SERVER-82543 Finish removing dollar tenant in js serverless tests

Author: josephdprince

jstests/serverless/initial_sync_change_collection.js

@@ -97,7 +97,11 @@ const endOplogTimestamp = oplogDocs.at(-1).ts;
 // oplog only after the data cloning is done. And so, the change collection already exists in place
 // to capture oplog entries. As such, the change collection entries and the oplog entries for
 // timestamp range ('startOplogTimestamp', 'endOplogTimestamp'] must be the same.
-verifyChangeCollectionEntries(secondary, startOplogTimestamp, endOplogTimestamp, userInfo.tenantId);
+verifyChangeCollectionEntries(secondary,
+                              startOplogTimestamp,
+                              endOplogTimestamp,
+                              userInfo.tenantId,
+                              _createTenantToken({tenant: userInfo.tenantId}));
 
 // The state of the change collection after the initial sync is not consistent with the primary.
 // This is because the change collection's data is never cloned to the secondary, only it's creation

jstests/serverless/libs/change_collection_util.js

@@ -3,10 +3,11 @@
 // Verifies that the oplog and change collection entries are the same for the provided tenant
 // 'tenantId' for the specified timestamp window:- (startOplogTimestamp, endOplogTimestamp].
 export function verifyChangeCollectionEntries(
-    connection, startOplogTimestamp, endOplogTimestamp, tenantId) {
+    connection, startOplogTimestamp, endOplogTimestamp, tenantId, token) {
     // Fetch the oplog documents for the provided tenant for the specified timestamp window. Note
     // that the startOplogTimestamp is expected to be just before the first write, while the
     // endOplogTimestamp is expected to be the timestamp of the final write in the test.
+    connection._setSecurityToken(undefined);
     const oplogColl = connection.getDB("local").oplog.rs;
     const oplogEntries = oplogColl
                              .find({
@@ -18,15 +19,17 @@ export function verifyChangeCollectionEntries(
                              })
                              .toArray();
 
+    // Set token for the following command
+    connection._setSecurityToken(token);
+
     // Fetch all documents from the tenant's change collection for the specified timestamp window.
     const changeCollectionEntries =
         assert
             .commandWorked(connection.getDB("config").runCommand({
                 find: "system.change_collection",
                 filter:
                     {$and: [{_id: {$gt: startOplogTimestamp}}, {_id: {$lte: endOplogTimestamp}}]},
-                batchSize: 1000000,
-                $tenant: tenantId
+                batchSize: 1000000
             }))
             .cursor.firstBatch;
 
@@ -84,8 +87,7 @@ export class ChangeStreamMultitenantReplicaSetTest extends ReplSetTest {
         this.startSet({setParameter});
         this.initiate();
 
-        // Create a root user within the multitenant environment to enable passing '$tenant' to
-        // commands.
+        // Create a root user within the multitenant environment
         assert.commandWorked(this.getPrimary().getDB("admin").runCommand(
             {createUser: "root", pwd: "pwd", roles: ["root"]}));
 
@@ -137,20 +139,16 @@ export class ChangeStreamMultitenantReplicaSetTest extends ReplSetTest {
 
         const adminDb = tokenConn.getDB("admin");
 
-        // Login to the root user with 'ActionType::useTenant' such that the '$tenant' can be
-        // used.
         assert(adminDb.auth("root", "pwd"));
 
         // Create the user with the provided roles if it does not exist.
+        tokenConn._setSecurityToken(_createTenantToken({tenant: tenantId}));
         const existingUser =
-            assert
-                .commandWorked(adminDb.runCommand(
-                    {find: "system.users", filter: {user: user}, $tenant: tenantId}))
+            assert.commandWorked(adminDb.runCommand({find: "system.users", filter: {user: user}}))
                 .cursor.firstBatch;
         if (existingUser.length === 0) {
             assert.commandWorked(
-                tokenConn.getDB("$external")
-                    .runCommand({createUser: user, '$tenant': tenantId, roles: userRoles}));
+                tokenConn.getDB("$external").runCommand({createUser: user, roles: userRoles}));
         }
 
