SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 6)

author: Sophia Tan <sophia_tll@hotmail.com> 2022-11-21 16:38:47 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2022-11-21 20:49:18 +0000
commit: 2bcee0994adf325a6d82d1a062ecf1715aec45e6 (patch)
tree: d72d25baa9c46e75fcef84f5afebb2d664f534c8 /jstests/core
parent: 653e858945e2befc7a01a4c816b27fcd0526b6c5 (diff)
download: mongo-2bcee0994adf325a6d82d1a062ecf1715aec45e6.tar.gz
39 files changed, 116 insertions, 28 deletions
diff --git a/jstests/core/txns/kill_sessions_kills_transaction.js b/jstests/core/txns/kill_sessions_kills_transaction.js
index 3fe592bbff9..7e858c02cc5 100644
--- a/jstests/core/txns/kill_sessions_kills_transaction.js
+++ b/jstests/core/txns/kill_sessions_kills_transaction.js
@@ -1,5 +1,7 @@
 // Tests that killSessions kills inactive transactions.
-// @tags: [uses_transactions, uses_parallel_shell]
+// The test runs commands that are not allowed with security token: endSession, killSessions.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_parallel_shell]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/kill_transaction_cursors_after_commit.js b/jstests/core/txns/kill_transaction_cursors_after_commit.js
index 0910b6fb1b7..8451c7feaa2 100644
--- a/jstests/core/txns/kill_transaction_cursors_after_commit.js
+++ b/jstests/core/txns/kill_transaction_cursors_after_commit.js
@@ -1,5 +1,7 @@
 // Tests that cursors created in transactions may be killed outside of the transaction.
-// @tags: [uses_transactions]
+// The test runs commands that are not allowed with security token: endSession, killCursors.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/kill_txn_cursor.js b/jstests/core/txns/kill_txn_cursor.js
index 0dc68af52c1..748f79cb645 100644
--- a/jstests/core/txns/kill_txn_cursor.js
+++ b/jstests/core/txns/kill_txn_cursor.js
@@ -1,5 +1,7 @@
 // Tests that killing a cursor created in a transaction does not abort the transaction.
-// @tags: [uses_transactions]
+// The test runs commands that are not allowed with security token: endSession, killCursors.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/libs/prepare_helpers.js b/jstests/core/txns/libs/prepare_helpers.js
index c2702a171cc..36e45619b9c 100644
--- a/jstests/core/txns/libs/prepare_helpers.js
+++ b/jstests/core/txns/libs/prepare_helpers.js
@@ -1,7 +1,10 @@
 /**
  * Helper functions for testing prepared transactions.
  *
- * @tags: [uses_transactions]
+ * The test runs commands that are not allowed with security token: dataSize, prepareTransaction,
+ * replSetGetStatus.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions]
  *
  */
 const PrepareHelpers = (function() {
diff --git a/jstests/core/txns/libs/write_conflicts.js b/jstests/core/txns/libs/write_conflicts.js
index ca40a0ca1c1..857b12ba1dd 100644
--- a/jstests/core/txns/libs/write_conflicts.js
+++ b/jstests/core/txns/libs/write_conflicts.js
@@ -1,7 +1,9 @@
 /**
  * Helper functions for testing write conflicts between concurrent, multi-document transactions.
  *
- * @tags: [uses_transactions]
+ * The test runs commands that are not allowed with security token: killSessions.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions]
  *
  */
 var WriteConflictHelpers = (function() {
diff --git a/jstests/core/txns/list_collections_not_blocked_by_txn.js b/jstests/core/txns/list_collections_not_blocked_by_txn.js
index b56699a28ba..1ef9bb17b38 100644
--- a/jstests/core/txns/list_collections_not_blocked_by_txn.js
+++ b/jstests/core/txns/list_collections_not_blocked_by_txn.js
@@ -1,4 +1,6 @@
-// @tags: [uses_transactions, uses_snapshot_read_concern]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_snapshot_read_concern]
 // This test ensures that listCollections does not conflict with multi-statement transactions
 // as a result of taking MODE_S locks that are incompatible with MODE_IX needed for writes.
 (function() {
diff --git a/jstests/core/txns/many_txns.js b/jstests/core/txns/many_txns.js
index a3c80222461..2a7321bdfd6 100644
--- a/jstests/core/txns/many_txns.js
+++ b/jstests/core/txns/many_txns.js
@@ -1,6 +1,8 @@
 // SERVER-38015 Test having many interactive transactions to ensure we don't hold on to too
 // many resources (like "write tickets") and don't prevent other operations from succeeding.
