1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
/**
* Verifies mismatching cluster time objects are rejected by a sharded cluster when auth is on. In
* noPassthrough because auth is manually set.
* @tags: [
* requires_replication,
* requires_sharding,
* ]
*/
(function() {
"use strict";
// Given a valid cluster time object, returns one with the same signature, but a mismatching
// cluster time.
function mismatchingLogicalTime(lt) {
return Object.merge(lt, {clusterTime: Timestamp(lt.clusterTime.getTime() + 100, 0)});
}
function assertRejectsMismatchingLogicalTime(db) {
let validTime = db.runCommand({hello: 1}).$clusterTime;
let mismatchingTime = mismatchingLogicalTime(validTime);
assert.commandFailedWithCode(
db.runCommand({hello: 1, $clusterTime: mismatchingTime}),
ErrorCodes.TimeProofMismatch,
"expected command with mismatching cluster time and signature to be rejected");
}
function assertAcceptsValidLogicalTime(db) {
let validTime = db.runCommand({hello: 1}).$clusterTime;
assert.commandWorked(testDB.runCommand({hello: 1, $clusterTime: validTime}),
"expected command with valid cluster time and signature to be accepted");
}
// Start the sharding test with auth on.
const st =
new ShardingTest({mongos: 1, manualAddShard: true, other: {keyFile: "jstests/libs/key1"}});
// Create admin user and authenticate as them.
st.s.getDB("admin").createUser({user: "foo", pwd: "bar", roles: jsTest.adminUserRoles});
st.s.getDB("admin").auth("foo", "bar");
// Add shard with auth enabled.
const rst = new ReplSetTest({nodes: 2});
rst.startSet({keyFile: "jstests/libs/key1", shardsvr: ""});
rst.initiateWithAnyNodeAsPrimary(
null, "replSetInitiate", {doNotWaitForStableRecoveryTimestamp: true});
assert.commandWorked(st.s.adminCommand({addShard: rst.getURL()}));
const testDB = st.s.getDB("test");
// Unsharded collections reject mismatching cluster times and accept valid ones.
assertRejectsMismatchingLogicalTime(testDB);
assertAcceptsValidLogicalTime(testDB);
// Initialize sharding.
assert.commandWorked(testDB.adminCommand({enableSharding: "test"}));
assert.commandWorked(
testDB.adminCommand({shardCollection: testDB.foo.getFullName(), key: {_id: 1}}));
// Sharded collections reject mismatching cluster times and accept valid ones.
assertRejectsMismatchingLogicalTime(testDB);
assertAcceptsValidLogicalTime(testDB);
// Shards and config servers also reject mismatching times and accept valid ones.
assertRejectsMismatchingLogicalTime(rst.getPrimary().getDB("test"));
assertAcceptsValidLogicalTime(rst.getPrimary().getDB("test"));
assertRejectsMismatchingLogicalTime(st.configRS.getPrimary().getDB("admin"));
assertAcceptsValidLogicalTime(st.configRS.getPrimary().getDB("admin"));
st.stop();
rst.stopSet();
})();
|