Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-7881

Re-enable jstests/sharding/authCommands2.js

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.2
    • Component/s: Security, Sharding
    • Labels:

      Description

      I temporarily disabled authCommands2.js to get BB passing.

      The reason that it's failing is because in our existing auth system there are read-only admin commands (and read-only admin users), but in the new auth system the "admin" commands are commands that are granted by the serverAdmin and clusterAdmin roles. Those roles have no distinction between read-only and read-write, so we only grant serverAdmin and clusterAdmin to read-write admin users from old-style privilege documents.

      We probably need to split the serverAdmin and clusterAdmin roles into read-only and read-write groupings internally (we don't need to surface that division to users of new-style privilege documents) to correctly support old-style privilege documents in a backwards compatible way. Once we've done that we should turn authCommands2.js back on.

        Attachments

          Activity

            People

            Assignee:
            spencer Spencer Brody (Inactive)
            Reporter:
            spencer Spencer Brody (Inactive)
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: