jstests/replsets/auth2.js

// Tests authentication with replica sets using key files.
//
// This test requires users to persist across a restart.
// @tags: [requires_persistence]

var testInvalidAuthStates = function() {
    print("check that 0 is in recovering");
    rs.waitForState(rs.nodes[0], ReplSetTest.State.RECOVERING);

    print("shut down 1, 0 still in recovering.");
    rs.stop(1);
    sleep(5);

    rs.waitForState(rs.nodes[0], ReplSetTest.State.RECOVERING);

    print("shut down 2, 0 becomes a secondary.");
    rs.stop(2);

    rs.waitForState(rs.nodes[0], ReplSetTest.State.SECONDARY);

    rs.restart(1, {"keyFile" : key1});
    rs.restart(2, {"keyFile" : key1});
};

var name = "rs_auth2";
var path = "jstests/libs/";

// These keyFiles have their permissions set to 600 later in the test.
var key1 = path+"key1";
var key2 = path+"key2";

var rs = new ReplSetTest({name: name, nodes: 3});
var nodes = rs.startSet();
var hostnames = rs.nodeList();
rs.initiate({ "_id" : name,
                    "members" : [
                        {"_id" : 0, "host" : hostnames[0], "priority" : 2},
                        {"_id" : 1, "host" : hostnames[1], priority: 0},
                        {"_id" : 2, "host" : hostnames[2], priority: 0}
                    ]});

var master = rs.getPrimary();

print("add an admin user");
master.getDB("admin").createUser({user: "foo", pwd: "bar", roles: jsTest.adminUserRoles},
                                 {w: 3, wtimeout: 30000});
var m = rs.nodes[0];

print("starting 1 and 2 with key file");
rs.stop(1);
rs.restart(1, {"keyFile" : key1});
rs.stop(2);
rs.restart(2, {"keyFile" : key1});

// auth to all nodes with auth
rs.nodes[1].getDB("admin").auth("foo", "bar");
rs.nodes[2].getDB("admin").auth("foo", "bar");
testInvalidAuthStates();

print("restart mongod with bad keyFile");

rs.stop(0);
m = rs.restart(0, {"keyFile" : key2});

//auth to all nodes
rs.nodes[0].getDB("admin").auth("foo", "bar");
rs.nodes[1].getDB("admin").auth("foo", "bar");
rs.nodes[2].getDB("admin").auth("foo", "bar");
testInvalidAuthStates();

rs.stop(0);
m = rs.restart(0, {"keyFile" : key1});

print("0 becomes a secondary");
SERVER-21384 Enable replica set suites for in-memory storage engines 2015-11-19 14:01:59 -05:00			`// Tests authentication with replica sets using key files.`
			`//`
			`// This test requires users to persist across a restart.`
			`// @tags: [requires_persistence]`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
SERVER-15098: funnel all auth errors to the correct status/checks 2014-10-14 09:08:22 -04:00			`var testInvalidAuthStates = function() {`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00			`print("check that 0 is in recovering");`
SERVER-21050 Introduce ReplSetTest.State enumeration everywhere Makes all JS tests access the replica set member state from the class itself instead of the object instance. Also removes some unused code. 2015-12-10 10:21:51 -05:00			`rs.waitForState(rs.nodes[0], ReplSetTest.State.RECOVERING);`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`print("shut down 1, 0 still in recovering.");`
			`rs.stop(1);`
			`sleep(5);`

SERVER-21050 Introduce ReplSetTest.State enumeration everywhere Makes all JS tests access the replica set member state from the class itself instead of the object instance. Also removes some unused code. 2015-12-10 10:21:51 -05:00			`rs.waitForState(rs.nodes[0], ReplSetTest.State.RECOVERING);`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`print("shut down 2, 0 becomes a secondary.");`
			`rs.stop(2);`

SERVER-21050 Introduce ReplSetTest.State enumeration everywhere Makes all JS tests access the replica set member state from the class itself instead of the object instance. Also removes some unused code. 2015-12-10 10:21:51 -05:00			`rs.waitForState(rs.nodes[0], ReplSetTest.State.SECONDARY);`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00			`rs.restart(1, {"keyFile" : key1});`
			`rs.restart(2, {"keyFile" : key1});`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00			`};`

SERVER-16306 fix primary to node 0 in auth2.js 2014-11-24 17:12:40 -05:00			`var name = "rs_auth2";`
			`var path = "jstests/libs/";`

SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00			`// These keyFiles have their permissions set to 600 later in the test.`
			`var key1 = path+"key1";`
			`var key2 = path+"key2";`
SERVER-16306 fix primary to node 0 in auth2.js 2014-11-24 17:12:40 -05:00
			`var rs = new ReplSetTest({name: name, nodes: 3});`
			`var nodes = rs.startSet();`
			`var hostnames = rs.nodeList();`
			`rs.initiate({ "_id" : name,`
			`"members" : [`
			`{"_id" : 0, "host" : hostnames[0], "priority" : 2},`
SERVER-16391 archor primary in replset tests, or make agnostic to primary node 2014-12-02 15:43:13 -05:00			`{"_id" : 1, "host" : hostnames[1], priority: 0},`
			`{"_id" : 2, "host" : hostnames[2], priority: 0}`
SERVER-16306 fix primary to node 0 in auth2.js 2014-11-24 17:12:40 -05:00			`]});`

SERVER-21050 Cleanup ReplSetTest This is just a cleanup work to hide some of the private state of ReplSetTest so it is easier to encapsulate and add new logic. Also enables strict mode. 2015-11-25 11:20:43 -05:00			`var master = rs.getPrimary();`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`print("add an admin user");`
SERVER-11555 Replace all occurrences of addUser with createUser in jstests 2013-11-06 14:49:35 -05:00			`master.getDB("admin").createUser({user: "foo", pwd: "bar", roles: jsTest.adminUserRoles},`
			`{w: 3, wtimeout: 30000});`
SERVER-15098: funnel all auth errors to the correct status/checks 2014-10-14 09:08:22 -04:00			`var m = rs.nodes[0];`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`print("starting 1 and 2 with key file");`
			`rs.stop(1);`
SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00			`rs.restart(1, {"keyFile" : key1});`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00			`rs.stop(2);`
SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00			`rs.restart(2, {"keyFile" : key1});`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
SERVER-15098: funnel all auth errors to the correct status/checks 2014-10-14 09:08:22 -04:00			`// auth to all nodes with auth`
			`rs.nodes[1].getDB("admin").auth("foo", "bar");`
			`rs.nodes[2].getDB("admin").auth("foo", "bar");`
			`testInvalidAuthStates();`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`print("restart mongod with bad keyFile");`

			`rs.stop(0);`
SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00			`m = rs.restart(0, {"keyFile" : key2});`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
SERVER-15098: funnel all auth errors to the correct status/checks 2014-10-14 09:08:22 -04:00			`//auth to all nodes`
			`rs.nodes[0].getDB("admin").auth("foo", "bar");`
			`rs.nodes[1].getDB("admin").auth("foo", "bar");`
			`rs.nodes[2].getDB("admin").auth("foo", "bar");`
			`testInvalidAuthStates();`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`rs.stop(0);`
SERVER-20873 Add separate key file using 644 permission 2015-11-19 11:06:58 -05:00			`m = rs.restart(0, {"keyFile" : key1});`
Make secondaries go into recovering state when auth is wrong SERVER-3715 2011-10-05 16:55:55 -04:00
			`print("0 becomes a secondary");`