1description: "observeSensitiveCommands"
2
3schemaVersion: "1.5"
4
5runOnRequirements:
6 - auth: false
7
8createEntities:
9 - client:
10 id: &clientObserveSensitiveCommands client0
11 observeEvents:
12 - commandStartedEvent
13 - commandSucceededEvent
14 observeSensitiveCommands: true
15 - client:
16 id: &clientDoNotObserveSensitiveCommands client1
17 observeEvents:
18 - commandStartedEvent
19 - commandSucceededEvent
20 observeSensitiveCommands: false
21 - client:
22 id: &clientDoNotObserveSensitiveCommandsByDefault client2
23 observeEvents:
24 - commandStartedEvent
25 - commandSucceededEvent
26 - database:
27 id: &databaseObserveSensitiveCommands database0
28 client: *clientObserveSensitiveCommands
29 databaseName: &databaseName observeSensitiveCommands
30 - database:
31 id: &databaseDoNotObserveSensitiveCommands database1
32 client: *clientDoNotObserveSensitiveCommands
33 databaseName: *databaseName
34 - database:
35 id: &databaseDoNotObserveSensitiveCommandsByDefault database2
36 client: *clientDoNotObserveSensitiveCommandsByDefault
37 databaseName: *databaseName
38
39tests:
40 - description: "getnonce is observed with observeSensitiveCommands=true"
41 runOnRequirements:
42 - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
43 operations:
44 - name: runCommand
45 object: *databaseObserveSensitiveCommands
46 arguments:
47 commandName: getnonce
48 command: { getnonce: 1 }
49 expectEvents:
50 - client: *clientObserveSensitiveCommands
51 events:
52 - commandStartedEvent:
53 commandName: getnonce
54 command: { getnonce: { $$exists: false } }
55 - commandSucceededEvent:
56 commandName: getnonce
57 reply:
58 ok: { $$exists: false }
59 nonce: { $$exists: false }
60
61 - description: "getnonce is not observed with observeSensitiveCommands=false"
62 runOnRequirements:
63 - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
64 operations:
65 - name: runCommand
66 object: *databaseDoNotObserveSensitiveCommands
67 arguments:
68 commandName: getnonce
69 command: { getnonce: 1 }
70 expectEvents:
71 - client: *clientDoNotObserveSensitiveCommands
72 events: []
73
74 - description: "getnonce is not observed by default"
75 runOnRequirements:
76 - maxServerVersion: 6.1.99 # getnonce removed as of 6.2 via SERVER-71007
77 operations:
78 - name: runCommand
79 object: *databaseDoNotObserveSensitiveCommandsByDefault
80 arguments:
81 commandName: getnonce
82 command: { getnonce: 1 }
83 expectEvents:
84 - client: *clientDoNotObserveSensitiveCommandsByDefault
85 events: []
86
87 - description: "hello with speculativeAuthenticate"
88 runOnRequirements:
89 - minServerVersion: "4.9"
90 operations:
91 - name: runCommand
92 object: *databaseObserveSensitiveCommands
93 arguments: &helloArgs
94 commandName: hello
95 command:
96 hello: 1
97 speculativeAuthenticate: { saslStart: 1 }
98 - name: runCommand
99 object: *databaseDoNotObserveSensitiveCommands
100 arguments: *helloArgs
101 - name: runCommand
102 object: *databaseDoNotObserveSensitiveCommandsByDefault
103 arguments: *helloArgs
104 expectEvents:
105 - client: *clientObserveSensitiveCommands
106 events:
107 - commandStartedEvent:
108 commandName: hello
109 command:
110 # Assert that all fields in command are redacted
111 hello: { $$exists: false }
112 speculativeAuthenticate: { $$exists: false }
113 - commandSucceededEvent:
114 commandName: hello
115 reply:
116 # Assert that all fields in reply are redacted
117 isWritablePrimary: { $$exists: false }
118 speculativeAuthenticate: { $$exists: false }
119 - client: *clientDoNotObserveSensitiveCommands
120 events: []
121 - client: *clientDoNotObserveSensitiveCommandsByDefault
122 events: []
123
124 - description: "hello without speculativeAuthenticate is always observed"
125 runOnRequirements:
126 - minServerVersion: "4.9"
127 operations:
128 - name: runCommand
129 object: *databaseObserveSensitiveCommands
130 arguments: &helloArgs
131 commandName: hello
132 command: { hello: 1 }
133 - name: runCommand
134 object: *databaseDoNotObserveSensitiveCommands
