[SERVER-70975] Exclude commands which are not allowed with security token from NTDI core passthrough Created: 31/Oct/22  Updated: 29/Oct/23  Resolved: 28/Nov/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.3.0-rc0

Type: Task Priority: Major - P3
Reporter: Sophia Tan Assignee: Sophia Tan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-70545 Create passthroughs that inject a sec... Closed
Backwards Compatibility: Fully Compatible
Sprint: Server Serverless 2022-11-14, Server Serverless 2022-11-28
Participants:

 Description   

There are a lot of commands which are not allowed in serverless mode. We expect these commands can be excluded from native tenant data isolation passthrough test suite. We can do it either by creating new test tags or any other better ways.  



 Comments   
Comment by Githook User [ 22/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (YAML file)
Branch: master
https://github.com/mongodb/mongo/commit/5631df7cc62b6804e619315b27fff39db309d88b

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 7)
Branch: master
https://github.com/mongodb/mongo/commit/5afd4140f47599d2c7180ca55240f5f2338898ad

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 6)
Branch: master
https://github.com/mongodb/mongo/commit/2bcee0994adf325a6d82d1a062ecf1715aec45e6

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 5)
Branch: master
https://github.com/mongodb/mongo/commit/78711c2c27c9a769670e79ade63fa616831589d2

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 4)
Branch: master
https://github.com/mongodb/mongo/commit/4f92dfc82e28e028415f95cc0a50fc2e01bc7487

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 3)
Branch: master
https://github.com/mongodb/mongo/commit/d90030950c7f205d2a1354de0fc7efec15a9b6fb

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 2)
Branch: master
https://github.com/mongodb/mongo/commit/3b3961b638da17d54875b5cab45a01238168b0a3

Comment by Githook User [ 21/Nov/22 ]

Author:

{'name': 'Sophia Tan', 'email': 'sophia_tll@hotmail.com', 'username': 'sophiatll'}

Message: SERVER-70975 Exclude commands which are not allowed with security token from NTDI core passthrough (Part 1)
Branch: master
https://github.com/mongodb/mongo/commit/c0cc8aba2740f0f345bd2387759188e2f1a35612

Comment by Sophia Tan [ 03/Nov/22 ]

Today, there are
 - total js core files :1283 files

  • disallowed commands list in the excel file : 190 commands
  • the js core files which run disallowed commands: 182 files
  • found disallowed commands in theses js core file: 152 commands

Out target:
we should exclude files which run disallowed commands from the passthrough suite.

Approach 1: add new test tags and exclude these test tag.

  • create new test tag for each cmd. We will have 152 new test tags.
  • in each js file, add test tags for all the disallowed cmds run by the file. We will add about 413 lines totally into js files.
  • in yml file, we can exclude tags with "RUN_CMD_DISALLOWED_WITH_SECURITY_TOKEN_*"

Approach 2: list all the excluded files in yml directly.

  • add 182 lines in yml file.
  • no js file change.

For both approaches,

  • we need a disallowed command list for reference. We'd better to put the list into github for maintenance.
  • if we add or remove disallowed command from the disallowed commands list, we should search js files to figure out which files should be excluded or included.
  • if we change any js file, we should check if the file should be excluded or included.
  • we'd better have a tool to help us do the above things.
Generated at Thu Feb 08 06:17:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.