1description: "redacted-commands"
2
3schemaVersion: "1.13"
4
5runOnRequirements:
6 - minServerVersion: "5.0"
7 auth: false
8
9createEntities:
10 - client:
11 id: &client client
12 useMultipleMongoses: false
13 observeLogMessages:
14 command: debug
15 - client:
16 id: &failPointClient failPointClient
17 useMultipleMongoses: false
18 - database:
19 id: &database database
20 client: *client
21 databaseName: &databaseName logging-redaction-tests
22
23tests:
24 - description: "authenticate command and resulting server-generated error are redacted"
25 operations:
26 - name: runCommand
27 object: *database
28 arguments:
29 commandName: authenticate
30 command:
31 authenticate: 1
32 mechanism: "MONGODB-X509"
33 user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
34 db: "$external"
35 # An authentication error is expected, but we want to check that the
36 # CommandStartedEvent is redacted
37 expectError:
38 isClientError: false
39 expectLogMessages:
40 - client: *client
41 messages:
42 - level: debug
43 component: command
44 data:
45 message: "Command started"
46 databaseName: *databaseName
47 commandName: authenticate
48 command:
49 $$matchAsDocument: {}
50 - level: debug
51 component: command
52 failureIsRedacted: true
53 data:
54 message: "Command failed"
55 commandName: authenticate
56 failure: { $$exists: true }
57
58 - description: "network error in response to authenticate is not redacted"
59 operations:
60 - name: failPoint
61 object: testRunner
62 arguments:
63 client: *failPointClient
64 failPoint:
65 configureFailPoint: failCommand
66 mode: { times: 1 }
67 data:
68 failCommands: ["authenticate"]
69 closeConnection: true
70 - name: runCommand
71 object: *database
72 arguments:
73 commandName: authenticate
74 command:
75 authenticate: 1
76 mechanism: "MONGODB-X509"
77 user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
78 expectError:
79 isClientError: true
80 expectLogMessages:
81 - client: *client
82 messages:
83 - level: debug
84 component: command
85 data:
86 message: "Command started"
87 databaseName: *databaseName
88 commandName: authenticate
89 command:
90 $$matchAsDocument: {}
91 - level: debug
92 component: command
93 failureIsRedacted: false
94 data:
95 message: "Command failed"
96 commandName: authenticate
97 failure: { $$exists: true }
98
99 - description: "saslStart command and resulting server-generated error are redacted"
100 operations:
101 - name: runCommand
102 object: *database
103 arguments:
104 commandName: saslStart
105 command:
106 saslStart: 1
107 payload: "definitely-invalid-payload"
108 db: "admin"
109 expectError:
110 isClientError: false
111 expectLogMessages:
112 - client: *client
113 messages:
114 - level: debug
115 component: command
116 data:
117 message: "Command started"
118 databaseName: *databaseName
119 commandName: saslStart
120 command:
121 $$matchAsDocument: {}
122 - level: debug
123 component: command
124 failureIsRedacted: true
125 data:
126 message: "Command failed"
127 commandName: saslStart
128 failure: { $$exists: true }
129
130 - description: "network error in response to saslStart is not redacted"
131 operations:
132 - name: failPoint
133 object: testRunner
134 arguments:
135 client: *failPointClient
136 failPoint:
137 configureFailPoint: failCommand
138 mode: { times: 1 }
139 data:
140 failCommands: ["saslStart"]
141 closeConnection: true
142 - name: runCommand
143 object: *database
144 arguments:
145 commandName: saslStart
146 command:
147 saslStart: 1
148 payload: ZmFrZXNhc2xwYXlsb2Fk
149 mechanism: MONGODB-X509
150 expectError:
151 isClientError: true
152 expectLogMessages:
153 - client: *client
154 messages:
155 - level: debug
156 component: command
157 data:
158 message: "Command started"
159 databaseName: *databaseName
160 commandName: saslStart
161 command:
162 $$matchAsDocument: {}
163 - level: debug
164 component: command
165 failureIsRedacted: false
166 data:
167 message: "Command failed"
168 commandName: saslStart
169 failure: { $$exists: true }
170
