[SERVER-15575] Cannot do cluster actions on mongos despite having clusterAdmin role. Created: 08/Oct/14 Updated: 25/Oct/14 Resolved: 09/Oct/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.7.8 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Timothy Olsen (Inactive) | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Steps To Reproduce: | Set up a sharded cluster with auth. Add a user with clusterAdmin role. Login to the mongos as the user and try cluster actions such as getCmdLineOpts or "show dbs" |
| Participants: |
| Description |
|
I am unable to execute commands on the cluster resource despite having the clusterAdmin role. This is with master git commit 51aebc9b94c272eb251ff94d28be0c6fdd180de8 (binary downloaded from MCI)
This does not happen with 2.7.7. I don't believe this happens with a replica set without sharding. Assigning to andreas.nilsson@10gen.com on suggestion from spencer |
| Comments |
| Comment by Githook User [ 09/Oct/14 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: The closeAllDatabases action type was removed in |
| Comment by Timothy Olsen (Inactive) [ 09/Oct/14 ] |
|
andreas.nilsson@10gen.com The patch fixed it! |
| Comment by Timothy Olsen (Inactive) [ 09/Oct/14 ] |
|
Other privileges work fine. I was able to insert a document into a collection without any problem. Another thing I just realized which may be a factor here (apologies for not realizing this earlier). The cluster in question is mostly 2.6.4. It is in the middle of upgrading and has only upgraded the first mongos to 2.7.8-pre. Only the first mongos shows this problem. The second mongos (still on 2.6.4) does not have this problem. |
| Comment by Timothy Olsen (Inactive) [ 09/Oct/14 ] |
|
I just tried git commit 19142324b23e417093ae05a622babae3d31140b4 and it still happens with that commit. 19142324b23e417093ae05a622babae3d31140b4 is before (time-wise) 51aebc9b94c272eb251ff94d28be0c6fdd180de8 (the original git commit I reported) if it helps you narrow it down any. |
| Comment by Spencer Brody (Inactive) [ 09/Oct/14 ] |
|
One thing that was interesting when I was looking at this with Tim was that we ran connectionStatus with the showPrivileges argument, and I didn't see any privileges corresponding to the cluster resource. |
| Comment by Timothy Olsen (Inactive) [ 09/Oct/14 ] |
|
Correct |