[SERVER-51651] rolesInfo command returns an empty result for mongod version 4.8+ Created: 15/Oct/20  Updated: 29/Oct/23  Resolved: 23/Oct/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.8 Required
Fix Version/s: 4.9.0

Type: Bug Priority: Major - P3
Reporter: Tanay Abhra Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
related to SERVER-51859 rolesInfo command returns a result wi... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.8
Sprint: Security 2020-10-19, Security 2020-11-02
Participants:

 Description   

We are going to run atlas proxy with mongodb 4.8 version in the future. While trying to run the test harness with a new mongod in dev, I found a breaking change.

We depend on the `rolesInfo` command to load the roles we are interested in. With the current command params, 4.8 returns an empty array.

4.8 Mac OS Mongo link used for testing provided by Louis Williams: here (githash 9d86556d0032cdce4b1120c2390fd9b4f1232371).

 

Our suspicion is that it is a SERVER regression caused by SERVER-50204 - https://github.com/mongodb/mongo/commit/fc279d5cbaa398d879513ae2d679408bfda69e40.

 

The following command works on 4.4:

db.runCommand({rolesInfo: {role: "clusterMonitor", db: "admin"},      showBuiltinRoles: true,      showPrivileges: true})
// returns
 
{
	"roles" : [
		{
			"role" : "clusterMonitor",
			"db" : "admin",
			"isBuiltin" : true,
			"roles" : [ ],
			"inheritedRoles" : [ ],
			"privileges" : [
				{
					"resource" : {
						"cluster" : true
					},
					"actions" : [
						"checkFreeMonitoringStatus",
						"connPoolStats",
						"getDefaultRWConcern",
						"getCmdLineOpts",
						"getLog",
						"getParameter",
						"getShardMap",
						"hostInfo",
						"inprog",
						"listDatabases",
						"listSessions",
						"listShards",
						"netstat",
						"replSetGetConfig",
						"replSetGetStatus",
						"serverStatus",
						"shardingState",
						"top",
						"useUUID"
					]
				},
				{
					"resource" : {
						"db" : "",
						"collection" : ""
					},
					"actions" : [
						"collStats",
						"dbStats",
						"getDatabaseVersion",
						"getShardVersion",
						"indexStats"
					]
				},
				{
					"resource" : {
						"db" : "config",
						"collection" : ""
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"getDatabaseVersion",
						"getShardVersion",
						"indexStats",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : ""
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"getDatabaseVersion",
						"getShardVersion",
						"indexStats",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "config",
						"collection" : "system.js"
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "system.js"
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "system.replset"
					},
					"actions" : [
						"find"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "replset.election"
					},
					"actions" : [
						"find"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "replset.minvalid"
					},
					"actions" : [
						"find"
					]
				},
				{
					"resource" : {
						"db" : "",
						"collection" : "system.profile"
					},
					"actions" : [
						"find"
					]
				}
			],
			"inheritedPrivileges" : [
				{
					"resource" : {
						"cluster" : true
					},
					"actions" : [
						"checkFreeMonitoringStatus",
						"connPoolStats",
						"getDefaultRWConcern",
						"getCmdLineOpts",
						"getLog",
						"getParameter",
						"getShardMap",
						"hostInfo",
						"inprog",
						"listDatabases",
						"listSessions",
						"listShards",
						"netstat",
						"replSetGetConfig",
						"replSetGetStatus",
						"serverStatus",
						"shardingState",
						"top",
						"useUUID"
					]
				},
				{
					"resource" : {
						"db" : "",
						"collection" : ""
					},
					"actions" : [
						"collStats",
						"dbStats",
						"getDatabaseVersion",
						"getShardVersion",
						"indexStats"
					]
				},
				{
					"resource" : {
						"db" : "config",
						"collection" : ""
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"getDatabaseVersion",
						"getShardVersion",
						"indexStats",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : ""
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"getDatabaseVersion",
						"getShardVersion",
						"indexStats",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "config",
						"collection" : "system.js"
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "system.js"
					},
					"actions" : [
						"changeStream",
						"collStats",
						"dbHash",
						"dbStats",
						"find",
						"killCursors",
						"listCollections",
						"listIndexes",
						"planCacheRead"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "system.replset"
					},
					"actions" : [
						"find"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "replset.election"
					},
					"actions" : [
						"find"
					]
				},
				{
					"resource" : {
						"db" : "local",
						"collection" : "replset.minvalid"
					},
					"actions" : [
						"find"
					]
				},
				{
					"resource" : {
						"db" : "",
						"collection" : "system.profile"
					},
					"actions" : [
						"find"
					]
				}
			]
		}
	],
	"ok" : 1,
	"$clusterTime" : {
		"clusterTime" : Timestamp(1602766481, 5),
		"signature" : {
			"hash" : BinData(0,"xmViNsw4siG2KB2U8HBhl/Au/gg="),
			"keyId" : NumberLong("6883829576070332419")
		}
	},
	"operationTime" : Timestamp(1602766481, 5)
}

but returns an empty result on 4.8:

{
	"roles" : [ ],
	"ok" : 1,
	"$clusterTime" : {
		"clusterTime" : Timestamp(1602765785, 1),
		"signature" : {
			"hash" : BinData(0,"6KI6eOxovtORoUY1SimWekWPLKM="),
			"keyId" : NumberLong("6883824911735848962")
		}
	},
	"operationTime" : Timestamp(1602765785, 1)
}

 The clusterMonitor role on admin does get returned from 4.8 if one uses rolesInfo: 1.



 Comments   
Comment by Githook User [ 23/Oct/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-51651 Fix rolesInfo for builtinRole via exact match
Branch: master
https://github.com/mongodb/mongo/commit/a9a1aec2819dfca8795e022817189a651a09d2e4

Comment by Spencer Jackson [ 15/Oct/20 ]

sara.golemon, we seem to have had a regression in rolesInfo. Can you take a look?

Generated at Thu Feb 08 05:26:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.