jstests/sharding/commands_that_write_accept_wc_configRS.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

/**
 * This file tests that commands that do writes accept a write concern in a sharded cluster. This
 * test defines various database commands and what they expect to be true before and after the fact.
 * It then runs the commands with various invalid writeConcerns and valid writeConcerns and
 * ensures that they succeed and fail appropriately. For the valid writeConcerns, the test stops
 * replication between nodes to make sure the write concern is actually being waited for. This only
 * tests commands that get sent to config servers and must have w: majority specified. If these
 * commands fail, they should return an actual error, not just a writeConcernError.
 *
 * This test is labeled resource intensive because its total io_write is 70MB compared to a median
 * of 5MB across all sharding tests in wiredTiger.
 * @tags: [resource_intensive]
 */
load('jstests/libs/write_concern_util.js');
load('jstests/multiVersion/libs/auth_helpers.js');

(function() {
"use strict";

// Multiple users cannot be authenticated on one connection within a session.
TestData.disableImplicitSessions = true;

const st = new ShardingTest({
    // Set priority of secondaries to zero to prevent spurious elections.
    shards: {
        rs0: {
            nodes: [{}, {rsConfig: {priority: 0}}, {rsConfig: {priority: 0}}],
            settings: {chainingAllowed: false}
        },
        rs1: {
            nodes: [{}, {rsConfig: {priority: 0}}, {rsConfig: {priority: 0}}],
            settings: {chainingAllowed: false}
        }
    },
    configReplSetTestOptions: {settings: {chainingAllowed: false}},
    mongos: 1
});

const mongos = st.s;
const dbName = "wc-test-configRS";
const adminDB = mongos.getDB('admin');
// A database connection on a local shard, rather than through the mongos.
const localDB = st.shard0.getDB('localWCTest');

// Separate unauthenticated channel for use in confirmFunc().
// The sharding_auth suite will stealth-authenticate us,
// using the local.__system account, so we must explicitly deauth.
// Since mongos has no 'local' database, we use the test-mode workaround
// via admin DB found in the implementation of the LogoutCommand.
const noauthConn = new Mongo(mongos.host);
noauthConn.getDB('admin').logout();

// We get new databases because we do not want to reuse dropped databases that may be in a
// bad state. This test calls dropDatabase when config server secondary nodes are down, so the
// command fails after only the database metadata is dropped from the config servers, but the
// data on the shards still remains. This makes future operations, such as moveChunk, fail.
let db = mongos.getDB(dbName);
let noauthDB = noauthConn.getDB(dbName);
let counter = 0;
const collName = 'leaves';
let coll = db[collName];
function getNewDB() {
    db = mongos.getDB(dbName + counter);
    noauthDB = noauthConn.getDB(dbName + counter);
    counter++;
    coll = db[collName];
}

function dropTestData() {
    st.configRS.awaitReplication();
    st.rs0.awaitReplication();
    st.rs1.awaitReplication();
    db.dropUser('username');
    db.dropUser('user1');
    localDB.dropUser('user2');
    assert(!noauthDB.auth("username", "password"), "auth should have failed");
    getNewDB();
}

// Commands in 'commands' will accept any valid writeConcern.
const commands = [];

commands.push({
    req: {createUser: 'username', pwd: 'password', roles: jsTest.basicUserRoles},
    setupFunc: function() {},
    confirmFunc: function() {
        assert(noauthDB.auth("username", "password"), "auth failed");
        noauthDB.logout();
    },
    requiresMajority: true,
    runsOnShards: false,
    failsOnShards: false,
    admin: false
});

commands.push({
    req: {updateUser: 'username', pwd: 'password2', roles: jsTest.basicUserRoles},
    setupFunc: function() {
        db.runCommand({createUser: 'username', pwd: 'password', roles: jsTest.basicUserRoles});
    },
    confirmFunc: function() {
        assert(!noauthDB.auth("username", "password"), "auth should have failed");
        assert(noauthDB.auth("username", "password2"), "auth failed");
        noauthDB.logout();
    },
    requiresMajority: true,
    runsOnShards: false,
    admin: false
});

commands.push({
    req: {dropUser: 'tempUser'},
    setupFunc: function() {
        assert.commandWorked(
            db.runCommand({createUser: 'tempUser', pwd: 'password', roles: jsTest.basicUserRoles}));
        assert(noauthDB.auth("tempUser", "password"), "auth failed");
        noauthDB.logout();
    },
    confirmFunc: function() {
        assert(!noauthDB.auth("tempUser", "password"), "auth should have failed");
    },
    requiresMajority: true,
    runsOnShards: false,
    failsOnShards: false,
    admin: false
});

function testInvalidWriteConcern(wc, cmd) {
    if (wc.w === 2 && !cmd.requiresMajority) {
        return;
    }
    cmd.req.writeConcern = wc;
    jsTest.log("Testing " + tojson(cmd.req));

    dropTestData();
    cmd.setupFunc();
    const res = runCommandCheckAdmin(db, cmd);
    assert.commandFailed(res);
    assert(!res.writeConcernError,
           'bad writeConcern on config server had writeConcernError. ' +
               tojson(res.writeConcernError));
}

function runCommandFailOnShardsPassOnConfigs(cmd) {
    // This command is run on the shards in addition to the config servers.
    if (cmd.runsOnShards) {
        if (cmd.failsOnShards) {
            // This command fails when there is a writeConcernError on the shards.
            // We set the timeout high enough that the command should not time out against the
            // config server, but not exorbitantly high, because it will always time out against
            // shards and so will increase the runtime of this test.
            cmd.req.writeConcern.wtimeout = 15 * 1000;
            const res = runCommandCheckAdmin(db, cmd);
            restartReplicationOnAllShards(st);
            assert.commandFailed(res);
            assert(!res.writeConcernError,
                   'command on config servers with a paused replicaset had writeConcernError: ' +
                       tojson(res));
        } else {
            // This command passes and returns a writeConcernError when there is a
            // writeConcernError on the shards.
            // We set the timeout high enough that the command should not time out against the
            // config server, but not exorbitantly high, because it will always time out against
            // shards and so will increase the runtime of this test.
            cmd.req.writeConcern.wtimeout = 15 * 1000;
            const res = runCommandCheckAdmin(db, cmd);
            restartReplicationOnAllShards(st);
            assert.commandWorked(res);
            cmd.confirmFunc();
            assertWriteConcernError(res);
        }
    } else {
        // This command is only run on the config servers and so should pass when shards are
        // not replicating.
        const res = runCommandCheckAdmin(db, cmd);
        restartReplicationOnAllShards(st);
        assert.commandWorked(res);
        cmd.confirmFunc();
        assert(!res.writeConcernError,
               'command on config servers with a paused replicaset had writeConcernError: ' +
                   tojson(res));
    }
}

function testValidWriteConcern(wc, cmd) {
    cmd.req.writeConcern = wc;
    jsTest.log("Testing " + tojson(cmd.req));

    dropTestData();
    cmd.setupFunc();

    // Command with a full cluster should succeed.
    let res = runCommandCheckAdmin(db, cmd);
    assert.commandWorked(res);
    assert(!res.writeConcernError,
           'command on a full cluster had writeConcernError: ' + tojson(res));

    cmd.confirmFunc();

    dropTestData();
    cmd.setupFunc();

    // Stop replication at all shard secondaries.
    stopReplicationOnSecondariesOfAllShards(st);

    // Command is running on full config server replica set but a majority of a shard's
    // nodes are down.
    runCommandFailOnShardsPassOnConfigs(cmd);

    dropTestData();
    cmd.setupFunc();

    // Stop replication at all config server secondaries and all shard secondaries.
    stopReplicationOnSecondariesOfAllShards(st);
    st.configRS.awaitReplication();
    stopReplicationOnSecondaries(st.configRS, false /* changeReplicaSetDefaultWCToLocal */);

    // Command should fail after two config servers are not replicating.
    cmd.req.writeConcern.wtimeout = 3000;
    res = runCommandCheckAdmin(db, cmd);
    restartReplicationOnAllShards(st);
    assert.commandFailed(res);
    assert(
        !res.writeConcernError,
        'command on config servers with a paused replicaset had writeConcernError: ' + tojson(res));
}

const majorityWC = {
    w: 'majority',
    wtimeout: ReplSetTest.kDefaultTimeoutMS
};

// Config server commands require w: majority writeConcerns.
const nonMajorityWCs = [{w: 'invalid'}, {w: 2}];

commands.forEach(function(cmd) {
    nonMajorityWCs.forEach(function(wc) {
        testInvalidWriteConcern(wc, cmd);
    });
    testValidWriteConcern(majorityWC, cmd);
});

st.stop();
})();