[SERVER-64364] Update scan_checked_replset.js helper to be usable in more configurations Created: 09/Mar/22  Updated: 08/Dec/22  Resolved: 08/Dec/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Sara Golemon Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
Related
Assigned Teams:
Server Security
Participants:

 Description   

Current, scan_checked_replset.js makes an assumption that the authenticationDatabase for connections will always be `admin`.  This is often true, but for externally managed users (e.g. LDAP), it is not.

Modify all uses of `auth()` in the script to be invoked on the `mongo` connection instance, and ensure that authInfo has a default value of `admin` for the db field.

e.g. In various places:

-   db.getSiblingDB('admin').auth(authInfo);
+   db.getMongo().auth(authInfo); 

and at the bottom of the script:

 var authInfo;
+authInfo.db = authInfo.db || 'admin';

 

Secondly, it is currently impossible to use TLS when opening new connections to cluster members.  To accomodate this, we need to either extract TLS info from the base connection or provide a `tlsInfo` struct (similar to authInfo) and consctruct a meaningful mongodb:// URI when opening new connections, or we need to simply allow the user to specify arbitrary URI parameters and append them to the constructed mongodb:// URI.



 Comments   
Comment by Edwin Zhou [ 08/Dec/22 ]

I'm closing this ticket out as a duplicate of STAR-3222 which implements Sara's solution from HELP-32128. These scripts are no longer found in https://github.com/10gen/mongo-enterprise-modules/tree/master/src/scripts, and now live here: https://github.com/mongodb/support-tools/tree/master/replset-consistency

Generated at Thu Feb 08 06:00:10 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.