From c1fe003eeca2a2ad632fa13d0293061069658d23 Mon Sep 17 00:00:00 2001
From: adriangzz <adriangonzalezmontemayor@gmail.com>
Date: Fri, 22 May 2026 14:36:25 -0600
Subject: [PATCH] SERVER-126324 Add stub implementation of
 updateESECMKIdentifierList command (#54111)

GitOrigin-RevId: f941ed3ba5f3ce4c3a32f9b1e7fcc512f906bebd
---
 jstests/auth/lib/commands_lib.js                  | 15 +++++++++++++++
 jstests/core/catalog/views/views_all_commands.js  |  1 +
 jstests/libs/write_concern_all_commands.js        |  2 ++
 .../all_commands_downgrading_to_upgraded.js       |  1 +
 .../db_reads_while_recovering_all_commands.js     |  1 +
 .../all_commands_direct_shard_connection_auth.js  |  1 +
 .../sharding/database_versioning_all_commands.js  |  5 +++++
 .../read_write_concern_defaults_application.js    |  1 +
 .../safe_secondary_reads_drop_recreate.js         |  1 +
 ...ads_single_migration_suspend_range_deletion.js |  1 +
 ...ondary_reads_single_migration_waitForDelete.js |  1 +
 src/mongo/db/auth/action_type.idl                 |  1 +
 12 files changed, 31 insertions(+)

diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index 965d453e426..1f03af58307 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -6428,6 +6428,21 @@ export const authCommandsLib = {
                 },
             ],
         },
+        {
+            testname: "updateESECMKIdentifierList",
+            command: {updateESECMKIdentifierList: 1},
+            skipTest: () => {
+                return !getBuildInfo().modules.includes("atlas");
+            },
+            testcases: [
+                {
+                    runOnDb: adminDbName,
+                    roles: roles_hostManager,
+                    privileges: [{resource: {cluster: true}, actions: ["updateESECMKIdentifierList"]}],
+                    expectFail: true,
+                },
+            ],
+        },
         {
             testname: "getESECMKIdentifierListStatus",
             command: {getESECMKIdentifierListStatus: 1},
diff --git a/jstests/core/catalog/views/views_all_commands.js b/jstests/core/catalog/views/views_all_commands.js
index 907b02c4f68..6bc50ae614c 100644
--- a/jstests/core/catalog/views/views_all_commands.js
+++ b/jstests/core/catalog/views/views_all_commands.js
@@ -805,6 +805,7 @@ let viewsCommandTests = {
         isAdminCommand: true,
     },
     update: {command: {update: "view", updates: [{q: {x: 1}, u: {x: 2}}]}, expectFailure: true},
+    updateESECMKIdentifierList: {skip: isUnrelated},
     updateRole: {
         command: {
             updateRole: "testrole",
diff --git a/jstests/libs/write_concern_all_commands.js b/jstests/libs/write_concern_all_commands.js
index 1410c69094a..6960f3f9c42 100644
--- a/jstests/libs/write_concern_all_commands.js
+++ b/jstests/libs/write_concern_all_commands.js
@@ -3058,6 +3058,7 @@ const wcCommandsTests = {
             },
         },
     },
+    updateESECMKIdentifierList: {skip: "does not accept write concern"},
     updateRole: {
         targetConfigServer: true,
         noop: {
@@ -4450,6 +4451,7 @@ const wcTimeseriesCommandsTests = {
             },
         },
     },
+    updateESECMKIdentifierList: {skip: "does not accept write concern"},
     updateRole: wcCommandsTests["updateRole"],
     updateSearchIndex: {skip: "does not accept write concern"},
     updateUser: wcCommandsTests["updateRole"],
diff --git a/jstests/replsets/all_commands_downgrading_to_upgraded.js b/jstests/replsets/all_commands_downgrading_to_upgraded.js
index 59884e9bedc..7d7168cf4e2 100644
--- a/jstests/replsets/all_commands_downgrading_to_upgraded.js
+++ b/jstests/replsets/all_commands_downgrading_to_upgraded.js
@@ -1694,6 +1694,7 @@ const allCommands = {
             assert.commandWorked(conn.getDB(dbName).runCommand({drop: collName}));
         },
     },
+    updateESECMKIdentifierList: {skip: "requires additional setup"},
     updateRole: {
         setUp: function (conn) {
             assert.commandWorked(conn.getDB(dbName).runCommand({createRole: "foo", privileges: [], roles: []}));
diff --git a/jstests/replsets/db_reads_while_recovering_all_commands.js b/jstests/replsets/db_reads_while_recovering_all_commands.js
index 2564a898075..a300b315063 100644
--- a/jstests/replsets/db_reads_while_recovering_all_commands.js
+++ b/jstests/replsets/db_reads_while_recovering_all_commands.js
@@ -468,6 +468,7 @@ const allCommands = {
     top: {skip: isNotAUserDataRead},
     transitionToShardedCluster: {skip: isNotAUserDataRead},
     update: {skip: isPrimaryOnly},
+    updateESECMKIdentifierList: {skip: isNotAUserDataRead},
     updateRole: {skip: isPrimaryOnly},
     updateSearchIndex: {skip: isNotAUserDataRead},
     updateUser: {skip: isPrimaryOnly},
diff --git a/jstests/sharding/all_commands_direct_shard_connection_auth.js b/jstests/sharding/all_commands_direct_shard_connection_auth.js
index 4120c248099..07f9984b32d 100644
