blob: b8f9616c951d1fe0408f05e5df1084fe7a64d939 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
test_kind: js_test
selector:
roots:
- jstests/core/**/*.js
exclude_with_any_tags:
# All allowed commands are list in inject_security_token.js override. Any commands out of the list are disallowed.
- not_allowed_with_security_token
- command_not_supported_in_serverless
# Theses tests expect replication is not enabled.
- assumes_standalone_mongod
# capped collections are banned in Serverless.
- requires_capped
# startParallelShell creates a new connections with a different security token.
- uses_parallel_shell
# columnstore indexes are under development and cannot be used without enabling the feature flag
- featureFlagColumnstoreIndexes
- featureFlagSbeFull
# Server side javascript not allowed in Serverless.
- requires_scripting
exclude_files:
# server-side javascript is not supported in serverless mode.
- jstests/core/system_js_drop.js
- jstests/core/system_js_access.js
- jstests/core/where_system_js.js
# setLogLevel calls setParameter command which is not allowed with security token.
- jstests/core/list_all_local_sessions.js
- jstests/core/list_all_sessions.js
- jstests/core/txns/timestamped_reads_wait_for_prepare_oplog_visibility.js
# cursor.close() calls killCursors command which is not allowed with security token.
- jstests/core/list_collections1.js
- jstests/core/list_indexes.js
# collection.getPlanCache().* calls planCache* commands which are not allowed with security token.
- jstests/core/cached_plan_trial_does_not_discard_work.js
- jstests/core/collation_plan_cache.js
- jstests/core/explode_for_sort_plan_cache.js
- jstests/core/index_filter_commands.js
- jstests/core/index_filter_commands_invalidate_plan_cache_entries.js
- jstests/core/introspect_hidden_index_plan_cache_entries.js
- jstests/core/neq_null_correctly_cache.js
- jstests/core/operation_latency_histogram.js
- jstests/core/plan_cache_list_plans.js
- jstests/core/plan_cache_sbe.js
- jstests/core/plan_cache_shell_helpers.js
- jstests/core/plan_cache_stats_shard_and_host.js
- jstests/core/profile_query_hash.js
- jstests/core/sbe/from_plan_cache_flag.js
- jstests/core/sbe/plan_cache_sbe_with_or_queries.js
- jstests/core/sbe_plan_cache_autoparameterize_collscan.js
- jstests/core/timeseries/bucket_unpacking_with_sort_plan_cache.js
- jstests/core/wildcard_index_cached_plans.js
# FixtureHelpers.getPrimaries() calls connectionStatus command which is not allowed with security token.
- jstests/core/txns/transaction_too_large_for_cache.js
# defaultPrompt() calls buildInfo command which is not allowed with security token.
- jstests/core/txns/shell_prompt_in_transaction.js
# Cannot test the user is not allowed to create indexes in config.transactions as the
# inject_security_token.js runs command on tenant's config.transactions.
- jstests/core/create_indexes.js
# checkLog calls getLog command which is not allowed with security token.
- jstests/core/doc_validation_options.js
# exhaust does not use runCommand (required by the inject_security_token.js override).
- jstests/core/exhaust.js
# This test does not use same connection on same database (required by the inject_security_token.js override).
- jstests/core/txns/write_conflicts_with_non_txns.js
# In a multitenancy environment the catalog will always return tenant-prefixed entries, and the
# override we use in this suite checks for the absence of a prefix breaking the list_catalog tests.
- jstests/core/list_catalog.js
# TODO SERVER-71470: this test cannot work as aggregate with $lookup query on multiple collections drops off the tenant informaton.
- jstests/core/txns/aggregation_in_transaction.js
executor:
archive:
tests: true
hooks:
- CheckReplDBHash
- CheckReplOplogs
- ValidateCollections
config:
shell_options:
eval: |
testingReplication = true;
load('jstests/libs/override_methods/inject_security_token.js');
hooks:
# The CheckReplDBHash hook waits until all operations have replicated to and have been applied
# on the secondaries, so we run the ValidateCollections hook after it to ensure we're
# validating the entire contents of the collection.
- class: CheckReplOplogs
- class: CheckReplDBHash
- class: ValidateCollections
- class: CleanEveryN
n: 20
fixture:
class: ReplicaSetFixture
num_nodes: 3
mongod_options:
set_parameters:
enableTestCommands: 1
multitenancySupport: true
featureFlagSecurityToken: true
# TODO SERVER-70740: remove featureFlagRequireTenantID from the parameters and have the
# inject_security_token override to be able to test both tenant-prefixed request and non-tenant-prefixed request.
# Currently, we only test non-tenant-prefixed request and enable the featureFlagRequireTenantID
# to have mongod return non-tenant-prefixed response too.
featureFlagRequireTenantID: true
logComponentVerbosity:
command: 2
|