Test for replica set authentication; bug fix.

2011-02-02 11:26:31 -05:00 · 2011-02-02 11:26:31 -05:00 · e8e617e95f
parent d63cf18042
commit e8e617e95f
6 changed files with 89 additions and 6 deletions
--- a/lib/mongo/repl_set_connection.rb
+++ b/lib/mongo/repl_set_connection.rb
@ -189,7 +189,7 @@ module Mongo
        socket = TCPSocket.new(host, port)
        socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)

-        config = self['admin'].command({:ismaster => 1}, :sock => socket)
+        config = self['admin'].command({:ismaster => 1}, :socket => socket)

        check_set_name(config, socket)
      rescue OperationFailure, SocketError, SystemCallError, IOError => ex
@ -232,7 +232,7 @@ module Mongo
    def check_set_name(config, socket)
      if @replica_set
        config = self['admin'].command({:replSetGetStatus => 1},
-                   :sock => socket, :check_response => false)
+                   :socket => socket, :check_response => false)

        if !Mongo::Support.ok?(config)
          raise ReplicaSetConnectionError, config['errmsg']
--- a/lib/mongo/util/pool.rb
+++ b/lib/mongo/util/pool.rb
@ -88,7 +88,7 @@ module Mongo
      socket
    end

-    # If a use calls DB#authentication, and several sockets exist,
+    # If a user calls DB#authenticate, and several sockets exist,
    # then we need a way to apply the authentication on each socket.
    # So we store the apply_authentication method, and this will be
    # applied right before the next use of each socket.
--- a/test/auxillary/repl_set_auth_test.rb
+++ b/test/auxillary/repl_set_auth_test.rb
@ -0,0 +1,58 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require './test/test_helper'
+require './test/tools/auth_repl_set_manager'
+
+class AuthTest < Test::Unit::TestCase
+  include Mongo
+
+  def setup
+    @manager = AuthReplSetManager.new(:start_port => 40000)
+    @manager.start_set
+  end
+
+  def teardown
+    @manager.cleanup_set
+  end
+
+  def test_repl_set_auth
+    @conn = ReplSetConnection.new([@manager.host, @manager.ports[0]], [@manager.host, @manager.ports[1]],
+      [@manager.host, @manager.ports[2]], :name => @manager.name)
+
+    # Add an admin user
+    @conn['admin'].add_user("me", "secret")
+
+    # Ensure that insert fails
+    assert_raise_error Mongo::OperationFailure, "unauthorized" do
+      @conn['foo']['stuff'].insert({:a => 2}, :safe => {:w => 3})
+    end
+
+    # Then authenticate
+    assert @conn['admin'].authenticate("me", "secret")
+
+    # Insert should succeed now
+    assert @conn['foo']['stuff'].insert({:a => 2}, :safe => {:w => 3})
+
+    # So should a query
+    assert @conn['foo']['stuff'].find_one
+
+    # But not when we logout
+    @conn['admin'].logout
+
+    assert_raise_error Mongo::OperationFailure, "unauthorized" do
+      @conn['foo']['stuff'].find_one
+    end
+
+    # Same should apply to a random secondary
+    @slave1 = Connection.new(@conn.secondary_pools[0].host,
+      @conn.secondary_pools[0].port, :slave_ok => true)
+
+    # Find should fail
+    assert_raise_error Mongo::OperationFailure, "unauthorized" do
+      @slave1['foo']['stuff'].find_one
+    end
+
+    # But not when authenticated
+    @slave1['admin'].authenticate("me", "secret")
+    assert @slave1['foo']['stuff'].find_one
+  end
+end
--- a/test/tools/auth_repl_set_manager.rb
+++ b/test/tools/auth_repl_set_manager.rb
@ -0,0 +1,14 @@
+require File.join((File.expand_path(File.dirname(__FILE__))), 'repl_set_manager')
+
+class AuthReplSetManager < ReplSetManager
+  def initialize(opts={})
+    super(opts)
+
+    @key_path = opts[:key_path] || File.join(File.expand_path(File.dirname(__FILE__)), "keyfile.txt")
+    system("chmod 600 #{@key_path}")
+  end
+
+  def start_cmd(n)
+    super + " --keyFile #{@key_path}"
+  end
+end
--- a/test/tools/keyfile.txt
+++ b/test/tools/keyfile.txt
@ -0,0 +1 @@
+THIS IS A SECRET KEYFILE FOR REPLICA SETS BWAHAHAHAH
--- a/test/tools/repl_set_manager.rb
+++ b/test/tools/repl_set_manager.rb
@ -61,6 +61,13 @@ class ReplSetManager
    ensure_up
  end

+  def cleanup_set
+    system("killall mongod")
+    @count.times do |n|
+      system("rm -rf #{@mongods[n]['db_path']}")
+    end
+  end
+
  def init_node(n)
    @mongods[n] ||= {}
    port = @start_port + n
@ -71,9 +78,7 @@ class ReplSetManager
    system("rm -rf #{@mongods[n]['db_path']}")
    system("mkdir -p #{@mongods[n]['db_path']}")

-    @mongods[n]['start'] = "mongod --replSet #{@name} --logpath '#{@mongods[n]['log_path']}' " +
-     " --dbpath #{@mongods[n]['db_path']} --port #{@mongods[n]['port']} --fork"
-
+    @mongods[n]['start'] = start_cmd(n)
    start(n)

    member = {'_id' => n, 'host' => "#{@host}:#{@mongods[n]['port']}"}
@ -88,6 +93,11 @@ class ReplSetManager
    @config['members'] << member
  end

+  def start_cmd(n)
+    @mongods[n]['start'] = "mongod --replSet #{@name} --logpath '#{@mongods[n]['log_path']}' " +
+     " --dbpath #{@mongods[n]['db_path']} --port #{@mongods[n]['port']} --fork"
+  end
+
  def kill(node)
    pid = @mongods[node]['pid']
    puts "** Killing node with pid #{pid} at port #{@mongods[node]['port']}"
				`@ -0,0 +1 @@`
				`THIS IS A SECRET KEYFILE FOR REPLICA SETS BWAHAHAHAH`