7 files changed, 59 insertions, 33 deletions

diff --git a/jstests/noPassthrough/libs/index_build.js b/jstests/noPassthrough/libs/index_build.js
index 7fe4ed625c8..6b917208c5d 100644
--- a/jstests/noPassthrough/libs/index_build.js
+++ b/jstests/noPassthrough/libs/index_build.js
@@ -9,30 +9,34 @@ var IndexBuildTest = class {
      * Starts an index build in a separate mongo shell process with given options.
      * Ensures the index build worked or failed with one of the expected failures.
      */
-    static startIndexBuild(conn, ns, keyPattern, options, expectedFailures, commitQuorum) {
+    static startIndexBuild(conn, ns, keyPattern, options, expectedFailures, commitQuorum, authDoc) {
         options = options || {};
         expectedFailures = expectedFailures || [];
-        // The default for the commit quorum parameter to Collection.createIndexes() should be
-        // left as undefined if 'commitQuorum' is omitted. This is because we need to differentiate
-        // between undefined (which uses the default in the server) and 0 which disables the commit
-        // quorum.
-        const commitQuorumStr = (commitQuorum === undefined ? '' : ', ' + tojson(commitQuorum));
-
-        if (Array.isArray(keyPattern)) {
-            return startParallelShell(
-                'const coll = db.getMongo().getCollection("' + ns + '");' +
-                    'assert.commandWorkedOrFailedWithCode(coll.createIndexes(' +
-                    JSON.stringify(keyPattern) + ', ' + tojson(options) + commitQuorumStr + '), ' +
-                    JSON.stringify(expectedFailures) + ');',
-                conn.port);
-        } else {
-            return startParallelShell('const coll = db.getMongo().getCollection("' + ns + '");' +
-                                          'assert.commandWorkedOrFailedWithCode(coll.createIndex(' +
-                                          tojson(keyPattern) + ', ' + tojson(options) +
-                                          commitQuorumStr + '), ' +
-                                          JSON.stringify(expectedFailures) + ');',
-                                      conn.port);
-        }
+
+        const args = [ns, keyPattern, options, expectedFailures, commitQuorum, authDoc];
+        let func = function(args) {
+            const [ns, keyPattern, options, expectedFailures, commitQuorum, authDoc] = args;
+            // If authDoc is specified, then the index build is being started on a server that has
+            // auth enabled. Be sure to authenticate the new shell client with the provided
+            // credentials.
+            if (authDoc) {
+                assert(db.getSiblingDB('admin').auth(authDoc.user, authDoc.pwd));
+            }
+            const keyPatterns = (Array.isArray(keyPattern) ? keyPattern : [keyPattern]);
+            const coll = db.getMongo().getCollection(ns);
+            // The default for the commit quorum parameter to Collection.createIndexes() should be
+            // left as undefined if 'commitQuorum' is omitted. This is because we need to
+            // differentiate between undefined (which uses the default in the server) and 0 which
+            // disables the commit quorum.
+            if (commitQuorum !== undefined) {
+                assert.commandWorkedOrFailedWithCode(
+                    coll.createIndexes(keyPatterns, options, commitQuorum), expectedFailures);
+            } else {
+                assert.commandWorkedOrFailedWithCode(coll.createIndexes(keyPatterns, options),
+                                                     expectedFailures);
+            }
+        };
+        return startParallelShell(funWithArgs(func, args), conn.port);
     }
 
     /**
diff --git a/src/mongo/db/audit.cpp b/src/mongo/db/audit.cpp
index 60e826e91fb..7d376722003 100644
--- a/src/mongo/db/audit.cpp
+++ b/src/mongo/db/audit.cpp
@@ -149,7 +149,9 @@ void logLogout(Client* client,
 void logCreateIndex(Client* client,
                     const BSONObj* indexSpec,
                     StringData indexname,
-                    const NamespaceString& nsname) {}
+                    const NamespaceString& nsname,
+                    StringData indexBuildState,
+                    ErrorCodes::Error result) {}
 
 void logCreateCollection(Client* client, const NamespaceString& nsname) {}
 
diff --git a/src/mongo/db/audit.h b/src/mongo/db/audit.h
index 5f0c3e329db..bb24e80e087 100644
--- a/src/mongo/db/audit.h
+++ b/src/mongo/db/audit.h
@@ -340,7 +340,9 @@ void logLogout(Client* client,
 void logCreateIndex(Client* client,
                     const BSONObj* indexSpec,
                     StringData indexname,
-                    const NamespaceString& nsname);
+                    const NamespaceString& nsname,
+                    StringData indexBuildState,
+                    ErrorCodes::Error result);
 
 /**
  * Logs the result of a createCollection command.
diff --git a/src/mongo/db/catalog/SConscript b/src/mongo/db/catalog/SConscript
index f598893d9c3..05310e34826 100644
--- a/src/mongo/db/catalog/SConscript
+++ b/src/mongo/db/catalog/SConscript
@@ -220,6 +220,7 @@ env.Library(
     ],
     LIBDEPS=[
         '$BUILD_DIR/mongo/base',
+        '$BUILD_DIR/mongo/db/audit',
         '$BUILD_DIR/mongo/db/catalog/collection_query_info',
         '$BUILD_DIR/mongo/db/index/index_descriptor',
         '$BUILD_DIR/mongo/db/index_names',
@@ -265,7 +266,6 @@ env.Library(
     ],
     LIBDEPS=[
         '$BUILD_DIR/mongo/base',
-        '$BUILD_DIR/mongo/db/audit',
         '$BUILD_DIR/mongo/db/catalog_raii',
         '$BUILD_DIR/mongo/db/concurrency/write_conflict_exception',
         '$BUILD_DIR/mongo/db/curop',
diff --git a/src/mongo/db/catalog/index_build_block.cpp b/src/mongo/db/catalog/index_build_block.cpp
index 9bdc3fb8585..5d6012e0ac2 100644
--- a/src/mongo/db/catalog/index_build_block.cpp
+++ b/src/mongo/db/catalog/index_build_block.cpp
@@ -35,6 +35,7 @@
 
 #include <vector>
 
+#include "mongo/db/audit.h"
 #include "mongo/db/catalog/collection.h"
 #include "mongo/db/catalog/uncommitted_collections.h"
 #include "mongo/db/catalog_raii.h"
@@ -126,6 +127,15 @@ Status IndexBuildBlock::init(OperationContext* opCtx, Collection* collection) {
 
     _indexName = descriptor->indexName();
 
+    // Since the index build block is being initialized, the index build for _indexName is
+    // beginning. Accordingly, emit an audit event indicating this.
+    audit::logCreateIndex(opCtx->getClient(),
+                          &_spec,
+                          _indexName,
+                          collection->ns(),
+                          "IndexBuildStarted",
+                          ErrorCodes::OK);
+
     bool isBackgroundIndex = _method == IndexBuildMethod::kHybrid;
     bool isBackgroundSecondaryBuild = false;
     if (auto replCoord = repl::ReplicationCoordinator::get(opCtx)) {
@@ -176,6 +186,14 @@ void IndexBuildBlock::fail(OperationContext* opCtx, Collection* collection) {
 
     invariant(opCtx->lockState()->isCollectionLockedForMode(_nss, MODE_X));
 
+    // Audit that the index build is being aborted.
+    audit::logCreateIndex(opCtx->getClient(),
+                          &_spec,
+                          _indexName,
+                          collection->ns(),
+                          "IndexBuildAborted",
+                          ErrorCodes::IndexBuildAborted);
+
     auto indexCatalogEntry = getEntry(opCtx, collection);
     if (indexCatalogEntry) {
         invariant(collection->getIndexCatalog()->dropIndexEntry(opCtx, indexCatalogEntry).isOK());
@@ -210,6 +228,14 @@ void IndexBuildBlock::success(OperationContext* opCtx, Collection* collection) {
     collection->indexBuildSuccess(opCtx, indexCatalogEntry);
     auto svcCtx = opCtx->getClient()->getServiceContext();
 
+    // Before committing the index build, optimistically audit that the index build has succeeded.
+    audit::logCreateIndex(opCtx->getClient(),
+                          &_spec,
+                          _indexName,
+                          collection->ns(),
+                          "IndexBuildSucceeded",
+                          ErrorCodes::OK);
+
     opCtx->recoveryUnit()->onCommit(
         [svcCtx,
          indexName = _indexName,
diff --git a/src/mongo/db/catalog/index_catalog_impl.cpp b/src/mongo/db/catalog/index_catalog_impl.cpp
index 10928e53bed..b9b563627fe 100644
--- a/src/mongo/db/catalog/index_catalog_impl.cpp
+++ b/src/mongo/db/catalog/index_catalog_impl.cpp
@@ -521,7 +521,6 @@ StatusWith<BSONObj> IndexCatalogImpl::createIndexOnEmptyCollection(OperationCont
     invariant(DurableCatalog::get(opCtx)->isIndexReady(
         opCtx, _collection->getCatalogId(), descriptor->indexName()));
 
-    audit::logCreateIndex(opCtx->getClient(), &spec, descriptor->indexName(), _collection->ns());
 
     return spec;
 }
diff --git a/src/mongo/db/catalog/multi_index_block.cpp b/src/mongo/db/catalog/multi_index_block.cpp
index 1bea1a2bb7e..54d8dd74aa8 100644
--- a/src/mongo/db/catalog/multi_index_block.cpp
+++ b/src/mongo/db/catalog/multi_index_block.cpp
@@ -37,7 +37,6 @@
 
 #include "mongo/base/error_codes.h"
 #include "mongo/bson/simple_bsonelement_comparator.h"
-#include "mongo/db/audit.h"
 #include "mongo/db/catalog/collection.h"
 #include "mongo/db/catalog/collection_catalog.h"
 #include "mongo/db/catalog/multi_index_block_gen.h"
@@ -302,12 +301,6 @@ StatusWith<std::vector<BSONObj>> MultiIndexBlock::init(
                       eachIndexBuildMaxMemoryUsageBytes / 1024 / 1024);
 
             index.filterExpression = indexCatalogEntry->getFilterExpression();
-
-            if (!resumeInfo) {
-                // TODO SERVER-14888 Suppress this in cases we don't want to audit.
-                audit::logCreateIndex(
-                    opCtx->getClient(), &info, descriptor->indexName(), collection->ns());
-            }
         }
 
         opCtx->recoveryUnit()->onCommit([ns = collection->ns(), this](auto commitTs) {