-// @tags: [uses_transactions]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/multi_statement_transaction.js b/jstests/core/txns/multi_statement_transaction.js
index fab7b1c96f2..a562c11b692 100644
--- a/jstests/core/txns/multi_statement_transaction.js
+++ b/jstests/core/txns/multi_statement_transaction.js
@@ -1,5 +1,7 @@
 // Test basic multi-statement transaction.
-// @tags: [uses_transactions]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/multi_statement_transaction_abort.js b/jstests/core/txns/multi_statement_transaction_abort.js
index 7a8cf0b85df..7399e6f7a5c 100644
--- a/jstests/core/txns/multi_statement_transaction_abort.js
+++ b/jstests/core/txns/multi_statement_transaction_abort.js
@@ -1,5 +1,7 @@
 // Test basic multi-statement transaction abort.
-// @tags: [uses_transactions, uses_snapshot_read_concern]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_snapshot_read_concern]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/multi_statement_transaction_using_api.js b/jstests/core/txns/multi_statement_transaction_using_api.js
index f1b961f9fdc..833ba292a5b 100644
--- a/jstests/core/txns/multi_statement_transaction_using_api.js
+++ b/jstests/core/txns/multi_statement_transaction_using_api.js
@@ -1,5 +1,7 @@
 // Test basic transaction write ops, reads, and commit/abort using the shell helper.
-// @tags: [uses_transactions, uses_snapshot_read_concern]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_snapshot_read_concern]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/new_transaction_waits_for_previous_txn_table_updates.js b/jstests/core/txns/new_transaction_waits_for_previous_txn_table_updates.js
index e5f2bf8a1c4..2499468f6a8 100644
--- a/jstests/core/txns/new_transaction_waits_for_previous_txn_table_updates.js
+++ b/jstests/core/txns/new_transaction_waits_for_previous_txn_table_updates.js
@@ -16,7 +16,9 @@
  * If we did not wait, the latter would get a write conflict when writing to the txn table because
  * it's reading from time 7 and doesn't see the write from time 9.
  *
+ * The test runs commands that are not allowed with security token: endSession, prepareTransaction.
  * @tags: [
+ *   not_allowed_with_security_token,
  *  uses_transactions,
  *  uses_prepare_transaction,
  *  uses_parallel_shell,
diff --git a/jstests/core/txns/new_transactions_on_session_with_prepared_txn_block_behind_prepare.js b/jstests/core/txns/new_transactions_on_session_with_prepared_txn_block_behind_prepare.js
index 92af2d230c5..b84bd8e322d 100644
--- a/jstests/core/txns/new_transactions_on_session_with_prepared_txn_block_behind_prepare.js
+++ b/jstests/core/txns/new_transactions_on_session_with_prepared_txn_block_behind_prepare.js
@@ -2,7 +2,13 @@
  * Tests that new transactions on a session block behind an existing prepared transaction on the
  * session.
  *
- * @tags: [uses_transactions, uses_prepare_transaction, uses_parallel_shell]
+ * The test runs commands that are not allowed with security token: endSession, prepareTransaction.
+ * @tags: [
+ *   not_allowed_with_security_token,
+ *   uses_transactions,
+ *   uses_prepare_transaction,
+ *   uses_parallel_shell
+ * ]
  */
 
 (function() {
diff --git a/jstests/core/txns/no_read_or_write_concern_inside_txn.js b/jstests/core/txns/no_read_or_write_concern_inside_txn.js
index c856d827495..1ba112381c7 100644
--- a/jstests/core/txns/no_read_or_write_concern_inside_txn.js
+++ b/jstests/core/txns/no_read_or_write_concern_inside_txn.js
@@ -2,7 +2,9 @@
  * Verify that readConcern and writeConcern are not allowed in transactions other than the
  * first statement (for readConcern) and the commit (for writeConcern)
  *
- * @tags: [uses_transactions, uses_snapshot_read_concern]
+ * The test runs commands that are not allowed with security token: endSession.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions, uses_snapshot_read_concern]
  */
 
 (function() {
diff --git a/jstests/core/txns/no_snapshot_writes_outside_txn.js b/jstests/core/txns/no_snapshot_writes_outside_txn.js
index 26d35a2d4e6..780dea9e9f8 100644
--- a/jstests/core/txns/no_snapshot_writes_outside_txn.js
+++ b/jstests/core/txns/no_snapshot_writes_outside_txn.js
@@ -1,7 +1,9 @@
 /**
  * Verify that readConcern: snapshot is not permitted for writes outside transactions.
