2018-04-16 00:31:24 -04:00
|
|
|
// @tags: [
|
2023-08-23 16:07:27 +00:00
|
|
|
// # The test runs commands that are not allowed with security token: createUser, updateUser.
|
2023-12-11 22:44:46 +00:00
|
|
|
// not_allowed_with_signed_security_token,
|
2019-03-11 18:17:29 -04:00
|
|
|
// assumes_superuser_permissions,
|
|
|
|
|
// assumes_write_concern_unchanged,
|
|
|
|
|
// requires_auth,
|
|
|
|
|
// requires_non_retryable_commands,
|
|
|
|
|
// ]
|
2017-11-28 10:10:44 -05:00
|
|
|
|
2012-12-19 14:02:40 -05:00
|
|
|
// Ensure that inserts and updates of the system.users collection validate the schema of inserted
|
|
|
|
|
// documents.
|
|
|
|
|
|
2020-08-11 11:52:27 -04:00
|
|
|
let mydb = db.getSiblingDB("validate_user_documents");
|
2012-12-24 10:47:02 -05:00
|
|
|
|
2012-12-19 14:02:40 -05:00
|
|
|
function assertGLEOK(status) {
|
2016-03-09 12:17:50 -05:00
|
|
|
assert(status.ok && status.err === null, "Expected OK status object; found " + tojson(status));
|
2012-12-19 14:02:40 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function assertGLENotOK(status) {
|
2025-08-21 10:17:44 -07:00
|
|
|
assert(status.ok && status.err !== null, "Expected not-OK status object; found " + tojson(status));
|
2012-12-19 14:02:40 -05:00
|
|
|
}
|
|
|
|
|
|
2012-12-24 10:47:02 -05:00
|
|
|
mydb.dropDatabase();
|
2013-10-05 18:23:47 -04:00
|
|
|
mydb.dropAllUsers();
|
2012-12-19 14:02:40 -05:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Tests of the insert path
|
|
|
|
|
//
|
|
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// V0 user document document; insert should fail.
|
2025-08-21 10:17:44 -07:00
|
|
|
assert.commandFailed(mydb.runCommand({createUser: 1, user: "spencer", pwd: "password", readOnly: true}));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// V1 user document; insert should fail.
|
2025-08-21 10:17:44 -07:00
|
|
|
assert.commandFailed(mydb.runCommand({createUser: 1, user: "spencer", userSource: "test2", roles: ["dbAdmin"]}));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// Valid V2 user document; insert should succeed.
|
2016-03-09 12:17:50 -05:00
|
|
|
assert.commandWorked(mydb.runCommand({createUser: "spencer", pwd: "password", roles: ["dbAdmin"]}));
|
2013-09-04 15:00:54 -04:00
|
|
|
|
|
|
|
|
// Valid V2 user document; insert should succeed.
|
2025-08-21 10:17:44 -07:00
|
|
|
assert.commandWorked(
|
|
|
|
|
mydb.runCommand({
|
|
|
|
|
createUser: "andy",
|
|
|
|
|
pwd: "password",
|
|
|
|
|
roles: [{role: "dbAdmin", db: "validate_user_documents", hasRole: true, canDelegate: false}],
|
|
|
|
|
}),
|
|
|
|
|
);
|
2012-12-19 14:02:40 -05:00
|
|
|
|
2013-09-04 15:00:54 -04:00
|
|
|
// Non-existent role; insert should fail
|
2016-03-09 12:17:50 -05:00
|
|
|
assert.commandFailed(mydb.runCommand({createUser: "bob", pwd: "password", roles: ["fakeRole123"]}));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Tests of the update path
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
// Update a document in a legal way, expect success.
|
2025-08-21 10:17:44 -07:00
|
|
|
assert.commandWorked(mydb.runCommand({updateUser: "spencer", roles: ["read"]}));
|
2012-12-19 14:02:40 -05:00
|
|
|
|
|
|
|
|
// Update a document in a way that is illegal, expect failure.
|
2025-08-21 10:17:44 -07:00
|
|
|
assert.commandFailed(mydb.runCommand({updateUser: "spencer", readOnly: true}));
|
|
|
|
|
assert.commandFailed(mydb.runCommand({updateUser: "spencer", pwd: ""}));
|
|
|
|
|
assert.commandFailed(mydb.runCommand({updateUser: "spencer", roles: ["fakeRole123"]}));
|
2012-12-24 10:47:02 -05:00
|
|
|
|
|
|
|
|
mydb.dropDatabase();
|
