[SERVER-31810] applyOps command with UUID containing op must require internal privileges Created: 02/Nov/17 Updated: 30/Oct/23 Resolved: 15/Nov/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.0-rc5, 3.7.1 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | bkp | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||
| Backport Requested: |
v3.6
|
||||||||||||||||||||||||
| Sprint: | Platforms 2017-11-13, Platforms 2017-12-04 | ||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
Tools performing restores will strip UUIDs out of the oplog tokens they are applying to produce a point in time snapshot. Because there is non-user facing behavior around application of oplog tokens containing UUIDs, the server must require users applying them to possess internal privileges. |
| Comments |
| Comment by Githook User [ 15/Nov/17 ] |
|
Author: {'name': 'Spencer Jackson', 'username': 'spencerjackson', 'email': 'spencer.jackson@mongodb.com'}Message: (cherry picked from commit afc2467c150c75dc201daacb9ac4e1f76e6fea6f) |
| Comment by Githook User [ 15/Nov/17 ] |
|
Author: {'name': 'Spencer Jackson', 'username': 'spencerjackson', 'email': 'spencer.jackson@mongodb.com'}Message: |
| Comment by Andy Schwerin [ 02/Nov/17 ] |
|
The "restore" role needs to be able to use applyOps to apply oplog entries with uuids. |
| Comment by William Banfield [ 02/Nov/17 ] |
|
cc: shane.harvey Recent discussions re: mongomirror make this a bit troubling. Our plan for mongomirror is to use uuid's to create collections and then to pass along all oplog entries unchanged to produce a mirrored version of the replica set. mongomirror will error if it sees a collection rename during the applyops as well. Requiring privilege here will present a large roadblock to this design. |