jstests/auth/curop_auth_info.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

(function() {
    'use strict';

    const runTest = function(conn, failPointConn) {
        jsTestLog("Setting up users");
        const db = conn.getDB("admin");
        assert.commandWorked(
            db.runCommand({createUser: "admin", pwd: "pwd", roles: jsTest.adminUserRoles}));
        assert.eq(db.auth("admin", "pwd"), 1);
        assert.commandWorked(db.runCommand({createUser: "testuser", pwd: "pwd", roles: []}));
        db.grantRolesToUser("testuser", [{role: "readWrite", db: "test"}]);

        const queryFn = function() {
            assert.eq(db.getSiblingDB("admin").auth("testuser", "pwd"), 1);
            let testDB = db.getSiblingDB("test");
            testDB.test.insert({});
            assert.eq(testDB.test.find({}).comment("curop_auth_info.js query").itcount(), 1);
        };

        jsTestLog("blocking finds and starting parallel shell to create op");
        assert.commandWorked(failPointConn.getDB("admin").runCommand(
            {configureFailPoint: "waitInFindBeforeMakingBatch", mode: "alwaysOn"}));
        let finderWait = startParallelShell(queryFn, conn.port);
        let myOp;

        assert.soon(function() {
            const curOpResults = db.runCommand({currentOp: 1});
            assert.commandWorked(curOpResults);
            print(tojson(curOpResults));
            const myOps = curOpResults["inprog"].filter((op) => {
                return (op["command"]["comment"] == "curop_auth_info.js query");
            });

            if (myOps.length == 0) {
                return false;
            }
            myOp = myOps[0];
            return true;
        });

        jsTestLog("found op");
        assert.commandWorked(failPointConn.getDB("admin").runCommand(
            {configureFailPoint: "waitInFindBeforeMakingBatch", mode: "off"}));
        finderWait();

        const authedUsers = myOp["effectiveUsers"];
        const impersonators = myOp["runBy"];
        print(tojson(authedUsers), tojson(impersonators));
        if (impersonators) {
            assert.eq(authedUsers.length, 1);
            assert.docEq(authedUsers[0], {user: "testuser", db: "admin"});
            assert(impersonators);
            assert.eq(impersonators.length, 1);
            assert.docEq(impersonators[0], {user: "__system", db: "local"});
        } else {
            assert(authedUsers);
            assert.eq(authedUsers.length, 1);
            assert.docEq(authedUsers[0], {user: "testuser", db: "admin"});
        }
    };

    const m = MongoRunner.runMongod();
    runTest(m, m);
    MongoRunner.stopMongod(m);

    const st = new ShardingTest({
        shards: 1,
        mongos: 1,
        config: 1,
        keyFile: 'jstests/libs/key1',
        other: {
            shardAsReplicaSet: false,
        }
    });
    runTest(st.s0, st.d0);
    st.stop();
})();