BugZero | MongoDB BugID 94896 - Secondaries are not keeping their role graphs up-t...

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

Last updated on July 11th, 2016

BugZero Risk Score
6.2 Medium

Overall: 6.2

Severity: 6.4

Community: 5.5

Lifecycle: 9.1

What is the BugZero Risk Score?

MongoDB Integration

Learn more about where this data comes from

MongoDB Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Major - P3
Status: Closed
Views: 1

Description

Info

Secondaries and slaves are intended to use the logOp() hook to keep their role graphs up-to-date with replicated changes to the admin.system.roles collection. Unfortunately, secondaries and slaves are bypassing this hook during apply-ops in favor of directly calling one of the hook methods invoked by logOp(). Proposed fix is to ensure that secondaries and slaves call logOp() just like primaries do, though they may decide to run different hook functions than the primary.

Top User Comments

auto commented on Wed, 23 Oct 2013 21:07:46 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Fix build for old GCCs. Branch: master https://github.com/mongodb/mongo/commit/13962a0f8ebbaf0de9db9c10ed4da9aaf607f070 auto commented on Wed, 23 Oct 2013 20:22:52 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Apply relevant oplog entries to authorization manager. Also, reinitialize the AuthorizationManager's data structures after replication initial sync. Branch: master https://github.com/mongodb/mongo/commit/74cdecee315cacadb46d5fe170ce392fb32f3df1 auto commented on Tue, 22 Oct 2013 19:42:18 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Remove some uses of integer literals in oplog code. Branch: master https://github.com/mongodb/mongo/commit/f978484e16c20de3b93c62d46fc3f2fe7e9a1c02

Steps to Reproduce

Start a fresh replicaset with two members, with or without auth enabled. Use the createRole command to create a role r1 on the primary. db.runCommand({createRole: "r1", roles: [], privileges: []}) Look in admin.system.roles on the secondary, to show that the role data is been replicated. db.getSiblingDB("admin").system.roles.find() Run the rolesInfo command on the secondary. It will not have information about the role. db.runCommand({rolesInfo: "r1"}) Expected output: { "roles" : [ { "role" : "r1", "db" : "test", "roles" : [ ], "indirectRoles" : [ ], "privileges" : [ ] } ], "ok" : 1 } Actual output: { "roles" : [ ], "ok" : 1 }

Change history

2025-03-21 Added: 2.5.3

Relevant Products

Click on a version to see all relevant bugs

Affected versions:2.5.3

Fixed versions: 2.5.4

Relevant Products

Click on a version to see all relevant bugs

Affected versions:2.5.3

Fixed versions: 2.5.4

Top MongoDB Defects

7.0Defect ID: 3266121
Error message when adding a node to the shard cluster: "{"error":{"code":26,"codeName":"NamespaceNotFound","errmsg":"Unable to retrieve storageStats in $collStats stage :: caused by :: Collection [local.oplog.rs] not found."},"$db":"local"}}}"
5.5Defect ID: 3269537
Remove unnecessary balancer configuration refresh that may crash the process during addShard
5.5Defect ID: 3277022
CollectionCatalog can't replace a collection with a view in the same WriteUnitOfWork
5.4Defect ID: 3263496
Fix legacy timeseries namespace translation in findAndModify explain command
5.4Defect ID: 3287683
[v6.0] Ensure update fails on primary when doc_diff::computeDiff() produces empty sub-diffs

Ready to prevent the next vendor outage?

Get a demo

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

Last updated on July 11th, 2016

BugZero Risk Score6.2 Medium

Bug Details

Info

Top User Comments

Steps to Reproduce

Top MongoDB Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
6.2 Medium