851 lines
25 KiB
YAML
851 lines
25 KiB
YAML
description: "redacted-commands"
|
|
|
|
schemaVersion: "1.13"
|
|
|
|
runOnRequirements:
|
|
- minServerVersion: "5.0"
|
|
auth: false
|
|
|
|
createEntities:
|
|
- client:
|
|
id: &client client
|
|
useMultipleMongoses: false
|
|
observeLogMessages:
|
|
command: debug
|
|
- client:
|
|
id: &failPointClient failPointClient
|
|
useMultipleMongoses: false
|
|
- database:
|
|
id: &database database
|
|
client: *client
|
|
databaseName: &databaseName logging-redaction-tests
|
|
|
|
tests:
|
|
- description: "authenticate command and resulting server-generated error are redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: authenticate
|
|
command:
|
|
authenticate: 1
|
|
mechanism: "MONGODB-X509"
|
|
user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
|
|
db: "$external"
|
|
# An authentication error is expected, but we want to check that the
|
|
# CommandStartedEvent is redacted
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: authenticate
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: authenticate
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to authenticate is not redacted"
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["authenticate"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: authenticate
|
|
command:
|
|
authenticate: 1
|
|
mechanism: "MONGODB-X509"
|
|
user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: authenticate
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: authenticate
|
|
failure: { $$exists: true }
|
|
|
|
- description: "saslStart command and resulting server-generated error are redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: saslStart
|
|
command:
|
|
saslStart: 1
|
|
payload: "definitely-invalid-payload"
|
|
db: "admin"
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: saslStart
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: saslStart
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to saslStart is not redacted"
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["saslStart"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: saslStart
|
|
command:
|
|
saslStart: 1
|
|
payload: ZmFrZXNhc2xwYXlsb2Fk
|
|
mechanism: MONGODB-X509
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: saslStart
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: saslStart
|
|
failure: { $$exists: true }
|
|
|
|
- description: "saslContinue command and resulting server-generated error are redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: saslContinue
|
|
command:
|
|
saslContinue: 1
|
|
conversationId: 0
|
|
payload: "definitely-invalid-payload"
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: saslContinue
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: saslContinue
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to saslContinue is not redacted"
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["saslContinue"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: saslContinue
|
|
command:
|
|
saslContinue: 1
|
|
conversationId: 0
|
|
payload: ZmFrZXNhc2xwYXlsb2Fk
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: saslContinue
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: saslContinue
|
|
failure: { $$exists: true }
|
|
|
|
- description: "getnonce command and server reply are redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: getnonce
|
|
command:
|
|
getnonce: 1
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: getnonce
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: getnonce
|
|
reply:
|
|
$$matchAsDocument: {}
|
|
|
|
- description: "network error in response to getnonce is not redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["getnonce"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: getnonce
|
|
command:
|
|
getnonce: 1
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: getnonce
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: getnonce
|
|
failure: { $$exists: true }
|
|
|
|
- description: "createUser command and resulting server-generated error are redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: createUser
|
|
command:
|
|
createUser: "private"
|
|
# Passing an object is prohibited and we want to trigger a command
|
|
# failure
|
|
pwd: {}
|
|
roles: []
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: createUser
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: createUser
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to createUser is not redacted"
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["createUser"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: createUser
|
|
command:
|
|
createUser: "private"
|
|
pwd: "pwd"
|
|
roles: []
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: createUser
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: createUser
|
|
failure: { $$exists: true }
|
|
|
|
- description: "updateUser command and resulting server-generated error are redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: updateUser
|
|
command:
|
|
updateUser: "private"
|
|
pwd: {}
|
|
roles: []
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: updateUser
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: updateUser
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to updateUser is not redacted"
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["updateUser"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: updateUser
|
|
command:
|
|
updateUser: "private"
|
|
pwd: "pwd"
|
|
roles: []
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: updateUser
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: updateUser
