1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
//
// Tests of cleanupOrphaned command permissions.
//
(function() {
'use strict';
// TODO SERVER-35447: Multiple users cannot be authenticated on one connection within a session.
TestData.disableImplicitSessions = true;
function assertUnauthorized(res, msg) {
if (assert._debug && msg)
print("in assert for: " + msg);
if (res.ok == 0 &&
(res.errmsg.startsWith('not authorized') || res.errmsg.match(/requires authentication/)))
return;
var finalMsg = "command worked when it should have been unauthorized: " + tojson(res);
if (msg) {
finalMsg += " : " + msg;
}
doassert(finalMsg);
}
// TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed.
var st = new ShardingTest({
auth: true,
other: {keyFile: 'jstests/libs/key1', useHostname: false, shardAsReplicaSet: false}
});
var shardAdmin = st.shard0.getDB('admin');
shardAdmin.createUser({user: 'admin', pwd: 'x', roles: ['clusterAdmin', 'userAdminAnyDatabase']});
shardAdmin.auth('admin', 'x');
var mongos = st.s0;
var mongosAdmin = mongos.getDB('admin');
var coll = mongos.getCollection('foo.bar');
mongosAdmin.createUser({user: 'admin', pwd: 'x', roles: ['clusterAdmin', 'userAdminAnyDatabase']});
mongosAdmin.auth('admin', 'x');
assert.commandWorked(mongosAdmin.runCommand({enableSharding: coll.getDB().getName()}));
assert.commandWorked(
mongosAdmin.runCommand({shardCollection: coll.getFullName(), key: {_id: 'hashed'}}));
// cleanupOrphaned requires auth as admin user.
assert.commandWorked(shardAdmin.logout());
assertUnauthorized(shardAdmin.runCommand({cleanupOrphaned: 'foo.bar'}));
var fooDB = st.shard0.getDB('foo');
shardAdmin.auth('admin', 'x');
fooDB.createUser({user: 'user', pwd: 'x', roles: ['readWrite', 'dbAdmin']});
shardAdmin.logout();
fooDB.auth('user', 'x');
assertUnauthorized(shardAdmin.runCommand({cleanupOrphaned: 'foo.bar'}));
st.stop();
})();
|