171 - description: "saslContinue command and resulting server-generated error are redacted"
172 operations:
173 - name: runCommand
174 object: *database
175 arguments:
176 commandName: saslContinue
177 command:
178 saslContinue: 1
179 conversationId: 0
180 payload: "definitely-invalid-payload"
181 expectError:
182 isClientError: false
183 expectLogMessages:
184 - client: *client
185 messages:
186 - level: debug
187 component: command
188 data:
189 message: "Command started"
190 databaseName: *databaseName
191 commandName: saslContinue
192 command:
193 $$matchAsDocument: {}
194 - level: debug
195 component: command
196 failureIsRedacted: true
197 data:
198 message: "Command failed"
199 commandName: saslContinue
200 failure: { $$exists: true }
201
202 - description: "network error in response to saslContinue is not redacted"
203 operations:
204 - name: failPoint
205 object: testRunner
206 arguments:
207 client: *failPointClient
208 failPoint:
209 configureFailPoint: failCommand
210 mode: { times: 1 }
211 data:
212 failCommands: ["saslContinue"]
213 closeConnection: true
214 - name: runCommand
215 object: *database
216 arguments:
217 commandName: saslContinue
218 command:
219 saslContinue: 1
220 conversationId: 0
221 payload: ZmFrZXNhc2xwYXlsb2Fk
222 expectError:
223 isClientError: true
224 expectLogMessages:
225 - client: *client
226 messages:
227 - level: debug
228 component: command
229 data:
230 message: "Command started"
231 databaseName: *databaseName
232 commandName: saslContinue
233 command:
234 $$matchAsDocument: {}
235 - level: debug
236 component: command
237 failureIsRedacted: false
238 data:
239 message: "Command failed"
240 commandName: saslContinue
241 failure: { $$exists: true }
242
243 - description: "getnonce command and server reply are redacted"
244 runOnRequirements:
245 - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
246 operations:
247 - name: runCommand
248 object: *database
249 arguments:
250 commandName: getnonce
251 command:
252 getnonce: 1
253 expectLogMessages:
254 - client: *client
255 messages:
256 - level: debug
257 component: command
258 data:
259 message: "Command started"
260 databaseName: *databaseName
261 commandName: getnonce
262 command:
263 $$matchAsDocument: {}
264 - level: debug
265 component: command
266 data:
267 message: "Command succeeded"
268 commandName: getnonce
269 reply:
270 $$matchAsDocument: {}
271
272 - description: "network error in response to getnonce is not redacted"
273 runOnRequirements:
274 - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
275 operations:
276 - name: failPoint
277 object: testRunner
278 arguments:
279 client: *failPointClient
280 failPoint:
281 configureFailPoint: failCommand
282 mode: { times: 1 }
283 data:
284 failCommands: ["getnonce"]
285 closeConnection: true
286 - name: runCommand
287 object: *database
288 arguments:
289 commandName: getnonce
290 command:
291 getnonce: 1
292 expectError:
293 isClientError: true
294 expectLogMessages:
295 - client: *client
296 messages:
297 - level: debug
298 component: command
299 data:
300 message: "Command started"
301 databaseName: *databaseName
302 commandName: getnonce
303 command:
304 $$matchAsDocument: {}
305 - level: debug
306 component: command
307 failureIsRedacted: false
308 data:
309 message: "Command failed"
310 commandName: getnonce
311 failure: { $$exists: true }
312
313 - description: "createUser command and resulting server-generated error are redacted"
314 operations:
315 - name: runCommand
316 object: *database
317 arguments:
318 commandName: createUser
319 command:
320 createUser: "private"
321 # Passing an object is prohibited and we want to trigger a command
322 # failure
323 pwd: {}
324 roles: []
325 expectError:
326 isClientError: false
327 expectLogMessages:
328 - client: *client
329 messages:
330 - level: debug
331 component: command
332 data:
333 message: "Command started"
334 databaseName: *databaseName
335 commandName: createUser
336 command:
337 $$matchAsDocument: {}
