRequest(&_txn); // Refreshes cached data for invalid users + authzSession->startRequest(&_opCtx); // Refreshes cached data for invalid users ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); ASSERT_TRUE( @@ -529,7 +529,7 @@ TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { // Once we configure document lookup to succeed again, authorization checks should // observe the new values. managerState->setFindsShouldFail(false); - authzSession->startRequest(&_txn); // Refreshes cached data for invalid users + authzSession->startRequest(&_opCtx); // Refreshes cached data for invalid users ASSERT_TRUE( authzSession->isAuthorizedForActionsOnResource(testFooCollResource, ActionType::find)); ASSERT_FALSE( |