1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
/**
* This test checks that cluster IP whitelists can be set and respected.
*/
(function() {
'use strict';
print("When whitelist is empty, the server does not start.");
assert.eq(null,
MongoRunner.runMongod(
{auth: null, keyFile: "jstests/libs/key1", clusterIpSourceWhitelist: ""}));
function testIpWhitelist(description, whitelistString, authResult) {
print(description);
var conn = MongoRunner.runMongod(
{auth: null, keyFile: "jstests/libs/key1", clusterIpSourceWhitelist: whitelistString});
assert.eq(authResult, conn.getDB("local").auth("__system", "foopdedoop"));
MongoRunner.stopMongod(conn);
}
testIpWhitelist(
"When 127.0.0.1 is whitelisted, a client connected via localhost may auth as __system.",
"127.0.0.1",
true);
testIpWhitelist(
"When 127.0.0.0 is whitelisted as a 24-bit CIDR block, a client connected via localhost may auth as __system.",
"127.0.0.0/24",
true);
testIpWhitelist(
"When 127.0.0.5 is whitelisted as a 24-bit CIDR block, a client connected via localhost may auth as __system.",
"127.0.0.5/24",
true);
testIpWhitelist(
"When 127.0.0.0 is whitelisted as a 8-bit CIDR block, a client connected via localhost may auth as __system.",
"127.0.0.0/8",
true);
testIpWhitelist(
"When the IP block reserved for documentation and the 127.0.0.0/8 block are both whitelisted, a client connected via localhost may auth as __system.",
"192.0.2.0/24,127.0.0.0/8",
true);
testIpWhitelist(
"When 127.0.0.0/8 and the IP block reserved for documentation are both whitelisted, a client connected via localhost may auth as __system.",
"127.0.0.0/8,192.0.2.0/24",
true);
testIpWhitelist(
"When the IP block reserved for documentation and examples is whitelisted, a client connected via localhost may not auth as __system.",
"192.0.2.0/24",
false);
}());
|