--- a/jstests/sharding/all_commands_direct_shard_connection_auth.js
+++ b/jstests/sharding/all_commands_direct_shard_connection_auth.js
@@ -1241,6 +1241,7 @@ const allCommands = {
             assert.commandWorked(conn.getDB(dbName).runCommand({drop: collName}));
         },
     },
+    updateESECMKIdentifierList: {skip: "requires additional setup"},
     updateRole: {
         setUp: function (mongoS, withDirectConnections) {
             assert.commandWorked(
diff --git a/jstests/sharding/database_versioning_all_commands.js b/jstests/sharding/database_versioning_all_commands.js
index c103e807ff2..286dd603fec 100644
--- a/jstests/sharding/database_versioning_all_commands.js
+++ b/jstests/sharding/database_versioning_all_commands.js
@@ -976,6 +976,10 @@ const allTestCases = {
                 },
             },
         },
+        updateESECMKIdentifierList: {
+            skip: "executes locally on mongos (not sent to any remote node)",
+            conditional: true,
+        },
         updateRole: {skip: "always targets the config server"},
         updateSearchIndex: {skip: "executes locally on mongos", conditional: true},
         updateUser: {skip: "always targets the config server"},
@@ -1464,6 +1468,7 @@ const allTestCases = {
         top: {skip: "TODO"},
         transitionToShardedCluster: {skip: "TODO"},
         update: {skip: "TODO"},
+        updateESECMKIdentifierList: {skip: "TODO", conditional: true},
         updateRole: {skip: "TODO"},
         updateSearchIndex: {skip: "TODO"},
         updateUser: {skip: "TODO"},
diff --git a/jstests/sharding/read_write_concern_defaults_application.js b/jstests/sharding/read_write_concern_defaults_application.js
index 8fca0e1d932..1cc22f26018 100644
--- a/jstests/sharding/read_write_concern_defaults_application.js
+++ b/jstests/sharding/read_write_concern_defaults_application.js
@@ -860,6 +860,7 @@ let testCases = {
         // use profiling.  In the meantime, use logs.
         useLogs: true,
     },
+    updateESECMKIdentifierList: {skip: "does not accept read or write concern"},
     updateRole: {
         setUp: function (conn) {
             assert.commandWorked(
diff --git a/jstests/sharding/safe_secondary_reads_drop_recreate.js b/jstests/sharding/safe_secondary_reads_drop_recreate.js
index ba43b252888..e93fdcc6224 100644
--- a/jstests/sharding/safe_secondary_reads_drop_recreate.js
+++ b/jstests/sharding/safe_secondary_reads_drop_recreate.js
@@ -417,6 +417,7 @@ let testCases = {
     unshardCollection: {skip: "primary only"},
     untrackUnshardedCollection: {skip: "primary only"},
     update: {skip: "primary only"},
+    updateESECMKIdentifierList: {skip: "does not return user data"},
     updateRole: {skip: "primary only"},
     updateSearchIndex: {skip: "primary only"},
     updateUser: {skip: "primary only"},
diff --git a/jstests/sharding/safe_secondary_reads_single_migration_suspend_range_deletion.js b/jstests/sharding/safe_secondary_reads_single_migration_suspend_range_deletion.js
index 4f6a0599e02..fa969569c3a 100644
--- a/jstests/sharding/safe_secondary_reads_single_migration_suspend_range_deletion.js
+++ b/jstests/sharding/safe_secondary_reads_single_migration_suspend_range_deletion.js
@@ -517,6 +517,7 @@ let testCases = {
     unshardCollection: {skip: "primary only"},
     untrackUnshardedCollection: {skip: "primary only"},
     update: {skip: "primary only"},
+    updateESECMKIdentifierList: {skip: "does not return user data"},
     updateRole: {skip: "primary only"},
     updateSearchIndex: {skip: "does not return user data"},
     updateUser: {skip: "primary only"},
diff --git a/jstests/sharding/safe_secondary_reads_single_migration_waitForDelete.js b/jstests/sharding/safe_secondary_reads_single_migration_waitForDelete.js
index 8c7cb020a56..15fad6a0f5d 100644
--- a/jstests/sharding/safe_secondary_reads_single_migration_waitForDelete.js
+++ b/jstests/sharding/safe_secondary_reads_single_migration_waitForDelete.js
@@ -432,6 +432,7 @@ let testCases = {
     unshardCollection: {skip: "primary only"},
     untrackUnshardedCollection: {skip: "primary only"},
     update: {skip: "primary only"},
+    updateESECMKIdentifierList: {skip: "does not return user data"},
     updateRole: {skip: "primary only"},
     updateSearchIndex: {skip: "does not return user data"},
     updateUser: {skip: "primary only"},
diff --git a/src/mongo/db/auth/action_type.idl b/src/mongo/db/auth/action_type.idl
index 2632e84978a..b1b229caa57 100644
--- a/src/mongo/db/auth/action_type.idl
+++ b/src/mongo/db/auth/action_type.idl
@@ -215,6 +215,7 @@ enums:
             useTenant: "useTenant"
             useUUID: "useUUID"
             update: "update"
+            updateESECMKIdentifierList: "updateESECMKIdentifierList"
             updateRole: "updateRole" # ID only
             updateUser: "updateUser" # ID only
             validate: "validate"