summaryrefslogtreecommitdiff
path: root/jstests/tool/dumprestore_auth.js
blob: 4bda54a5bdc9c5a3759c510e37673f09240a9831 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

// dumprestore_auth.js


t = new ToolTest("dumprestore_auth", { auth : "" });

c = t.startDB("foo");
var dbName = c.getDB().toString();
print("DB is ",dbName);

adminDB = c.getDB().getSiblingDB('admin');
adminDB.createUser({user: 'admin', pwd: 'password', roles: ['root']});
adminDB.auth('admin','password');
adminDB.createUser({user: 'backup', pwd: 'password', roles: ['backup']});
adminDB.createUser({user: 'restore', pwd: 'password', roles: ['restore']});

// Add user defined roles & users with those roles
var testUserAdmin = c.getDB().getSiblingDB(dbName);
var backupActions = ["find","listCollections", "listIndexes"];
testUserAdmin.createRole({role: "backupFoo",
   privileges: [{resource: {db: dbName, collection: "foo"}, actions:backupActions},
                {resource: {db: dbName, collection: "" },
                 actions: backupActions}],
   roles: []});
testUserAdmin.createUser({user: 'backupFoo', pwd: 'password', roles: ['backupFoo']});

var restoreActions = ["collMod", "createCollection","createIndex","dropCollection","insert","listCollections","listIndexes"];
var restoreActionsFind = restoreActions;
restoreActionsFind.push("find");
testUserAdmin.createRole({role: "restoreChester",
       privileges: [{resource: {db: dbName, collection: "chester"}, actions: restoreActions},
                {resource: {db: dbName, collection: ""}, actions:["listCollections","listIndexes"]},
                ],
       roles: []});
testUserAdmin.createRole({role: "restoreFoo",
       privileges: [{resource: {db: dbName, collection: "foo"}, actions:restoreActions},
                {resource: {db: dbName, collection: ""}, actions:["listCollections","listIndexes"]},
                ],
       roles: []});
testUserAdmin.createUser({user: 'restoreChester', pwd: 'password', roles: ['restoreChester']});
testUserAdmin.createUser({user: 'restoreFoo', pwd: 'password', roles: ['restoreFoo']});

var sysUsers = adminDB.system.users.count();
assert.eq(0 , c.count() , "setup1");
c.save({ a : 22 });
assert.eq(1 , c.count() , "setup2");

assert.commandWorked(c.runCommand("collMod", {usePowerOf2Sizes: false}));

var collections = c.getDB().getCollectionInfos();
var fooColl = null;
collections.forEach(function(coll) {
    if (coll.name === "foo") {
        fooColl = coll;
    }
});
assert.neq(null, fooColl, "foo collection doesn't exist");
assert(!fooColl.options.flags, "find namespaces 1");

t.runTool("dump" , "--out" , t.ext, "--username", "backup", "--password", "password");

c.drop();
assert.eq(0 , c.count() , "after drop");

// Restore should fail without user & pass
t.runTool("restore" , "--dir" , t.ext, "--writeConcern" ,"0");
assert.eq(0 , c.count() , "after restore without auth");

// Restore should pass with authorized user
t.runTool("restore" , "--dir" , t.ext, "--username", "restore", "--password", "password", "--writeConcern", "0");
assert.soon("c.findOne()" , "no data after sleep");
assert.eq(1 , c.count() , "after restore 2");
assert.eq(22 , c.findOne().a , "after restore 2");

collections = c.getDB().getCollectionInfos();
fooColl = null;
collections.forEach(function(coll) {
    if (coll.name === "foo") {
        fooColl = coll;
    }
});
assert.neq(null, fooColl, "foo collection doesn't exist");
assert(!fooColl.options.flags, "find namespaces 2");

assert.eq(sysUsers, adminDB.system.users.count());

// Dump & restore DB/colection with user defined roles
t.runTool("dump" , "--out" , t.ext, "--username", "backupFoo", "--password", "password",
          "--db", dbName, "--collection", "foo");

c.drop();
assert.eq(0 , c.count() , "after drop");

// Restore with wrong user
t.runTool("restore" , "--username", "restoreChester", "--password", "password",
          "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson", "--writeConcern", "0");
assert.eq(0 , c.count() , "after restore with wrong user");

// Restore with proper user
t.runTool("restore" , "--username", "restoreFoo", "--password", "password",
          "--db", dbName, "--collection", "foo", t.ext+dbName+"/foo.bson", "--writeConcern", "0");
assert.soon("c.findOne()" , "no data after sleep");
assert.eq(1 , c.count() , "after restore 3");
assert.eq(22 , c.findOne().a , "after restore 3");

collections = c.getDB().getCollectionInfos();
fooColl = null;
collections.forEach(function(coll) {
    if (coll.name === "foo") {
        fooColl = coll;
    }
});
assert.neq(null, fooColl, "foo collection doesn't exist");
assert(!fooColl.options.flags, "find namespaces 3");

assert.eq(sysUsers, adminDB.system.users.count());

t.stop();
View Lorry Controller Status