description: "redacted-commands"
schemaVersion: "1.13"
runOnRequirements:
- minServerVersion: "5.0"
auth: false
createEntities:
- client:
id: &client client
useMultipleMongoses: false
observeLogMessages:
command: debug
- client:
id: &failPointClient failPointClient
useMultipleMongoses: false
- database:
id: &database database
client: *client
databaseName: &databaseName logging-redaction-tests
tests:
- description: "authenticate command and resulting server-generated error are redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: authenticate
command:
authenticate: 1
mechanism: "MONGODB-X509"
user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
db: "$external"
# An authentication error is expected, but we want to check that the
# CommandStartedEvent is redacted
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: authenticate
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: authenticate
failure: { $$exists: true }
- description: "network error in response to authenticate is not redacted"
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["authenticate"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: authenticate
command:
authenticate: 1
mechanism: "MONGODB-X509"
user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: authenticate
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: authenticate
failure: { $$exists: true }
- description: "saslStart command and resulting server-generated error are redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: saslStart
command:
saslStart: 1
payload: "definitely-invalid-payload"
db: "admin"
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: saslStart
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: saslStart
failure: { $$exists: true }
- description: "network error in response to saslStart is not redacted"
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["saslStart"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: saslStart
command:
saslStart: 1
payload: ZmFrZXNhc2xwYXlsb2Fk
mechanism: MONGODB-X509
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: saslStart
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: saslStart
failure: { $$exists: true }
- description: "saslContinue command and resulting server-generated error are redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: saslContinue
command:
saslContinue: 1
conversationId: 0
payload: "definitely-invalid-payload"
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: saslContinue
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: saslContinue
failure: { $$exists: true }
- description: "network error in response to saslContinue is not redacted"
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["saslContinue"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: saslContinue
command:
saslContinue: 1
conversationId: 0
payload: ZmFrZXNhc2xwYXlsb2Fk
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: saslContinue
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: saslContinue
failure: { $$exists: true }
- description: "getnonce command and server reply are redacted"
runOnRequirements:
- maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
operations:
- name: runCommand
object: *database
arguments:
commandName: getnonce
command:
getnonce: 1
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: getnonce
command:
$$matchAsDocument: {}
- level: debug
component: command
data:
message: "Command succeeded"
commandName: getnonce
reply:
$$matchAsDocument: {}
- description: "network error in response to getnonce is not redacted"
runOnRequirements:
- maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["getnonce"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: getnonce
command:
getnonce: 1
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: getnonce
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: getnonce
failure: { $$exists: true }
- description: "createUser command and resulting server-generated error are redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: createUser
command:
createUser: "private"
# Passing an object is prohibited and we want to trigger a command
# failure
pwd: {}
roles: []
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: createUser
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: createUser
failure: { $$exists: true }
- description: "network error in response to createUser is not redacted"
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["createUser"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: createUser
command:
createUser: "private"
pwd: "pwd"
roles: []
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: createUser
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: createUser
failure: { $$exists: true }
- description: "updateUser command and resulting server-generated error are redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: updateUser
command:
updateUser: "private"
pwd: {}
roles: []
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: updateUser
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: updateUser
failure: { $$exists: true }
- description: "network error in response to updateUser is not redacted"
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["updateUser"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: updateUser
command:
updateUser: "private"
pwd: "pwd"
roles: []
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: updateUser
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: updateUser
failure: { $$exists: true }
- description: "copydbgetnonce command and resulting server-generated error are redacted"
runOnRequirements:
- maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276
operations:
- name: runCommand
object: *database
arguments:
commandName: copydbgetnonce
command:
copydbgetnonce: "private"
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: copydbgetnonce
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: copydbgetnonce
failure: { $$exists: true }
- description: "network error in response to copydbgetnonce is not redacted"
runOnRequirements:
- maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["copydbgetnonce"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: copydbgetnonce
command:
copydbgetnonce: "private"
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: copydbgetnonce
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: copydbgetnonce
failure: { $$exists: true }
- description: "copydbsaslstart command and resulting server-generated error are redacted"
runOnRequirements:
- maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211
operations:
- name: runCommand
object: *database
arguments:
commandName: copydbsaslstart
command:
copydbsaslstart: "private"
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: copydbsaslstart
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: copydbsaslstart
failure: { $$exists: true }
- description: "network error in response to copydbsaslstart is not redacted"
runOnRequirements:
- maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["copydbsaslstart"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: copydbsaslstart
command:
copydbsaslstart: "private"
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: copydbgetnonce
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: copydbgetnonce
failure: { $$exists: true }
- description: "copydb command and resulting server-generated error are redacted"
runOnRequirements:
- maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257
operations:
- name: runCommand
object: *database
arguments:
commandName: copydb
command:
copydb: "private"
expectError:
isClientError: false
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: copydb
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: true
data:
message: "Command failed"
commandName: copydb
failure: { $$exists: true }
- description: "network error in response to copydb is not redacted"
runOnRequirements:
- maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257
operations:
- name: failPoint
object: testRunner
arguments:
client: *failPointClient
failPoint:
configureFailPoint: failCommand
mode: { times: 1 }
data:
failCommands: ["copydb"]
closeConnection: true
- name: runCommand
object: *database
arguments:
commandName: copydb
command:
copydb: "private"
expectError:
isClientError: true
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: copydb
command:
$$matchAsDocument: {}
- level: debug
component: command
failureIsRedacted: false
data:
message: "Command failed"
commandName: copydb
failure: { $$exists: true }
- description: "hello with speculative authenticate command and server reply are redacted"
runOnRequirements:
- minServerVersion: "4.9"
operations:
- name: runCommand
object: *database
arguments:
commandName: hello
command:
hello: 1
speculativeAuthenticate:
saslStart: 1
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: hello
command:
$$matchAsDocument: {}
- level: debug
component: command
data:
message: "Command succeeded"
commandName: hello
reply:
$$matchAsDocument: {}
- description: "legacy hello with speculative authenticate command and server reply are redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: ismaster
command:
ismaster: 1
speculativeAuthenticate:
saslStart: 1
- name: runCommand
object: *database
arguments:
commandName: isMaster
command:
isMaster: 1
speculativeAuthenticate:
saslStart: 1
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: ismaster
command:
$$matchAsDocument: {}
- level: debug
component: command
data:
message: "Command succeeded"
commandName: ismaster
reply:
$$matchAsDocument: {}
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: isMaster
command:
$$matchAsDocument: {}
- level: debug
component: command
data:
message: "Command succeeded"
commandName: isMaster
reply:
$$matchAsDocument: {}
- description: "hello without speculative authenticate command and server reply are not redacted"
runOnRequirements:
- minServerVersion: "4.9"
operations:
- name: runCommand
object: *database
arguments:
commandName: hello
command:
hello: 1
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: hello
command:
$$matchAsDocument:
$$matchAsRoot:
hello: 1
- level: debug
component: command
data:
message: "Command succeeded"
commandName: hello
reply:
$$matchAsDocument:
$$matchAsRoot:
ok: 1
isWritablePrimary: true
- description: "legacy hello without speculative authenticate command and server reply are not redacted"
operations:
- name: runCommand
object: *database
arguments:
commandName: ismaster
command:
ismaster: 1
- name: runCommand
object: *database
arguments:
commandName: isMaster
command:
isMaster: 1
expectLogMessages:
- client: *client
messages:
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: ismaster
command:
$$matchAsDocument:
$$matchAsRoot:
ismaster: 1
- level: debug
component: command
data:
message: "Command succeeded"
commandName: ismaster
reply:
$$matchAsDocument:
$$matchAsRoot:
ok: 1
ismaster: true
- level: debug
component: command
data:
message: "Command started"
databaseName: *databaseName
commandName: isMaster
command:
$$matchAsDocument:
$$matchAsRoot:
isMaster: 1
- level: debug
component: command
data:
message: "Command succeeded"
commandName: isMaster
reply:
$$matchAsDocument:
$$matchAsRoot:
ok: 1
ismaster: true