[SERVER-74738] Can't run transitionToDedicatedConfigServer with auth on, but can run removeShard Created: 10/Mar/23  Updated: 29/Oct/23  Resolved: 28/Mar/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Bug Priority: Major - P3
Reporter: Joanna Cheng Assignee: Jack Mulrow
Resolution: Fixed Votes: 0
Labels: skunkelodeon-odcs
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-75085 Add catalog shard transition command ... Closed
Related
related to SERVER-74705 removeShard should not be allowed for... Closed
Assigned Teams:
Sharding NYC
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

I'm logged in as a user with the "root" role

[direct: mongos] admin> db.runCommand({connectionStatus:1})
{
  authInfo: {
    authenticatedUsers: [ { user: 'admin', db: 'admin' } ],
    authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
  },
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1678422366, i: 1 }),
    signature: {
      hash: Binary(Buffer.from("caabfec785f45dd5f8a7ae0ddfe87a213a7b29ab", "hex"), 0),
      keyId: Long("7208009756202500117")
    }
  },
  operationTime: Timestamp({ t: 1678422366, i: 1 })
}

But I can't run the transitionToDedicatedConfigServer command

[direct: mongos] admin> db.adminCommand({ transitionToDedicatedConfigServer: 1 });
MongoServerError: not authorized on admin to execute command { transitionToDedicatedConfigServer: 1, lsid: { id: UUID("9b4c914a-68c2-4429-80c5-1a4c210c980c") }, $clusterTime: { clusterTime: Timestamp(1678422366, 1), signature: { hash: BinData(0, CAABFEC785F45DD5F8A7AE0DDFE87A213A7B29AB), keyId: 7208009756202500117 } }, $db: "admin" }

However, this is just a wrapper around removeShard, and I can still run removeShard

[direct: mongos] admin> db.adminCommand({removeShard: "config"})
{
  msg: 'draining started successfully',
  state: 'started',
  shard: 'config',
  note: 'you need to drop or movePrimary these databases',
  dbsToMove: [ 'test' ],
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1678422410, i: 2 }),
    signature: {
      hash: Binary(Buffer.from("00ed9d2573b2779304bcde3c54c1c8a9a0fef5b2", "hex"), 0),
      keyId: Long("7208009756202500117")
    }
  },
  operationTime: Timestamp({ t: 1678422410, i: 2 })
}



 Comments   
Comment by Wenqin Ye [ 28/Mar/23 ]

Fixed in SERVER-75085

Comment by Jack Mulrow [ 10/Mar/23 ]

Yeah this should be the same issue as in SERVER-74737, which is that we haven't added the new actions for the transition commands to any built in roles yet.

Generated at Thu Feb 08 06:28:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.