338 - level: debug
339 component: command
340 failureIsRedacted: true
341 data:
342 message: "Command failed"
343 commandName: createUser
344 failure: { $$exists: true }
345
346 - description: "network error in response to createUser is not redacted"
347 operations:
348 - name: failPoint
349 object: testRunner
350 arguments:
351 client: *failPointClient
352 failPoint:
353 configureFailPoint: failCommand
354 mode: { times: 1 }
355 data:
356 failCommands: ["createUser"]
357 closeConnection: true
358 - name: runCommand
359 object: *database
360 arguments:
361 commandName: createUser
362 command:
363 createUser: "private"
364 pwd: "pwd"
365 roles: []
366 expectError:
367 isClientError: true
368 expectLogMessages:
369 - client: *client
370 messages:
371 - level: debug
372 component: command
373 data:
374 message: "Command started"
375 databaseName: *databaseName
376 commandName: createUser
377 command:
378 $$matchAsDocument: {}
379 - level: debug
380 component: command
381 failureIsRedacted: false
382 data:
383 message: "Command failed"
384 commandName: createUser
385 failure: { $$exists: true }
386
387 - description: "updateUser command and resulting server-generated error are redacted"
388 operations:
389 - name: runCommand
390 object: *database
391 arguments:
392 commandName: updateUser
393 command:
394 updateUser: "private"
395 pwd: {}
396 roles: []
397 expectError:
398 isClientError: false
399 expectLogMessages:
400 - client: *client
401 messages:
402 - level: debug
403 component: command
404 data:
405 message: "Command started"
406 databaseName: *databaseName
407 commandName: updateUser
408 command:
409 $$matchAsDocument: {}
410 - level: debug
411 component: command
412 failureIsRedacted: true
413 data:
414 message: "Command failed"
415 commandName: updateUser
416 failure: { $$exists: true }
417
418 - description: "network error in response to updateUser is not redacted"
419 operations:
420 - name: failPoint
421 object: testRunner
422 arguments:
423 client: *failPointClient
424 failPoint:
425 configureFailPoint: failCommand
426 mode: { times: 1 }
427 data:
428 failCommands: ["updateUser"]
429 closeConnection: true
430 - name: runCommand
431 object: *database
432 arguments:
433 commandName: updateUser
434 command:
435 updateUser: "private"
436 pwd: "pwd"
437 roles: []
438 expectError:
439 isClientError: true
440 expectLogMessages:
441 - client: *client
442 messages:
443 - level: debug
444 component: command
445 data:
446 message: "Command started"
447 databaseName: *databaseName
448 commandName: updateUser
449 command:
450 $$matchAsDocument: {}
451 - level: debug
452 component: command
453 failureIsRedacted: false
454 data:
455 message: "Command failed"
456 commandName: updateUser
457 failure: { $$exists: true }
458
459 - description: "copydbgetnonce command and resulting server-generated error are redacted"
460 runOnRequirements:
461 - maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276
462 operations:
463 - name: runCommand
464 object: *database
465 arguments:
466 commandName: copydbgetnonce
467 command:
468 copydbgetnonce: "private"
469 expectError:
470 isClientError: false
471 expectLogMessages:
472 - client: *client
473 messages:
474 - level: debug
475 component: command
476 data:
477 message: "Command started"
478 databaseName: *databaseName
479 commandName: copydbgetnonce
480 command:
481 $$matchAsDocument: {}
482 - level: debug
483 component: command
484 failureIsRedacted: true
485 data:
486 message: "Command failed"
487 commandName: copydbgetnonce
488 failure: { $$exists: true }
489
490 - description: "network error in response to copydbgetnonce is not redacted"
491 runOnRequirements:
492 - maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276
493 operations:
494 - name: failPoint
495 object: testRunner
496 arguments:
497 client: *failPointClient
498 failPoint:
499 configureFailPoint: failCommand
500 mode: { times: 1 }
501 data:
502 failCommands: ["copydbgetnonce"]
503 closeConnection: true
504 - name: runCommand
