1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
// Ensure that inserts and updates of the system.users collection validate the schema of inserted
// documents.
mydb = db.getSisterDB( "validate_user_documents" );
function assertGLEOK(status) {
assert(status.ok && status.err === null,
"Expected OK status object; found " + tojson(status));
}
function assertGLENotOK(status) {
assert(status.ok && status.err !== null,
"Expected not-OK status object; found " + tojson(status));
}
mydb.dropDatabase();
mydb.dropAllUsers();
//
// Tests of the insert path
//
// V0 user document document; insert should fail.
assert.commandFailed(mydb.runCommand({ createUser:1,
user: "spencer",
pwd: "password",
readOnly: true }));
// V1 user document; insert should fail.
assert.commandFailed(mydb.runCommand({ createUser:1,
user: "spencer",
userSource: "test2",
roles: ["dbAdmin"] }));
// Valid V2 user document; insert should succeed.
assert.commandWorked(mydb.runCommand({ createUser: "spencer",
pwd: "password",
roles: ["dbAdmin"] }));
// Valid V2 user document; insert should succeed.
assert.commandWorked(mydb.runCommand({ createUser: "andy",
pwd: "password",
roles: [{role: "dbAdmin",
db: "validate_user_documents",
hasRole: true,
canDelegate: false}] }));
// Non-existent role; insert should fail
assert.commandFailed(mydb.runCommand({ createUser: "bob",
pwd: "password",
roles: ["fakeRole123"] }));
//
// Tests of the update path
//
// Update a document in a legal way, expect success.
assert.commandWorked(mydb.runCommand({updateUser: 'spencer', roles: ['read']}));
// Update a document in a way that is illegal, expect failure.
assert.commandFailed(mydb.runCommand({updateUser: 'spencer', readOnly: true}));
assert.commandFailed(mydb.runCommand({updateUser: 'spencer', pwd: ""}));
assert.commandFailed(mydb.runCommand({updateUser: 'spencer', roles: ['fakeRole123']}));
mydb.dropDatabase();
|
