summaryrefslogtreecommitdiff
path: root/buildscripts/resmokeconfig/suites/native_tenant_data_isolation_with_dollar_tenant_jscore_passthrough.yml
blob: 5622a03c9519da310e4379284a9ab216d125ebb8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

config_variables:
- &keyFile jstests/libs/authTestsKey
- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly
- &authOptions
  authenticationDatabase: local
  authenticationMechanism: SCRAM-SHA-256
  password: *keyFileData
  username: __system

test_kind: js_test

selector:
  roots:
  - jstests/core/**/*.js
  exclude_with_any_tags:
  - command_not_supported_in_serverless
  # Theses tests expect replication is not enabled.
  - assumes_standalone_mongod
  # Capped collections are banned in Serverless.
  - requires_capped
  # Server side javascript (such as $where, $function, $accumulator and map-reduce) is not allowed in Serverless.
  - requires_scripting
  - uses_map_reduce_with_temp_collections
  # This test suite creates connection with user "__system", so cannot be authenticated again with different user.
  - requires_auth
  # Sharding commands are not tenant aware.
  - requires_sharding
  # TODO SERVER-72173: tenant information is dropped off when trying to profile operation.
  - requires_profiling
  # Columnstore indexes are under development and cannot be used without enabling the feature flag
  - featureFlagColumnstoreIndexes
  exclude_files:
  # The "exhaust" function does not use runCommand (required by the inject_security_token.js override).
  - jstests/core/**/exhaust.js
  # These following tests use benchRun which does not use runCommand (required by the inject_dollar_tenant.js override).
  - jstests/core/**/bench_test1.js
  - jstests/core/**/bench_test2.js
  - jstests/core/**/benchrun_cmd_param_error.js
  - jstests/core/**/benchrun_pipeline_updates.js
  # These tests run "applyOps" command which does not depend on $tenant to pass in tenant information.
  # The tenantId is provided in the oplog entries provided to the applyOps command.
  - jstests/core/**/apply_ops*.js
  - jstests/core/**/bypass_doc_validation.js
  - jstests/core/**/collation.js
  - jstests/core/**/collmod_convert_to_unique_apply_ops.js
  - jstests/core/**/collmod_without_uuid.js
  - jstests/core/**/list_collections1.js
  - jstests/core/**/list_collections_filter.js
  - jstests/core/**/list_collections_no_views.js
  - jstests/core/**/rename_collection_staytemp.js
  - jstests/core/txns/commands_banning_txnnumber_outside_transactions.js
  - jstests/core/txns/commands_not_allowed_in_txn.js
  - jstests/core/txns/prepare_transaction_fails_on_temp_collections.js
  - jstests/core/views/duplicate_ns.js
  - jstests/core/views/invalid_system_views.js
  - jstests/core/views/view_with_invalid_dbname.js
  - jstests/core/views/views_all_commands.js
  - jstests/core/views/views_creation.js
  # This test expects a specific error message, which does not match the error message generated in authentication mode.
  - jstests/core/**/commands_with_uuid.js
  # Sharding command "splictVector" is not tenant aware.
  - jstests/core/**/splitvector.js
  # Sharding command "_shardsvrCreateGlobalIndex" is not tenant aware.
  - jstests/core/txns/global_index.js
  # Operations on config.system.sessions are not tenant aware, so cannot be tested with the injected dollar tenant.
  - jstests/core/**/list_all_sessions.js
  - jstests/core/**/list_sessions.js
  - jstests/core/**/api_version_pipeline_stages.js
  # Operations on config.transactions are not tenant aware, so cannot be tested with the injected dollar tenant.
  - jstests/core/txns/no_writes_to_config_transactions_with_prepared_transaction.js
  - jstests/core/txns/commit_prepared_transaction.js
  - jstests/core/**/create_indexes.js
  # In a multitenancy environment the catalog will always return tenant-prefixed entries, so the
  # list_catalog test will be broken as it checks for non-tenant-prefixed entries.
  - jstests/core/**/list_catalog.js
  # TODO SERVER-72285: currentOp requests with dollar tenant cannot get operations being executed by the tenant.
  - jstests/core/**/crud_ops_do_not_throw_locktimeout.js
  - jstests/core/**/currentop.js
  - jstests/core/**/currentop_waiting_for_latch.js
  - jstests/core/**/failcommand_failpoint.js
  - jstests/core/**/fsync.js
  - jstests/core/**/killop_drop_collection.js
  - jstests/core/txns/kill_cursors_in_transaction.js
  - jstests/core/txns/kill_sessions_kills_transaction.js
  - jstests/core/txns/transactions_block_ddl.js
  - jstests/core/txns/currentop_blocked_operations.js
  - jstests/core/txns/new_transactions_on_session_with_prepared_txn_block_behind_prepare.js
  - jstests/core/txns/write_conflicts_with_non_txns.js
  # TODO SERVER-72291: rolesInfo commmand is failed when querying relative roles by the tenant.
  - jstests/core/**/roles_info.js
  # TODO SERVER-72083: tenant information of bulkWrite command cannot be parsed correctly.
  - jstests/core/**/bulk_write.js
  # TODO SERVER-72357: cannot get the expected error due to an authorization contract issue.
  - jstests/core/txns/multi_statement_transaction_command_args.js

executor:
  archive:
    tests: true
    hooks:
      - CheckReplDBHash
      - CheckReplOplogs
      - ValidateCollections
  config:
    shell_options:
      # In order to use $tenant, connect mongod with user "_system" which can be authenticated with ActionType::useTenant.
      <<: *authOptions
      eval: |
        jsTest.authenticate(db.getMongo());
        testingReplication = true;
        load('jstests/libs/override_methods/inject_dollar_tenant.js');
      global_vars:
        TestData: &TestData
          tenant: "636d957b2646ddfaf9b5e13f"
          auth: true
          authMechanism: SCRAM-SHA-256
          keyFile: *keyFile
          keyFileData: *keyFileData
          roleGraphInvalidationIsFatal: true
  hooks:
  # The CheckReplDBHash hook waits until all operations have replicated to and have been applied
  # on the secondaries, so we run the ValidateCollections hook after it to ensure we're
  # validating the entire contents of the collection.
  - class: CheckReplOplogs
    shell_options:
      global_vars:
        TestData: *TestData
        eval: jsTest.authenticate(db.getMongo())
      <<: *authOptions
  - class: CheckReplDBHash
    shell_options:
      global_vars:
        TestData: *TestData
        eval: jsTest.authenticate(db.getMongo())
      <<: *authOptions
  - class: ValidateCollections
    shell_options:
      global_vars:
        TestData: *TestData
        eval: jsTest.authenticate(db.getMongo())
      <<: *authOptions
  - class: CleanEveryN
    n: 20
  fixture:
    class: ReplicaSetFixture
    num_nodes: 3
    mongod_options:
      set_parameters:
        enableTestCommands: 1
        multitenancySupport: true
        featureFlagSecurityToken: true
        featureFlagRequireTenantID: true
        logComponentVerbosity:
          command: 2
      auth: ''
      keyFile: *keyFile
    auth_options: *authOptions
View Lorry Controller Status