Require redacting replies to sensitive commands

alcaeus · alcaeus · commit 4895409ac4c0 · 2021-06-29T09:45:04.000+02:00
This changes the test expectation for a hello command with sensitive information. Previously, the test did not require redaction of the reply, as it does not contain sensitive information (due to speculative authentication failing). However, this makes the test useless, as it can no longer test that the redaction logic applies to hello at all. Until we're able to test successful authentication, it's sensible to require redacting the reply to ensure drivers are spec compliant.
diff --git a/source/command-monitoring/tests/unified/redacted-commands.json b/source/command-monitoring/tests/unified/redacted-commands.json
@@ -440,7 +440,7 @@
                 "commandName": "hello",
                 "reply": {
                   "isWritablePrimary": {
-                    "$$unsetOrMatches": true
+                    "$$exists": false
                   },
                   "speculativeAuthenticate": {
                     "$$exists": false
@@ -504,7 +504,7 @@
                 "commandName": "ismaster",
                 "reply": {
                   "ismaster": {
-                    "$$unsetOrMatches": true
+                    "$$exists": false
                   },
                   "speculativeAuthenticate": {
                     "$$exists": false
@@ -530,7 +530,7 @@
                 "commandName": "isMaster",
                 "reply": {
                   "ismaster": {
-                    "$$unsetOrMatches": true
+                    "$$exists": false
                   },
                   "speculativeAuthenticate": {
                     "$$exists": false
diff --git a/source/command-monitoring/tests/unified/redacted-commands.yml b/source/command-monitoring/tests/unified/redacted-commands.yml
@@ -232,12 +232,10 @@ tests:
           - commandSucceededEvent:
               commandName: hello
               reply:
-                # We expect the reply not to be redacted, as the server can't
-                # successfully authenticate us, which means the reply does not
-                # need to be redacted. However, drivers may still choose to
-                # redact the reply based on the fact that the command contained
-                # sensitive information
-                isWritablePrimary: { $$unsetOrMatches: true }
+                # Even though authentication above fails and the reply does not
+                # contain sensitive information, we're expecting the reply to be
+                # redacted as well.
+                isWritablePrimary: { $$exists: false }
                 # This assertion will currently always hold true since we're
                 # not expecting successful authentication, in which case this
                 # field is missing anyways.
@@ -272,7 +270,7 @@ tests:
           - commandSucceededEvent:
               commandName: ismaster
               reply:
-                ismaster: { $$unsetOrMatches: true }
+                ismaster: { $$exists: false }
                 speculativeAuthenticate: { $$exists: false }
           - commandStartedEvent:
               commandName: isMaster
@@ -282,7 +280,7 @@ tests:
           - commandSucceededEvent:
               commandName: isMaster
               reply:
-                ismaster: { $$unsetOrMatches: true }
+                ismaster: { $$exists: false }
                 speculativeAuthenticate: { $$exists: false }
 
   - description: "hello without speculative authenticate is not redacted"