         // Set the provided tenant id into the security token for the user.

jstests/serverless/list_databases_for_all_tenants.js

@@ -67,7 +67,7 @@ function createMultitenantDatabases(conn, tokenConn, num) {
             {"name": 'auto_gen_db_' + i.toString(), "tenantId": kTenant, "empty": false});
     }
     // Reset token
-    conn._setSecurityToken("");
+    conn._setSecurityToken(undefined);
     return [tenantIds, tokens, expectedDatabases];
 }
 
@@ -223,7 +223,7 @@ function runTestInvalidCommands(primary) {
         createUser: "unauthorizedUsr",
         roles: [{role: 'readWriteAnyDatabase', db: 'admin'}]
     }));
-    primary._setSecurityToken("");
+    primary._setSecurityToken(undefined);
     tokenConn._setSecurityToken(
         _createSecurityToken({user: "unauthorizedUsr", db: '$external', tenant: kTenant}, kVTSKey));
     const tokenAdminDB = tokenConn.getDB("admin");

jstests/serverless/multitenancy_initial_sync_fails_no_auth_schema.js

@@ -41,7 +41,7 @@ assert.commandWorked(primary.getDB('$external').runCommand({
 let res = assert.commandWorked(adminDb.runCommand({find: "system.users", filter: {}}));
 assert.eq(1, res.cursor.firstBatch.length);
 
-primary._setSecurityToken("");
+primary._setSecurityToken(undefined);
 
 // Delete the auth schema doc. This should cause initial sync to fail, because a user exists
 // without an auth schema doc.

jstests/serverless/multitenancy_with_mongoq_basic_commands.js

@@ -698,6 +698,6 @@ const tokenDB = tokenConn.getDB(kDbName);
 // This should fail since dbCheck is not supporting using a security token.
 { assert.commandFailedWithCode(tokenDB.runCommand({dbCheck: kCollName}), ErrorCodes.Unauthorized); }
 
-primary._setSecurityToken("");
+primary._setSecurityToken(undefined);
 
 rst.stopSet();

jstests/serverless/serverless_slow_log_tenantid.js

@@ -19,7 +19,7 @@ rst.initiate();
 const kTenant = ObjectId();
 const adminDb = rst.getPrimary().getDB('admin');
 
-// Must be authenticated as a user with ActionType::useTenant in order to use $tenant.
+// Create a user for testing
 assert.commandWorked(adminDb.runCommand({createUser: 'admin', pwd: 'pwd', roles: ['root']}));
 assert(adminDb.auth('admin', 'pwd'));
 
@@ -31,8 +31,9 @@ assert.commandWorked(adminDb.setProfilingLevel(2, {slowms: -1}));
 
 const primary = rst.getPrimary();
 
-assert.commandWorked(primary.getDB("test").runCommand(
-    {insert: "foo", documents: [{_id: 0, a: 1, b: 1}], '$tenant': kTenant}));
+primary._setSecurityToken(_createTenantToken({tenant: kTenant}));
+assert.commandWorked(
+    primary.getDB("test").runCommand({insert: "foo", documents: [{_id: 0, a: 1, b: 1}]}));
 
 print(`Checking ${primary.fullOptions.logFile} for client metadata message`);
 const log = cat(primary.fullOptions.logFile);
@@ -49,4 +50,6 @@ for (var a of log.split("\n")) {
 assert(predicate.test(log),
        "'Slow query' log line missing in mongod log file!\n" +
            "Log file contents: " + rst.getPrimary().fullOptions.logFile);
+
+primary._setSecurityToken(undefined);
 rst.stopSet();

jstests/serverless/tenant_migration_shard_merge_abort_garbage_collection.js

@@ -17,7 +17,7 @@ import {extractUUIDFromObject} from "jstests/libs/uuid_util.js";
 import {TenantMigrationTest} from "jstests/replsets/libs/tenant_migration_test.js";
 import {makeTenantDB} from "jstests/replsets/libs/tenant_migration_util.js";
 