  *
- * @tags: [requires_persistence, uses_transactions]
+ * The test runs commands that are not allowed with security token: endSession.
+ * @tags: [
+ *   not_allowed_with_security_token,requires_persistence, uses_transactions]
  */
 
 (function() {
diff --git a/jstests/core/txns/no_writes_to_config_transactions_with_prepared_transaction.js b/jstests/core/txns/no_writes_to_config_transactions_with_prepared_transaction.js
index 210e898f3f9..234437f604a 100644
--- a/jstests/core/txns/no_writes_to_config_transactions_with_prepared_transaction.js
+++ b/jstests/core/txns/no_writes_to_config_transactions_with_prepared_transaction.js
@@ -2,7 +2,9 @@
  * Tests that other than insertions, it is illegal to modify config.transactions while the session
  * has a prepared transaction.
  *
- * @tags: [uses_transactions, uses_prepare_transaction]
+ * The test runs commands that are not allowed with security token: endSession, prepareTransaction.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions, uses_prepare_transaction]
  */
 
 (function() {
diff --git a/jstests/core/txns/prepare_conflict.js b/jstests/core/txns/prepare_conflict.js
index e7a02af3226..44c8d7b02d5 100644
--- a/jstests/core/txns/prepare_conflict.js
+++ b/jstests/core/txns/prepare_conflict.js
@@ -1,7 +1,9 @@
 /**
  * Tests that prepare conflicts for prepared transactions are retried.
  *
+ * The test runs commands that are not allowed with security token: prepareTransaction, profile.
  * @tags: [
+ *   not_allowed_with_security_token,
  *   uses_prepare_transaction,
  *   uses_transactions,
  *   uses_parallel_shell,
diff --git a/jstests/core/txns/prepare_conflict_aggregation_behavior.js b/jstests/core/txns/prepare_conflict_aggregation_behavior.js
index c62b7370dc6..17c5a79811a 100644
--- a/jstests/core/txns/prepare_conflict_aggregation_behavior.js
+++ b/jstests/core/txns/prepare_conflict_aggregation_behavior.js
@@ -3,7 +3,9 @@
  * should not block on prepare conflicts, but writing out to a collection as a part of an aggregate
  * pipeline should block on prepare conflicts.
  *
- * @tags: [uses_transactions, uses_prepare_transaction]
+ * The test runs commands that are not allowed with security token: endSession, prepareTransaction.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions, uses_prepare_transaction]
  */
 (function() {
 "use strict";
diff --git a/jstests/core/txns/prepare_nonexistent_transaction.js b/jstests/core/txns/prepare_nonexistent_transaction.js
index c68c9164556..673403ddd22 100644
--- a/jstests/core/txns/prepare_nonexistent_transaction.js
+++ b/jstests/core/txns/prepare_nonexistent_transaction.js
@@ -1,7 +1,9 @@
 /**
  * Test error cases when calling prepare on a non-existent transaction.
  *
- * @tags: [uses_transactions, uses_prepare_transaction]
+ * The test runs commands that are not allowed with security token: endSession, prepareTransaction.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions, uses_prepare_transaction]
  */
 (function() {
 "use strict";
diff --git a/jstests/core/txns/prepare_prepared_transaction.js b/jstests/core/txns/prepare_prepared_transaction.js
index e7148349f53..273008d6d24 100644
--- a/jstests/core/txns/prepare_prepared_transaction.js
+++ b/jstests/core/txns/prepare_prepared_transaction.js
@@ -1,7 +1,9 @@
 /**
  * Tests that we can successfully prepare a prepared transaction.
  *
- * @tags: [uses_transactions, uses_prepare_transaction]
+ * The test runs commands that are not allowed with security token: endSession, prepareTransaction.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions, uses_prepare_transaction]
  */
 (function() {
 "use strict";
diff --git a/jstests/core/txns/prepare_transaction_fails_on_temp_collections.js b/jstests/core/txns/prepare_transaction_fails_on_temp_collections.js
index 98aaeeaef2d..cab8cfe73c7 100644
--- a/jstests/core/txns/prepare_transaction_fails_on_temp_collections.js
+++ b/jstests/core/txns/prepare_transaction_fails_on_temp_collections.js
@@ -4,7 +4,9 @@
  * Transactions should not operate on temporary collections because they are for internal use only
  * and are deleted on both repl stepup and server startup.
