blob: 5622a03c9519da310e4379284a9ab216d125ebb8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
config_variables:
- &keyFile jstests/libs/authTestsKey
- &keyFileData Thiskeyisonlyforrunningthesuitewithauthenticationdontuseitinanytestsdirectly
- &authOptions
authenticationDatabase: local
authenticationMechanism: SCRAM-SHA-256
password: *keyFileData
username: __system
test_kind: js_test
selector:
roots:
- jstests/core/**/*.js
exclude_with_any_tags:
- command_not_supported_in_serverless
# Theses tests expect replication is not enabled.
- assumes_standalone_mongod
# Capped collections are banned in Serverless.
- requires_capped
# Server side javascript (such as $where, $function, $accumulator and map-reduce) is not allowed in Serverless.
- requires_scripting
- uses_map_reduce_with_temp_collections
# This test suite creates connection with user "__system", so cannot be authenticated again with different user.
- requires_auth
# Sharding commands are not tenant aware.
- requires_sharding
# TODO SERVER-72173: tenant information is dropped off when trying to profile operation.
- requires_profiling
# Columnstore indexes are under development and cannot be used without enabling the feature flag
- featureFlagColumnstoreIndexes
exclude_files:
# The "exhaust" function does not use runCommand (required by the inject_security_token.js override).
- jstests/core/**/exhaust.js
# These following tests use benchRun which does not use runCommand (required by the inject_dollar_tenant.js override).
- jstests/core/**/bench_test1.js
- jstests/core/**/bench_test2.js
- jstests/core/**/benchrun_cmd_param_error.js
- jstests/core/**/benchrun_pipeline_updates.js
# These tests run "applyOps" command which does not depend on $tenant to pass in tenant information.
# The tenantId is provided in the oplog entries provided to the applyOps command.
- jstests/core/**/apply_ops*.js
- jstests/core/**/bypass_doc_validation.js
- jstests/core/**/collation.js
- jstests/core/**/collmod_convert_to_unique_apply_ops.js
- jstests/core/**/collmod_without_uuid.js
- jstests/core/**/list_collections1.js
- jstests/core/**/list_collections_filter.js
- jstests/core/**/list_collections_no_views.js
- jstests/core/**/rename_collection_staytemp.js
- jstests/core/txns/commands_banning_txnnumber_outside_transactions.js
- jstests/core/txns/commands_not_allowed_in_txn.js
- jstests/core/txns/prepare_transaction_fails_on_temp_collections.js
- jstests/core/views/duplicate_ns.js
- jstests/core/views/invalid_system_views.js
- jstests/core/views/view_with_invalid_dbname.js
- jstests/core/views/views_all_commands.js
- jstests/core/views/views_creation.js
# This test expects a specific error message, which does not match the error message generated in authentication mode.
- jstests/core/**/commands_with_uuid.js
# Sharding command "splictVector" is not tenant aware.
- jstests/core/**/splitvector.js
# Sharding command "_shardsvrCreateGlobalIndex" is not tenant aware.
- jstests/core/txns/global_index.js
# Operations on config.system.sessions are not tenant aware, so cannot be tested with the injected dollar tenant.
- jstests/core/**/list_all_sessions.js
- jstests/core/**/list_sessions.js
- jstests/core/**/api_version_pipeline_stages.js
# Operations on config.transactions are not tenant aware, so cannot be tested with the injected dollar tenant.
- jstests/core/txns/no_writes_to_config_transactions_with_prepared_transaction.js
- jstests/core/txns/commit_prepared_transaction.js
- jstests/core/**/create_indexes.js
# In a multitenancy environment the catalog will always return tenant-prefixed entries, so the
# list_catalog test will be broken as it checks for non-tenant-prefixed entries.
- jstests/core/**/list_catalog.js
# TODO SERVER-72285: currentOp requests with dollar tenant cannot get operations being executed by the tenant.
- jstests/core/**/crud_ops_do_not_throw_locktimeout.js
- jstests/core/**/currentop.js
- jstests/core/**/currentop_waiting_for_latch.js
- jstests/core/**/failcommand_failpoint.js
- jstests/core/**/fsync.js
- jstests/core/**/killop_drop_collection.js
- jstests/core/txns/kill_cursors_in_transaction.js
- jstests/core/txns/kill_sessions_kills_transaction.js
- jstests/core/txns/transactions_block_ddl.js
- jstests/core/txns/currentop_blocked_operations.js
- jstests/core/txns/new_transactions_on_session_with_prepared_txn_block_behind_prepare.js
- jstests/core/txns/write_conflicts_with_non_txns.js
# TODO SERVER-72291: rolesInfo commmand is failed when querying relative roles by the tenant.
- jstests/core/**/roles_info.js
# TODO SERVER-72083: tenant information of bulkWrite command cannot be parsed correctly.
- jstests/core/**/bulk_write.js
# TODO SERVER-72357: cannot get the expected error due to an authorization contract issue.
- jstests/core/txns/multi_statement_transaction_command_args.js
executor:
archive:
tests: true
hooks:
- CheckReplDBHash
- CheckReplOplogs
- ValidateCollections
config:
shell_options:
# In order to use $tenant, connect mongod with user "_system" which can be authenticated with ActionType::useTenant.
<<: *authOptions
eval: |
jsTest.authenticate(db.getMongo());
testingReplication = true;
load('jstests/libs/override_methods/inject_dollar_tenant.js');
global_vars:
TestData: &TestData
tenant: "636d957b2646ddfaf9b5e13f"
auth: true
authMechanism: SCRAM-SHA-256
keyFile: *keyFile
keyFileData: *keyFileData
roleGraphInvalidationIsFatal: true
hooks:
# The CheckReplDBHash hook waits until all operations have replicated to and have been applied
# on the secondaries, so we run the ValidateCollections hook after it to ensure we're
# validating the entire contents of the collection.
- class: CheckReplOplogs
shell_options:
global_vars:
TestData: *TestData
eval: jsTest.authenticate(db.getMongo())
<<: *authOptions
- class: CheckReplDBHash
shell_options:
global_vars:
TestData: *TestData
eval: jsTest.authenticate(db.getMongo())
<<: *authOptions
- class: ValidateCollections
shell_options:
global_vars:
TestData: *TestData
eval: jsTest.authenticate(db.getMongo())
<<: *authOptions
- class: CleanEveryN
n: 20
fixture:
class: ReplicaSetFixture
num_nodes: 3
mongod_options:
set_parameters:
enableTestCommands: 1
multitenancySupport: true
featureFlagSecurityToken: true
featureFlagRequireTenantID: true
logComponentVerbosity:
command: 2
auth: ''
keyFile: *keyFile
auth_options: *authOptions
|