Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-7881

Re-enable jstests/sharding/authCommands2.js

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.3.2
    • Security, Sharding

    Description

      I temporarily disabled authCommands2.js to get BB passing.

      The reason that it's failing is because in our existing auth system there are read-only admin commands (and read-only admin users), but in the new auth system the "admin" commands are commands that are granted by the serverAdmin and clusterAdmin roles. Those roles have no distinction between read-only and read-write, so we only grant serverAdmin and clusterAdmin to read-write admin users from old-style privilege documents.

      We probably need to split the serverAdmin and clusterAdmin roles into read-only and read-write groupings internally (we don't need to surface that division to users of new-style privilege documents) to correctly support old-style privilege documents in a backwards compatible way. Once we've done that we should turn authCommands2.js back on.

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: