-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: 4.8 Required
-
Component/s: None
-
None
-
Fully Compatible
-
ALL
-
v4.8
-
Security 2020-10-19, Security 2020-11-02
We are going to run atlas proxy with mongodb 4.8 version in the future. While trying to run the test harness with a new mongod in dev, I found a breaking change.
We depend on the `rolesInfo` command to load the roles we are interested in. With the current command params, 4.8 returns an empty array.
4.8 Mac OS Mongo link used for testing provided by Louis Williams: here (githash 9d86556d0032cdce4b1120c2390fd9b4f1232371).
Our suspicion is that it is a SERVER regression caused by SERVER-50204 - https://github.com/mongodb/mongo/commit/fc279d5cbaa398d879513ae2d679408bfda69e40.
The following command works on 4.4:
db.runCommand({rolesInfo: {role: "clusterMonitor", db: "admin"}, showBuiltinRoles: true, showPrivileges: true})
// returns
{
"roles" : [
{
"role" : "clusterMonitor",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ],
"privileges" : [
{
"resource" : {
"cluster" : true
},
"actions" : [
"checkFreeMonitoringStatus",
"connPoolStats",
"getDefaultRWConcern",
"getCmdLineOpts",
"getLog",
"getParameter",
"getShardMap",
"hostInfo",
"inprog",
"listDatabases",
"listSessions",
"listShards",
"netstat",
"replSetGetConfig",
"replSetGetStatus",
"serverStatus",
"shardingState",
"top",
"useUUID"
]
},
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"collStats",
"dbStats",
"getDatabaseVersion",
"getShardVersion",
"indexStats"
]
},
{
"resource" : {
"db" : "config",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"getDatabaseVersion",
"getShardVersion",
"indexStats",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "local",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"getDatabaseVersion",
"getShardVersion",
"indexStats",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "config",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "local",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "local",
"collection" : "system.replset"
},
"actions" : [
"find"
]
},
{
"resource" : {
"db" : "local",
"collection" : "replset.election"
},
"actions" : [
"find"
]
},
{
"resource" : {
"db" : "local",
"collection" : "replset.minvalid"
},
"actions" : [
"find"
]
},
{
"resource" : {
"db" : "",
"collection" : "system.profile"
},
"actions" : [
"find"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"cluster" : true
},
"actions" : [
"checkFreeMonitoringStatus",
"connPoolStats",
"getDefaultRWConcern",
"getCmdLineOpts",
"getLog",
"getParameter",
"getShardMap",
"hostInfo",
"inprog",
"listDatabases",
"listSessions",
"listShards",
"netstat",
"replSetGetConfig",
"replSetGetStatus",
"serverStatus",
"shardingState",
"top",
"useUUID"
]
},
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"collStats",
"dbStats",
"getDatabaseVersion",
"getShardVersion",
"indexStats"
]
},
{
"resource" : {
"db" : "config",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"getDatabaseVersion",
"getShardVersion",
"indexStats",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "local",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"getDatabaseVersion",
"getShardVersion",
"indexStats",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "config",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "local",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "local",
"collection" : "system.replset"
},
"actions" : [
"find"
]
},
{
"resource" : {
"db" : "local",
"collection" : "replset.election"
},
"actions" : [
"find"
]
},
{
"resource" : {
"db" : "local",
"collection" : "replset.minvalid"
},
"actions" : [
"find"
]
},
{
"resource" : {
"db" : "",
"collection" : "system.profile"
},
"actions" : [
"find"
]
}
]
}
],
"ok" : 1,
"$clusterTime" : {
"clusterTime" : Timestamp(1602766481, 5),
"signature" : {
"hash" : BinData(0,"xmViNsw4siG2KB2U8HBhl/Au/gg="),
"keyId" : NumberLong("6883829576070332419")
}
},
"operationTime" : Timestamp(1602766481, 5)
}
but returns an empty result on 4.8:
{
"roles" : [ ],
"ok" : 1,
"$clusterTime" : {
"clusterTime" : Timestamp(1602765785, 1),
"signature" : {
"hash" : BinData(0,"6KI6eOxovtORoUY1SimWekWPLKM="),
"keyId" : NumberLong("6883824911735848962")
}
},
"operationTime" : Timestamp(1602765785, 1)
}
The clusterMonitor role on admin does get returned from 4.8 if one uses rolesInfo: 1.
- related to
-
-
- Closed
-