[SERVER-11524] revokeRolesFromRole doesn't seem to record what roles it revoked Created: 01/Nov/13  Updated: 11/Jul/16  Resolved: 04/Nov/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Critical - P2
Reporter: bard.bloom@10gen.com Assignee: Matt Dannenberg
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Participants:

 Description   

revokeRolesFromRole doesn't seem to record what roles it is revoking

Dan P has me in high-speed mode so I'm not going to give a reproducible test
case.

Here's some of my python:

        self.roles = [nroles[0]]
        utili.printf(u"Ӝ REEEEVOK role={0} roles={1}", self.role, self.roles)
        database.command("revokeRolesFromRole", value=self.role, revokedRoles=self.roles)
        self.keys = ["role", "db", "roles"]
        rolling = u", ".join([u"{0}@{1}".format(x['role'], x['db']) for x in self.roles])
        utili.printf(u"rolling = {0}", rolling)
        self.line = u"Revoked from role {0.role}@{0.db} the roles: {1}".format(self, rolling)
 

Here's the output, confirming that I am revoking read@admin:

Ӝ REEEEVOK role=role70Ӝ roles=[{'db': 'admin', 'role': 'read'}]
rolling = read@admin

Here's the BSON format output:

            {u'remote': {u'ip': u'127.0.0.1', u'port': 44158}, u'users': [{u'userSource': u'admin', u'user': u'admin'}], u'atype': u'revokeRolesFromRole', u'ts': datetime.datetime(2013, 11, 1, 15, 45, 41, 836000, tzinfo=<bson.tz_util.FixedOffset object at 0x131dad0>), u'param': {u'db': u'roledb34\xed', u'role': u'role35\u0107', u'roles': []}, u'result': 0, u'local': {u'ip': u'127.0.0.1', u'port': 27017}}
 

And here's the text format output:

            2013-11-01T11:45:42.511-0400 admin@admin 127.0.0.1:44161/127.0.0.1:27017 Revoked from role role70Ӝ@roledb69Ж the roles.

Notice that we don't see what's getting revoked.



 Comments   
Comment by auto [ 01/Nov/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11522 SERVER-11524 Pass the right roles to the auditing code in grantRolesToRoles and revokeRolesFromRole
Branch: master
https://github.com/mongodb/mongo/commit/471bc7a3de80fae0551f164a4a0d51e2325cae30

Generated at Thu Feb 08 03:26:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.