[SERVER-34820] buildInfo fails when no users are authenticated Created: 03/May/18 Updated: 19/Dec/18 Resolved: 22/Oct/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Sharding |
| Affects Version/s: | 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.7.9 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Bernie Hackett | Assignee: | Misha Tyulenev |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | sharding-wfbf-day | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||
| Steps To Reproduce: | Steps:
|
||||||||||||||||||||||||
| Sprint: | Sharding 2018-09-24, Sharding 2018-11-05 | ||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
This seems similar to
This only happens when the driver uses implicit sessions (e.g. PyMongo 3.6+). Using an older driver without implicit sessions (e.g. PyMongo 3.5.x) works around the problem.
|
| Comments |
| Comment by Ryan Salt [ 19/Dec/18 ] |
|
greg.mckeon, misha.tyulenev, thank you for fixing |
| Comment by Gregory McKeon (Inactive) [ 19/Dec/18 ] |
|
This issue has been resolved in 3.6.10 by |
| Comment by Misha Tyulenev [ 21/Nov/18 ] |
|
ryansalt-eri 3.6 Required will prioritize scheduling the backport in one of the upcoming releases of 3.6. I don't have information about exact release it will be in. |
| Comment by Ryan Salt [ 21/Nov/18 ] |
|
misha.tyulenev, thanks for the quick response! The required backport you mention, is that a backport of improvements made under |
| Comment by Misha Tyulenev [ 21/Nov/18 ] |
|
ryansalt-eri this is the correct approach. To address the issue the requiresAuth method should return false for several commands including buildInfo. We will make this change as a part of the required backport. |
| Comment by Ryan Salt [ 21/Nov/18 ] |
|
misha.tyulenev, considering this issue was marked as a duplicate of |
| Comment by Misha Tyulenev [ 22/Oct/18 ] |
|
greg.mckeon i think so - its not backported to 3.6, only 4.0, shane.harvey please confirm |
| Comment by Misha Tyulenev [ 27/Sep/18 ] |
|
jack.mulrow thats right the |
| Comment by Jack Mulrow [ 27/Sep/18 ] |
|
misha.tyulenev I'm running into this same issue with connectionStatus while backporting |
| Comment by Shane Harvey [ 21/Sep/18 ] |
|
misha.tyulenev, it looks like connectionStatus and listCommands suffer from the same bug as buildInfo. |
| Comment by Jeffrey Yemin [ 12/Jun/18 ] |
I don't think that intention was well understood since we agreed to enable implicit sessions in drivers even for unauthenticated connections.
It's not only explicit helpers. Generic run command is also problematic, e.g. db.runCommand({buildInfo : 1}) will fail as well for unauthenticated connections. |
| Comment by Bernie Hackett [ 12/Jun/18 ] |
|
Is there a list of commands that only require auth when an implicit session is used? I'd like to know what else is going to break. This puts drivers in a bad situation. Do we undo the implicit session work from 3.6 for helpers like this, or do we tell our users too bad, you need to authenticate now? |
| Comment by Kaloian Manassiev [ 11/May/18 ] |
|
buildInfo is a command which is allowed to be called unauthenticated and sessions are intended to be used by authenticated users, so this is expected behaviour. |
| Comment by Kaloian Manassiev [ 11/May/18 ] |
|
misha.tyulenev, is this one of the commands for which we need to disallow sessions? |
| Comment by Gregory McKeon (Inactive) [ 07/May/18 ] |
|
You can't add an lsid to buildInfo without having a logged in user in the current implementation. Assigning to sharding since they own sessions. |
| Comment by Bernie Hackett [ 03/May/18 ] |
|
This problem also exists in 3.7.x. |
| Comment by Bernie Hackett [ 03/May/18 ] |
|
Note that |