2011-02-02 16:26:31 +00:00
|
|
|
$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
|
|
|
require './test/test_helper'
|
|
|
|
require './test/tools/auth_repl_set_manager'
|
2012-03-15 17:50:02 +00:00
|
|
|
require './test/replica_sets/rs_test_helper'
|
2011-02-02 16:26:31 +00:00
|
|
|
|
|
|
|
class AuthTest < Test::Unit::TestCase
|
|
|
|
include Mongo
|
|
|
|
|
|
|
|
def setup
|
2012-03-15 17:50:02 +00:00
|
|
|
@rs = AuthReplSetManager.new(:start_port => 40000)
|
|
|
|
@rs.start_set
|
2011-02-02 16:26:31 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def teardown
|
2012-03-15 17:50:02 +00:00
|
|
|
#@rs.cleanup_set
|
2011-02-02 16:26:31 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_repl_set_auth
|
2012-03-15 17:50:02 +00:00
|
|
|
@conn = ReplSetConnection.new(build_seeds(3), :name => @rs.name)
|
2011-02-02 16:26:31 +00:00
|
|
|
|
|
|
|
# Add an admin user
|
|
|
|
@conn['admin'].add_user("me", "secret")
|
|
|
|
|
|
|
|
# Ensure that insert fails
|
|
|
|
assert_raise_error Mongo::OperationFailure, "unauthorized" do
|
|
|
|
@conn['foo']['stuff'].insert({:a => 2}, :safe => {:w => 3})
|
|
|
|
end
|
|
|
|
|
|
|
|
# Then authenticate
|
|
|
|
assert @conn['admin'].authenticate("me", "secret")
|
|
|
|
|
|
|
|
# Insert should succeed now
|
|
|
|
assert @conn['foo']['stuff'].insert({:a => 2}, :safe => {:w => 3})
|
|
|
|
|
|
|
|
# So should a query
|
|
|
|
assert @conn['foo']['stuff'].find_one
|
|
|
|
|
|
|
|
# But not when we logout
|
|
|
|
@conn['admin'].logout
|
|
|
|
|
|
|
|
assert_raise_error Mongo::OperationFailure, "unauthorized" do
|
|
|
|
@conn['foo']['stuff'].find_one
|
|
|
|
end
|
|
|
|
|
|
|
|
# Same should apply to a random secondary
|
|
|
|
@slave1 = Connection.new(@conn.secondary_pools[0].host,
|
|
|
|
@conn.secondary_pools[0].port, :slave_ok => true)
|
|
|
|
|
|
|
|
# Find should fail
|
|
|
|
assert_raise_error Mongo::OperationFailure, "unauthorized" do
|
|
|
|
@slave1['foo']['stuff'].find_one
|
|
|
|
end
|
|
|
|
|
|
|
|
# But not when authenticated
|
2012-03-15 17:50:02 +00:00
|
|
|
assert @slave1['admin'].authenticate("me", "secret")
|
2011-02-02 16:26:31 +00:00
|
|
|
assert @slave1['foo']['stuff'].find_one
|
2012-03-15 17:50:02 +00:00
|
|
|
|
|
|
|
# Same should apply when using :secondary_only
|
|
|
|
@second_only = ReplSetConnection.new(build_seeds(3),
|
|
|
|
:require_primary => false, :read => :secondary_only)
|
|
|
|
|
|
|
|
# Find should fail
|
|
|
|
assert_raise_error Mongo::OperationFailure, "unauthorized" do
|
|
|
|
@second_only['foo']['stuff'].find_one
|
|
|
|
end
|
|
|
|
|
|
|
|
# But not when authenticated
|
|
|
|
assert @second_only['admin'].authenticate("me", "secret")
|
|
|
|
assert @second_only['foo']['stuff'].find_one
|
2011-02-02 16:26:31 +00:00
|
|
|
end
|
|
|
|
end
|