505 object: *database
506 arguments:
507 commandName: copydbgetnonce
508 command:
509 copydbgetnonce: "private"
510 expectError:
511 isClientError: true
512 expectLogMessages:
513 - client: *client
514 messages:
515 - level: debug
516 component: command
517 data:
518 message: "Command started"
519 databaseName: *databaseName
520 commandName: copydbgetnonce
521 command:
522 $$matchAsDocument: {}
523 - level: debug
524 component: command
525 failureIsRedacted: false
526 data:
527 message: "Command failed"
528 commandName: copydbgetnonce
529 failure: { $$exists: true }
530
531 - description: "copydbsaslstart command and resulting server-generated error are redacted"
532 runOnRequirements:
533 - maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211
534 operations:
535 - name: runCommand
536 object: *database
537 arguments:
538 commandName: copydbsaslstart
539 command:
540 copydbsaslstart: "private"
541 expectError:
542 isClientError: false
543 expectLogMessages:
544 - client: *client
545 messages:
546 - level: debug
547 component: command
548 data:
549 message: "Command started"
550 databaseName: *databaseName
551 commandName: copydbsaslstart
552 command:
553 $$matchAsDocument: {}
554 - level: debug
555 component: command
556 failureIsRedacted: true
557 data:
558 message: "Command failed"
559 commandName: copydbsaslstart
560 failure: { $$exists: true }
561
562 - description: "network error in response to copydbsaslstart is not redacted"
563 runOnRequirements:
564 - maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211
565 operations:
566 - name: failPoint
567 object: testRunner
568 arguments:
569 client: *failPointClient
570 failPoint:
571 configureFailPoint: failCommand
572 mode: { times: 1 }
573 data:
574 failCommands: ["copydbsaslstart"]
575 closeConnection: true
576 - name: runCommand
577 object: *database
578 arguments:
579 commandName: copydbsaslstart
580 command:
581 copydbsaslstart: "private"
582 expectError:
583 isClientError: true
584 expectLogMessages:
585 - client: *client
586 messages:
587 - level: debug
588 component: command
589 data:
590 message: "Command started"
591 databaseName: *databaseName
592 commandName: copydbgetnonce
593 command:
594 $$matchAsDocument: {}
595 - level: debug
596 component: command
597 failureIsRedacted: false
598 data:
599 message: "Command failed"
600 commandName: copydbgetnonce
601 failure: { $$exists: true }
602
603 - description: "copydb command and resulting server-generated error are redacted"
604 runOnRequirements:
605 - maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257
606 operations:
607 - name: runCommand
608 object: *database
609 arguments:
610 commandName: copydb
611 command:
612 copydb: "private"
613 expectError:
614 isClientError: false
615 expectLogMessages:
616 - client: *client
617 messages:
618 - level: debug
619 component: command
620 data:
621 message: "Command started"
622 databaseName: *databaseName
623 commandName: copydb
624 command:
625 $$matchAsDocument: {}
626 - level: debug
627 component: command
628 failureIsRedacted: true
629 data:
630 message: "Command failed"
631 commandName: copydb
632 failure: { $$exists: true }
633
634 - description: "network error in response to copydb is not redacted"
635 runOnRequirements:
636 - maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257
637 operations:
638 - name: failPoint
639 object: testRunner
640 arguments:
641 client: *failPointClient
642 failPoint:
643 configureFailPoint: failCommand
644 mode: { times: 1 }
645 data:
646 failCommands: ["copydb"]
647 closeConnection: true
648 - name: runCommand
649 object: *database
650 arguments:
651 commandName: copydb
652 command:
653 copydb: "private"
654 expectError:
655 isClientError: true
656 expectLogMessages:
657 - client: *client
658 messages:
659 - level: debug
660 component: command
661 data:
662 message: "Command started"
663 databaseName: *databaseName
664 commandName: copydb
665 command:
666 $$matchAsDocument: {}
667 - level: debug
668 component: command
