[COMPASS-6058] An update on a sharded collection is failing unless the user has admin privileges Created: 30/Aug/22  Updated: 29/Oct/23  Resolved: 11/May/23

Status: Closed
Project: Compass
Component/s: CRUD
Affects Version/s: 1.32.6
Fix Version/s: 1.37.0

Type: Bug Priority: Critical - P2
Reporter: Dmitry Ryabtsev Assignee: Alena Khineika
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OS:
node.js / npm versions:
Additional info:


Attachments: PNG File image-2022-08-30-15-51-45-103.png    
Issue Links:
Depends
Related
Epic Link: COMPASS-5987
Story Points: 5
Documentation Changes: Not Needed
Sprint: Iteration Seahorse, Iteration Unicornfish, Iteration Velvet Crab, Iteration Whale, Iteration Xantic Sargo, Iteration Zebrafish, Iteration Ankylosaurus, Iteration Brontosaurus

 Description   

Steps to reproduce:
1. Create an Atlas cluster with at least one shard
2. Create a sharded collection with a hashed shard key on an arbitrary field (e.g. "a: hashed")
3. Insert at least one document
4. Create a user with readWriteAnyDatabase@admin
5. Open Compass and connect with that user
6. Try updating a field - the update will fail with "Query for sharded findAndModify must contain the shard key"

Same operation will work if executed from mongosh:

Atlas [mongos] test>  db.s2.findAndModify({query:{ _id: ObjectId("630d9dcb65f882ed4b487187"), uid: 'sdfsdaf'}, update: {"$set": {"a": "c"}}})
{ _id: ObjectId("630d9dcb65f882ed4b487187"), uid: 'sdfsdaf', a: 'c' }

Same operation works in Compass if executed as an admin user.

Log inspection indicates that the failure occurs because Compas is failing to obtain shard key:

2022-08-30T05:22:00.308+0000 I  ACCESS   [conn61202] Unauthorized: not authorized on config to execute command { find: "collections", filter: { _id: "test.s2" }, projection: { key: 1, _id: 0 }, maxTimeMS: 60000, lsid: { id: UUID("d50f7193-eb40-45c4-976d-d5e95bef02a3") }, $clusterTime: { clusterTime: Timestamp(1661836912, 1), signature: { hash: BinData(0, 7EB8D23A851D357D2DB8039F5F0070075624D186), keyId: 7136346753694957600 } }, $db: "config" }

However the lack of authorization is nowhere visible in the Compass UI.



 Comments   
Comment by Githook User [ 20/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058 (#4373)

  • refactor: fallback to modifyOneMethod with query COMPASS-6058
  • refactor: remove unused variable
Comment by Githook User [ 20/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: fix: allow updates on a sharded collection COMPASS-6058 (#4340)

  • fix: an update on a sharded collection is failing unless the user has admin privileges COMPASS-6058
  • refactor: check for docs
  • test: check if updateOne and replaceOne are being called
  • refactor: return error early
  • build: update package lock json
  • fix: use first document id
  • refactor: check for docs
  • fix: handle errors
  • fix: return the actual error when exists
  • fix: bump mongoLogId for replaceOne
Comment by Githook User [ 15/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058 (#4373)

  • refactor: fallback to modifyOneMethod with query COMPASS-6058
  • refactor: remove unused variable
Comment by Githook User [ 15/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: fix: allow updates on a sharded collection COMPASS-6058 (#4340)

  • fix: an update on a sharded collection is failing unless the user has admin privileges COMPASS-6058
  • refactor: check for docs
  • test: check if updateOne and replaceOne are being called
  • refactor: return error early
  • build: update package lock json
  • fix: use first document id
  • refactor: check for docs
  • fix: handle errors
  • fix: return the actual error when exists
  • fix: bump mongoLogId for replaceOne
Comment by Githook User [ 15/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058 (#4373)

  • refactor: fallback to modifyOneMethod with query COMPASS-6058
  • refactor: remove unused variable
Comment by Githook User [ 15/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058 (#4373)

  • refactor: fallback to modifyOneMethod with query COMPASS-6058
  • refactor: remove unused variable
Comment by Githook User [ 15/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: fix: allow updates on a sharded collection COMPASS-6058 (#4340)

  • fix: an update on a sharded collection is failing unless the user has admin privileges COMPASS-6058
  • refactor: check for docs
  • test: check if updateOne and replaceOne are being called
  • refactor: return error early
  • build: update package lock json
  • fix: use first document id
  • refactor: check for docs
  • fix: handle errors
  • fix: return the actual error when exists
  • fix: bump mongoLogId for replaceOne
Comment by Githook User [ 12/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058 (#4373)

  • refactor: fallback to modifyOneMethod with query COMPASS-6058
  • refactor: remove unused variable
Comment by Thomas Soestini (@Scopely) [ 12/May/23 ]

Yay!! Thanks!

