config_variables: - &keyFile jstests/libs/authTestsKey - &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly - &authOptions authenticationDatabase: admin authenticationMechanism: SCRAM-SHA-256 password: *keyFileData username: __system test_kind: js_test selector: roots: - jstests/core/**/*.js exclude_files: - jstests/core/txns/**/*.js # Skip any tests that run with auth explicitly. - jstests/core/*[aA]uth*.js # Has conditional logic for standalone servers and replica sets, but can't distinguish the two # when connected to mongos. - jstests/core/write_result.js # The following tests fail because a certain command or functionality is not supported on # mongos. This command or functionality is placed in a comment next to the failing test. - jstests/core/apitest_db.js # serverStatus output doesn't have storageEngine. - jstests/core/check_shard_index.js # checkShardingIndex. - jstests/core/collection_truncate.js # emptycapped. - jstests/core/compact_keeps_indexes.js # compact. - jstests/core/currentop.js # uses fsync. - jstests/core/dbhash.js # dbhash. - jstests/core/dbhash2.js # dbhash. - jstests/core/fsync.js # uses fsync. - jstests/core/geo_update_btree2.js # notablescan. - jstests/core/index9.js # "local" database. - jstests/core/queryoptimizera.js # "local" database. - jstests/core/stages*.js # stageDebug. # The following tests fail because mongos behaves differently from mongod when testing certain # functionality. The differences are in a comment next to the failing test. - jstests/core/explain_missing_database.js # Behavior with no db different on mongos. - jstests/core/geo_2d_explain.js # executionSuccess in different spot in explain(). - jstests/core/geo_s2explain.js # inputStage in different spot in explain(). - jstests/core/geo_s2sparse.js # keysPerIndex in different spot in validate(). - jstests/core/killop_drop_collection.js # Uses fsyncLock. - jstests/core/or_to_in.js # queryPlanner in different spot in explain() # Tests that need triaging & remediation | denylist decision # Comments list possible problem point under review. - jstests/core/stages_delete.js # Uses stageDebug command for deletes. # Tests that fail for Causal Consistency as they have statements that do not support # non-local read concern. - jstests/core/geo_big_polygon3.js - jstests/core/mr*.js - jstests/core/collation.js - jstests/core/loadserverscripts.js - jstests/core/bypass_doc_validation.js - jstests/core/commands_namespace_parsing.js - jstests/core/tailable_cursor_invalidation.js - jstests/core/tailable_getmore_batch_size.js - jstests/core/tailable_skip_limit.js - jstests/core/constructors.js - jstests/core/views/views_all_commands.js - jstests/core/or4.js - jstests/core/recursion.js # An index drop does not necessarily cause cursors to be killed on the secondary. - jstests/core/ord.js # Parallel shell is not causally consistent - jstests/core/benchrun_pipeline_updates.js - jstests/core/crud_ops_do_not_throw_locktimeout.js - jstests/core/cursora.js - jstests/core/find_and_modify_concurrent_update.js - jstests/core/removec.js - jstests/core/shellstartparallel.js # TODO SERVER-30466 - jstests/core/explain_multi_plan.js - jstests/core/explain_shell_helpers.js - jstests/core/index_partial_read_ops.js - jstests/core/explain_server_params.js - jstests/core/update_arrayFilters.js # TODO: SERVER-30488 - jstests/core/apitest_dbcollection.js - jstests/core/getmore_invalidated_cursors.js - jstests/core/orf.js #explain.executionStats is not CC # getMore is not causally consistent if collection is dropped - jstests/core/drop3.js # Logical sessions require that only one user be authenticated, # but this suite puts us in a multi-auth state. - jstests/core/list_all_sessions.js # Too many users authenticated - jstests/core/list_sessions.js # Too many users authenticated # The following tests fail because of divergent dropCollection behavior between standalones and # sharded clusters. These tests expect a second drop command to error, whereas in sharded clusters # we expect a second drop to return status OK. - jstests/core/explain_upsert.js # The `dbstats` command builds in-memory structures that are not causally consistent. - jstests/core/dbstats.js # These include operations the root user auth'd on the test database is not authorized to perform, # e.g. reading system.views, dropping or creating system collections. - jstests/core/list_collections_no_views.js - jstests/core/rename_collection_system_db.js - jstests/core/views/invalid_system_views.js - jstests/core/views/view_with_invalid_dbname.js - jstests/core/views/views_creation.js - jstests/core/views/views_drop.js - jstests/core/disallow_system_views_user_writes.js - jstests/core/timeseries/bucket_granularity.js # These tests expect listCollections to return system.bucket.* collections, which are filtered # out by mongos when authentication is enabled. # Refer to filter in cluster_list_collections_cmd.cpp - jstests/core/timeseries/timeseries_*.js exclude_with_any_tags: - assumes_against_mongod_not_mongos - assumes_standalone_mongod ## # The next tag corresponds to the special error thrown by the set_read_preference_secondary.js # override when it refuses to replace the readPreference of a particular command. Above each tag # are the message(s) that cause the tag to be warranted. ## # "Cowardly refusing to override read preference of command: ..." # "Cowardly refusing to run test with overridden read preference when it reads from a # non-replicated collection: ..." - assumes_read_preference_unchanged # Multiple users cannot be authenticated on one connection within a session. - creates_and_authenticates_user - does_not_support_causal_consistency - requires_collstats # The system.profile collection is not replicated. So the reads from secondaries will not be # consistent with primary. - requires_profiling executor: archive: hooks: - CheckReplDBHash - ValidateCollections config: shell_options: global_vars: TestData: &TestData auth: true authMechanism: SCRAM-SHA-256 keyFile: *keyFile keyFileData: *keyFileData roleGraphInvalidationIsFatal: true eval: | jsTest.authenticate(db.getMongo()); (function() { const username = "misha"; const password = "pwd"; const res = db.runCommand({ createUser: username, pwd: password, roles: [{role: "root", db: jsTest.options().authenticationDatabase}] }); if (res.ok === 1) { assert.commandWorked(res); } else { // If 'username' already exists, then attempts to create a user with the same name // will fail with error code 51003. assert.commandFailedWithCode(res, 51003); } // Log out as the __system user and auth as the newly created user. db.getSiblingDB(jsTest.options().authenticationDatabase).logout(); db.auth(username, password); })(); load("jstests/libs/override_methods/enable_causal_consistency.js"); <<: *authOptions hooks: - class: CheckReplDBHash shell_options: global_vars: TestData: *TestData eval: jsTest.authenticate(db.getMongo()) <<: *authOptions - class: ValidateCollections shell_options: global_vars: TestData: *TestData eval: jsTest.authenticate(db.getMongo()) <<: *authOptions - class: CleanEveryN n: 20 fixture: class: ShardedClusterFixture mongos_options: keyFile: *keyFile set_parameters: enableTestCommands: 1 logComponentVerbosity: verbosity: 0 command: 1 network: verbosity: 1 asio: 2 tracking: 0 mongod_options: enableMajorityReadConcern: '' auth: '' keyFile: *keyFile set_parameters: enableTestCommands: 1 enableLocalhostAuthBypass: false logComponentVerbosity: verbosity: 0 command: 1 network: verbosity: 1 asio: 2 replication: heartbeats: 2 tracking: 0 num_rs_nodes_per_shard: 2 enable_sharding: - test auth_options: *authOptions