1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
config_variables:
- &keyFile jstests/libs/authTestsKey
- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly
- &authOptions
authenticationDatabase: admin
authenticationMechanism: SCRAM-SHA-256
password: *keyFileData
username: __system
test_kind: js_test
selector:
roots:
- jstests/core/**/*.js
- jstests/fle2/**/*.js
- src/mongo/db/modules/*/jstests/fle2/*.js
exclude_files:
# Skip any tests that run with auth explicitly.
- jstests/core/*[aA]uth*.js
# Has conditional logic for standalone servers and replica sets, but can't distinguish the two
# when connected to mongos.
- jstests/core/write_result.js
# The following tests fail because a certain command or functionality is not supported on
# mongos. This command or functionality is placed in a comment next to the failing test.
- jstests/core/apitest_db.js # serverStatus output doesn't have storageEngine.
- jstests/core/check_shard_index.js # checkShardingIndex.
- jstests/core/collection_truncate.js # emptycapped.
- jstests/core/compact_keeps_indexes.js # compact.
- jstests/core/currentop.js # uses fsync.
- jstests/core/dbhash.js # dbhash.
- jstests/core/dbhash2.js # dbhash.
- jstests/core/fsync.js # uses fsync.
- jstests/core/geo_update_btree2.js # notablescan.
- jstests/core/index9.js # "local" database.
- jstests/core/queryoptimizera.js # "local" database.
- jstests/core/stages*.js # stageDebug.
# The following tests fail because mongos behaves differently from mongod when testing certain
# functionality. The differences are in a comment next to the failing test.
- jstests/core/explain_missing_database.js # Behavior with no db different on mongos.
- jstests/core/geo_2d_explain.js # executionSuccess in different spot in explain().
- jstests/core/geo_s2explain.js # inputStage in different spot in explain().
- jstests/core/geo_s2sparse.js # keysPerIndex in different spot in validate().
- jstests/core/killop_drop_collection.js # Uses fsyncLock.
- jstests/core/or_to_in.js # queryPlanner in different spot in explain()
# Logical sessions require that only one user be authenticated,
# but this suite puts us in a multi-auth state.
- jstests/core/list_all_sessions.js # Too many users authenticated
- jstests/core/list_sessions.js # Too many users authenticated
# The following tests fail because of divergent dropCollection behavior between standalones and
# sharded clusters. These tests expect a second drop command to error, whereas in sharded clusters
# we expect a second drop to return status OK.
- jstests/core/explain_upsert.js
# These include operations the root user auth'd on the test database is not authorized to perform,
# e.g. reading system.views, dropping or creating system collections.
- jstests/core/list_collections_no_views.js
- jstests/core/rename_collection_system_db.js
- jstests/core/views/invalid_system_views.js
- jstests/core/views/view_with_invalid_dbname.js
- jstests/core/views/views_creation.js
- jstests/core/views/views_drop.js
- jstests/core/disallow_system_views_user_writes.js
- jstests/core/timeseries/bucket_granularity.js
# These tests expect listCollections to return system.bucket.* collections, which are filtered
# out by mongos when authentication is enabled.
# Refer to filter in cluster_list_collections_cmd.cpp
- jstests/core/timeseries/timeseries_*.js
# This test uses `benchRun` which spawns connections which do not inherit the causal session.
- jstests/core/benchrun_pipeline_updates.js
# In the context of auth on mongos, illegal namespaces trigger a different error code than they do
# on mongod. To keep the test simple, we avoid running it against a mongos when auth is enabled.
- jstests/core/illegal_cmd_namespace.js
exclude_with_any_tags:
- assumes_against_mongod_not_mongos
- assumes_standalone_mongod
##
# The next tag corresponds to the special error thrown by the set_read_preference_secondary.js
# override when it refuses to replace the readPreference of a particular command. Above each tag
# are the message(s) that cause the tag to be warranted.
##
# "Cowardly refusing to override read preference of command: ..."
# "Cowardly refusing to run test with overridden read preference when it reads from a
# non-replicated collection: ..."
- assumes_read_preference_unchanged
# Multiple users cannot be authenticated on one connection within a session.
- creates_and_authenticates_user
- does_not_support_causal_consistency
- requires_collstats
# The system.profile collection is not replicated. So the reads from secondaries will not be
# consistent with primary.
- requires_profiling
# These tests are run in sharded_causally_consistent_jscore_txns_passthrough.
- uses_transactions
# Parallel shell is not causally consistent because it uses a different session.
- uses_parallel_shell
executor:
archive:
hooks:
- CheckReplDBHash
- ValidateCollections
config:
shell_options:
global_vars:
TestData: &TestData
auth: true
authMechanism: SCRAM-SHA-256
keyFile: *keyFile
keyFileData: *keyFileData
roleGraphInvalidationIsFatal: true
eval: |
jsTest.authenticate(db.getMongo());
(function() {
const username = "misha";
const password = "pwd";
const res = db.runCommand({
createUser: username,
pwd: password,
roles: [{role: "root", db: jsTest.options().authenticationDatabase}]
});
if (res.ok === 1) {
assert.commandWorked(res);
} else {
// If 'username' already exists, then attempts to create a user with the same name
// will fail with error code 51003.
assert.commandFailedWithCode(res, 51003);
}
// Log out as the __system user and auth as the newly created user.
db.getSiblingDB(jsTest.options().authenticationDatabase).logout();
db.auth(username, password);
})();
load("jstests/libs/override_methods/enable_causal_consistency.js");
<<: *authOptions
hooks:
- class: CheckReplDBHash
shell_options:
global_vars:
TestData: *TestData
eval: jsTest.authenticate(db.getMongo())
<<: *authOptions
- class: ValidateCollections
shell_options:
global_vars:
TestData: *TestData
eval: jsTest.authenticate(db.getMongo())
<<: *authOptions
- class: CleanEveryN
n: 20
fixture:
class: ShardedClusterFixture
mongos_options:
keyFile: *keyFile
set_parameters:
enableTestCommands: 1
logComponentVerbosity:
verbosity: 0
command: 1
network:
verbosity: 1
asio: 2
tracking: 0
mongod_options:
enableMajorityReadConcern: ''
auth: ''
keyFile: *keyFile
set_parameters:
enableTestCommands: 1
enableLocalhostAuthBypass: false
logComponentVerbosity:
verbosity: 0
command: 1
network:
verbosity: 1
asio: 2
replication:
heartbeats: 2
tracking: 0
num_rs_nodes_per_shard: 2
enable_sharding:
- test
auth_options: *authOptions
|
