-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Critical - P2
-
Affects Version/s: 1.32.6
-
Component/s: CRUD
-
Labels:None
-
Environment:OS:
node.js / npm versions:
Additional info:
-
5
-
Not Needed
-
Iteration Seahorse, Iteration Unicornfish, Iteration Velvet Crab, Iteration Whale, Iteration Xantic Sargo, Iteration Zebrafish, Iteration Ankylosaurus, Iteration Brontosaurus
Steps to reproduce:
1. Create an Atlas cluster with at least one shard
2. Create a sharded collection with a hashed shard key on an arbitrary field (e.g. "a: hashed")
3. Insert at least one document
4. Create a user with readWriteAnyDatabase@admin
5. Open Compass and connect with that user
6. Try updating a field - the update will fail with "Query for sharded findAndModify must contain the shard key"
Same operation will work if executed from mongosh:
Atlas [mongos] test> db.s2.findAndModify({query:{ _id: ObjectId("630d9dcb65f882ed4b487187"), uid: 'sdfsdaf'}, update: {"$set": {"a": "c"}}})
{ _id: ObjectId("630d9dcb65f882ed4b487187"), uid: 'sdfsdaf', a: 'c' }
Same operation works in Compass if executed as an admin user.
Log inspection indicates that the failure occurs because Compas is failing to obtain shard key:
2022-08-30T05:22:00.308+0000 I ACCESS [conn61202] Unauthorized: not authorized on config to execute command { find: "collections", filter: { _id: "test.s2" }, projection: { key: 1, _id: 0 }, maxTimeMS: 60000, lsid: { id: UUID("d50f7193-eb40-45c4-976d-d5e95bef02a3") }, $clusterTime: { clusterTime: Timestamp(1661836912, 1), signature: { hash: BinData(0, 7EB8D23A851D357D2DB8039F5F0070075624D186), keyId: 7136346753694957600 } }, $db: "config" }
However the lack of authorization is nowhere visible in the Compass UI.
