Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-158

Review how tools work when an op fails but the command succeeds. User should receive some sort of error.

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • Legacy C++ Implementation
    • Affects Version/s: Legacy C++ Implementation
    • Component/s: mongorestore
    • None
    • Environment:
      MongoDB 2.4.0
    • Platforms 2016-08-26

      • USER with the following permissions : [ "dbAdminAnyDatabase" ]
      [root@kclient ~]# !mongores
mongorestore --authenticationDatabase='$external' --authenticationMechanism=GSSAPI -u mark@REALM4.10GEN.ME -h kmongos.realm4.10gen.me -d db1 -c test3 /root/tools/mongodump/mark/thing.bson
connected to: kmongos.realm4.10gen.me
Thu Mar  7 06:17:34.026 /root/tools/mongodump/mark/thing.bson
Thu Mar  7 06:17:34.026 	going into namespace [db1.test3]
Thu Mar  7 06:17:34.029 warning: Restoring to db1.test3 without dropping. Restored data will be inserted without raising errors; check your server log
21 objects found
Thu Mar  7 06:17:34.029 	Creating index: { key: { _id: 1 }, ns: "db1.test3", name: "_id_" }
      • USER with the following permissions : [ "clusterAdmin" ]
      [root@kclient ~]# mongorestore --authenticationDatabase='$external' --authenticationMechanism=GSSAPI -u mark@REALM4.10GEN.ME -h kmongos.realm4.10gen.me -d db1 -c test3 /root/tools/mongodump/mark/thing.bson
connected to: kmongos.realm4.10gen.me
Thu Mar  7 06:19:41.775 /root/tools/mongodump/mark/thing.bson
Thu Mar  7 06:19:41.775 	going into namespace [db1.test3]
Thu Mar  7 06:19:41.776 warning: Restoring to db1.test3 without dropping. Restored data will be inserted without raising errors; check your server log
21 objects found
Thu Mar  7 06:19:41.777 	Creating index: { key: { _id: 1 }, ns: "db1.test3", name: "_id_" }
Thu Mar  7 06:19:41.778 ERROR: Error creating index db1.test3: 16547 err: "not authorized to create index on db1.system.indexes"
Aborted (core dumped)

      When a user tries to use mongorestore (for example) to restore data with the "permission" of dbAdminAnyDatabase, the user is authorized to create the collection but not allowed to insert data into it. As a result, this prevents the not authorized message from being returned.

      All other users (that do not have permission to write) receive a "not authorized" message as shown with the clusterAdmin role above.

      As you can see in the code, dbAdmin has permission to create a collection here in the code.

      We should look at how the tools can be improved to detect an error on the op (in this case the insert) and this error should be logged so the end-user is aware that the op has failed.

            Assignee:
            gabriel.russell@mongodb.com Gabriel Russell (Inactive)
            Reporter:
            ian@mongodb.com Ian Whalen (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: