description: "redacted-commands" schemaVersion: "1.13" runOnRequirements: - minServerVersion: "5.0" auth: false createEntities: - client: id: &client client useMultipleMongoses: false observeLogMessages: command: debug - client: id: &failPointClient failPointClient useMultipleMongoses: false - database: id: &database database client: *client databaseName: &databaseName logging-redaction-tests tests: - description: "authenticate command and resulting server-generated error are redacted" operations: - name: runCommand object: *database arguments: commandName: authenticate command: authenticate: 1 mechanism: "MONGODB-X509" user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry" db: "$external" # An authentication error is expected, but we want to check that the # CommandStartedEvent is redacted expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: authenticate command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: authenticate failure: { $$exists: true } - description: "network error in response to authenticate is not redacted" operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["authenticate"] closeConnection: true - name: runCommand object: *database arguments: commandName: authenticate command: authenticate: 1 mechanism: "MONGODB-X509" user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry" expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: authenticate command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: authenticate failure: { $$exists: true } - description: "saslStart command and resulting server-generated error are redacted" operations: - name: runCommand object: *database arguments: commandName: saslStart command: saslStart: 1 payload: "definitely-invalid-payload" db: "admin" expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: saslStart command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: saslStart failure: { $$exists: true } - description: "network error in response to saslStart is not redacted" operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["saslStart"] closeConnection: true - name: runCommand object: *database arguments: commandName: saslStart command: saslStart: 1 payload: ZmFrZXNhc2xwYXlsb2Fk mechanism: MONGODB-X509 expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: saslStart command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: saslStart failure: { $$exists: true } - description: "saslContinue command and resulting server-generated error are redacted" operations: - name: runCommand object: *database arguments: commandName: saslContinue command: saslContinue: 1 conversationId: 0 payload: "definitely-invalid-payload" expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: saslContinue command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: saslContinue failure: { $$exists: true } - description: "network error in response to saslContinue is not redacted" operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["saslContinue"] closeConnection: true - name: runCommand object: *database arguments: commandName: saslContinue command: saslContinue: 1 conversationId: 0 payload: ZmFrZXNhc2xwYXlsb2Fk expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: saslContinue command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: saslContinue failure: { $$exists: true } - description: "getnonce command and server reply are redacted" runOnRequirements: - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007 operations: - name: runCommand object: *database arguments: commandName: getnonce command: getnonce: 1 expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: getnonce command: $$matchAsDocument: {} - level: debug component: command data: message: "Command succeeded" commandName: getnonce reply: $$matchAsDocument: {} - description: "network error in response to getnonce is not redacted" runOnRequirements: - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007 operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["getnonce"] closeConnection: true - name: runCommand object: *database arguments: commandName: getnonce command: getnonce: 1 expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: getnonce command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: getnonce failure: { $$exists: true } - description: "createUser command and resulting server-generated error are redacted" operations: - name: runCommand object: *database arguments: commandName: createUser command: createUser: "private" # Passing an object is prohibited and we want to trigger a command # failure pwd: {} roles: [] expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: createUser command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: createUser failure: { $$exists: true } - description: "network error in response to createUser is not redacted" operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["createUser"] closeConnection: true - name: runCommand object: *database arguments: commandName: createUser command: createUser: "private" pwd: "pwd" roles: [] expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: createUser command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: createUser failure: { $$exists: true } - description: "updateUser command and resulting server-generated error are redacted" operations: - name: runCommand object: *database arguments: commandName: updateUser command: updateUser: "private" pwd: {} roles: [] expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: updateUser command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: updateUser failure: { $$exists: true } - description: "network error in response to updateUser is not redacted" operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["updateUser"] closeConnection: true - name: runCommand object: *database arguments: commandName: updateUser command: updateUser: "private" pwd: "pwd" roles: [] expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: updateUser command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: updateUser failure: { $$exists: true } - description: "copydbgetnonce command and resulting server-generated error are redacted" runOnRequirements: - maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276 operations: - name: runCommand object: *database arguments: commandName: copydbgetnonce command: copydbgetnonce: "private" expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: copydbgetnonce command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: copydbgetnonce failure: { $$exists: true } - description: "network error in response to copydbgetnonce is not redacted" runOnRequirements: - maxServerVersion: 3.6.99 # copydbgetnonce was removed as of 4.0 via SERVER-32276 operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["copydbgetnonce"] closeConnection: true - name: runCommand object: *database arguments: commandName: copydbgetnonce command: copydbgetnonce: "private" expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: copydbgetnonce command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: copydbgetnonce failure: { $$exists: true } - description: "copydbsaslstart command and resulting server-generated error are redacted" runOnRequirements: - maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211 operations: - name: runCommand object: *database arguments: commandName: copydbsaslstart command: copydbsaslstart: "private" expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: copydbsaslstart command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: copydbsaslstart failure: { $$exists: true } - description: "network error in response to copydbsaslstart is not redacted" runOnRequirements: - maxServerVersion: 4.0.99 # copydbsaslstart was removed as of 4.2 via SERVER-36211 operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["copydbsaslstart"] closeConnection: true - name: runCommand object: *database arguments: commandName: copydbsaslstart command: copydbsaslstart: "private" expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: copydbgetnonce command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: copydbgetnonce failure: { $$exists: true } - description: "copydb command and resulting server-generated error are redacted" runOnRequirements: - maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257 operations: - name: runCommand object: *database arguments: commandName: copydb command: copydb: "private" expectError: isClientError: false expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: copydb command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: true data: message: "Command failed" commandName: copydb failure: { $$exists: true } - description: "network error in response to copydb is not redacted" runOnRequirements: - maxServerVersion: 4.0.99 # copydb was removed as of 4.2 via SERVER-36257 operations: - name: failPoint object: testRunner arguments: client: *failPointClient failPoint: configureFailPoint: failCommand mode: { times: 1 } data: failCommands: ["copydb"] closeConnection: true - name: runCommand object: *database arguments: commandName: copydb command: copydb: "private" expectError: isClientError: true expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: copydb command: $$matchAsDocument: {} - level: debug component: command failureIsRedacted: false data: message: "Command failed" commandName: copydb failure: { $$exists: true } - description: "hello with speculative authenticate command and server reply are redacted" runOnRequirements: - minServerVersion: "4.9" operations: - name: runCommand object: *database arguments: commandName: hello command: hello: 1 speculativeAuthenticate: saslStart: 1 expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: hello command: $$matchAsDocument: {} - level: debug component: command data: message: "Command succeeded" commandName: hello reply: $$matchAsDocument: {} - description: "legacy hello with speculative authenticate command and server reply are redacted" operations: - name: runCommand object: *database arguments: commandName: ismaster command: ismaster: 1 speculativeAuthenticate: saslStart: 1 - name: runCommand object: *database arguments: commandName: isMaster command: isMaster: 1 speculativeAuthenticate: saslStart: 1 expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: ismaster command: $$matchAsDocument: {} - level: debug component: command data: message: "Command succeeded" commandName: ismaster reply: $$matchAsDocument: {} - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: isMaster command: $$matchAsDocument: {} - level: debug component: command data: message: "Command succeeded" commandName: isMaster reply: $$matchAsDocument: {} - description: "hello without speculative authenticate command and server reply are not redacted" runOnRequirements: - minServerVersion: "4.9" operations: - name: runCommand object: *database arguments: commandName: hello command: hello: 1 expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: hello command: $$matchAsDocument: $$matchAsRoot: hello: 1 - level: debug component: command data: message: "Command succeeded" commandName: hello reply: $$matchAsDocument: $$matchAsRoot: ok: 1 isWritablePrimary: true - description: "legacy hello without speculative authenticate command and server reply are not redacted" operations: - name: runCommand object: *database arguments: commandName: ismaster command: ismaster: 1 - name: runCommand object: *database arguments: commandName: isMaster command: isMaster: 1 expectLogMessages: - client: *client messages: - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: ismaster command: $$matchAsDocument: $$matchAsRoot: ismaster: 1 - level: debug component: command data: message: "Command succeeded" commandName: ismaster reply: $$matchAsDocument: $$matchAsRoot: ok: 1 ismaster: true - level: debug component: command data: message: "Command started" databaseName: *databaseName commandName: isMaster command: $$matchAsDocument: $$matchAsRoot: isMaster: 1 - level: debug component: command data: message: "Command succeeded" commandName: isMaster reply: $$matchAsDocument: $$matchAsRoot: ok: 1 ismaster: true