1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
(function() {
"use strict";
var conn;
var admin;
conn = MongoRunner.runMongod({auth: "", nojournal: ""});
admin = conn.getDB("admin");
admin.createUser({user: 'admin', pwd: 'admin', roles: jsTest.adminUserRoles});
admin.auth("admin", "admin");
result = admin.runCommand({
createRole: 'impersonate',
privileges: [{resource: {cluster: true}, actions: ['impersonate']}],
roles: []
});
assert.commandWorked(result, "couldn't make impersonate role");
admin.createUser({user: 'internal', pwd: 'pwd', roles: ['impersonate']});
// Test that we cannot run refreshSessions unauthenticated if --auth is on.
var result = admin.runCommand({refreshSessionsInternal: []});
assert.commandFailed(result, "able to run refreshSessionsInternal without authenticating");
// Test that we cannot run refreshSessionsInternal without impersonate privileges.
admin.auth("admin", "admin");
result = admin.runCommand({refreshSessionsInternal: []});
assert.commandFailed(result, "able to run refreshSessions without impersonate privileges");
admin.logout();
// Test that we can run refreshSessionsInternal if we can impersonate.
admin.auth("internal", "pwd");
result = admin.runCommand({refreshSessionsInternal: []});
assert.commandWorked(result, "unable to run command with impersonate privileges");
MongoRunner.stopMongod(conn);
})();
|
