SERVER-92411 Add missing authz tests on aggregation stages in jstests/auth/commands_lib.js (#35133)

GitOrigin-RevId: e9c33a4ff41b1a03d23d3cd5abc15999bbe989c8

Author: chiihuang

etc/backports_required_for_multiversion_tests.yml

@@ -505,6 +505,8 @@ last-continuous:
     ticket: SERVER-89618
   - test_file: jstests/core/timeseries/timeseries_computed_field.js
     ticket: SERVER-88072
+  - test_file: jstests/auth/commands_builtin_roles_replset.js
+    ticket: SERVER-92411
   - test_file: jstests/core/timeseries/timeseries_geonear_lookup.js
     ticket: SERVER-81454
   - test_file: jstests/sharding/move_chunk_deferred_lookup.js
@@ -1170,6 +1172,8 @@ last-lts:
     ticket: SERVER-89618
   - test_file: jstests/core/timeseries/timeseries_computed_field.js
     ticket: SERVER-88072
+  - test_file: jstests/auth/commands_builtin_roles_replset.js
+    ticket: SERVER-92411
   - test_file: jstests/core/timeseries/timeseries_geonear_lookup.js
     ticket: SERVER-81454
   - test_file: jstests/sharding/move_chunk_deferred_lookup.js

jstests/auth/commands_builtin_roles_replset.js

@@ -0,0 +1,56 @@
+import {createUsers, roles, runOneTest} from "jstests/auth/lib/commands_builtin_roles.js";
+import {authCommandsLib} from "jstests/auth/lib/commands_lib.js";
+
+function isPrimaryNode(conn) {
+    return (conn.adminCommand({hello: 1}).isWritablePrimary);
+}
+
+function updateRolesWithPrimaryDB(primaryConn) {
+    roles.forEach(role => {
+        role.db = primaryConn.getDB(role.dbname);
+    });
+}
+
+function runAllCommandsBuiltinRoles(rst) {
+    // Tracks the connection 'conn' and ensures it is connecting to writable primary.
+    let conn = rst.getPrimary();
+
+    const runOneTestOnPrimary = (_, t) => {
+        // Some test commands may make 'conn' step down as a secondary. If that happens, update
+        // 'conn' with a primary one.
+        if (!isPrimaryNode(conn)) {
+            conn = rst.getPrimary();
+            // The DBs in 'roles' may still connect to a secondary. Update them with the DBs from
+            // 'conn'.
+            updateRolesWithPrimaryDB(conn);
+        }
+        return runOneTest(conn, t);
+    };
+
+    const testFunctionImpls = {createUsers: createUsers, runOneTest: runOneTestOnPrimary};
+    authCommandsLib.runTests(conn, testFunctionImpls);
+}
+
+const dbPath = MongoRunner.toRealDir("$dataDir/commands_built_in_roles_replset/");
+mkdir(dbPath);
+const opts = {
+    auth: "",
+    setParameter: {
+        trafficRecordingDirectory: dbPath,
+        syncdelay: 0  // Disable checkpoints as this can cause some commands to fail transiently.
+    }
+};
+
+// run all tests replset
+const rst = new ReplSetTest({
+    nodes: 3,
+    nodeOptions: opts,
+    waitForKeys: false,
+    keyFile: "jstests/libs/key1",
+});
+rst.startSet();
+rst.initiate();
+rst.awaitSecondaryNodes();
+
+runAllCommandsBuiltinRoles(rst);
+rst.stopSet();

jstests/auth/lib/commands_builtin_roles.js

@@ -98,7 +98,7 @@ function testProperAuthorization(conn, t, testcase, r) {
  * First of two entry points for this test library.
  * To be invoked as an test argument to authCommandsLib.runTests().
  */
-function runOneTest(conn, t) {
+export function runOneTest(conn, t) {
     var failures = [];
 
     // Some tests requires mongot, however, setting this failpoint will make search queries to
@@ -133,7 +133,7 @@ function runOneTest(conn, t) {
  * Second entry point for this test library.
  * To be invoked as an test argument to authCommandsLib.runTests().
  */
-function createUsers(conn) {
+export function createUsers(conn) {
     var adminDb = conn.getDB(adminDbName);
     adminDb.createUser({user: "admin", pwd: "password", roles: ["__system"]});