  *
+ * The test runs commands that are not allowed with security token: applyOps, prepareTransaction.
  * @tags: [
+ *   not_allowed_with_security_token,
  *   uses_transactions,
  *   uses_prepare_transaction,
  *   # applyOps is not supported on mongos
diff --git a/jstests/core/txns/prepare_transaction_unique_index_conflict.js b/jstests/core/txns/prepare_transaction_unique_index_conflict.js
index 9fc0dae7a0b..b133855cbde 100644
--- a/jstests/core/txns/prepare_transaction_unique_index_conflict.js
+++ b/jstests/core/txns/prepare_transaction_unique_index_conflict.js
@@ -5,7 +5,9 @@
  * collection. Since there are prepared operations on documents in the collection, the read should
  * cause a prepare conflict.
  *
- * @tags: [uses_transactions, uses_prepare_transaction]
+ * The test runs commands that are not allowed with security token: prepareTransaction.
+ * @tags: [
+ *   not_allowed_with_security_token,uses_transactions, uses_prepare_transaction]
  */
 
 (function() {
diff --git a/jstests/core/txns/prepared_transactions_do_not_block_non_conflicting_ddl.js b/jstests/core/txns/prepared_transactions_do_not_block_non_conflicting_ddl.js
index 1f13af52e0f..e1d3b745956 100644
--- a/jstests/core/txns/prepared_transactions_do_not_block_non_conflicting_ddl.js
+++ b/jstests/core/txns/prepared_transactions_do_not_block_non_conflicting_ddl.js
@@ -1,5 +1,7 @@
 // Test that prepared transactions don't block DDL operations on the non-conflicting collections.
-// @tags: [uses_transactions, uses_prepare_transaction]
+// The test runs commands that are not allowed with security token: endSession, prepareTransaction.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_prepare_transaction]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/read_concern.js b/jstests/core/txns/read_concern.js
index 73b87841f26..fac40d9bcb5 100644
--- a/jstests/core/txns/read_concern.js
+++ b/jstests/core/txns/read_concern.js
@@ -1,7 +1,9 @@
 // Test that no matter the readConcern specified on a multi-statement transaction, it has snapshot
 // isolation. Also test that readConcern linearizable and available are not allowed with a
 // transaction.
-// @tags: [uses_transactions, requires_majority_read_concern]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, requires_majority_read_concern]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/read_concerns.js b/jstests/core/txns/read_concerns.js
index 83d1d5f2813..ace544e4fd7 100644
--- a/jstests/core/txns/read_concerns.js
+++ b/jstests/core/txns/read_concerns.js
@@ -1,6 +1,12 @@
 // Verifies which read concern levels transactions support, with and without afterClusterTime.
 //
-// @tags: [uses_transactions, uses_snapshot_read_concern, requires_majority_read_concern]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,
+//   uses_transactions,
+//   uses_snapshot_read_concern,
+//   requires_majority_read_concern,
+// ]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/repeatable_reads_in_transaction.js b/jstests/core/txns/repeatable_reads_in_transaction.js
index ecce8881c67..867f205c6e7 100644
--- a/jstests/core/txns/repeatable_reads_in_transaction.js
+++ b/jstests/core/txns/repeatable_reads_in_transaction.js
@@ -1,6 +1,8 @@
 // Test to guarantee read repeatability, meaning that while in a transaction, we should repeatedly
 // read the same data even if it was modified outside of the transaction.
-// @tags: [uses_transactions, uses_snapshot_read_concern]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_snapshot_read_concern]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/speculative_snapshot_includes_all_writes.js b/jstests/core/txns/speculative_snapshot_includes_all_writes.js
index 54979b34033..1a813468da3 100644
--- a/jstests/core/txns/speculative_snapshot_includes_all_writes.js
+++ b/jstests/core/txns/speculative_snapshot_includes_all_writes.js
@@ -1,7 +1,9 @@
 /**
  * A speculative snapshot must not include any writes ordered after any uncommitted writes.
  *
+ * The test runs commands that are not allowed with security token: endSession.
