summaryrefslogtreecommitdiff
path: root/jstests/ssl/upgrade_noauth_to_x509_ssl.js
blob: 17b6ab30f215f82694000fb979cfb69944699a16 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

/**
 * This test checks the upgrade path from noauth/nossl to x509/requireSSL.
 *
 * NOTE: This test uses ssl communication and therefore cannot test modes that
 * do not allow ssl. The first step in the full upgrade process is to restart
 * the each node into the "transitionToX509AllowSSL" state and is tested in
 * the sslSpecial directory.
 *
 * This test requires users and data to persist across a restart.
 * @tags: [requires_persistence]
 */

load('jstests/ssl/libs/ssl_helpers.js');

(function() {
'use strict';
var dbName = 'upgradeToX509';

var transitionToX509AllowSSL =
    Object.merge(allowSSL, {transitionToAuth: '', clusterAuthMode: 'x509'});

// Undefine the flags we're replacing, otherwise upgradeSet will keep old values.
var x509RequireSSL =
    Object.merge(requireSSL, {transitionToAuth: undefined, clusterAuthMode: 'x509'});

var rst = new ReplSetTest({name: 'noauthSet', nodes: 3, nodeOptions: transitionToX509AllowSSL});
rst.startSet();
rst.initiate();

var rstConn1 = rst.getPrimary();
var testDB = rstConn1.getDB(dbName);

// Create a user to login when auth is enabled later
assert.commandWorked(rstConn1.adminCommand(
    {createUser: 'root', pwd: 'root', roles: ['root'], writeConcern: {w: 3}}));

assert.commandWorked(testDB.a.insert({a: 1, str: 'TESTTESTTEST'}));
assert.eq(1, testDB.a.count(), 'Error interacting with replSet');

print('=== UPGRADE transition to x509/allowSSL -> transition to x509/preferSSL ===');
rst.nodes.forEach(function(node) {
    assert.commandWorked(node.adminCommand({setParameter: 1, sslMode: "preferSSL"}));
});
rst.awaitSecondaryNodes();
testDB = rst.getPrimary().getDB(dbName);
assert.commandWorked(testDB.a.insert({a: 1, str: 'TESTTESTTEST'}));
assert.eq(2, testDB.a.count(), 'Error interacting with replSet');

print('=== UPGRADE transition to x509/preferSSL -> x509/requireSSL ===');
rst.upgradeSet(x509RequireSSL, 'root', 'root');

// upgradeSet leaves its connections logged in as root
testDB = rst.getPrimary().getDB(dbName);
assert.commandWorked(testDB.a.insert({a: 1, str: 'TESTTESTTEST'}));
assert.eq(3, testDB.a.count(), 'Error interacting with replSet');

rst.stopSet();
}());
View Lorry Controller Status