[SERVER-83318] Enable auth testing for autoCompact command Created: 16/Nov/23  Updated: 12/Dec/23  Resolved: 12/Dec/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.3.0-rc0

Type: Task Priority: Major - P3
Reporter: Sean Watt Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Tested
is testing SERVER-80121 Create the background compaction API Closed
Assigned Teams:
Storage Engines
Backwards Compatibility: Fully Compatible
Sprint: Security 2023-12-11, Security 2023-12-25
Participants:

 Description   

SERVER-80121 - Create the background compaction API, introduced a new command autoCompact which enables WiredTiger to automatically compact files in a database. Some authentication jstests still need to be enabled.

These include:

all_commands_downgrading_to_upgraded.js



 Comments   
Comment by Githook User [ 12/Dec/23 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-83318 Enable auth testing for autoCompact command

GitOrigin-RevId: f2cd3c4869122f1c2ad0bdab4c852bb1a784bb53
Branch: master
https://github.com/mongodb/mongo/commit/a96cc9765147eff4d411aad4b0132c808d5c1cad

Comment by Sean Watt [ 30/Nov/23 ]

The auth tests can be run with

buildscripts/resmoke.py run --suites=auth --continueOnFailure --excludeWithAnyTags=incompatible_with_amazon_linux,requires_external_data_source --jobs=4 --shuffle --runAllFeatureFlagTests --storageEngineCacheSizeGB=1

Comment by Sean Watt [ 23/Nov/23 ]

As it stands, adding the autoCompact command to comands_lib.js as follows

        {
          testname: "autoCompact",
          command: {autoCompact: true},
          skipSharded: true,
          testcases: [
              {
                runOnDb: adminDbName,
                roles: roles_dbAdmin,
                privileges:
                    [{resource: {db: adminDbName}, actions: ["compact"]}]
              }
          ]
        },

causes commands_builtin_roles_standalone.js to fail with:

[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] [jsTest] autoCompact: expected authorization success but received {
[js_test:commands_builtin_roles_standalone] [jsTest] 	"ok" : 0,
[js_test:commands_builtin_roles_standalone] [jsTest] 	"errmsg" : "not authorized on admin to execute command { autoCompact: true, $db: \"admin\" }",
[js_test:commands_builtin_roles_standalone] [jsTest] 	"code" : 13,
[js_test:commands_builtin_roles_standalone] [jsTest] 	"codeName" : "Unauthorized"
[js_test:commands_builtin_roles_standalone] [jsTest] } on db admin with role dbAdmin
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] [jsTest] autoCompact: expected authorization success but received {
[js_test:commands_builtin_roles_standalone] [jsTest] 	"ok" : 0,
[js_test:commands_builtin_roles_standalone] [jsTest] 	"errmsg" : "not authorized on admin to execute command { autoCompact: true, $db: \"admin\" }",
[js_test:commands_builtin_roles_standalone] [jsTest] 	"code" : 13,
[js_test:commands_builtin_roles_standalone] [jsTest] 	"codeName" : "Unauthorized"
[js_test:commands_builtin_roles_standalone] [jsTest] } on db admin with role dbAdminAnyDatabase
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] [jsTest] autoCompact: expected authorization failure but received result { "ok" : 1 } on db admin with role clusterAdmin
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] [jsTest] autoCompact: expected authorization success but received {
[js_test:commands_builtin_roles_standalone] [jsTest] 	"ok" : 0,
[js_test:commands_builtin_roles_standalone] [jsTest] 	"errmsg" : "not authorized on admin to execute command { autoCompact: true, $db: \"admin\" }",
[js_test:commands_builtin_roles_standalone] [jsTest] 	"code" : 13,
[js_test:commands_builtin_roles_standalone] [jsTest] 	"codeName" : "Unauthorized"
[js_test:commands_builtin_roles_standalone] [jsTest] } on db admin with role dbOwner
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] 
[js_test:commands_builtin_roles_standalone] [jsTest] ----
[js_test:commands_builtin_roles_standalone] [jsTest] autoCompact: expected authorization failure but received result { "ok" : 1 } on db admin with role hostManager
[js_test:commands_builtin_roles_standalone] [jsTest] ----

We need to consider whether we need a new action type for the autoCompact command or if using the existing action type for compact is okay. The current compact action type authenticates against a DB/collection resource type. However, since autoCompact is operating on all database on a single node, should we consider this as a DB resource type or a cluster resource?

Generated at Thu Feb 08 06:51:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.