  * @tags: [
+ *   not_allowed_with_security_token,
  *  uses_transactions,
  *  requires_majority_read_concern,
  *  uses_parallel_shell,
diff --git a/jstests/core/txns/start_transaction_with_read.js b/jstests/core/txns/start_transaction_with_read.js
index 285e63a2abd..e1b7b601ce9 100644
--- a/jstests/core/txns/start_transaction_with_read.js
+++ b/jstests/core/txns/start_transaction_with_read.js
@@ -1,5 +1,7 @@
 // Test transaction starting with read.
-// @tags: [uses_transactions]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions]
 (function() {
 "use strict";
 load("jstests/libs/auto_retry_transaction_in_sharding.js");
diff --git a/jstests/core/txns/statement_ids_accepted.js b/jstests/core/txns/statement_ids_accepted.js
index 67f7abede08..b5a56b31870 100644
--- a/jstests/core/txns/statement_ids_accepted.js
+++ b/jstests/core/txns/statement_ids_accepted.js
@@ -1,6 +1,8 @@
 // Makes sure all commands which are supposed to take statement ids do.  This should test all
 // commands that are allowed in transactions.
+// The test runs commands that are not allowed with security token: endSession, prepareTransaction.
 // @tags: [
+//   not_allowed_with_security_token,
 //    uses_transactions,
 //    uses_prepare_transaction,
 //    # Tenant migrations don't support applyOps.
diff --git a/jstests/core/txns/timestamped_reads_wait_for_prepare_oplog_visibility.js b/jstests/core/txns/timestamped_reads_wait_for_prepare_oplog_visibility.js
index 61fd43e35c4..481a1693b8b 100644
--- a/jstests/core/txns/timestamped_reads_wait_for_prepare_oplog_visibility.js
+++ b/jstests/core/txns/timestamped_reads_wait_for_prepare_oplog_visibility.js
@@ -2,7 +2,9 @@
  * Tests that timestamped reads, reads with snapshot and afterClusterTime, wait for the prepare
  * transaction oplog entry to be visible before choosing a read timestamp.
  *
+ * The test runs commands that are not allowed with security token: prepareTransaction.
  * @tags: [
+ *  not_allowed_with_security_token,
  *  uses_transactions,
  *  uses_prepare_transaction,
  *  uses_parallel_shell,
diff --git a/jstests/core/txns/transaction_error_handling.js b/jstests/core/txns/transaction_error_handling.js
index 74852bd58f8..a8deaa5039b 100644
--- a/jstests/core/txns/transaction_error_handling.js
+++ b/jstests/core/txns/transaction_error_handling.js
@@ -1,5 +1,7 @@
 // Test basic transaction error handling.
-// @tags: [uses_transactions]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/transaction_ops_against_capped_collection.js b/jstests/core/txns/transaction_ops_against_capped_collection.js
index 86c7c4f3383..b2bdd22b433 100644
--- a/jstests/core/txns/transaction_ops_against_capped_collection.js
+++ b/jstests/core/txns/transaction_ops_against_capped_collection.js
@@ -3,7 +3,9 @@
  * still allowed.
  *
  * 'requires_capped' tagged tests are excluded from txn passthrough suites.
- * @tags: [requires_capped, uses_transactions]
+ * The test runs commands that are not allowed with security token: endSession.
+ * @tags: [
+ *   not_allowed_with_security_token,requires_capped, uses_transactions]
  */
 (function() {
 "use strict";
diff --git a/jstests/core/txns/transactions_block_ddl.js b/jstests/core/txns/transactions_block_ddl.js
index c7b0b82d8ed..6cbe52d63d7 100644
--- a/jstests/core/txns/transactions_block_ddl.js
+++ b/jstests/core/txns/transactions_block_ddl.js
@@ -1,5 +1,7 @@
 // Test that open transactions block DDL operations on the involved collections.
-// @tags: [uses_rename, uses_transactions]
+// The test runs commands that are not allowed with security token: endSession.
+// @tags: [
+//   not_allowed_with_security_token,uses_rename, uses_transactions]
 (function() {
 "use strict";
 
diff --git a/jstests/core/txns/transactions_profiling.js b/jstests/core/txns/transactions_profiling.js
index 6b1e0e6c939..7b1f6cecf91 100644
--- a/jstests/core/txns/transactions_profiling.js
+++ b/jstests/core/txns/transactions_profiling.js
@@ -1,5 +1,7 @@
 // Test profiling for commands in multi-document transactions.
+// The test runs commands that are not allowed with security token: endSession, setProfilingLevel.
