jstests/ssl/libs/ssl_x509_role_auth.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

// Helper script used to validate login as x509 auth with a certificate with roles works.
(function() {
    "use strict";

    // Auth as user in certificate
    let ret = db.getSiblingDB("$external").auth({
        mechanism: "MONGODB-X509",
        user:
            "CN=Kernel Client Peer Role,OU=Kernel Users,O=MongoDB,L=New York City,ST=New York,C=US"
    });
    assert.eq(ret, 1, "Auth failed");

    // Validate active roles
    let connStatus = db.runCommand('connectionStatus');
    assert.commandWorked(connStatus);

    let expectedRoles =
        [{"role": "backup", "db": "admin"}, {"role": "readAnyDatabase", "db": "admin"}];
    assert.sameMembers(connStatus.authInfo.authenticatedUserRoles, expectedRoles);
}());