Description
1. Create a sharded cluster on 2.4, with auth enabled and 2 or more mongos processes, create a user with privileges for userAdminAnyDatabase
2. On one of the 2.4 mongos, log in as the user with userAdminAnyDatabase
3. On the other 2.4 mongos:
- shut it down, upgrade its binary to 2.5 and restart with --upgrade
- log in and run the authSchemaUpgrade commands
4. On the first 2.4 mongos (which is still connected and logged in as the user with userAdminAnyDatabase) run the db.addUser command.
It will create a user doc with the old schema. So listing system users shows:
> st1.s0.getDB("admin").system.users.find().pretty()
|
{
|
"_id" : "admin.mike",
|
"user" : "mike",
|
"db" : "admin",
|
"credentials" : {
|
"MONGODB-CR" : "0b201b8e2a0193849c8acdcfd92ee73c"
|
},
|
"roles" : [
|
{
|
"role" : "userAdminAnyDatabase",
|
"db" : "admin"
|
},
|
{
|
"role" : "clusterAdmin",
|
"db" : "admin"
|
},
|
{
|
"role" : "readWriteAnyDatabase",
|
"db" : "admin"
|
}
|
]
|
}
|
{
|
"_id" : ObjectId("52b1f1a06a1f4ec0f8a6f7da"),
|
"user" : "mike2",
|
"pwd" : "e6861c06f0f85ed57ddede151b59d49e",
|
"roles" : [
|
"read"
|
]
|
}
|
{
|
"_id" : "admin.mike3",
|
"user" : "mike3",
|
"db" : "admin",
|
"credentials" : {
|
"MONGODB-CR" : "1946dc61e1429e2195d1706f057084fe"
|
},
|
"roles" : [
|
{
|
"role" : "read",
|
"db" : "admin"
|
}
|
]
|
}
|
Script to reproduce this:
var st1 = new ShardingTest({shards:2, mongos:2, keyFile: "testkeyfile",
|
other:{mongosOptions:{binVersion:MongoRunner.versionIterator(["2.4", "2.4"])},
|
shardOptions:{binVersion:MongoRunner.versionIterator(["2.5"])},
|
configOptions:{binVersion:"2.5"}, separateConfig:true}})
|
|
|
st1.s1.getDB("admin").addUser({user:"mike", pwd:"blah", roles:["userAdminAnyDatabase", "clusterAdmin", "readWriteAnyDatabase"]})
|
st1.s1.getDB("admin").auth("mike", "blah")
|
//Stop balancer so that --upgrade can proceed
|
st1.s1.getDB("config").settings.update({ _id: "balancer" }, { $set : { stopped: true } }, true );
|
MongoRunner.stopMongos(st1.s0)
|
st1.s0 = MongoRunner.runMongos({restart:st1.s0, binVersion:"2.5", upgrade:""})
|
st1.s0.getDB("admin").auth("mike","blah")
|
|
|
do {
|
res = st1.s0.getDB("admin").runCommand({authSchemaUpgradeStep: 1});
|
print(tojson(res));
|
} while (res.ok && !res.done);
|
|
|
|
|
st1.s1.getDB("admin").addUser({user:"mike2", pwd:"blah", roles:["read"]})
|
printjson(st1.s1.getDB("admin").system.users.find().toArray())
|