 // @tags: [
+//   not_allowed_with_security_token,
 //   uses_transactions,
 // ]
 (function() {
diff --git a/jstests/core/txns/transactions_profiling_with_drops.js b/jstests/core/txns/transactions_profiling_with_drops.js
index 974b0098a2a..d71328b701f 100644
--- a/jstests/core/txns/transactions_profiling_with_drops.js
+++ b/jstests/core/txns/transactions_profiling_with_drops.js
@@ -1,5 +1,7 @@
 // Tests that locks acquisitions for profiling in a transaction have a 0-second timeout.
-// @tags: [uses_transactions, uses_parallel_shell]
+// The test runs commands that are not allowed with security token: endSession, killOp, profile.
+// @tags: [
+//   not_allowed_with_security_token,uses_transactions, uses_parallel_shell]
 (function() {
 "use strict";
 
diff --git a/jstests/core/updatem.js b/jstests/core/updatem.js
index 92625954f8b..8e4af7e56c7 100644
--- a/jstests/core/updatem.js
+++ b/jstests/core/updatem.js
@@ -1,7 +1,9 @@
 // Cannot implicitly shard accessed collections because of following errmsg: A single
 // update/delete on a sharded collection must contain an exact match on _id or contain the shard
 // key.
-// @tags: [assumes_unsharded_collection, requires_non_retryable_commands]
+// The test runs commands that are not allowed with security token: godinsert.
+// @tags: [
+//   not_allowed_with_security_token,assumes_unsharded_collection, requires_non_retryable_commands]
 
 // Tests that _id will exist in all updated docs.
 
diff --git a/jstests/core/user_management_helpers.js b/jstests/core/user_management_helpers.js
index 7dba2903966..0e68c51d1f3 100644
--- a/jstests/core/user_management_helpers.js
+++ b/jstests/core/user_management_helpers.js
@@ -1,4 +1,7 @@
+// The test runs commands that are not allowed with security token: createUser, dropUser,
+// grantRolesToUser, logout, revokeRolesFromUser, updateUser.
 // @tags: [
+//   not_allowed_with_security_token,
 //   assumes_superuser_permissions,
 //   assumes_write_concern_unchanged,
 //   creates_and_authenticates_user,
diff --git a/jstests/core/validate_db_metadata_command.js b/jstests/core/validate_db_metadata_command.js
index c9b0d40df09..5590dd10147 100644
--- a/jstests/core/validate_db_metadata_command.js
+++ b/jstests/core/validate_db_metadata_command.js
@@ -1,6 +1,8 @@
 /**
  * Tests the validateDBMetaData commands with various input parameters.
+ * The test runs commands that are not allowed with security token: validateDBMetadata.
  * @tags: [
+ *   not_allowed_with_security_token,
  *   no_selinux,
  * ]
  */
diff --git a/jstests/core/validate_user_documents.js b/jstests/core/validate_user_documents.js
index 9e32cc2dd59..2a30ed0fea8 100644
--- a/jstests/core/validate_user_documents.js
+++ b/jstests/core/validate_user_documents.js
@@ -1,4 +1,6 @@
+// The test runs commands that are not allowed with security token: createUser, updateUser.
 // @tags: [
+//   not_allowed_with_security_token,
 //   assumes_superuser_permissions,
 //   assumes_write_concern_unchanged,
 //   requires_auth,
diff --git a/jstests/core/version_api_v1_command_coverage.js b/jstests/core/version_api_v1_command_coverage.js
index 46ff078147e..cb4b1bc89c4 100644
--- a/jstests/core/version_api_v1_command_coverage.js
+++ b/jstests/core/version_api_v1_command_coverage.js
@@ -2,7 +2,9 @@
  * Checks that commands included/omitted in API V1 behave correctly with various combinations of API
  * parameters.
  *
+ * The test runs commands that are not allowed with security token: createUser, dropUser.
  * @tags: [
+ *   not_allowed_with_security_token,
  *   requires_non_retryable_commands,
  *   uses_api_parameters,
  * ]
author	Sophia Tan <sophia_tll@hotmail.com>	2022-11-21 16:38:47 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2022-11-21 20:49:18 +0000
commit	2bcee0994adf325a6d82d1a062ecf1715aec45e6 (patch)
tree	d72d25baa9c46e75fcef84f5afebb2d664f534c8 /jstests/core
parent	653e858945e2befc7a01a4c816b27fcd0526b6c5 (diff)
download	mongo-2bcee0994adf325a6d82d1a062ecf1715aec45e6.tar.gz