[SERVER-38557] Make auth passthrough suites use users with custom roles Created: 11/Dec/18 Updated: 02/Jan/19 Resolved: 02/Jan/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Testing Infrastructure |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Sprint: | Security 2018-12-31, Security 2019-01-14 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
Periodically, new commands are introduced which can appear in Oplog entries. When the authorization subsystem sees an entry which applies to the admin database with a command it doesn't recognize, it doesn't know whether its internal caches are in sync with the on-disk representation of data. When this occurs, the authorization subsystem must disable custom roles. We should modify our auth passthrough suites to use a custom user which obtains the __system role indirectly via a custom role. When a new command is written which appears in the oplog, this test will instantly fail. |
| Comments |
| Comment by Spencer Jackson [ 13/Dec/18 ] |
|
An alternative might be to make the server invariant in our testing environment while entering the state where rolegraph resolution is degraded. |