Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-38557

Make auth passthrough suites use users with custom roles

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Testing Infrastructure
    • None
    • Security 2018-12-31, Security 2019-01-14

    Description

      Periodically, new commands are introduced which can appear in Oplog entries. When the authorization subsystem sees an entry which applies to the admin database with a command it doesn't recognize, it doesn't know whether its internal caches are in sync with the on-disk representation of data. When this occurs, the authorization subsystem must disable custom roles.

      We should modify our auth passthrough suites to use a custom user which obtains the __system role indirectly via a custom role. When a new command is written which appears in the oplog, this test will instantly fail.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: