2012-12-19 14:02:40 -05:00
|
|
|
// Ensure that inserts and updates of the system.users collection validate the schema of inserted
|
|
|
|
|
// documents.
|
|
|
|
|
|
2012-12-24 10:47:02 -05:00
|
|
|
mydb = db.getSisterDB( "validate_user_documents" );
|
|
|
|
|
|
2012-12-19 14:02:40 -05:00
|
|
|
function assertGLEOK(status) {
|
|
|
|
|
assert(status.ok && status.err === null,
|
|
|
|
|
"Expected OK status object; found " + tojson(status));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function assertGLENotOK(status) {
|
|
|
|
|
assert(status.ok && status.err !== null,
|
|
|
|
|
"Expected not-OK status object; found " + tojson(status));
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-24 10:47:02 -05:00
|
|
|
mydb.dropDatabase();
|
2013-10-05 18:23:47 -04:00
|
|
|
mydb.dropAllUsers();
|
2012-12-19 14:02:40 -05:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Tests of the insert path
|
|
|
|
|
//
|
|
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// V0 user document document; insert should fail.
|
|
|
|
|
assert.commandFailed(mydb.runCommand({ createUser:1,
|
2013-07-18 11:13:54 -04:00
|
|
|
user: "spencer",
|
2013-09-04 15:00:54 -04:00
|
|
|
pwd: "password",
|
2013-07-18 11:13:54 -04:00
|
|
|
readOnly: true }));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// V1 user document; insert should fail.
|
|
|
|
|
assert.commandFailed(mydb.runCommand({ createUser:1,
|
2013-07-18 11:13:54 -04:00
|
|
|
user: "spencer",
|
|
|
|
|
userSource: "test2",
|
|
|
|
|
roles: ["dbAdmin"] }));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// Valid V2 user document; insert should succeed.
|
|
|
|
|
assert.commandWorked(mydb.runCommand({ createUser: "spencer",
|
|
|
|
|
pwd: "password",
|
|
|
|
|
roles: ["dbAdmin"] }));
|
|
|
|
|
|
|
|
|
|
// Valid V2 user document; insert should succeed.
|
|
|
|
|
assert.commandWorked(mydb.runCommand({ createUser: "andy",
|
|
|
|
|
pwd: "password",
|
2013-10-10 17:53:29 -04:00
|
|
|
roles: [{role: "dbAdmin",
|
2013-10-05 18:08:33 -04:00
|
|
|
db: "validate_user_documents",
|
2013-09-04 15:00:54 -04:00
|
|
|
hasRole: true,
|
|
|
|
|
canDelegate: false}] }));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// Non-existent role; insert should fail
|
|
|
|
|
assert.commandFailed(mydb.runCommand({ createUser: "bob",
|
|
|
|
|
pwd: "password",
|
|
|
|
|
roles: ["fakeRole123"] }));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Tests of the update path
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
// Update a document in a legal way, expect success.
|
2013-11-15 17:16:17 -05:00
|
|
|
assert.commandWorked(mydb.runCommand({updateUser: 'spencer', roles: ['read']}));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
|
|
|
|
// Update a document in a way that is illegal, expect failure.
|
2013-11-15 17:16:17 -05:00
|
|
|
assert.commandFailed(mydb.runCommand({updateUser: 'spencer', readOnly: true}));
|
|
|
|
|
assert.commandFailed(mydb.runCommand({updateUser: 'spencer', pwd: ""}));
|
|
|
|
|
assert.commandFailed(mydb.runCommand({updateUser: 'spencer', roles: ['fakeRole123']}));
|
2012-12-24 10:47:02 -05:00
|
|
|
|
|
|
|
|
mydb.dropDatabase();
|