Comment by Githook User [ 12/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058 (#4373)

  • refactor: fallback to modifyOneMethod with query COMPASS-6058
  • refactor: remove unused variable
Comment by Githook User [ 12/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: fix: allow updates on a sharded collection COMPASS-6058 (#4340)

  • fix: an update on a sharded collection is failing unless the user has admin privileges COMPASS-6058
  • refactor: check for docs
  • test: check if updateOne and replaceOne are being called
  • refactor: return error early
  • build: update package lock json
  • fix: use first document id
  • refactor: check for docs
  • fix: handle errors
  • fix: return the actual error when exists
  • fix: bump mongoLogId for replaceOne
Comment by Githook User [ 12/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: refactor: fallback to modifyOneMethod with query COMPASS-6058
Branch: COMPASS-6058-refactor-update-on-sharded-collection
https://github.com/mongodb-js/compass/commit/b988a8bbfa5b1e50801510d00c566c3fb4063ee7

Comment by Githook User [ 11/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: fix: allow updates on a sharded collection COMPASS-6058 (#4340)

  • fix: an update on a sharded collection is failing unless the user has admin privileges COMPASS-6058
  • refactor: check for docs
  • test: check if updateOne and replaceOne are being called
  • refactor: return error early
  • build: update package lock json
  • fix: use first document id
  • refactor: check for docs
  • fix: handle errors
  • fix: return the actual error when exists
  • fix: bump mongoLogId for replaceOne
Comment by Githook User [ 11/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: Merge remote-tracking branch 'origin/main' into COMPASS-6058-fix-update-on-sharded-collection
Branch: COMPASS-6058-fix-update-on-sharded-collection
https://github.com/mongodb-js/compass/commit/4f5710d7be9864ca6ada6924f39aa3972f1d7895

Comment by Githook User [ 10/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: Merge remote-tracking branch 'origin/main' into COMPASS-6058-fix-update-on-sharded-collection
Branch: COMPASS-6058-fix-update-on-sharded-collection
https://github.com/mongodb-js/compass/commit/2ba392bb2f34e30f4a9dc0d8ff23c1c814feaa3a

Comment by Githook User [ 09/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: Merge remote-tracking branch 'origin/main' into COMPASS-6058-fix-update-on-sharded-collection
Branch: COMPASS-6058-fix-update-on-sharded-collection
https://github.com/mongodb-js/compass/commit/55e2cfa1fb12f81bdd9b2f194cf53562e695b272

Comment by Githook User [ 08/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: Merge remote-tracking branch 'origin/main' into COMPASS-6058-fix-update-on-sharded-collection
Branch: COMPASS-6058-fix-update-on-sharded-collection
https://github.com/mongodb-js/compass/commit/e196143e8d13c35694bf856386556e7789e2425c

Comment by Githook User [ 08/May/23 ]

Author:

{'name': 'Alena Khineika', 'email': 'alena.khineika@gmail.com', 'username': 'alenakhineika'}

Message: fix: an update on a sharded collection is failing unless the user has admin privileges COMPASS-6058
Branch: COMPASS-6058-fix-update-on-sharded-collection
https://github.com/mongodb-js/compass/commit/913acf3056abab1c682836288b98f855652d1ac8

Comment by Thomas Soestini (@Scopely) [ 03/May/23 ]

yay!

Comment by Maurizio Casimirri [ 03/May/23 ]

thomas.soestini@scopely.com We managed to reproduce it and we are going to add a fix for it soon

Comment by Thomas Soestini (@Scopely) [ 03/May/23 ]

alena.khineika@mongodb.com 

I'm not sure what server version we were using 8 months ago, but I think it was 4.2.

It looks like Dmitry was able to reproduce it on MongoDB v4.2.22, too. You can see the thread here: https://support.mongodb.com/case/00988425

Just one note on the repro steps listed above: I think there may be an error in step 4. The problem appears when you don't have admin, in case that helps.

Comment by Alena Khineika [ 27/Apr/23 ]

Hey thomas.soestini@scopely.com, I am trying to reproduce the issue and currently can't. What server version are you using?

Comment by Thomas Soestini (@Scopely) [ 29/Mar/23 ]

Ooo, Iteration Z! Hopefully it gets fixed this iteration, otherwise not sure what's after Z.

Generated at Wed Feb 07 22:41:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.