diff options
Diffstat (limited to 'src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js')
-rw-r--r-- | src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js b/src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js new file mode 100644 index 00000000000..4bda54a5bdc --- /dev/null +++ b/src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js @@ -0,0 +1,117 @@ +// dumprestore_auth.js + + +t = new ToolTest("dumprestore_auth", { auth : "" }); + +c = t.startDB("foo"); +var dbName = c.getDB().toString(); +print("DB is ",dbName); + +adminDB = c.getDB().getSiblingDB('admin'); +adminDB.createUser({user: 'admin', pwd: 'password', roles: ['root']}); +adminDB.auth('admin','password'); +adminDB.createUser({user: 'backup', pwd: 'password', roles: ['backup']}); +adminDB.createUser({user: 'restore', pwd: 'password', roles: ['restore']}); + +// Add user defined roles & users with those roles +var testUserAdmin = c.getDB().getSiblingDB(dbName); +var backupActions = ["find","listCollections", "listIndexes"]; +testUserAdmin.createRole({role: "backupFoo", + privileges: [{resource: {db: dbName, collection: "foo"}, actions:backupActions}, + {resource: {db: dbName, collection: "" }, + actions: backupActions}], + roles: []}); +testUserAdmin.createUser({user: 'backupFoo', pwd: 'password', roles: ['backupFoo']}); + +var restoreActions = ["collMod", "createCollection","createIndex","dropCollection","insert","listCollections","listIndexes"]; +var restoreActionsFind = restoreActions; +restoreActionsFind.push("find"); +testUserAdmin.createRole({role: "restoreChester", + privileges: [{resource: {db: dbName, collection: "chester"}, actions: restoreActions}, + {resource: {db: dbName, collection: ""}, actions:["listCollections","listIndexes"]}, + ], + roles: []}); +testUserAdmin.createRole({role: "restoreFoo", + privileges: [{resource: {db: dbName, collection: "foo"}, actions:restoreActions}, + {resource: {db: dbName, collection: ""}, actions:["listCollections","listIndexes"]}, + ], + roles: []}); +testUserAdmin.createUser({user: 'restoreChester', pwd: 'password', roles: ['restoreChester']}); +testUserAdmin.createUser({user: 'restoreFoo', pwd: 'password', roles: ['restoreFoo']}); + +var sysUsers = adminDB.system.users.count(); +assert.eq(0 , c.count() , "setup1"); +c.save({ a : 22 }); +assert.eq(1 , c.count() , "setup2"); + +assert.commandWorked(c.runCommand("collMod", {usePowerOf2Sizes: false})); + +var collections = c.getDB().getCollectionInfos(); +var fooColl = null; +collections.forEach(function(coll) { + if (coll.name === "foo") { + fooColl = coll; + } +}); +assert.neq(null, fooColl, "foo collection doesn't exist"); +assert(!fooColl.options.flags, "find namespaces 1"); + +t.runTool("dump" , "--out" , t.ext, "--username", "backup", "--password", "password"); + +c.drop(); +assert.eq(0 , c.count() , "after drop"); + +// Restore should fail without user & pass +t.runTool("restore" , "--dir" , t.ext, "--writeConcern" ,"0"); +assert.eq(0 , c.count() , "after restore without auth"); + +// Restore should pass with authorized user +t.runTool("restore" , "--dir" , t.ext, "--username", "restore", "--password", "password", "--writeConcern", "0"); +assert.soon("c.findOne()" , "no data after sleep"); +assert.eq(1 , c.count() , "after restore 2"); +assert.eq(22 , c.findOne().a , "after restore 2"); + +collections = c.getDB().getCollectionInfos(); +fooColl = null; +collections.forEach(function(coll) { + if (coll.name === "foo") { + fooColl = coll; + } +}); +assert.neq(null, fooColl, "foo collection doesn't exist"); +assert(!fooColl.options.flags, "find namespaces 2"); + +assert.eq(sysUsers, adminDB.system.users.count()); + +// Dump & restore DB/colection with user defined roles +t.runTool("dump" , "--out" , t.ext, "--username", "backupFoo", "--password", "password", + "--db", dbName, "--collection", "foo"); + +c.drop(); +assert.eq(0 , c.count() , "after drop"); + +// Restore with wrong user +t.runTool("restore" , "--username", "restoreChester", "--password", "password", + "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson", "--writeConcern", "0"); +assert.eq(0 , c.count() , "after restore with wrong user"); + +// Restore with proper user +t.runTool("restore" , "--username", "restoreFoo", "--password", "password", + "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson", "--writeConcern", "0"); +assert.soon("c.findOne()" , "no data after sleep"); +assert.eq(1 , c.count() , "after restore 3"); +assert.eq(22 , c.findOne().a , "after restore 3"); + +collections = c.getDB().getCollectionInfos(); +fooColl = null; +collections.forEach(function(coll) { + if (coll.name === "foo") { + fooColl = coll; + } +}); +assert.neq(null, fooColl, "foo collection doesn't exist"); +assert(!fooColl.options.flags, "find namespaces 3"); + +assert.eq(sysUsers, adminDB.system.users.count()); + +t.stop(); |