summaryrefslogtreecommitdiff
path: root/jstests/noPassthrough/auth_reject_mismatching_logical_times.js
blob: c19d7b368879736184490c0a1c756141e3dac3f7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

/**
 * Verifies mismatching cluster time objects are rejected by a sharded cluster when auth is on. In
 * noPassthrough because auth is manually set.
 */
(function() {
    "use strict";

    // Given a valid cluster time object, returns one with the same signature, but a mismatching
    // cluster time.
    function mismatchingLogicalTime(lt) {
        return Object.merge(lt, {clusterTime: Timestamp(lt.clusterTime.getTime() + 100, 0)});
    }

    function assertRejectsMismatchingLogicalTime(db) {
        let validTime = db.runCommand({isMaster: 1}).$clusterTime;
        let mismatchingTime = mismatchingLogicalTime(validTime);

        assert.commandFailedWithCode(
            db.runCommand({isMaster: 1, $clusterTime: mismatchingTime}),
            ErrorCodes.TimeProofMismatch,
            "expected command with mismatching cluster time and signature to be rejected");
    }

    function assertAcceptsValidLogicalTime(db) {
        let validTime = db.runCommand({isMaster: 1}).$clusterTime;
        assert.commandWorked(
            testDB.runCommand({isMaster: 1, $clusterTime: validTime}),
            "expected command with valid cluster time and signature to be accepted");
    }

    // Start the sharding test with auth on.
    const st = new ShardingTest({
        mongos: 1,
        manualAddShard: true,
        mongosWaitsForKeys: true,
        other: {keyFile: "jstests/libs/key1"}
    });

    // Create admin user and authenticate as them.
    st.s.getDB("admin").createUser({user: "foo", pwd: "bar", roles: jsTest.adminUserRoles});
    st.s.getDB("admin").auth("foo", "bar");

    // Add shard with auth enabled.
    const rst = new ReplSetTest({nodes: 2});
    rst.startSet({keyFile: "jstests/libs/key1", shardsvr: ""});
    rst.initiate();
    assert.commandWorked(st.s.adminCommand({addShard: rst.getURL()}));

    const testDB = st.s.getDB("test");

    // Unsharded collections reject mismatching cluster times and accept valid ones.
    assertRejectsMismatchingLogicalTime(testDB);
    assertAcceptsValidLogicalTime(testDB);

    // Initialize sharding.
    assert.commandWorked(testDB.adminCommand({enableSharding: "test"}));
    assert.commandWorked(
        testDB.adminCommand({shardCollection: testDB.foo.getFullName(), key: {_id: 1}}));

    // Sharded collections reject mismatching cluster times and accept valid ones.
    assertRejectsMismatchingLogicalTime(testDB);
    assertAcceptsValidLogicalTime(testDB);

    // Shards and config servers also reject mismatching times and accept valid ones.
    assertRejectsMismatchingLogicalTime(rst.getPrimary().getDB("test"));
    assertAcceptsValidLogicalTime(rst.getPrimary().getDB("test"));
    assertRejectsMismatchingLogicalTime(st.configRS.getPrimary().getDB("admin"));
    assertAcceptsValidLogicalTime(st.configRS.getPrimary().getDB("admin"));

    st.stop();
    rst.stopSet();
})();
View Lorry Controller Status