[SERVER-74737] Can't run transitionToCatalogShard once you enable auth Created: 10/Mar/23  Updated: 29/Oct/23  Resolved: 28/Mar/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Bug Priority: Major - P3
Reporter: Joanna Cheng Assignee: Jack Mulrow
Resolution: Fixed Votes: 0
Labels: skunkelodeon-odcs
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-75085 Add catalog shard transition command ... Closed
Assigned Teams:
Sharding NYC
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

I've spun up a new sharded cluster with a keyfile, and created my new user (with the "root" role)

[direct: mongos] admin> db.runCommand({connectionStatus:1})
{
  authInfo: {
    authenticatedUsers: [ { user: 'admin', db: 'admin' } ],
    authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
  },
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1678422752, i: 1 }),
    signature: {
      hash: Binary(Buffer.from("9e9d31c17820d4cc24055f90e8e715efd1391d4f", "hex"), 0),
      keyId: Long("7208766933166981142")
    }
  },
  operationTime: Timestamp({ t: 1678422752, i: 1 })
}

But I can't run transitionToCatalogShard

[direct: mongos] admin> db.adminCommand({ transitionToCatalogShard: 1 });
MongoServerError: not authorized on admin to execute command { transitionToCatalogShard: 1, lsid: { id: UUID("bce29423-e2fb-4d6c-8190-f88f2c8d9763") }, $clusterTime: { clusterTime: Timestamp(1678422752, 1), signature: { hash: BinData(0, 9E9D31C17820D4CC24055F90E8E715EFD1391D4F), keyId: 7208766933166981142 } }, $db: "admin" }

There's no higher role I can give myself (short of __system which is not recommended)



 Comments   
Comment by Wenqin Ye [ 28/Mar/23 ]

Fixed in SERVER-75085

Comment by Jack Mulrow [ 10/Mar/23 ]

This should be because the transition commands require new action types which currently aren't included in any built in roles. The latest version of the design proposes adding them to the clusterManager built in role, like add/removeShard, so if that's approved that should fix this since root includes that role.

Generated at Thu Feb 08 06:28:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.