summaryrefslogtreecommitdiff
path: root/jstests/serverless/multitenancy_initial_sync_fails_no_auth_schema.js
blob: 8ece3da24a266e5d9db13a63cc66cf92c2648728 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

/**
 * This test checks that initial sync fails when an auth schema doc does not exist in the global
 * admin database, but a user exists in a tenant's user collection.
 */

(function() {
"use strict";

load("jstests/replsets/rslib.js");  // For reInitiateWithoutThrowingOnAbortedMember

const rst = new ReplSetTest({
    nodes: 1,
    nodeOptions:
        {auth: '', setParameter: {multitenancySupport: true, featureFlagRequireTenantID: true}}
});
rst.startSet({keyFile: 'jstests/libs/key1'});
rst.initiate();

const primary = rst.getPrimary();
const kTenant = ObjectId();

// Authenticate as the __system user so we can delete the auth schema doc.
const adminDb = primary.getDB('admin');
assert.commandWorked(
    adminDb.runCommand({createUser: 'internalUser', pwd: 'pwd', roles: ['__system']}));
assert(adminDb.auth('internalUser', 'pwd'));

// Create a tenant user.
assert.commandWorked(primary.getDB('$external').runCommand({
    createUser: "userTenant1",
    '$tenant': kTenant,
    roles: [{role: 'dbAdminAnyDatabase', db: 'admin'}, {role: 'readWriteAnyDatabase', db: 'admin'}]
}));

// Check we see a user doc in the tenant's admin.system.user collection.
let res =
    assert.commandWorked(adminDb.runCommand({find: "system.users", filter: {}, $tenant: kTenant}));
assert.eq(1, res.cursor.firstBatch.length);

// Delete the auth schema doc. This should cause initial sync to fail, because a user exists
// without an auth schema doc.
res = assert.commandWorked(adminDb.runCommand(
    {delete: "system.version", deletes: [{q: {"_id": "authSchema"}, limit: 1}]}));
assert.eq(1, res.n);

// Attempt to add a secondary to the replica set - initial sync should fail.
const secondary = rst.add({
    setParameter:
        {multitenancySupport: true, featureFlagRequireTenantID: true, numInitialSyncAttempts: 1}
});

const secondaryAdminDB = secondary.getDB("admin");
reInitiateWithoutThrowingOnAbortedMember(rst);

assert.soon(
    function() {
        try {
            secondaryAdminDB.runCommand({ping: 1});
        } catch (e) {
            return true;
        }
        return false;
    },
    "Node should have terminated due to unsupported auth schema during initial sync, but didn't",
    60 * 1000);

rst.stop(secondary, undefined, {allowedExitCode: MongoRunner.EXIT_ABRUPT});
rst.stopSet();
})();
View Lorry Controller Status