mongosh does not authenticate on ARBITER

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Works as Designed
    • Priority: Major - P3
    • No version
    • Affects Version/s: None
    • Component/s: Connectivity
    • None
    • Not Needed

      By default ARBITER node does not store any user data. However, there is a workaround you can check at https://stackoverflow.com/questions/22996161/cannot-authenticate-in-mongodb-arbiter/59982079#59982079

      This works fine with the legacy shell

      mongo 'mongodb://admin:password@localhost:27018/admin?authSource=admin' 
      
      shard_01:ARBITER> db.runCommand({ connectionStatus: 1 }).authInfo
      {
              "authenticatedUsers" : [
                      {
                              "user" : "admin",
                              "db" : "admin"
                      }
              ],
              "authenticatedUserRoles" : [
                      {
                              "role" : "clusterAdmin",
                              "db" : "admin"
                      },
                      {
                              "role" : "userAdminAnyDatabase",
                              "db" : "admin"
                      }
              ]
      }
      
      shard_01:ARBITER> db.adminCommand({ logRotate: 1 })
      { "ok" : 1 }
      
       

      but it fails with new mongos, the connection is not authenticated:

      mongosh 'mongodb://admin:password@localhost:27018/admin?authSource=admin' 
      
      shard_01 [direct: arbiter] admin> db.runCommand({ connectionStatus: 1 }).authInfo
      { authenticatedUsers: [], authenticatedUserRoles: [] }
      
      shard_01 [direct: arbiter] admin> db.adminCommand({ logRotate: 1 })
      Uncaught:
      MongoServerError: command logRotate requires authentication
          at MessageStream.messageHandler (/usr/bin/mongosh:49617:20)
          at MessageStream.emit (events.js:400:28)
          at MessageStream.emit (domain.js:470:12)
          at processIncomingData (/usr/bin/mongosh:48544:12)
          at MessageStream._write (/usr/bin/mongosh:48440:5)
          at writeOrBuffer (internal/streams/writable.js:358:12)
          at MessageStream.Writable.write (internal/streams/writable.js:303:10)
          at Socket.ondata (internal/streams/readable.js:726:22)
          at Socket.emit (events.js:400:28)
          at Socket.emit (domain.js:470:12) 

      It makes no difference, if you create local admin user or not. With mongosh
      it is not possible to run admin commands like logRotate

       

              Assignee:
              Julia Oppenheim
              Reporter:
              Wernfried Domscheit
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: