From 5a55760e7dfa3d637c547d5d8f04719503674e7d Mon Sep 17 00:00:00 2001 From: Randolph Tan Date: Wed, 11 Jul 2012 14:07:15 -0400 Subject: SERVER-6334 ReplSet connections magically gets reauthenticated after logging out Make sure DBClientReplicaSet clears it's auth table entries whenever user logs out. --- jstests/sharding/auth_repl.js | 86 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) (limited to 'jstests/sharding/auth_repl.js') diff --git a/jstests/sharding/auth_repl.js b/jstests/sharding/auth_repl.js index 02b13e03812..e732dee0036 100644 --- a/jstests/sharding/auth_repl.js +++ b/jstests/sharding/auth_repl.js @@ -1,5 +1,5 @@ -var replTest = new ReplSetTest({ nodes: 3, useHostName : false }); -replTest.startSet({ oplogSize: 10, keyFile: 'jstests/libs/key1' }); +var replTest = new ReplSetTest({ nodes: 3, useHostName : false, keyFile: 'jstests/libs/key1' }); +replTest.startSet({ oplogSize: 10 }); replTest.initiate(); replTest.awaitSecondaryNodes(); @@ -47,5 +47,87 @@ conn.setSlaveOk(false); doc = testColl.findOne(); assert(doc != null); +var queryToPriShouldFail = function() { + conn.setSlaveOk(false); + + assert.throws(function() { + testColl.findOne(); + }); + + // should still not work even after retrying + assert.throws(function() { + testColl.findOne(); + }); +}; + +var queryToSecShouldFail = function() { + conn.setSlaveOk(true); + + assert.throws(function() { + testColl.findOne(); + }); + + // should still not work even after retrying + assert.throws(function() { + testColl.findOne(); + }); + + // Query to secondary using readPref + assert.throws(function() { + testColl.find().readPref('secondary').next(); + }); + + // should still not work even after retrying + assert.throws(function() { + testColl.find().readPref('secondary').next(); + }); +}; + +assert(testDB.logout().ok); + +jsTest.log('Sending an unauthorized query that should fail'); +queryToPriShouldFail(); +queryToSecShouldFail(); + +// Repeat logout test, with secondary first, then primary +assert.eq(1, testDB.auth('a', 'a')); +assert(testDB.logout().ok); + +// re-initialize the underlying connections to primary and secondary +jsTest.log('Sending an unauthorized query that should still fail'); +queryToSecShouldFail(); +queryToPriShouldFail(); + +// Repeat logout test, now with the cached secondary down +assert.eq(1, testDB.auth('a', 'a')); + +// Find out the current cached secondary in the repl connection +conn.setSlaveOk(true); +var secHost = testColl.find().readPref('secondary').explain().server; +var secNodeIdx = -1; +var secPortStr = secHost.split(':')[1]; + +for (var x = 0; x < nodeCount; x++) { + var nodePortStr = replTest.nodes[x].host.split(':')[1]; + + if (nodePortStr == secPortStr) { + secNodeIdx = x; + } +} + +assert(secNodeIdx >= 0); // test sanity check + +// Kill the cached secondary +replTest.stop(secNodeIdx, 15, true, { auth: { user: 'user', pwd: 'user' }}); + +assert(testDB.logout().ok); + +replTest.restart(secNodeIdx); +replTest.awaitSecondaryNodes(); + +jsTest.log('Sending an unauthorized query after restart that should still fail'); +queryToSecShouldFail(); +queryToPriShouldFail(); + replTest.stopSet(); -- cgit v1.2.1