1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
// dumprestore_auth3.js
// Tests that mongodump and mongorestore properly handle access control information when doing
// single-db dumps and restores
// Runs the tool with the given name against the given mongod. If shutdownServer is true,
// first shuts down the mongod and uses the --dbpath option to the tool to operate on the data
// files directly
function runTool(toolName, mongod, shutdownServer, options) {
if (shutdownServer) {
MongoRunner.stopMongod(mongod);
var opts = {dbpath: mongod.fullOptions.pathOpts.dbpath};
Object.extend(opts, options);
assert(!MongoRunner.runMongoTool(toolName, opts));
mongod.fullOptions.restart = true;
return MongoRunner.runMongod(mongod.fullOptions);
} else {
var opts = {host: mongod.host};
Object.extend(opts, options);
assert(!MongoRunner.runMongoTool(toolName, opts));
return mongod;
}
}
// If shutdownServer is true, will run tools against shut down mongod, operating on the data
// files directly
function runTest(shutdownServer) {
var mongod = MongoRunner.runMongod();
var db = mongod.getDB("foo");
jsTestLog("Creating initial data");
db.createUser({user: 'user', pwd: 'password', roles: jsTest.basicUserRoles});
db.createRole({role: 'role', roles: [], privileges:[]});
// Legacy system.users collections should still be handled properly
db.system.users.insert({user:'dbuser', pwd: 'pwd', roles: ['readWrite']});
db.bar.insert({a:1});
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "setup");
assert.eq(1, db.getRoles().length, "setup2");
assert.eq(1, db.system.users.count(), "setup3");
assert.eq(1, db.getSiblingDB('admin').system.version.count());
var versionDoc = db.getSiblingDB('admin').system.version.findOne();
jsTestLog("Dump foo database without dumping user data");
var dumpDir = MongoRunner.getAndPrepareDumpDirectory("dumprestore_auth3");
mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir, db: "foo"});
db = mongod.getDB('foo');
db.dropDatabase();
db.dropAllUsers();
db.dropAllRoles();
assert.eq(0, db.getUsers().length, "didn't drop users");
assert.eq(0, db.getRoles().length, "didn't drop roles");
assert.eq(0, db.system.users.count(), "didn't drop legacy system.users collection");
assert.eq(0, db.bar.count(), "didn't drop 'bar' collection");
jsTestLog("Restore foo database from dump that doesn't contain user data");
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/",
db: 'foo',
restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(0, db.getUsers().length, "Restore created users somehow");
assert.eq(0, db.getRoles().length, "Restore created roles somehow");
assert.eq(0, db.system.users.count(), "Restore created legacy system.users collection somehow");
// Re-create user data
db.createUser({user: 'user', pwd: 'password', roles: jsTest.basicUserRoles});
db.createRole({role: 'role', roles: [], privileges:[]});
assert.writeOK(db.system.users.insert({user:'dbuser', pwd: 'pwd', roles: ['readWrite']}));
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't create user");
assert.eq(1, db.getRoles().length, "didn't create role");
assert.eq(1, db.system.users.count(), "didn't create legacy system.users collection");
jsTestLog("Dump foo database *with* user data");
mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir,
db: "foo",
dumpDbUsersAndRoles: ""});
db = mongod.getDB('foo');
db.dropDatabase();
db.dropAllUsers();
db.dropAllRoles();
assert.eq(0, db.getUsers().length, "didn't drop users");
assert.eq(0, db.getRoles().length, "didn't drop roles");
assert.eq(0, db.system.users.count(), "didn't drop legacy system.users collection");
assert.eq(0, db.bar.count(), "didn't drop 'bar' collection");
jsTestLog("Restore foo database without restoring user data, even though it's in the dump");
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo'});
db = mongod.getDB('foo');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(0, db.getUsers().length, "Restored users even though it shouldn't have");
assert.eq(0, db.getRoles().length, "Restored users even though it shouldn't have");
jsTestLog("Restore foo database *with* user data");
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/",
db: 'foo',
restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't restore users");
assert.eq(1, db.getRoles().length, "didn't restore roles");
assert.eq(1, db.system.users.count(), "didn't restore legacy system.users collection");
assert.docEq(versionDoc,
db.getSiblingDB('admin').system.version.findOne(),
"version doc was changed by restore");
jsTestLog("Make modifications to user data that should be overridden by the restore");
db.dropUser('user')
db.createUser({user: 'user2', pwd: 'password2', roles: jsTest.basicUserRoles});
db.dropRole('role')
db.createRole({role: 'role2', roles: [], privileges:[]});
db.system.users.remove({});
db.system.users.insert({user:'dbuser2', pwd: 'pwd', roles: ['readWrite']});
jsTestLog("Restore foo database (and user data) with --drop so it overrides the changes made");
// Restore with --drop to override the changes to user data
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/",
db: 'foo',
drop: "",
restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't restore users");
assert.eq("user", db.getUsers()[0].user, "didn't update user");
assert.eq(1, db.getRoles().length, "didn't restore roles");
assert.eq("role", db.getRoles()[0].role, "didn't update role");
assert.eq(1, db.system.users.count(), "didn't restore legacy system.users collection");
assert.eq("dbuser", db.system.users.findOne().user, "didn't update legacy user");
assert.docEq(versionDoc,
db.getSiblingDB('admin').system.version.findOne(),
"version doc was changed by restore");
jsTestLog("Dump just the admin database. User data should be dumped by default");
// Make a user in another database to make sure it is properly captured
db.getSiblingDB('bar').createUser({user: "user", pwd: 'pwd', roles: []});
db.getSiblingDB('admin').createUser({user: "user", pwd: 'pwd', roles: []});
mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir, db: "admin"});
db = mongod.getDB('foo');
// Change user data a bit.
db.dropAllUsers();
db.getSiblingDB('bar').createUser({user: "user2", pwd: 'pwd', roles: []});
db.getSiblingDB('admin').dropAllUsers();
jsTestLog("Restore just the admin database. User data should be restored by default");
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "admin/",
db: 'admin',
drop: ""});
db = mongod.getDB('foo');
var otherdb = db.getSiblingDB('bar');
var admindb = db.getSiblingDB('admin');
assert.soon(function() { return db.bar.findOne(); }, "no data after restore");
assert.eq(1, db.bar.findOne().a);
assert.eq(1, db.getUsers().length, "didn't restore users");
assert.eq("user", db.getUsers()[0].user, "didn't restore user");
assert.eq(1, db.getRoles().length, "didn't restore roles");
assert.eq("role", db.getRoles()[0].role, "didn't restore role");
assert.eq(1, db.system.users.count(), "didn't restore legacy system.users collection");
assert.eq("dbuser", db.system.users.findOne().user, "didn't restore legacy user");
assert.eq(1, db.getUsers().length, "didn't restore users for bar database");
assert.eq("user", db.getUsers()[0].user, "didn't restore user for bar database");
assert.eq(1, admindb.getUsers().length, "didn't restore users for admin database");
assert.eq("user", admindb.getUsers()[0].user, "didn't restore user for admin database");
assert.eq(3, admindb.system.users.count(), "has the wrong # of users for the whole server");
assert.eq(1, admindb.system.roles.count(), "has the wrong # of roles for the whole server");
assert.docEq(versionDoc,
db.getSiblingDB('admin').system.version.findOne(),
"version doc was changed by restore");
MongoRunner.stopMongod(mongod);
}
runTest(false);
runTest(true);
|