135 arguments: *helloArgs
136 - name: runCommand
137 object: *databaseDoNotObserveSensitiveCommandsByDefault
138 arguments: *helloArgs
139 expectEvents:
140 - client: *clientObserveSensitiveCommands
141 events: &helloEvents
142 - commandStartedEvent:
143 commandName: hello
144 command: { hello: 1 }
145 - commandSucceededEvent:
146 commandName: hello
147 reply: { isWritablePrimary: { $$exists: true } }
148 - client: *clientDoNotObserveSensitiveCommands
149 events: *helloEvents
150 - client: *clientDoNotObserveSensitiveCommandsByDefault
151 events: *helloEvents
152
153 - description: "legacy hello with speculativeAuthenticate"
154 operations:
155 - name: runCommand
156 object: *databaseObserveSensitiveCommands
157 arguments: &ismasterArgs
158 commandName: ismaster
159 command:
160 ismaster: 1
161 speculativeAuthenticate: { saslStart: 1 }
162 - name: runCommand
163 object: *databaseObserveSensitiveCommands
164 arguments: &isMasterArgs
165 commandName: isMaster
166 command:
167 isMaster: 1
168 speculativeAuthenticate: { saslStart: 1 }
169 - name: runCommand
170 object: *databaseDoNotObserveSensitiveCommands
171 arguments: *ismasterArgs
172 - name: runCommand
173 object: *databaseDoNotObserveSensitiveCommands
174 arguments: *isMasterArgs
175 - name: runCommand
176 object: *databaseDoNotObserveSensitiveCommandsByDefault
177 arguments: *ismasterArgs
178 - name: runCommand
179 object: *databaseDoNotObserveSensitiveCommandsByDefault
180 arguments: *isMasterArgs
181 expectEvents:
182 - client: *clientObserveSensitiveCommands
183 events:
184 - commandStartedEvent:
185 commandName: ismaster
186 command:
187 # Assert that all fields in command are redacted
188 ismaster: { $$exists: false }
189 speculativeAuthenticate: { $$exists: false }
190 - commandSucceededEvent:
191 commandName: ismaster
192 reply:
193 # Assert that all fields in reply are redacted
194 ismaster: { $$exists: false }
195 speculativeAuthenticate: { $$exists: false }
196 - commandStartedEvent:
197 commandName: isMaster
198 command:
199 # Assert that all fields in command are redacted
200 isMaster: { $$exists: false }
201 speculativeAuthenticate: { $$exists: false }
202 - commandSucceededEvent:
203 commandName: isMaster
204 reply:
205 # Assert that all fields in reply are redacted
206 ismaster: { $$exists: false }
207 speculativeAuthenticate: { $$exists: false }
208 - client: *clientDoNotObserveSensitiveCommands
209 events: []
210 - client: *clientDoNotObserveSensitiveCommandsByDefault
211 events: []
212
213 - description: "legacy hello without speculativeAuthenticate is always observed"
214 operations:
215 - name: runCommand
216 object: *databaseObserveSensitiveCommands
217 arguments: &ismasterArgs
218 commandName: ismaster
219 command: { ismaster: 1 }
220 - name: runCommand
221 object: *databaseObserveSensitiveCommands
222 arguments: &isMasterArgs
223 commandName: isMaster
224 command: { isMaster: 1 }
225 - name: runCommand
226 object: *databaseDoNotObserveSensitiveCommands
227 arguments: *ismasterArgs
228 - name: runCommand
229 object: *databaseDoNotObserveSensitiveCommands
230 arguments: *isMasterArgs
231 - name: runCommand
232 object: *databaseDoNotObserveSensitiveCommandsByDefault
233 arguments: *ismasterArgs
234 - name: runCommand
235 object: *databaseDoNotObserveSensitiveCommandsByDefault
236 arguments: *isMasterArgs
237 expectEvents:
238 - client: *clientObserveSensitiveCommands
239 events: &ismasterAndisMasterEvents
240 - commandStartedEvent:
241 commandName: ismaster
242 command: { ismaster: 1 }
243 - commandSucceededEvent:
244 commandName: ismaster
245 reply: { ismaster: { $$exists: true } }
246 - commandStartedEvent:
247 commandName: isMaster
248 command: { isMaster: 1 }
249 - commandSucceededEvent:
250 commandName: isMaster
251 reply: { ismaster: { $$exists: true } }
252 - client: *clientDoNotObserveSensitiveCommands
253 events: *ismasterAndisMasterEvents
254 - client: *clientDoNotObserveSensitiveCommandsByDefault
255 events: *ismasterAndisMasterEvents
View as plain text