-
Notifications
You must be signed in to change notification settings - Fork 5.6k
/
Copy pathlist_database_for_tenant.js
111 lines (89 loc) · 3.17 KB
/
list_database_for_tenant.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import {ReplSetTest} from "jstests/libs/replsettest.js";
function setupReplSet() {
const rst = new ReplSetTest({
nodes: 1,
nodeOptions: {
auth: '',
setParameter: {
multitenancySupport: true,
featureFlagSecurityToken: true,
testOnlyValidatedTenancyScopeKey: 'secret',
}
}
});
rst.startSet({keyFile: 'jstests/libs/key1'});
rst.initiate();
let primary = rst.getPrimary();
let adminDb = primary.getDB('admin');
assert.commandWorked(adminDb.runCommand({createUser: 'admin', pwd: 'pwd', roles: ['root']}));
assert(adminDb.auth('admin', 'pwd'));
return rst;
}
function createAndSetSecurityToken(conn, tenantId, bExpectPrefix) {
if (typeof conn._securityToken == 'undefined') {
const tenantToken = _createTenantToken({tenant: tenantId, expectPrefix: bExpectPrefix});
conn._setSecurityToken(tenantToken);
}
}
function insertDb(conn, dbName) {
const db = conn.getDB(dbName);
assert.commandWorked(db.runCommand({insert: 'some_collection', documents: [{_id: 0}]}));
}
function checkDbNum(conn, dbNum) {
const db = conn.getDB("admin");
let listDb = assert.commandWorked(db.adminCommand({listDatabases: 1, nameOnly: true}));
assert.eq(listDb.databases.length, dbNum, tojson(listDb));
}
function resetSecurityToken(conn) {
conn._setSecurityToken(undefined);
}
function runTests() {
let rst = setupReplSet();
let primary = rst.getPrimary();
const tenant = ObjectId();
const tenant2 = ObjectId();
const tenant3 = ObjectId();
{
const conn = Mongo(primary.host);
assert(conn.getDB("admin").auth('admin', 'pwd'));
createAndSetSecurityToken(conn, tenant, true);
insertDb(conn, tenant + "_firstRegDb");
checkDbNum(conn, 1);
resetSecurityToken(conn);
}
createAndSetSecurityToken(primary, tenant2, false);
insertDb(primary, "secondRegDb");
insertDb(primary, "thirdRegDb");
checkDbNum(primary, 2);
resetSecurityToken(primary);
createAndSetSecurityToken(primary, tenant3, false);
insertDb(primary, "fourthRegDb");
checkDbNum(primary, 1);
resetSecurityToken(primary);
createAndSetSecurityToken(primary, tenant2, false);
insertDb(primary, "fifthRegDb");
checkDbNum(primary, 3);
rst.stopSet();
}
function runTestExpectPrefixTrue() {
let rst = setupReplSet();
let primary = rst.getPrimary();
const tenant = ObjectId();
const tenant2 = ObjectId();
const tenant3 = ObjectId();
createAndSetSecurityToken(primary, tenant, true);
insertDb(primary, tenant + "_firstRegDb");
checkDbNum(primary, 1);
resetSecurityToken(primary);
createAndSetSecurityToken(primary, tenant2, true);
insertDb(primary, tenant2 + "_secondRegDb");
insertDb(primary, tenant2 + "_thirdRegDb");
checkDbNum(primary, 2);
// will fail if prefix not provided on insert
const nonPrefixDb = primary.getDB("_fourthRegDb");
assert.commandFailedWithCode(
nonPrefixDb.runCommand({insert: 'some_collection', documents: [{_id: 0}]}), 8423386);
rst.stopSet();
}
runTests();
runTestExpectPrefixTrue();