summaryrefslogtreecommitdiff
path: root/jstests/sharding/advance_cluster_time_action_type.js
blob: 676dde8b62e4acdd5dff6cf735c196390719b022 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

/**
 * Test a role with an advanceClusterTime action type.
 */

(function() {
    "use strict";

    // TODO SERVER-35447: Multiple users cannot be authenticated on one connection within a session.
    TestData.disableImplicitSessions = true;

    // TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed.
    let st = new ShardingTest({
        mongos: 1,
        config: 1,
        shards: 1,
        keyFile: 'jstests/libs/key1',
        other: {shardAsReplicaSet: false}
    });

    let adminDB = st.s.getDB('admin');

    assert.commandWorked(adminDB.runCommand({createUser: "admin", pwd: "admin", roles: ["root"]}));
    assert.eq(1, adminDB.auth("admin", "admin"));

    assert.commandWorked(adminDB.runCommand({
        createRole: "advanceClusterTimeRole",
        privileges: [{resource: {cluster: true}, actions: ["advanceClusterTime"]}],
        roles: []
    }));

    let testDB = adminDB.getSiblingDB("testDB");

    assert.commandWorked(
        testDB.runCommand({createUser: 'NotTrusted', pwd: 'pwd', roles: ['readWrite']}));
    assert.commandWorked(testDB.runCommand({
        createUser: 'Trusted',
        pwd: 'pwd',
        roles: [{role: 'advanceClusterTimeRole', db: 'admin'}, 'readWrite']
    }));
    assert.eq(1, testDB.auth("NotTrusted", "pwd"));

    let res = testDB.runCommand({insert: "foo", documents: [{_id: 0}]});
    assert.commandWorked(res);

    let clusterTime = Object.assign({}, res.$clusterTime);
    let clusterTimeTS = new Timestamp(clusterTime.clusterTime.getTime() + 1000, 0);
    clusterTime.clusterTime = clusterTimeTS;

    const cmdObj = {find: "foo", limit: 1, singleBatch: true, $clusterTime: clusterTime};
    jsTestLog("running NonTrusted. command: " + tojson(cmdObj));
    res = testDB.runCommand(cmdObj);
    assert.commandFailed(res, "Command request was: " + tojsononeline(cmdObj));

    assert.eq(1, testDB.auth("Trusted", "pwd"));
    jsTestLog("running Trusted. command: " + tojson(cmdObj));
    res = testDB.runCommand(cmdObj);
    assert.commandWorked(res, "Command request was: " + tojsononeline(cmdObj));

    testDB.logout();

    st.stop();
})();
View Lorry Controller Status