2012-07-11 20:07:15 +02:00
|
|
|
var replTest = new ReplSetTest({ nodes: 3, useHostName : false, keyFile: 'jstests/libs/key1' });
|
|
|
|
replTest.startSet({ oplogSize: 10 });
|
2012-07-09 21:08:58 +02:00
|
|
|
replTest.initiate();
|
|
|
|
replTest.awaitSecondaryNodes();
|
|
|
|
|
|
|
|
var nodeCount = replTest.nodes.length;
|
|
|
|
var primary = replTest.getPrimary();
|
|
|
|
|
|
|
|
// Setup the database using replSet connection before setting the authentication
|
|
|
|
var conn = new Mongo(replTest.getURL());
|
|
|
|
var testDB = conn.getDB('test');
|
2014-04-22 00:43:25 +02:00
|
|
|
var adminDB = conn.getDB('admin');
|
2012-07-09 21:08:58 +02:00
|
|
|
var testColl = testDB.user;
|
|
|
|
|
|
|
|
// Setup the cached connection for primary and secondary in DBClientReplicaSet
|
|
|
|
// before setting up authentication
|
2014-04-22 00:43:25 +02:00
|
|
|
assert.commandWorked(adminDB.runCommand({replSetGetStatus: 1}));
|
2012-07-09 21:08:58 +02:00
|
|
|
|
|
|
|
conn.setSlaveOk();
|
2014-04-22 00:43:25 +02:00
|
|
|
assert.commandWorked(adminDB.runCommand({replSetGetStatus: 1}));
|
2012-07-09 21:08:58 +02:00
|
|
|
|
|
|
|
// Add admin user using direct connection to primary to simulate connection from remote host
|
2014-04-22 00:43:25 +02:00
|
|
|
var priAdminDB = primary.getDB('admin');
|
|
|
|
priAdminDB.createUser({user: 'user', pwd: 'user', roles: jsTest.adminUserRoles},
|
|
|
|
{w: nodeCount, wtimeout: 30000});
|
|
|
|
priAdminDB.auth('user', 'user');
|
2012-07-09 21:08:58 +02:00
|
|
|
|
|
|
|
var priTestDB = primary.getDB('test');
|
2013-11-06 20:49:35 +01:00
|
|
|
priTestDB.createUser({user: 'a', pwd: 'a', roles: jsTest.basicUserRoles},
|
|
|
|
{w: nodeCount, wtimeout: 30000});
|
2012-07-09 21:08:58 +02:00
|
|
|
|
|
|
|
// Authenticate the replSet connection
|
|
|
|
assert.eq(1, testDB.auth('a', 'a'));
|
|
|
|
|
|
|
|
jsTest.log('Sending an authorized query that should be ok');
|
2014-05-23 21:03:35 +02:00
|
|
|
assert.writeOK(testColl.insert({ x: 1 }, { writeConcern: { w: nodeCount }}));
|
2014-04-22 00:43:25 +02:00
|
|
|
|
2012-07-09 21:08:58 +02:00
|
|
|
conn.setSlaveOk(true);
|
|
|
|
doc = testColl.findOne();
|
|
|
|
assert(doc != null);
|
|
|
|
|
|
|
|
doc = testColl.find().readPref('secondary').next();
|
|
|
|
assert(doc != null);
|
|
|
|
|
|
|
|
conn.setSlaveOk(false);
|
|
|
|
doc = testColl.findOne();
|
|
|
|
assert(doc != null);
|
|
|
|
|
2012-07-11 20:07:15 +02:00
|
|
|
var queryToPriShouldFail = function() {
|
|
|
|
conn.setSlaveOk(false);
|
|
|
|
|
|
|
|
assert.throws(function() {
|
|
|
|
testColl.findOne();
|
|
|
|
});
|
|
|
|
|
|
|
|
// should still not work even after retrying
|
|
|
|
assert.throws(function() {
|
|
|
|
testColl.findOne();
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
var queryToSecShouldFail = function() {
|
|
|
|
conn.setSlaveOk(true);
|
|
|
|
|
|
|
|
assert.throws(function() {
|
|
|
|
testColl.findOne();
|
|
|
|
});
|
|
|
|
|
|
|
|
// should still not work even after retrying
|
|
|
|
assert.throws(function() {
|
|
|
|
testColl.findOne();
|
|
|
|
});
|
|
|
|
|
|
|
|
// Query to secondary using readPref
|
|
|
|
assert.throws(function() {
|
|
|
|
testColl.find().readPref('secondary').next();
|
|
|
|
});
|
|
|
|
|
|
|
|
// should still not work even after retrying
|
|
|
|
assert.throws(function() {
|
|
|
|
testColl.find().readPref('secondary').next();
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
|
|
|
assert(testDB.logout().ok);
|
|
|
|
|
|
|
|
jsTest.log('Sending an unauthorized query that should fail');
|
|
|
|
queryToPriShouldFail();
|
|
|
|
queryToSecShouldFail();
|
|
|
|
|
|
|
|
// Repeat logout test, with secondary first, then primary
|
|
|
|
assert.eq(1, testDB.auth('a', 'a'));
|
|
|
|
assert(testDB.logout().ok);
|
|
|
|
|
|
|
|
// re-initialize the underlying connections to primary and secondary
|
|
|
|
jsTest.log('Sending an unauthorized query that should still fail');
|
|
|
|
queryToSecShouldFail();
|
|
|
|
queryToPriShouldFail();
|
|
|
|
|
|
|
|
// Repeat logout test, now with the cached secondary down
|
|
|
|
assert.eq(1, testDB.auth('a', 'a'));
|
|
|
|
|
|
|
|
// Find out the current cached secondary in the repl connection
|
|
|
|
conn.setSlaveOk(true);
|
2014-08-27 21:36:08 +02:00
|
|
|
var serverInfo = testColl.find().readPref('secondary').explain().serverInfo;
|
2012-07-11 20:07:15 +02:00
|
|
|
var secNodeIdx = -1;
|
2014-08-27 21:36:08 +02:00
|
|
|
var secPortStr = serverInfo.port.toString();
|
2012-07-11 20:07:15 +02:00
|
|
|
|
|
|
|
for (var x = 0; x < nodeCount; x++) {
|
|
|
|
var nodePortStr = replTest.nodes[x].host.split(':')[1];
|
|
|
|
|
|
|
|
if (nodePortStr == secPortStr) {
|
|
|
|
secNodeIdx = x;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
assert(secNodeIdx >= 0); // test sanity check
|
|
|
|
|
|
|
|
// Kill the cached secondary
|
2014-08-14 22:35:49 +02:00
|
|
|
replTest.stop(secNodeIdx, 15, { auth: { user: 'user', pwd: 'user' }});
|
2012-07-11 20:07:15 +02:00
|
|
|
|
|
|
|
assert(testDB.logout().ok);
|
|
|
|
|
|
|
|
replTest.restart(secNodeIdx);
|
|
|
|
replTest.awaitSecondaryNodes();
|
|
|
|
|
|
|
|
jsTest.log('Sending an unauthorized query after restart that should still fail');
|
|
|
|
queryToSecShouldFail();
|
|
|
|
queryToPriShouldFail();
|
|
|
|
|
2012-07-09 21:08:58 +02:00
|
|
|
replTest.stopSet();
|
|
|
|
|