1 files changed, 117 insertions, 0 deletions

diff --git a/src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js b/src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js
new file mode 100644
index 00000000000..4bda54a5bdc
--- /dev/null
+++ b/src/mongo/gotools/test/legacy28/jstests/tool/dumprestore_auth.js
@@ -0,0 +1,117 @@
+// dumprestore_auth.js
+
+
+t = new ToolTest("dumprestore_auth", { auth : "" });
+
+c = t.startDB("foo");
+var dbName = c.getDB().toString();
+print("DB is ",dbName);
+
+adminDB = c.getDB().getSiblingDB('admin');
+adminDB.createUser({user: 'admin', pwd: 'password', roles: ['root']});
+adminDB.auth('admin','password');
+adminDB.createUser({user: 'backup', pwd: 'password', roles: ['backup']});
+adminDB.createUser({user: 'restore', pwd: 'password', roles: ['restore']});
+
+// Add user defined roles & users with those roles
+var testUserAdmin = c.getDB().getSiblingDB(dbName);
+var backupActions = ["find","listCollections", "listIndexes"];
+testUserAdmin.createRole({role: "backupFoo",
+   privileges: [{resource: {db: dbName, collection: "foo"}, actions:backupActions},
+                {resource: {db: dbName, collection: "" },
+                 actions: backupActions}],
+   roles: []});
+testUserAdmin.createUser({user: 'backupFoo', pwd: 'password', roles: ['backupFoo']});
+
+var restoreActions = ["collMod", "createCollection","createIndex","dropCollection","insert","listCollections","listIndexes"];
+var restoreActionsFind = restoreActions;
+restoreActionsFind.push("find");
+testUserAdmin.createRole({role: "restoreChester",
+       privileges: [{resource: {db: dbName, collection: "chester"}, actions: restoreActions},
+                {resource: {db: dbName, collection: ""}, actions:["listCollections","listIndexes"]},
+                ],
+       roles: []});
+testUserAdmin.createRole({role: "restoreFoo",
+       privileges: [{resource: {db: dbName, collection: "foo"}, actions:restoreActions},
+                {resource: {db: dbName, collection: ""}, actions:["listCollections","listIndexes"]},
+                ],
+       roles: []});
+testUserAdmin.createUser({user: 'restoreChester', pwd: 'password', roles: ['restoreChester']});
+testUserAdmin.createUser({user: 'restoreFoo', pwd: 'password', roles: ['restoreFoo']});
+
+var sysUsers = adminDB.system.users.count();
+assert.eq(0 , c.count() , "setup1");
+c.save({ a : 22 });
+assert.eq(1 , c.count() , "setup2");
+
+assert.commandWorked(c.runCommand("collMod", {usePowerOf2Sizes: false}));
+
+var collections = c.getDB().getCollectionInfos();
+var fooColl = null;
+collections.forEach(function(coll) {
+    if (coll.name === "foo") {
+        fooColl = coll;
+    }
+});
+assert.neq(null, fooColl, "foo collection doesn't exist");
+assert(!fooColl.options.flags, "find namespaces 1");
+
+t.runTool("dump" , "--out" , t.ext, "--username", "backup", "--password", "password");
+
+c.drop();
+assert.eq(0 , c.count() , "after drop");
+
+// Restore should fail without user & pass
+t.runTool("restore" , "--dir" , t.ext, "--writeConcern" ,"0");
+assert.eq(0 , c.count() , "after restore without auth");
+
+// Restore should pass with authorized user
+t.runTool("restore" , "--dir" , t.ext, "--username", "restore", "--password", "password", "--writeConcern", "0");
+assert.soon("c.findOne()" , "no data after sleep");
+assert.eq(1 , c.count() , "after restore 2");
+assert.eq(22 , c.findOne().a , "after restore 2");
+
+collections = c.getDB().getCollectionInfos();
+fooColl = null;
+collections.forEach(function(coll) {
+    if (coll.name === "foo") {
+        fooColl = coll;
+    }
+});
+assert.neq(null, fooColl, "foo collection doesn't exist");
+assert(!fooColl.options.flags, "find namespaces 2");
+
+assert.eq(sysUsers, adminDB.system.users.count());
+
+// Dump & restore DB/colection with user defined roles
+t.runTool("dump" , "--out" , t.ext, "--username", "backupFoo", "--password", "password",
+          "--db", dbName, "--collection", "foo");
+
+c.drop();
+assert.eq(0 , c.count() , "after drop");
+
+// Restore with wrong user
+t.runTool("restore" , "--username", "restoreChester", "--password", "password",
+          "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson", "--writeConcern", "0");
+assert.eq(0 , c.count() , "after restore with wrong user");
+
+// Restore with proper user
+t.runTool("restore" , "--username", "restoreFoo", "--password", "password",
+          "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson", "--writeConcern", "0");
+assert.soon("c.findOne()" , "no data after sleep");
+assert.eq(1 , c.count() , "after restore 3");
+assert.eq(22 , c.findOne().a , "after restore 3");
+
+collections = c.getDB().getCollectionInfos();
+fooColl = null;
+collections.forEach(function(coll) {
+    if (coll.name === "foo") {
+        fooColl = coll;
+    }
+});
+assert.neq(null, fooColl, "foo collection doesn't exist");
+assert(!fooColl.options.flags, "find namespaces 3");
+
+assert.eq(sysUsers, adminDB.system.users.count());
+
+t.stop();