diff options
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/client/examples/authTest.cpp | 9 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_manager_test.cpp | 133 | ||||
-rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 82 | ||||
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_mock.cpp | 2 | ||||
-rw-r--r-- | src/mongo/shell/db.js | 3 | ||||
-rw-r--r-- | src/mongo/shell/utils.js | 16 |
6 files changed, 147 insertions, 98 deletions
diff --git a/src/mongo/client/examples/authTest.cpp b/src/mongo/client/examples/authTest.cpp index ed3f4049291..194590d027c 100644 --- a/src/mongo/client/examples/authTest.cpp +++ b/src/mongo/client/examples/authTest.cpp @@ -47,10 +47,15 @@ int main( int argc, const char **argv ) { return EXIT_FAILURE; } + BSONObj ret; // clean up old data from any previous tests - conn->remove( "test.system.users" , BSONObj() ); + conn->runCommand( "test", BSON("removeUsersFromDatabase" << 1), ret ); - conn->insert( "test.system.users" , BSON( "user" << "eliot" << "pwd" << conn->createPasswordDigest( "eliot" , "bar" ) ) ); + conn->runCommand( "test", + BSON( "createUser" << "eliot" << + "pwd" << "bar" << + "roles" << BSON_ARRAY("readWrite")), + ret); errmsg.clear(); conn->auth(BSON("user" << "eliot" << diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp index 858ca5c69e1..a053c9c7cc7 100644 --- a/src/mongo/db/auth/authorization_manager_test.cpp +++ b/src/mongo/db/auth/authorization_manager_test.cpp @@ -53,9 +53,9 @@ namespace { AuthzManagerExternalStateMock* externalState; }; - class PrivilegeDocumentParsing : public AuthorizationManagerTest { + class V1PrivilegeDocumentParsing : public AuthorizationManagerTest { public: - PrivilegeDocumentParsing() {} + V1PrivilegeDocumentParsing() {} scoped_ptr<User> user; scoped_ptr<User> adminUser; @@ -64,10 +64,11 @@ namespace { AuthorizationManagerTest::setUp(); user.reset(new User(UserName("spencer", "test"))); adminUser.reset(new User(UserName("admin", "admin"))); + authzManager->setAuthorizationVersion(1); } }; - TEST_F(PrivilegeDocumentParsing, testParsingV0PrivilegeDocuments) { + TEST_F(V1PrivilegeDocumentParsing, testParsingV0PrivilegeDocuments) { User user(UserName("Spencer", "test")); User adminUser(UserName("Spencer", "admin")); BSONObj invalid; @@ -101,21 +102,21 @@ namespace { ASSERT(adminUser.getActionsForResource("*").contains(ActionType::insert)); } - TEST_F(PrivilegeDocumentParsing, VerifyRolesFieldMustBeAnArray) { + TEST_F(V1PrivilegeDocumentParsing, VerifyRolesFieldMustBeAnArray) { ASSERT_NOT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << "pwd" << "" << "roles" << "read"))); ASSERT(user->getActionsForResource("test").empty()); } - TEST_F(PrivilegeDocumentParsing, VerifyInvalidRoleGrantsNoPrivileges) { + TEST_F(V1PrivilegeDocumentParsing, VerifyInvalidRoleGrantsNoPrivileges) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << "pwd" << "" << "roles" << BSON_ARRAY("frim")))); ASSERT(user->getActionsForResource("test").empty()); } - TEST_F(PrivilegeDocumentParsing, VerifyInvalidRoleStillAllowsOtherRoles) { + TEST_F(V1PrivilegeDocumentParsing, VerifyInvalidRoleStillAllowsOtherRoles) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << @@ -124,7 +125,7 @@ namespace { ASSERT(user->getActionsForResource("test").contains(ActionType::find)); } - TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterAdminRoleFromNonAdminDatabase) { + TEST_F(V1PrivilegeDocumentParsing, VerifyCannotGrantClusterAdminRoleFromNonAdminDatabase) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << @@ -135,7 +136,7 @@ namespace { ASSERT(!user->getActionsForResource("test").contains(ActionType::dropDatabase)); } - TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterReadFromNonAdminDatabase) { + TEST_F(V1PrivilegeDocumentParsing, VerifyCannotGrantClusterReadFromNonAdminDatabase) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << @@ -145,7 +146,7 @@ namespace { ASSERT(!user->getActionsForResource("test2").contains(ActionType::find)); } - TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterReadWriteFromNonAdminDatabase) { + TEST_F(V1PrivilegeDocumentParsing, VerifyCannotGrantClusterReadWriteFromNonAdminDatabase) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << @@ -156,7 +157,7 @@ namespace { ASSERT(!user->getActionsForResource("test2").contains(ActionType::insert)); } - TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterUserAdminFromNonAdminDatabase) { + TEST_F(V1PrivilegeDocumentParsing, VerifyCannotGrantClusterUserAdminFromNonAdminDatabase) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << @@ -167,7 +168,7 @@ namespace { ASSERT(!user->getActionsForResource("test2").contains(ActionType::userAdmin)); } - TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterDBAdminFromNonAdminDatabase) { + TEST_F(V1PrivilegeDocumentParsing, VerifyCannotGrantClusterDBAdminFromNonAdminDatabase) { ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), BSON("user" << "spencer" << @@ -178,7 +179,7 @@ namespace { ASSERT(!user->getActionsForResource("test2").contains(ActionType::clean)); } - TEST_F(PrivilegeDocumentParsing, VerifyOtherDBRolesMustBeAnObjectOfArraysOfStrings) { + TEST_F(V1PrivilegeDocumentParsing, VerifyOtherDBRolesMustBeAnObjectOfArraysOfStrings) { ASSERT_NOT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), BSON("user" << "admin" << @@ -200,7 +201,7 @@ namespace { ASSERT(!adminUser->getActionsForResource("admin").contains(ActionType::find)); } - TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormally) { + TEST_F(V1PrivilegeDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormally) { // Cannot grant privileges on other databases, except from admin database. ASSERT_NOT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), @@ -213,7 +214,7 @@ namespace { ASSERT(!user->getActionsForResource("admin").contains(ActionType::find)); } - TEST_F(PrivilegeDocumentParsing, SuccessfulSimpleReadGrant) { + TEST_F(V1PrivilegeDocumentParsing, SuccessfulSimpleReadGrant) { // Grant read on test. ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), @@ -225,7 +226,7 @@ namespace { ASSERT(!user->getActionsForResource("admin").contains(ActionType::find)); } - TEST_F(PrivilegeDocumentParsing, SuccessfulSimpleUserAdminTest) { + TEST_F(V1PrivilegeDocumentParsing, SuccessfulSimpleUserAdminTest) { // Grant userAdmin on "test" database. ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), @@ -237,7 +238,7 @@ namespace { ASSERT(!user->getActionsForResource("admin").contains(ActionType::userAdmin)); } - TEST_F(PrivilegeDocumentParsing, GrantUserAdminOnAdmin) { + TEST_F(V1PrivilegeDocumentParsing, GrantUserAdminOnAdmin) { // Grant userAdmin on admin. ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), @@ -249,7 +250,7 @@ namespace { ASSERT(adminUser->getActionsForResource("admin").contains(ActionType::userAdmin)); } - TEST_F(PrivilegeDocumentParsing, GrantUserAdminOnTestViaAdmin) { + TEST_F(V1PrivilegeDocumentParsing, GrantUserAdminOnTestViaAdmin) { // Grant userAdmin on test via admin. ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), @@ -262,7 +263,7 @@ namespace { ASSERT(!adminUser->getActionsForResource("admin").contains(ActionType::userAdmin)); } - TEST_F(PrivilegeDocumentParsing, SuccessfulClusterAdminTest) { + TEST_F(V1PrivilegeDocumentParsing, SuccessfulClusterAdminTest) { // Grant userAdminAnyDatabase. ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), @@ -273,7 +274,7 @@ namespace { } - TEST_F(PrivilegeDocumentParsing, GrantClusterReadWrite) { + TEST_F(V1PrivilegeDocumentParsing, GrantClusterReadWrite) { // Grant readWrite on everything via the admin database. ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), @@ -284,7 +285,7 @@ namespace { ASSERT(adminUser->getActionsForResource("*").contains(ActionType::insert)); } - TEST_F(PrivilegeDocumentParsing, ProhibitGrantOnWildcard) { + TEST_F(V1PrivilegeDocumentParsing, ProhibitGrantOnWildcard) { // Cannot grant readWrite to everything using "otherDBRoles". ASSERT_NOT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), @@ -300,7 +301,7 @@ namespace { ASSERT(!adminUser->getActionsForResource("admin").contains(ActionType::insert)); } - TEST_F(PrivilegeDocumentParsing, GrantClusterAdmin) { + TEST_F(V1PrivilegeDocumentParsing, GrantClusterAdmin) { // Grant cluster admin ASSERT_OK(authzManager->_initializeUserFromPrivilegeDocument( adminUser.get(), @@ -312,7 +313,7 @@ namespace { ASSERT(adminUser->getActionsForResource("*").contains(ActionType::moveChunk)); } - TEST_F(PrivilegeDocumentParsing, GetPrivilegesFromPrivilegeDocumentInvalid) { + TEST_F(V1PrivilegeDocumentParsing, GetPrivilegesFromPrivilegeDocumentInvalid) { // Try to mix fields from V0 and V1 privilege documents and make sure it fails. ASSERT_NOT_OK(authzManager->_initializeUserFromPrivilegeDocument( user.get(), @@ -326,12 +327,14 @@ namespace { TEST_F(AuthorizationManagerTest, testAquireV0User) { - ASSERT_OK(externalState->insertPrivilegeDocument( - "test", - BSON("user" << "v0RW" << "pwd" << "password"))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "admin", - BSON("user" << "v0AdminRO" << "pwd" << "password" << "readOnly" << true))); + authzManager->setAuthorizationVersion(1); + + ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), + BSON("user" << "v0RW" << "pwd" << "password"))); + ASSERT_OK(externalState->insert(NamespaceString("admin.system.users"), + BSON("user" << "v0AdminRO" << + "pwd" << "password" << + "readOnly" << true))); User* v0RW; ASSERT_OK(authzManager->acquireUser(UserName("v0RW", "test"), &v0RW)); @@ -376,16 +379,16 @@ namespace { } TEST_F(AuthorizationManagerTest, testAquireV1User) { - ASSERT_OK(externalState->insertPrivilegeDocument( - "test", - BSON("user" << "v1read" << - "pwd" << "password" << - "roles" << BSON_ARRAY("read")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "admin", - BSON("user" << "v1cluster" << - "pwd" << "password" << - "roles" << BSON_ARRAY("clusterAdmin")))); + authzManager->setAuthorizationVersion(1); + + ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), + BSON("user" << "v1read" << + "pwd" << "password" << + "roles" << BSON_ARRAY("read")))); + ASSERT_OK(externalState->insert(NamespaceString("admin.system.users"), + BSON("user" << "v1cluster" << + "pwd" << "password" << + "roles" << BSON_ARRAY("clusterAdmin")))); User* v1read; ASSERT_OK(authzManager->acquireUser(UserName("v1read", "test"), &v1read)); @@ -428,26 +431,24 @@ namespace { } TEST_F(AuthorizationManagerTest, initializeAllV1UserData) { - ASSERT_OK(externalState->insertPrivilegeDocument( - "test", - BSON("user" << "readOnly" << - "pwd" << "password" << - "roles" << BSON_ARRAY("read")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "admin", - BSON("user" << "clusterAdmin" << - "userSource" << "$external" << - "roles" << BSON_ARRAY("clusterAdmin")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "test", - BSON("user" << "readWriteMultiDB" << - "pwd" << "password" << - "roles" << BSON_ARRAY("readWrite")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "test2", - BSON("user" << "readWriteMultiDB" << - "userSource" << "test" << - "roles" << BSON_ARRAY("readWrite")))); + authzManager->setAuthorizationVersion(1); + + ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), + BSON("user" << "readOnly" << + "pwd" << "password" << + "roles" << BSON_ARRAY("read")))); + ASSERT_OK(externalState->insert(NamespaceString("admin.system.users"), + BSON("user" << "clusterAdmin" << + "userSource" << "$external" << + "roles" << BSON_ARRAY("clusterAdmin")))); + ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), + BSON("user" << "readWriteMultiDB" << + "pwd" << "password" << + "roles" << BSON_ARRAY("readWrite")))); + ASSERT_OK(externalState->insert(NamespaceString("test2.system.users"), + BSON("user" << "readWriteMultiDB" << + "userSource" << "test" << + "roles" << BSON_ARRAY("readWrite")))); Status status = authzManager->initialize(); ASSERT_OK(status); @@ -612,23 +613,19 @@ namespace { static const NamespaceString newUsersCollectioName; void setUpV1UserData() { - ASSERT_OK(externalState->insertPrivilegeDocument( - "test", + ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), BSON("user" << "readOnly" << "pwd" << "password" << "roles" << BSON_ARRAY("read")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "admin", + ASSERT_OK(externalState->insert(NamespaceString("admin.system.users"), BSON("user" << "clusterAdmin" << "userSource" << "$external" << "roles" << BSON_ARRAY("clusterAdmin")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "test", + ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), BSON("user" << "readWriteMultiDB" << "pwd" << "password" << "roles" << BSON_ARRAY("readWrite")))); - ASSERT_OK(externalState->insertPrivilegeDocument( - "test2", + ASSERT_OK(externalState->insert(NamespaceString("test2.system.users"), BSON("user" << "readWriteMultiDB" << "userSource" << "test" << "roles" << BSON_ARRAY("readWrite")))); @@ -700,6 +697,7 @@ namespace { const NamespaceString AuthzUpgradeTest::newUsersCollectioName("admin._newusers"); TEST_F(AuthzUpgradeTest, upgradeUserDataFromV1ToV2Clean) { + authzManager->setAuthorizationVersion(1); setUpV1UserData(); ASSERT_OK(authzManager->upgradeAuthCollections()); @@ -708,6 +706,7 @@ namespace { } TEST_F(AuthzUpgradeTest, upgradeUserDataFromV1ToV2WithSysVerDoc) { + authzManager->setAuthorizationVersion(1); setUpV1UserData(); ASSERT_OK(externalState->insert(versionCollectionName, BSON("_id" << 1 << "currentVersion" << 1))); @@ -718,6 +717,7 @@ namespace { } TEST_F(AuthzUpgradeTest, upgradeUserDataFromV1ToV2FailsWithBadInitialVersionDoc) { + authzManager->setAuthorizationVersion(1); setUpV1UserData(); ASSERT_OK(externalState->insert(versionCollectionName, BSON("_id" << 1 << "currentVersion" << 3))); @@ -730,6 +730,7 @@ namespace { } TEST_F(AuthzUpgradeTest, upgradeUserDataFromV1ToV2FailsWithVersionDocMispatch) { + authzManager->setAuthorizationVersion(1); setUpV1UserData(); ASSERT_OK(externalState->insert(versionCollectionName, BSON("_id" << 1 << "currentVersion" << 2))); diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 1a338bbd10e..5ca4ff21550 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -85,10 +85,18 @@ namespace { authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); // Add a user with readWrite and dbAdmin on the test DB - ASSERT_OK(managerState->insertPrivilegeDocument("test", - BSON("user" << "spencer" << - "pwd" << "a" << - "roles" << BSON_ARRAY("readWrite" << "dbAdmin")))); + ASSERT_OK(managerState->insertPrivilegeDocument("admin", + BSON("name" << "spencer" << + "source" << "test" << + "credentials" << BSON("MONGODB-CR" << "a") << + "roles" << BSON_ARRAY(BSON("name" << "readWrite" << + "source" << "test" << + "hasRole" << true << + "canDelegate" << false) << + BSON("name" << "dbAdmin" << + "source" << "test" << + "hasRole" << true << + "canDelegate" << false))))); ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); ASSERT_TRUE(authzSession->checkAuthorization("test", ActionType::insert)); @@ -99,9 +107,13 @@ namespace { // Add an admin user with readWriteAnyDatabase ASSERT_OK(managerState->insertPrivilegeDocument("admin", - BSON("user" << "admin" << - "pwd" << "a" << - "roles" << BSON_ARRAY("readWriteAnyDatabase")))); + BSON("name" << "admin" << + "source" << "admin" << + "credentials" << BSON("MONGODB-CR" << "a") << + "roles" << BSON_ARRAY(BSON("name" << "readWriteAnyDatabase" << + "source" << "admin" << + "hasRole" << true << + "canDelegate" << false))))); ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("admin", "admin"))); ASSERT_TRUE(authzSession->checkAuthorization("*", ActionType::insert)); @@ -123,10 +135,14 @@ namespace { TEST_F(AuthorizationSessionTest, InvalidateUser) { // Add a readWrite user - ASSERT_OK(managerState->insertPrivilegeDocument("test", - BSON("user" << "spencer" << - "pwd" << "a" << - "roles" << BSON_ARRAY("readWrite")))); + ASSERT_OK(managerState->insertPrivilegeDocument("admin", + BSON("name" << "spencer" << + "source" << "test" << + "credentials" << BSON("MONGODB-CR" << "a") << + "roles" << BSON_ARRAY(BSON("name" << "readWrite" << + "source" << "test" << + "hasRole" << true << + "canDelegate" << false))))); ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); ASSERT_TRUE(authzSession->checkAuthorization("test", ActionType::find)); @@ -137,10 +153,14 @@ namespace { // Change the user to be read-only managerState->clearPrivilegeDocuments(); - ASSERT_OK(managerState->insertPrivilegeDocument("test", - BSON("user" << "spencer" << - "pwd" << "a" << - "roles" << BSON_ARRAY("read")))); + ASSERT_OK(managerState->insertPrivilegeDocument("admin", + BSON("name" << "spencer" << + "source" << "test" << + "credentials" << BSON("MONGODB-CR" << "a") << + "roles" << BSON_ARRAY(BSON("name" << "read" << + "source" << "test" << + "hasRole" << true << + "canDelegate" << false))))); // Make sure that invalidating the user causes the session to reload its privileges. authzManager->invalidateUser(user); @@ -161,10 +181,14 @@ namespace { TEST_F(AuthorizationSessionTest, UseOldUserInfoInFaceOfConnectivityProblems) { // Add a readWrite user - ASSERT_OK(managerState->insertPrivilegeDocument("test", - BSON("user" << "spencer" << - "pwd" << "a" << - "roles" << BSON_ARRAY("readWrite")))); + ASSERT_OK(managerState->insertPrivilegeDocument("admin", + BSON("name" << "spencer" << + "source" << "test" << + "credentials" << BSON("MONGODB-CR" << "a") << + "roles" << BSON_ARRAY(BSON("name" << "readWrite" << + "source" << "test" << + "hasRole" << true << + "canDelegate" << false))))); ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); ASSERT_TRUE(authzSession->checkAuthorization("test", ActionType::find)); @@ -176,10 +200,14 @@ namespace { // Change the user to be read-only managerState->setFindsShouldFail(true); managerState->clearPrivilegeDocuments(); - ASSERT_OK(managerState->insertPrivilegeDocument("test", - BSON("user" << "spencer" << - "pwd" << "a" << - "roles" << BSON_ARRAY("read")))); + ASSERT_OK(managerState->insertPrivilegeDocument("admin", + BSON("name" << "spencer" << + "source" << "test" << + "credentials" << BSON("MONGODB-CR" << "a") << + "roles" << BSON_ARRAY(BSON("name" << "read" << + "source" << "test" << + "hasRole" << true << + "canDelegate" << false))))); // Even though the user's privileges have been reduced, since we've configured user // document lookup to fail, the authz session should continue to use its known out-of-date @@ -191,15 +219,17 @@ namespace { TEST_F(AuthorizationSessionTest, ImplicitAcquireFromSomeDatabasesWithV1Users) { - managerState->insertPrivilegeDocument("test", + authzManager->setAuthorizationVersion(1); + + managerState->insert(NamespaceString("test.system.users"), BSON("user" << "andy" << "pwd" << "a" << "roles" << BSON_ARRAY("readWrite"))); - managerState->insertPrivilegeDocument("test2", + managerState->insert(NamespaceString("test2.system.users"), BSON("user" << "andy" << "userSource" << "test" << "roles" << BSON_ARRAY("read"))); - managerState->insertPrivilegeDocument("admin", + managerState->insert(NamespaceString("admin.system.users"), BSON("user" << "andy" << "userSource" << "test" << "roles" << BSON_ARRAY("clusterAdmin") << diff --git a/src/mongo/db/auth/authz_manager_external_state_mock.cpp b/src/mongo/db/auth/authz_manager_external_state_mock.cpp index 82afca81614..e5fbbbc4853 100644 --- a/src/mongo/db/auth/authz_manager_external_state_mock.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_mock.cpp @@ -43,7 +43,7 @@ namespace mongo { Status AuthzManagerExternalStateMock::insertPrivilegeDocument(const std::string& dbname, const BSONObj& userObj) { - NamespaceString usersCollection(dbname + ".system.users"); + NamespaceString usersCollection("admin.system.users"); return insert(usersCollection, userObj); } diff --git a/src/mongo/shell/db.js b/src/mongo/shell/db.js index 0622e50b445..8b54e9f2430 100644 --- a/src/mongo/shell/db.js +++ b/src/mongo/shell/db.js @@ -283,7 +283,8 @@ DB.prototype.removeUser = function( username ){ return true; } - if (res.errmsg.startsWith("No users found on database")) { + var notFoundErrmsg = "User '" + username + "@" + this.getName() + "' not found"; + if (res.errmsg == notFoundErrmsg) { return false; } diff --git a/src/mongo/shell/utils.js b/src/mongo/shell/utils.js index df35d9b0cab..76a2d3c8a14 100644 --- a/src/mongo/shell/utils.js +++ b/src/mongo/shell/utils.js @@ -205,6 +205,8 @@ if ( typeof _threadInject != "undefined" ){ "jstests/extent.js", "jstests/indexb.js", "jstests/profile1.js", + "jstests/profile3.js", + "jstests/profile4.js", "jstests/mr3.js", "jstests/indexh.js", "jstests/apitest_db.js", @@ -229,7 +231,11 @@ if ( typeof _threadInject != "undefined" ){ ] ); // some tests can't be run in parallel with each other - var serialTestsArr = [ "jstests/fsync.js" + var serialTestsArr = [ "jstests/fsync.js", + "jstests/auth1.js", + "jstests/auth_copydb2.js", + "jstests/connection_status.js", + "jstests/validate_user_documents.js" // ,"jstests/fsync2.js" // SERVER-4243 ]; var serialTests = makeKeys( serialTestsArr ); @@ -396,6 +402,12 @@ jsTest.path = jsTestPath jsTest.options = jsTestOptions jsTest.setOption = setJsTestOption jsTest.log = jsTestLog +jsTest.readOnlyUserRoles = ["read"] +jsTest.basicUserRoles = ["readWrite", "dbAdmin", "userAdmin"] +jsTest.adminUserRoles = ["clusterAdmin", + "userAdminAnyDatabase", + "dbAdminAnyDatabase", + "readWriteAnyDatabase"] jsTest.dir = function(){ return jsTest.path().replace( /\/[^\/]+$/, "/" ) @@ -424,7 +436,7 @@ jsTest.addAuth = function(conn) { } print ("Adding admin user on connection: " + localconn); return localconn.getDB('admin').addUser(jsTestOptions().adminUser, jsTestOptions().adminPassword, - false, 'majority', 60000); + jsTest.adminUserRoles, 'majority', 60000); } jsTest.authenticate = function(conn) { |