669 failureIsRedacted: false
670 data:
671 message: "Command failed"
672 commandName: copydb
673 failure: { $$exists: true }
674
675 - description: "hello with speculative authenticate command and server reply are redacted"
676 runOnRequirements:
677 - minServerVersion: "4.9"
678 operations:
679 - name: runCommand
680 object: *database
681 arguments:
682 commandName: hello
683 command:
684 hello: 1
685 speculativeAuthenticate:
686 saslStart: 1
687 expectLogMessages:
688 - client: *client
689 messages:
690 - level: debug
691 component: command
692 data:
693 message: "Command started"
694 databaseName: *databaseName
695 commandName: hello
696 command:
697 $$matchAsDocument: {}
698 - level: debug
699 component: command
700 data:
701 message: "Command succeeded"
702 commandName: hello
703 reply:
704 $$matchAsDocument: {}
705
706
707 - description: "legacy hello with speculative authenticate command and server reply are redacted"
708 operations:
709 - name: runCommand
710 object: *database
711 arguments:
712 commandName: ismaster
713 command:
714 ismaster: 1
715 speculativeAuthenticate:
716 saslStart: 1
717 - name: runCommand
718 object: *database
719 arguments:
720 commandName: isMaster
721 command:
722 isMaster: 1
723 speculativeAuthenticate:
724 saslStart: 1
725 expectLogMessages:
726 - client: *client
727 messages:
728 - level: debug
729 component: command
730 data:
731 message: "Command started"
732 databaseName: *databaseName
733 commandName: ismaster
734 command:
735 $$matchAsDocument: {}
736 - level: debug
737 component: command
738 data:
739 message: "Command succeeded"
740 commandName: ismaster
741 reply:
742 $$matchAsDocument: {}
743 - level: debug
744 component: command
745 data:
746 message: "Command started"
747 databaseName: *databaseName
748 commandName: isMaster
749 command:
750 $$matchAsDocument: {}
751 - level: debug
752 component: command
753 data:
754 message: "Command succeeded"
755 commandName: isMaster
756 reply:
757 $$matchAsDocument: {}
758
759 - description: "hello without speculative authenticate command and server reply are not redacted"
760 runOnRequirements:
761 - minServerVersion: "4.9"
762 operations:
763 - name: runCommand
764 object: *database
765 arguments:
766 commandName: hello
767 command:
768 hello: 1
769
770 expectLogMessages:
771 - client: *client
772 messages:
773 - level: debug
774 component: command
775 data:
776 message: "Command started"
777 databaseName: *databaseName
778 commandName: hello
779 command:
780 $$matchAsDocument:
781 $$matchAsRoot:
782 hello: 1
783 - level: debug
784 component: command
785 data:
786 message: "Command succeeded"
787 commandName: hello
788 reply:
789 $$matchAsDocument:
790 $$matchAsRoot:
791 ok: 1
792 isWritablePrimary: true
793
794 - description: "legacy hello without speculative authenticate command and server reply are not redacted"
795 operations:
796 - name: runCommand
797 object: *database
798 arguments:
799 commandName: ismaster
800 command:
801 ismaster: 1
802 - name: runCommand
803 object: *database
804 arguments:
805 commandName: isMaster
806 command:
807 isMaster: 1
808 expectLogMessages:
809 - client: *client
810 messages:
811 - level: debug
812 component: command
813 data:
814 message: "Command started"
815 databaseName: *databaseName
816 commandName: ismaster
817 command:
818 $$matchAsDocument:
819 $$matchAsRoot:
820 ismaster: 1
821 - level: debug
822 component: command
823 data:
824 message: "Command succeeded"
825 commandName: ismaster
826 reply:
827 $$matchAsDocument:
828 $$matchAsRoot:
829 ok: 1
830 ismaster: true
831 - level: debug
832 component: command
833 data:
834 message: "Command started"
835 databaseName: *databaseName
836 commandName: isMaster
837 command:
838 $$matchAsDocument:
839 $$matchAsRoot:
840 isMaster: 1
841 - level: debug
842 component: command
843 data:
844 message: "Command succeeded"
845 commandName: isMaster
846 reply:
847 $$matchAsDocument:
848 $$matchAsRoot:
849 ok: 1
850 ismaster: true
View as plain text