-// Disabling featureFlagRequireTenantID to allow using a tenantId prefix (instead of $tenant) and
+// Disabling featureFlagRequireTenantID to allow using a tenantId prefix and
 // reusing the same code to test garbage collection with and without multitenancy support.
 function runTest({multitenancySupport}) {
     const setParameter = {

jstests/serverless/upgrade_to_use_multitenancy_support.js

@@ -20,6 +20,7 @@ if (featureFlagRequireTenantId) {
  * tenantId.
  */
 function runFindOnPrefixedDb(conn, prefixedDb, collName, expectedDocsReturned) {
+    conn._setSecurityToken(undefined);
     const res =
         assert.commandWorked(conn.getDB(prefixedDb).runCommand({find: collName, filter: {}}));
     assert(arrayEq(expectedDocsReturned, res.cursor.firstBatch), tojson(res));
@@ -31,34 +32,35 @@ function runFindOnPrefixedDb(conn, prefixedDb, collName, expectedDocsReturned) {
  * Runs a findAndModify using a prefixed db.
  */
 function runFindAndModOnPrefixedDb(conn, prefixedDb, collName, query, update, expectedDocReturned) {
+    conn._setSecurityToken(undefined);
     const res = assert.commandWorked(
         conn.getDB(prefixedDb).runCommand({findAndModify: collName, query: query, update: update}));
     assert.eq(res.value, expectedDocReturned);
 }
 
 /*
- * Runs a find using $tenant, and asserts the find returns 'expectedDocsReturned'. Also
- * checks that the "ns" returned in the cursor result is serialized as expected, without the
+ * Runs a find using unsigned security token, and asserts the find returns 'expectedDocsReturned'.
+ * Also checks that the "ns" returned in the cursor result is serialized as expected, without the
  * tenantId.
  */
-function runFindUsingDollarTenant(conn, db, collName, tenantId, expectedDocsReturned) {
-    const res = assert.commandWorked(
-        conn.getDB(db).runCommand({find: collName, filter: {}, $tenant: tenantId}));
+function runFindUsingSecurityToken(conn, db, collName, token, expectedDocsReturned) {
+    conn._setSecurityToken(token);
+    const res = assert.commandWorked(conn.getDB(db).runCommand({find: collName, filter: {}}));
     assert(arrayEq(expectedDocsReturned, res.cursor.firstBatch), tojson(res));
     const namespace = db + "." + collName;
     assert.eq(res.cursor.ns, namespace);
 }
 
 /*
- * Runs a find using $tenant and prefixed db, and asserts the find returns
+ * Runs a find using unsigned security token and prefixed db, and asserts the find returns
  * 'expectedDocsReturned'. Also checks that the "ns" returned in the cursor result is serialized
  * as expected, including the tenantId.
  */
-function runFindUsingDollarTenantAndPrefix(
-    conn, prefixedDb, collName, tenantId, expectedDocsReturned) {
+function runFindUsingSecurityTokenAndPrefix(
+    conn, prefixedDb, collName, token, expectedDocsReturned) {
+    conn._setSecurityToken(token);
     const res = assert.commandWorked(
-        conn.getDB(prefixedDb)
-            .runCommand({find: collName, filter: {}, $tenant: tenantId, expectPrefix: true}));
+        conn.getDB(prefixedDb).runCommand({find: collName, filter: {}, expectPrefix: true}));
     assert(arrayEq(expectedDocsReturned, res.cursor.firstBatch), tojson(res));
     const prefixedNamespace = prefixedDb + "." + collName;
     assert.eq(res.cursor.ns, prefixedNamespace);
@@ -78,15 +80,10 @@ function assertFindBothTenantsPrefixedDb(
  * Runs a find for both tenants using a prefixed db, and asserts the find returns
  * 'expectedDocsReturned'.
  */
-function assertFindBothTenantsUsingDollarTenant(conn,
-                                                db,
-                                                collName,
-                                                tenantId1,
-                                                tenantId2,
-                                                expectedDocsReturnedTenant1,
-                                                expectedDocsReturnedTenant2) {
-    runFindUsingDollarTenant(conn, db, collName, tenantId1, expectedDocsReturnedTenant1);
-    runFindUsingDollarTenant(conn, db, collName, tenantId2, expectedDocsReturnedTenant2);
+function assertFindBothTenantsUsingSecurityToken(
+    conn, db, collName, token1, token2, expectedDocsReturnedTenant1, expectedDocsReturnedTenant2) {
+    runFindUsingSecurityToken(conn, db, collName, token1, expectedDocsReturnedTenant1);
+    runFindUsingSecurityToken(conn, db, collName, token2, expectedDocsReturnedTenant2);
 }
 
 const rst = new ReplSetTest({
@@ -106,6 +103,9 @@ const kTenant2 = ObjectId();
 const kDbName = "test";
 const kCollName = "foo";
 
+const kToken1 = _createTenantToken({tenant: kTenant1});
+const kToken2 = _createTenantToken({tenant: kTenant2});
+
 // Create a root user and login on both the primary and secondary.
 const primaryAdminDb = originalPrimary.getDB('admin');
 let secondaryAdminDb = originalSecondary.getDB('admin');
@@ -147,16 +147,16 @@ assertFindBothTenantsPrefixedDb(
     originalSecondary, tenant1DbPrefixed, tenant2DbPrefixed, kCollName, tenant1Docs, tenant2Docs);
 
 // Now check that we find the docs for both tenants when reading from the secondary using
-// $tenant and a security token. The primary does not yet support $tenant or a security token
+// a security token. The primary does not yet support a security token
 // since it does not have multitenancySupport enabled.
-assertFindBothTenantsUsingDollarTenant(
-    originalSecondary, kDbName, kCollName, kTenant1, kTenant2, tenant1Docs, tenant2Docs);
+assertFindBothTenantsUsingSecurityToken(
+    originalSecondary, kDbName, kCollName, kToken1, kToken2, tenant1Docs, tenant2Docs);
 
-// Also assert both tenants find the new doc on the secondary using $tenant and a prefixed db.
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant1DbPrefixed, kCollName, kTenant1, tenant1Docs);
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant2DbPrefixed, kCollName, kTenant2, tenant2Docs);
+// Also assert both tenants find the new doc on the secondary using token and a prefixed db.
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant1DbPrefixed, kCollName, kToken1, tenant1Docs);
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant2DbPrefixed, kCollName, kToken2, tenant2Docs);
 
 // Now insert a new doc for both tenants using the prefixed db, and assert that we can find it
 // on both the primary and secondary.
@@ -185,18 +185,18 @@ assertFindBothTenantsPrefixedDb(originalSecondary,
                                 allTenant1Docs,
                                 allTenant2Docs);
 
-// Assert both tenants find the new doc on the secondary using $tenant.
-assertFindBothTenantsUsingDollarTenant(
-    originalSecondary, kDbName, kCollName, kTenant1, kTenant2, allTenant1Docs, allTenant2Docs);
+// Assert both tenants find the new doc on the secondary using token.
+assertFindBothTenantsUsingSecurityToken(
+    originalSecondary, kDbName, kCollName, kToken1, kToken2, allTenant1Docs, allTenant2Docs);
 
-// Assert both tenants find the new doc on the secondary using $tenant and a prefixed db.
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant1DbPrefixed, kCollName, kTenant1, allTenant1Docs);
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant2DbPrefixed, kCollName, kTenant2, allTenant2Docs);
+// Assert both tenants find the new doc on the secondary using token and a prefixed db.
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant1DbPrefixed, kCollName, kToken1, allTenant1Docs);
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant2DbPrefixed, kCollName, kToken2, allTenant2Docs);
 