|
|
failure: { $$exists: true }
|
|
|
|
- description: "copydbgetnonce command and resulting server-generated error are redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: copydbgetnonce
|
|
command:
|
|
copydbgetnonce: "private"
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: copydbgetnonce
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: copydbgetnonce
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to copydbgetnonce is not redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["copydbgetnonce"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: copydbgetnonce
|
|
command:
|
|
copydbgetnonce: "private"
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: copydbgetnonce
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: copydbgetnonce
|
|
failure: { $$exists: true }
|
|
|
|
- description: "copydbsaslstart command and resulting server-generated error are redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: copydbsaslstart
|
|
command:
|
|
copydbsaslstart: "private"
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: copydbsaslstart
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: copydbsaslstart
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to copydbsaslstart is not redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["copydbsaslstart"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: copydbsaslstart
|
|
command:
|
|
copydbsaslstart: "private"
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: copydbgetnonce
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: copydbgetnonce
|
|
failure: { $$exists: true }
|
|
|
|
- description: "copydb command and resulting server-generated error are redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: copydb
|
|
command:
|
|
copydb: "private"
|
|
expectError:
|
|
isClientError: false
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: copydb
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: true
|
|
data:
|
|
message: "Command failed"
|
|
commandName: copydb
|
|
failure: { $$exists: true }
|
|
|
|
- description: "network error in response to copydb is not redacted"
|
|
runOnRequirements:
|
|
- maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257
|
|
operations:
|
|
- name: failPoint
|
|
object: testRunner
|
|
arguments:
|
|
client: *failPointClient
|
|
failPoint:
|
|
configureFailPoint: failCommand
|
|
mode: { times: 1 }
|
|
data:
|
|
failCommands: ["copydb"]
|
|
closeConnection: true
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: copydb
|
|
command:
|
|
copydb: "private"
|
|
expectError:
|
|
isClientError: true
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: copydb
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
failureIsRedacted: false
|
|
data:
|
|
message: "Command failed"
|
|
commandName: copydb
|
|
failure: { $$exists: true }
|
|
|
|
- description: "hello with speculative authenticate command and server reply are redacted"
|
|
runOnRequirements:
|
|
- minServerVersion: "4.9"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: hello
|
|
command:
|
|
hello: 1
|
|
speculativeAuthenticate:
|
|
saslStart: 1
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: hello
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: hello
|
|
reply:
|
|
$$matchAsDocument: {}
|
|
|
|
|
|
- description: "legacy hello with speculative authenticate command and server reply are redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: ismaster
|
|
command:
|
|
ismaster: 1
|
|
speculativeAuthenticate:
|
|
saslStart: 1
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: isMaster
|
|
command:
|
|
isMaster: 1
|
|
speculativeAuthenticate:
|
|
saslStart: 1
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: ismaster
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: ismaster
|
|
reply:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: isMaster
|
|
command:
|
|
$$matchAsDocument: {}
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: isMaster
|
|
reply:
|
|
$$matchAsDocument: {}
|
|
|
|
- description: "hello without speculative authenticate command and server reply are not redacted"
|
|
runOnRequirements:
|
|
- minServerVersion: "4.9"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: hello
|
|
command:
|
|
hello: 1
|
|
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: hello
|
|
command:
|
|
$$matchAsDocument:
|
|
$$matchAsRoot:
|
|
hello: 1
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: hello
|
|
reply:
|
|
$$matchAsDocument:
|
|
$$matchAsRoot:
|
|
ok: 1
|
|
isWritablePrimary: true
|
|
|
|
- description: "legacy hello without speculative authenticate command and server reply are not redacted"
|
|
operations:
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: ismaster
|
|
command:
|
|
ismaster: 1
|
|
- name: runCommand
|
|
object: *database
|
|
arguments:
|
|
commandName: isMaster
|
|
command:
|
|
isMaster: 1
|
|
expectLogMessages:
|
|
- client: *client
|
|
messages:
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: ismaster
|
|
command:
|
|
$$matchAsDocument:
|
|
$$matchAsRoot:
|
|
ismaster: 1
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: ismaster
|
|
reply:
|
|
$$matchAsDocument:
|
|
$$matchAsRoot:
|
|
ok: 1
|
|
ismaster: true
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command started"
|
|
databaseName: *databaseName
|
|
commandName: isMaster
|
|
command:
|
|
$$matchAsDocument:
|
|
$$matchAsRoot:
|
|
isMaster: 1
|
|
- level: debug
|
|
component: command
|
|
data:
|
|
message: "Command succeeded"
|
|
commandName: isMaster
|
|
reply:
|
|
$$matchAsDocument:
|
|
$$matchAsRoot:
|
|
ok: 1
|
|
ismaster: true
|