Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-91834

Investigate _shardsvrCoordinateMultiUpdate system user authenticated run

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Server Security
    • Fully Compatible
    • Security 2024-07-08, Security 2024-07-22, Security 2024-08-05
    • 200

      https://github.com/10gen/mongo/blob/master/jstests/auth/internal_command_auth_validation.js#L561 is running the following test

      1) For a user without ['__system'] role, _shardsvrCoordinateMultiUpdate will return an Unauthorized user error.

      It is not running

      2) For a user with ['__system'] role, _shardsvrCoordinateMultiUpdate should not return an Unauthorized user error.

      The second part is skipped in the current test. Please investigate and improve the test.

       

      Possibly write a separate test or enhance the internal_command_auth_validation.js to enhance the verification.  

            Assignee:
            niaz.pavel@mongodb.com Niaz Pavel (Inactive)
            Reporter:
            niaz.pavel@mongodb.com Niaz Pavel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: