test(NODE-2556): add integration testing for listDatabases' authorizedDatabases flag (#3101)

Co-authored-by: Neal Beeken <neal.beeken@mongodb.com>

Author: syz99

test/integration/enumerate_databases/enumerate_databases.prose.test.ts

@@ -0,0 +1,72 @@
+import { expect } from 'chai';
+
+import type { MongoClient } from '../../../src';
+
+const REQUIRED_DBS = ['admin', 'local', 'config'];
+const DB_NAME = 'listDatabasesTest';
+
+describe('listDatabases() spec prose', function () {
+  /**
+   * Execute the method to enumerate full database information (e.g. listDatabases())
+   * - Verify that the method returns an Iterable of Document types
+   * - Verify that all databases on the server are present in the result set
+   * - Verify that the result set does not contain duplicates
+   */
+  let client: MongoClient;
+  let ENTIRE_DB_LIST: string[];
+
+  beforeEach(async function () {
+    client = this.configuration.newClient();
+    await client.connect();
+
+    const dbInfoFromCommand = await client.db('admin').command({ listDatabases: 1 });
+    const databasesToDrop = dbInfoFromCommand.databases
+      .map(({ name }) => name)
+      .filter(name => !REQUIRED_DBS.includes(name));
+
+    for (const dbToDrop of databasesToDrop) {
+      await client.db(dbToDrop).dropDatabase();
+    }
+
+    await client.db(DB_NAME).createCollection(DB_NAME);
+
+    ENTIRE_DB_LIST = (await client.db('admin').command({ listDatabases: 1 })).databases.map(
+      ({ name }) => name
+    );
+    ENTIRE_DB_LIST.sort();
+    expect(ENTIRE_DB_LIST).to.have.lengthOf.at.least(1);
+  });
+
+  afterEach(async function () {
+    await client.db(DB_NAME).dropDatabase();
+    await client?.close();
+  });
+
+  it('Verify that the method returns an Iterable of Document types', async () => {
+    const dbInfo = await client.db().admin().listDatabases();
+    expect(dbInfo).to.have.property('databases');
+    expect(dbInfo.databases).to.be.an('array');
+    expect(dbInfo.databases).to.have.lengthOf(ENTIRE_DB_LIST.length);
+    for (const db of dbInfo.databases) {
+      expect(db).to.be.a('object');
+    }
+  });
+
+  it('Verify that all databases on the server are present in the result set', async () => {
+    const dbInfo = await client.db().admin().listDatabases();
+
+    const namesFromHelper = dbInfo.databases.map(({ name }) => name);
+    namesFromHelper.sort();
+
+    expect(namesFromHelper).to.have.lengthOf(ENTIRE_DB_LIST.length);
+    expect(namesFromHelper).to.deep.equal(ENTIRE_DB_LIST);
+    expect(namesFromHelper).to.include(DB_NAME);
+  });
+
+  it('Verify that the result set does not contain duplicates', async () => {
+    const dbInfo = await client.db().admin().listDatabases();
+    const databaseNames = dbInfo.databases.map(({ name }) => name);
+    const databaseNamesSet = new Set(databaseNames);
+    expect(databaseNames).to.have.lengthOf(databaseNamesSet.size);
+  });
+});

test/integration/enumerate_databases/enumerate_databases.test.ts

@@ -0,0 +1,124 @@
+import { expect } from 'chai';
+
+import { AddUserOptions, MongoClient, MongoServerError } from '../../../src';
+
+describe('listDatabases() authorizedDatabases flag', function () {
+  // TODO(NODE-3860): Create driver test variants that require AUTH enabled
+  const username = 'a';
+  const password = 'b';
+  const mockAuthorizedDb = 'enumerate_databases';
+  const mockAuthorizedCollection = 'enumerate_databases_collection';
+
+  let adminClient: MongoClient;
+  let authorizedClient: MongoClient;
+
+  const authorizedUserOptions: AddUserOptions = {
+    roles: [{ role: 'read', db: mockAuthorizedDb }]
+  };
+
+  beforeEach(function () {
+    if (process.env.AUTH !== 'auth') {
+      this.currentTest.skipReason =
+        'TODO(NODE-3860): Create driver test variants that require AUTH enabled';
+      this.skip();
+    }
+  });
+
+  beforeEach(async function () {
+    // pass credentials from cluster_setup's mlaunch defaults
+    // TODO(NODE-3860): pass credentials instead based on environment variable
+    adminClient = this.configuration.newClient({
+      auth: { username: 'user', password: 'password' }
+    });
+    await adminClient.connect();
+
+    await adminClient
+      .db(mockAuthorizedDb)
+      .createCollection(mockAuthorizedCollection)
+      .catch(() => null);
+
+    await adminClient.db('admin').addUser(username, password, authorizedUserOptions);
+
+    authorizedClient = this.configuration.newClient({
+      auth: { username: username, password: password }
+    });
+    await authorizedClient.connect();
+  });
+
+  afterEach(async function () {
+    await adminClient?.db('admin').removeUser(username);
+    await adminClient?.db(mockAuthorizedDb).dropDatabase();
+    await adminClient?.close();
+    await authorizedClient?.close();
+  });
+
+  it('should list all databases when admin client sets authorizedDatabases to true', async function () {
+    const adminListDbs = await adminClient
+      .db()
+      .admin()
+      .listDatabases({ authorizedDatabases: true });
+    const adminDbs = adminListDbs.databases.map(({ name }) => name);
+
+    // no change in the dbs listed since we're using the admin user
+    expect(adminDbs).to.have.length.greaterThan(1);
+    expect(adminDbs.filter(db => db === mockAuthorizedDb)).to.have.lengthOf(1);
+    expect(adminDbs.filter(db => db !== mockAuthorizedDb)).to.have.length.greaterThan(1);
+  });
+
+  it('should list all databases when admin client sets authorizedDatabases to false', async function () {
+    const adminListDbs = await adminClient
+      .db()
+      .admin()
+      .listDatabases({ authorizedDatabases: false });
+    const adminDbs = adminListDbs.databases.map(({ name }) => name);
+
+    // no change in the dbs listed since we're using the admin user
+    expect(adminDbs).to.have.length.greaterThan(1);
+    expect(adminDbs.filter(db => db === mockAuthorizedDb)).to.have.lengthOf(1);
+    expect(adminDbs.filter(db => db !== mockAuthorizedDb)).to.have.length.greaterThan(1);
+  });
+
+  it('should list authorized databases with authorizedDatabases set to true', async function () {
+    const adminListDbs = await adminClient.db().admin().listDatabases();
+    const authorizedListDbs = await authorizedClient
+      .db()
+      .admin()
+      .listDatabases({ authorizedDatabases: true });
+    const adminDbs = adminListDbs.databases;
+    const authorizedDbs = authorizedListDbs.databases;
+
+    expect(adminDbs).to.have.length.greaterThan(1);
+    expect(authorizedDbs).to.have.lengthOf(1);
+
+    expect(adminDbs.filter(db => db.name === mockAuthorizedDb)).to.have.lengthOf(1);
+    expect(adminDbs.filter(db => db.name !== mockAuthorizedDb)).to.have.length.greaterThan(1);
+    expect(authorizedDbs.filter(db => db.name === mockAuthorizedDb)).to.have.lengthOf(1);
+  });
+
+  it('should list authorized databases by default with authorizedDatabases unspecified', async function () {
+    const adminListDbs = await adminClient.db().admin().listDatabases();
+    const authorizedListDbs = await authorizedClient.db().admin().listDatabases();
+    const adminDbs = adminListDbs.databases;
+    const authorizedDbs = authorizedListDbs.databases;
+
+    expect(adminDbs).to.have.length.greaterThan(1);
+    expect(authorizedDbs).to.have.lengthOf(1);
+
+    expect(adminDbs.filter(db => db.name === mockAuthorizedDb)).to.have.lengthOf(1);
+    expect(adminDbs.filter(db => db.name !== mockAuthorizedDb)).to.have.length.greaterThan(1);
+    expect(authorizedDbs.filter(db => db.name === mockAuthorizedDb)).to.have.lengthOf(1);
+  });
+
+  it('should not show authorized databases with authorizedDatabases set to false', async function () {
+    let thrownError;
+    try {
+      await authorizedClient.db().admin().listDatabases({ authorizedDatabases: false });
+    } catch (error) {
+      thrownError = error;
+    }
+
+    // check correctly produces an 'Insufficient permissions to list all databases' error
+    expect(thrownError).to.be.instanceOf(MongoServerError);
+    expect(thrownError).to.have.property('message').that.includes('list');
+  });
+});