43 lines
1.5 KiB
JavaScript
43 lines
1.5 KiB
JavaScript
/**
|
|
* This test checks that removing a user document actually unpins a user. This is a round-about way
|
|
* of making sure that updates to the authz manager by the opObserver correctly invalidates the
|
|
* cache and that pinned users don't stick around after they're removed.
|
|
*/
|
|
(function() {
|
|
'use strict';
|
|
|
|
TestData.enableTestCommands = true;
|
|
|
|
// Start a mongod with the user cache size set to zero, so we know that users who have logged out
|
|
// always get fetched cleanly from disk.
|
|
const mongod = MongoRunner.runMongod({auth: "", setParameter: "authorizationManagerCacheSize=0"});
|
|
let admin = mongod.getDB("admin");
|
|
|
|
admin.createUser({user: "admin", pwd: "admin", roles: ["root"]});
|
|
admin.auth("admin", "admin");
|
|
|
|
// Mark the "admin2" user as pinned in memory
|
|
assert.commandWorked(admin.runCommand({
|
|
setParameter: 1,
|
|
logLevel: 2,
|
|
authorizationManagerPinnedUsers: [
|
|
{user: "admin2", db: "admin"},
|
|
],
|
|
}));
|
|
|
|
admin.createUser({user: "admin2", pwd: "admin", roles: ["root"]});
|
|
|
|
// Invalidate the user cache so we know only "admin" is in there
|
|
assert.commandWorked(admin.runCommand({invalidateUserCache: 1}));
|
|
print("User cache after initialization: ",
|
|
tojson(admin.aggregate([{$listCachedAndActiveUsers: {}}]).toArray()));
|
|
|
|
assert.commandWorked(admin.getCollection("system.users").remove({user: "admin2"}));
|
|
|
|
print("User cache after removing user doc: ",
|
|
tojson(admin.aggregate([{$listCachedAndActiveUsers: {}}]).toArray()));
|
|
|
|
assert.eq(admin.auth("admin2", "admin"), 0);
|
|
MongoRunner.stopMongod(mongod);
|
|
})();
|