 // Now run findAndModify on one doc using a prefixed db and check that we can read from the
-// secondary using just $tenant and $tenant and a prefix.
+// secondary using just token and a prefix.
 runFindAndModOnPrefixedDb(originalPrimary,
                           tenant1DbPrefixed,
                           kCollName,
@@ -212,18 +212,18 @@ runFindAndModOnPrefixedDb(originalPrimary,
 
 const modifiedTenant1Docs = tenant1Docs.concat([{_id: 2, x: 4}]);
 const modifiedTenant2Docs = tenant2Docs.concat([{_id: 12, a: 40}]);
-assertFindBothTenantsUsingDollarTenant(originalSecondary,
-                                       kDbName,
-                                       kCollName,
-                                       kTenant1,
-                                       kTenant2,
-                                       modifiedTenant1Docs,
-                                       modifiedTenant2Docs);
-
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant1DbPrefixed, kCollName, kTenant1, modifiedTenant1Docs);
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant2DbPrefixed, kCollName, kTenant2, modifiedTenant2Docs);
+assertFindBothTenantsUsingSecurityToken(originalSecondary,
+                                        kDbName,
+                                        kCollName,
+                                        kToken1,
+                                        kToken2,
+                                        modifiedTenant1Docs,
+                                        modifiedTenant2Docs);
+
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant1DbPrefixed, kCollName, kToken1, modifiedTenant1Docs);
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant2DbPrefixed, kCollName, kToken2, modifiedTenant2Docs);
 
 // Now, restart the primary and enable multitenancySupport. The secondary will step up to
 // become primary.
@@ -250,31 +250,33 @@ assertFindBothTenantsPrefixedDb(originalSecondary,
                                 modifiedTenant2Docs);
 
 // Now check that we find the docs for both tenants when reading from both the primary and
-// secondary using $tenant.
-assertFindBothTenantsUsingDollarTenant(originalPrimary,
-                                       kDbName,
-                                       kCollName,
-                                       kTenant1,
-                                       kTenant2,
-                                       modifiedTenant1Docs,
-                                       modifiedTenant2Docs);
-assertFindBothTenantsUsingDollarTenant(originalSecondary,
-                                       kDbName,
-                                       kCollName,
-                                       kTenant1,
-                                       kTenant2,
-                                       modifiedTenant1Docs,
-                                       modifiedTenant2Docs);
-
-// Also check that both tenants find the new doc on the primary and secondary using $tenant and
-// a prefixed db.
-runFindUsingDollarTenantAndPrefix(
-    originalPrimary, tenant1DbPrefixed, kCollName, kTenant1, modifiedTenant1Docs);
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant2DbPrefixed, kCollName, kTenant2, modifiedTenant2Docs);
-runFindUsingDollarTenantAndPrefix(
-    originalPrimary, tenant1DbPrefixed, kCollName, kTenant1, modifiedTenant1Docs);
-runFindUsingDollarTenantAndPrefix(
-    originalSecondary, tenant2DbPrefixed, kCollName, kTenant2, modifiedTenant2Docs);
-
+// secondary using token.
+assertFindBothTenantsUsingSecurityToken(originalPrimary,
+                                        kDbName,
+                                        kCollName,
+                                        kToken1,
+                                        kToken2,
+                                        modifiedTenant1Docs,
+                                        modifiedTenant2Docs);
+assertFindBothTenantsUsingSecurityToken(originalSecondary,
+                                        kDbName,
+                                        kCollName,
+                                        kToken1,
+                                        kToken2,
+                                        modifiedTenant1Docs,
+                                        modifiedTenant2Docs);
+
+// Also check that both tenants find the new doc on the primary and secondary using token and a
+// prefixed db.
+runFindUsingSecurityTokenAndPrefix(
+    originalPrimary, tenant1DbPrefixed, kCollName, kToken1, modifiedTenant1Docs);
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant2DbPrefixed, kCollName, kToken2, modifiedTenant2Docs);
+runFindUsingSecurityTokenAndPrefix(
+    originalPrimary, tenant1DbPrefixed, kCollName, kToken1, modifiedTenant1Docs);
+runFindUsingSecurityTokenAndPrefix(
+    originalSecondary, tenant2DbPrefixed, kCollName, kToken2, modifiedTenant2Docs);
+
+originalPrimary._setSecurityToken(undefined);
+originalSecondary._setSecurityToken(undefined);
 rst.stopSet();