[SERVER-74448] Investigate if transitionToCatalogShard should be in localhost exception privileges Created: 28/Feb/23  Updated: 17/Mar/23  Resolved: 16/Mar/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Jack Mulrow Assignee: Wenqin Ye
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File screenshot-1.png    
Issue Links:
Related
related to SERVER-74976 Complete TODO listed in SERVER-74448 Closed
Assigned Teams:
Sharding NYC
Sprint: Sharding NYC 2023-04-03
Participants:

 Description   

transitionToCatalogShard is essentially a wrapper for addShard that adds the config server as a shard capable of storing user data. We have a list of "minimum privileges required to bootstrap a system and add the first user" that we allow when the localhost exception is active (ie there are no users and we're connecting from localhost). Notably, this includes addShard, which raises the question of if we should allow transitionToCatalogShard as well. If transitionToCatalogShard can run, then the cluster is far enough along where we should be able to add a user, so this seems unnecessary, but by that same logic, so is addShard, so we should investigate further.



 Comments   
Comment by Wenqin Ye [ 16/Mar/23 ]

I don't think it is necessary to also allow `transitionToCatalogShard` in the localhost exception. I asked the server security team and the original reason for putting addShard as one of the allowed privileges was because there was a bug where you could not create a user if you didn't have any shards. But apparently that is no longer a problem, so `addShard` doesn't technically even need to be in the allowed commands for the localhost exception anymore.

Generated at Thu Feb 08 06:27:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.