1
by James Page
Import upstream version 2.4.8 |
1 |
var replTest = new ReplSetTest({ nodes: 3, useHostName : false, keyFile: 'jstests/libs/key1' }); |
2 |
replTest.startSet({ oplogSize: 10 }); |
|
3 |
replTest.initiate(); |
|
4 |
replTest.awaitSecondaryNodes(); |
|
5 |
||
6 |
var nodeCount = replTest.nodes.length; |
|
7 |
var primary = replTest.getPrimary(); |
|
8 |
||
9 |
// Setup the database using replSet connection before setting the authentication
|
|
10 |
var conn = new Mongo(replTest.getURL()); |
|
11 |
var testDB = conn.getDB('test'); |
|
12 |
var testColl = testDB.user; |
|
13 |
||
14 |
testColl.insert({ x: 1 }); |
|
15 |
testDB.runCommand({ getLastError: 1, w: nodeCount }); |
|
16 |
||
17 |
// Setup the cached connection for primary and secondary in DBClientReplicaSet
|
|
18 |
// before setting up authentication
|
|
19 |
var doc = testColl.findOne(); |
|
20 |
assert(doc != null); |
|
21 |
||
22 |
conn.setSlaveOk(); |
|
23 |
||
24 |
doc = testColl.findOne(); |
|
25 |
assert(doc != null); |
|
26 |
||
27 |
// Add admin user using direct connection to primary to simulate connection from remote host
|
|
28 |
var adminDB = primary.getDB('admin'); |
|
29 |
adminDB.addUser('user', 'user', false, nodeCount); |
|
30 |
adminDB.auth('user', 'user'); |
|
31 |
||
32 |
var priTestDB = primary.getDB('test'); |
|
33 |
priTestDB.addUser('a', 'a', false, nodeCount); |
|
34 |
||
35 |
// Authenticate the replSet connection
|
|
36 |
assert.eq(1, testDB.auth('a', 'a')); |
|
37 |
||
38 |
jsTest.log('Sending an authorized query that should be ok'); |
|
39 |
conn.setSlaveOk(true); |
|
40 |
doc = testColl.findOne(); |
|
41 |
assert(doc != null); |
|
42 |
||
43 |
doc = testColl.find().readPref('secondary').next(); |
|
44 |
assert(doc != null); |
|
45 |
||
46 |
conn.setSlaveOk(false); |
|
47 |
doc = testColl.findOne(); |
|
48 |
assert(doc != null); |
|
49 |
||
50 |
var queryToPriShouldFail = function() { |
|
51 |
conn.setSlaveOk(false); |
|
52 |
||
53 |
assert.throws(function() { |
|
54 |
testColl.findOne(); |
|
55 |
});
|
|
56 |
||
57 |
// should still not work even after retrying
|
|
58 |
assert.throws(function() { |
|
59 |
testColl.findOne(); |
|
60 |
});
|
|
61 |
};
|
|
62 |
||
63 |
var queryToSecShouldFail = function() { |
|
64 |
conn.setSlaveOk(true); |
|
65 |
||
66 |
assert.throws(function() { |
|
67 |
testColl.findOne(); |
|
68 |
});
|
|
69 |
||
70 |
// should still not work even after retrying
|
|
71 |
assert.throws(function() { |
|
72 |
testColl.findOne(); |
|
73 |
});
|
|
74 |
||
75 |
// Query to secondary using readPref
|
|
76 |
assert.throws(function() { |
|
77 |
testColl.find().readPref('secondary').next(); |
|
78 |
});
|
|
79 |
||
80 |
// should still not work even after retrying
|
|
81 |
assert.throws(function() { |
|
82 |
testColl.find().readPref('secondary').next(); |
|
83 |
});
|
|
84 |
};
|
|
85 |
||
86 |
assert(testDB.logout().ok); |
|
87 |
||
88 |
jsTest.log('Sending an unauthorized query that should fail'); |
|
89 |
queryToPriShouldFail(); |
|
90 |
queryToSecShouldFail(); |
|
91 |
||
92 |
// Repeat logout test, with secondary first, then primary
|
|
93 |
assert.eq(1, testDB.auth('a', 'a')); |
|
94 |
assert(testDB.logout().ok); |
|
95 |
||
96 |
// re-initialize the underlying connections to primary and secondary
|
|
97 |
jsTest.log('Sending an unauthorized query that should still fail'); |
|
98 |
queryToSecShouldFail(); |
|
99 |
queryToPriShouldFail(); |
|
100 |
||
101 |
// Repeat logout test, now with the cached secondary down
|
|
102 |
assert.eq(1, testDB.auth('a', 'a')); |
|
103 |
||
104 |
// Find out the current cached secondary in the repl connection
|
|
105 |
conn.setSlaveOk(true); |
|
106 |
var secHost = testColl.find().readPref('secondary').explain().server; |
|
107 |
var secNodeIdx = -1; |
|
108 |
var secPortStr = secHost.split(':')[1]; |
|
109 |
||
110 |
for (var x = 0; x < nodeCount; x++) { |
|
111 |
var nodePortStr = replTest.nodes[x].host.split(':')[1]; |
|
112 |
||
113 |
if (nodePortStr == secPortStr) { |
|
114 |
secNodeIdx = x; |
|
115 |
}
|
|
116 |
}
|
|
117 |
||
118 |
assert(secNodeIdx >= 0); // test sanity check |
|
119 |
||
120 |
// Kill the cached secondary
|
|
121 |
replTest.stop(secNodeIdx, 15, true, { auth: { user: 'user', pwd: 'user' }}); |
|
122 |
||
123 |
assert(testDB.logout().ok); |
|
124 |
||
125 |
replTest.restart(secNodeIdx); |
|
126 |
replTest.awaitSecondaryNodes(); |
|
127 |
||
128 |
jsTest.log('Sending an unauthorized query after restart that should still fail'); |
|
129 |
queryToSecShouldFail(); |
|
130 |
queryToPriShouldFail(); |
|
131 |
||
132 |
replTest.stopSet(); |
|
133 |