|
There was a bug with the permissions required to run listSearchIndexes. As intended, after this change, users need to either have a 'read' role, be an admin, or the listSearchIndexes privilege to run the listSearchIndexes stage.
Description of Linked Ticket
The $listSearchIndexes aggregation stage is registered by calling the DocumentSourceListSearchIndexes::LiteParsed::parse() static function. And the DocumentSourceListSearchIndexes::LiteParsed::parse() symbol resolves to the LiteParsedSearchStage::parse() base class static function. This leads to an instance of LiteParsedSearchStage being constructed rather than an instead of DocumentSourceListSearchIndexes::LiteParsed and therefore LiteParsedSearchStage::requiredPrivileges() being used for the authorization check rather than DocumentSourceListSearchIndexes::LiteParsed::requiredPrivileges() as intended.
MongoDB Enterprise mongos> db.mycoll.aggregate([{$listSearchIndexes: {}}])
|
uncaught exception: Error: command failed: {
|
"ok" : 0,
|
"errmsg" : "not authorized on test to execute command { aggregate: \"mycoll\", pipeline: [ { $listSearchIndexes: {} } ], cursor: {}, lsid: { id: UUID(\"705553ff-a177-460e-8c38-5af98d738314\") }, $clusterTime: { clusterTime: Timestamp(1699423295, 1), signature: { hash: BinData(0, 3153BC58060F75DBC1FF2D90036481E9714DBFAA), keyId: 7298965743213740055 } }, $db: \"test\" }",
|
"code" : 13,
|
"codeName" : "Unauthorized",
|
...
|
MongoDB Enterprise mongos> db.adminCommand({connectionStatus: 1, showPrivileges: true})
|
{
|
"authInfo" : {
|
"authenticatedUsers" : [
|
{
|
"user" : "myuser",
|
"db" : "admin"
|
}
|
],
|
"authenticatedUserRoles" : [
|
{
|
"role" : "myrole",
|
"db" : "admin"
|
}
|
],
|
"authenticatedUserPrivileges" : [
|
{
|
"resource" : {
|
"db" : "test",
|
"collection" : ""
|
},
|
"actions" : [
|
"listSearchIndexes"
|
]
|
}
|
]
|
},
|
"ok" : 1,
|
|