Uploaded image for project: 'MongoDB ETL Tools'
  1. MongoDB ETL Tools
  2. TOOLS-158

Review how tools work when an op fails but the command succeeds. User should receive some sort of error.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: Legacy C++ Implementation
    • Fix Version/s: Legacy C++ Implementation
    • Component/s: mongorestore
    • Labels:
      None
    • Environment:
      MongoDB 2.4.0
    • Sprint:
      Platforms 2016-08-26

      Description

      • USER with the following permissions : [ "dbAdminAnyDatabase" ]

      [root@kclient ~]# !mongores
      mongorestore --authenticationDatabase='$external' --authenticationMechanism=GSSAPI -u mark@REALM4.10GEN.ME -h kmongos.realm4.10gen.me -d db1 -c test3 /root/tools/mongodump/mark/thing.bson
      connected to: kmongos.realm4.10gen.me
      Thu Mar  7 06:17:34.026 /root/tools/mongodump/mark/thing.bson
      Thu Mar  7 06:17:34.026 	going into namespace [db1.test3]
      Thu Mar  7 06:17:34.029 warning: Restoring to db1.test3 without dropping. Restored data will be inserted without raising errors; check your server log
      21 objects found
      Thu Mar  7 06:17:34.029 	Creating index: { key: { _id: 1 }, ns: "db1.test3", name: "_id_" }

      • USER with the following permissions : [ "clusterAdmin" ]

      [root@kclient ~]# mongorestore --authenticationDatabase='$external' --authenticationMechanism=GSSAPI -u mark@REALM4.10GEN.ME -h kmongos.realm4.10gen.me -d db1 -c test3 /root/tools/mongodump/mark/thing.bson
      connected to: kmongos.realm4.10gen.me
      Thu Mar  7 06:19:41.775 /root/tools/mongodump/mark/thing.bson
      Thu Mar  7 06:19:41.775 	going into namespace [db1.test3]
      Thu Mar  7 06:19:41.776 warning: Restoring to db1.test3 without dropping. Restored data will be inserted without raising errors; check your server log
      21 objects found
      Thu Mar  7 06:19:41.777 	Creating index: { key: { _id: 1 }, ns: "db1.test3", name: "_id_" }
      Thu Mar  7 06:19:41.778 ERROR: Error creating index db1.test3: 16547 err: "not authorized to create index on db1.system.indexes"
      Aborted (core dumped)

      When a user tries to use mongorestore (for example) to restore data with the "permission" of dbAdminAnyDatabase, the user is authorized to create the collection but not allowed to insert data into it. As a result, this prevents the not authorized message from being returned.

      All other users (that do not have permission to write) receive a "not authorized" message as shown with the clusterAdmin role above.

      As you can see in the code, dbAdmin has permission to create a collection here in the code.

      We should look at how the tools can be improved to detect an error on the op (in this case the insert) and this error should be logged so the end-user is aware that the op has failed.

        Attachments

          Activity

            People

            • Assignee:
              gabriel.russell Gabriel Russell
              Reporter:
              ian.whalen Ian Whalen
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: