/**
 * This test checks that cluster IP whitelists can be set and respected.
 */

(function() {
'use strict';

print("When whitelist is empty, the server does not start.");
assert.eq(null,
          MongoRunner.runMongod(
              {auth: null, keyFile: "jstests/libs/key1", clusterIpSourceWhitelist: ""}));

function testIpWhitelist(description, whitelistString, authResult) {
    print(description);

    var conn = MongoRunner.runMongod(
        {auth: null, keyFile: "jstests/libs/key1", clusterIpSourceWhitelist: whitelistString});
    assert.eq(authResult, conn.getDB("local").auth("__system", "foopdedoop"));
    MongoRunner.stopMongod(conn);
}

testIpWhitelist(
    "When 127.0.0.1 is whitelisted, a client connected via localhost may auth as __system.",
    "127.0.0.1",
    true);

testIpWhitelist(
    "When 127.0.0.0 is whitelisted as a 24-bit CIDR block, a client connected via localhost may auth as __system.",
    "127.0.0.0/24",
    true);

testIpWhitelist(
    "When 127.0.0.5 is whitelisted as a 24-bit CIDR block, a client connected via localhost may auth as __system.",
    "127.0.0.5/24",
    true);

testIpWhitelist(
    "When 127.0.0.0 is whitelisted as a 8-bit CIDR block, a client connected via localhost may auth as __system.",
    "127.0.0.0/8",
    true);

testIpWhitelist(
    "When the IP block reserved for documentation and the 127.0.0.0/8 block are both whitelisted, a client connected via localhost may auth as __system.",
    "192.0.2.0/24,127.0.0.0/8",
    true);

testIpWhitelist(
    "When 127.0.0.0/8 and the IP block reserved for documentation are both whitelisted, a client connected via localhost may auth as __system.",
    "127.0.0.0/8,192.0.2.0/24",
    true);

testIpWhitelist(
    "When the IP block reserved for documentation and examples is whitelisted, a client connected via localhost may not auth as __system.",
    "192.0.2.0/24",
    false);
}());