Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14212

mongorestore may drop system users and roles

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.6.4, 2.7.4
    • Affects Version/s: 2.6.2
    • Component/s: Tools
    • Minor Change
    • ALL
    • Hide
      function runTool(toolName, mongod, shutdownServer, options) {
          if (shutdownServer) {
              MongoRunner.stopMongod(mongod);
              var opts = {dbpath: mongod.fullOptions.pathOpts.dbpath};
              Object.extend(opts, options);
              assert(!MongoRunner.runMongoTool(toolName, opts));
              mongod.fullOptions.restart = true;
              return MongoRunner.runMongod(mongod.fullOptions);
          } else {
              var opts = {host: mongod.host};
              Object.extend(opts, options);
              assert(!MongoRunner.runMongoTool(toolName, opts));
              return mongod;
          }
      }
      
      
      var shutdownServer = true;
      var mongod = MongoRunner.runMongod();
      var admindb = mongod.getDB("admin");
      var db = mongod.getDB("foo");
      
      // Create user & role in admin & foo
      admindb.createUser({user: 'root', pwd: 'pass', roles: ['root']});
      admindb.createRole({role: 'adminrole', roles: [], privileges:[]});
      db.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles});
      db.createRole({role: 'role', roles: [], privileges:[]});
      
      admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
      admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
      
      var dumpDir = MongoRunner.getAndPrepareDumpDirectory("restoreTest");
      
      // Dump foo database *with* user data
      mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir, db: "foo", dumpDbUsersAndRoles: ""});
      print("After mongodump");
      
      // Drop users and create others
      db = mongod.getDB('foo');
      db.dropUser('user')
      db.createUser({user: 'user2', pwd: 'password2', roles: jsTest.basicUserRoles});
      db.dropRole('role')
      db.createRole({role: 'role2', roles: [], privileges:[]});
      print("After creating temp users");
      
      // Restore without --drop to override the changes to user data
      mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo'});
      db = mongod.getDB('foo');
      admindb = mongod.getDB("admin");
      print("After mongorestore without drop");
      
      admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
      admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
      
      // Restore without --drop & --restoreDbUsersAndRoles
      mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo',
                                                                restoreDbUsersAndRoles: ""});
      db = mongod.getDB('foo');
      admindb = mongod.getDB("admin");
      print("After mongorestore without drop & restoreDbUsersAndRoles");
      
      admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
      admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
      
      // Restore with --drop to override the changes to user data
      mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo',
                                                                drop: "", restoreDbUsersAndRoles: ""});
      db = mongod.getDB('foo');
      admindb = mongod.getDB("admin");
      print("After mongorestore with drop");
      
      admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
      admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
      
      MongoRunner.stopMongod(mongod);
      
      Show
      function runTool(toolName, mongod, shutdownServer, options) { if (shutdownServer) { MongoRunner.stopMongod(mongod); var opts = {dbpath: mongod.fullOptions.pathOpts.dbpath}; Object .extend(opts, options); assert (!MongoRunner.runMongoTool(toolName, opts)); mongod.fullOptions.restart = true ; return MongoRunner.runMongod(mongod.fullOptions); } else { var opts = {host: mongod.host}; Object .extend(opts, options); assert (!MongoRunner.runMongoTool(toolName, opts)); return mongod; } } var shutdownServer = true ; var mongod = MongoRunner.runMongod(); var admindb = mongod.getDB( "admin" ); var db = mongod.getDB( "foo" ); // Create user & role in admin & foo admindb.createUser({user: 'root' , pwd: 'pass' , roles: [ 'root' ]}); admindb.createRole({role: 'adminrole' , roles: [], privileges:[]}); db.createUser({user: 'user' , pwd: 'pass' , roles: jsTest.basicUserRoles}); db.createRole({role: 'role' , roles: [], privileges:[]}); admindb.system.users.find().forEach( function(myDoc) {print( "user: " +myDoc._id);}); admindb.system.roles.find().forEach( function(myDoc) {print( "role: " +myDoc._id);}); var dumpDir = MongoRunner.getAndPrepareDumpDirectory( "restoreTest" ); // Dump foo database *with* user data mongod = runTool( "mongodump" , mongod, shutdownServer, {out: dumpDir, db: "foo" , dumpDbUsersAndRoles: ""}); print( "After mongodump" ); // Drop users and create others db = mongod.getDB( 'foo' ); db.dropUser( 'user' ) db.createUser({user: 'user2' , pwd: 'password2' , roles: jsTest.basicUserRoles}); db.dropRole( 'role' ) db.createRole({role: 'role2' , roles: [], privileges:[]}); print( "After creating temp users" ); // Restore without --drop to override the changes to user data mongod = runTool( "mongorestore" , mongod, shutdownServer, {dir: dumpDir + "foo/" , db: 'foo' }); db = mongod.getDB( 'foo' ); admindb = mongod.getDB( "admin" ); print( "After mongorestore without drop" ); admindb.system.users.find().forEach( function(myDoc) {print( "user: " +myDoc._id);}); admindb.system.roles.find().forEach( function(myDoc) {print( "role: " +myDoc._id);}); // Restore without --drop & --restoreDbUsersAndRoles mongod = runTool( "mongorestore" , mongod, shutdownServer, {dir: dumpDir + "foo/" , db: 'foo' , restoreDbUsersAndRoles: ""}); db = mongod.getDB( 'foo' ); admindb = mongod.getDB( "admin" ); print( "After mongorestore without drop & restoreDbUsersAndRoles" ); admindb.system.users.find().forEach( function(myDoc) {print( "user: " +myDoc._id);}); admindb.system.roles.find().forEach( function(myDoc) {print( "role: " +myDoc._id);}); // Restore with --drop to override the changes to user data mongod = runTool( "mongorestore" , mongod, shutdownServer, {dir: dumpDir + "foo/" , db: 'foo' , drop: "", restoreDbUsersAndRoles: " "}); db = mongod.getDB( 'foo' ); admindb = mongod.getDB( "admin" ); print( "After mongorestore with drop" ); admindb.system.users.find().forEach( function(myDoc) {print( "user: " +myDoc._id);}); admindb.system.roles.find().forEach( function(myDoc) {print( "role: " +myDoc._id);}); MongoRunner.stopMongod(mongod);

      Issue Status as of Jul 22, 2014

      ISSUE SUMMARY
      When mongorestore is used with all the following options:

      • --db
      • --drop
      • --restoreDbUsersAndRoles

      it incorrectly drops all user and roles in the system, instead of just the users and roles for the database being restored, then restores the users and roles from the dump for the database that is being restored.

      USER IMPACT
      Users lose all system users and roles, and may need to re-create the admin user and restore other system users and roles.

      WORKAROUNDS
      N/A

      AFFECTED VERSIONS
      MongoDB 2.6 production releases up to 2.6.3 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.6.4 production release.

      RESOLUTION DETAILS
      When restoring users and roles for a single db with --drop, don't drop users/roles from other databases.

      Original description

      mongorestore, when specified with the --db & --drop option, drops the admin users & roles. If it not specified, admin users & roles remain.

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            jonathan.abrahams Jonathan Abrahams
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: