Problem Statement/Rationale
When revoking a previlege from a role (aka. revokePrivilegesFromRole), the corresponding audit logs (1 with atype: authCheck, and 1 with atype: revokePrivilegesFromRole) should have include both the database and the role name in param.ns.
Steps to Reproduce
- Revoke a previlege from a role.
- Check the audit log that was produced.
Expected Results
It should produce a log that resembles this:
- param.ns should have BOTH the db and the role.
{ "atype" : "authCheck", "ts" : { "$date" : "2022-04-14T21:00:01.873+00:00" }, "uuid" : { "$binary" : "isi10Tt7SjuEmUTyiOW2Wg==", "$type" : "04" }, "local" : { "ip" : "172.31.80.31", "port" : 27017 }, "remote" : { "ip" : "172.31.64.227", "port" : 57258 }, "users" : [ { "user" : "jackAdmin", "db" : "admin" } ], "roles" : [ { "role" : "root", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ], "param" : { "command" : "revokePrivilegesFromRole", "ns" : "tlcdb.tester", "args" : { "revokePrivilegesFromRole" : "tester", "privileges" : [ { "resource" : { "db" : "tlcdb", "collection" : "testcoll" }, "actions" : [ "find" ] } ], "writeConcern" : { "w" : "majority", "wtimeout" : 600000 }, "lsid" : { "id" : { "$binary" : "rJAp+YHMTH2gQZOI7Xrppw==", "$type" : "04" } }, "$db" : "tlcdb" } }, "result" : 0 }
Actual Results
It produces the following log:
* param.ns only has the db name. It is missing the role that should come after the period.
{ "atype" : "authCheck", "ts" : { "$date" : "2022-04-14T21:00:01.873+00:00" }, "uuid" : { "$binary" : "isi10Tt7SjuEmUTyiOW2Wg==", "$type" : "04" }, "local" : { "ip" : "172.31.80.31", "port" : 27017 }, "remote" : { "ip" : "172.31.64.227", "port" : 57258 }, "users" : [ { "user" : "jackAdmin", "db" : "admin" } ], "roles" : [ { "role" : "root", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ], "param" : { "command" : "revokePrivilegesFromRole", "ns" : "tlcdb.", "args" : { "revokePrivilegesFromRole" : "tester", "privileges" : [ { "resource" : { "db" : "tlcdb", "collection" : "testcoll" }, "actions" : [ "find" ] } ], "writeConcern" : { "w" : "majority", "wtimeout" : 600000 }, "lsid" : { "id" : { "$binary" : "rJAp+YHMTH2gQZOI7Xrppw==", "$type" : "04" } }, "$db" : "tlcdb" } }, "result" : 0 }
Additional Notes
Any additional information that may be useful to include.