BugZero | MongoDB BugID 94896 - Secondaries are not keeping their role graphs up-t...

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

Last updated on 7/11/2016

Overall: 6.26.2

Severity: 6.46.4

Community: 5.55.5

Lifecycle: 9.19.1

What is the BugZero Risk Score?

Vendor details

Priority: Major - P3
Status: Closed

Overall: 6.26.2

Severity: 6.46.4

Community: 5.55.5

Lifecycle: 9.19.1

What is the BugZero Risk Score?

Vendor details

Priority: Major - P3
Status: Closed

Info

Secondaries and slaves are intended to use the logOp() hook to keep their role graphs up-to-date with replicated changes to the admin.system.roles collection. Unfortunately, secondaries and slaves are bypassing this hook during apply-ops in favor of directly calling one of the hook methods invoked by logOp(). Proposed fix is to ensure that secondaries and slaves call logOp() just like primaries do, though they may decide to run different hook functions than the primary.

Top User Comments

auto commented on Wed, 23 Oct 2013 21:07:46 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Fix build for old GCCs. Branch: master https://github.com/mongodb/mongo/commit/13962a0f8ebbaf0de9db9c10ed4da9aaf607f070 auto commented on Wed, 23 Oct 2013 20:22:52 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Apply relevant oplog entries to authorization manager. Also, reinitialize the AuthorizationManager's data structures after replication initial sync. Branch: master https://github.com/mongodb/mongo/commit/74cdecee315cacadb46d5fe170ce392fb32f3df1 auto commented on Tue, 22 Oct 2013 19:42:18 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Remove some uses of integer literals in oplog code. Branch: master https://github.com/mongodb/mongo/commit/f978484e16c20de3b93c62d46fc3f2fe7e9a1c02

Steps to Reproduce

Start a fresh replicaset with two members, with or without auth enabled. Use the createRole command to create a role r1 on the primary. db.runCommand({createRole: "r1", roles: [], privileges: []}) Look in admin.system.roles on the secondary, to show that the role data is been replicated. db.getSiblingDB("admin").system.roles.find() Run the rolesInfo command on the secondary. It will not have information about the role. db.runCommand({rolesInfo: "r1"}) Expected output: { "roles" : [ { "role" : "r1", "db" : "test", "roles" : [ ], "indirectRoles" : [ ], "privileges" : [ ] } ], "ok" : 1 } Actual output: { "roles" : [ ], "ok" : 1 }

5.9Defect ID: 2956672
Some time-series tests implicitly rely on measurement insertion order for unordered inserts when checking bucket catalog stats
6.14Defect ID: 2965528
Remove push, publish_packages, and crypt_push tasks from Graviton 4 variants in v7.0 and v8.0
6.14Defect ID: 2947969
[SBE] Release storage engine resources when saveState() or restoreState() throws
5.68Defect ID: 2919474
StackLocator broken by v5 toolchain ASAN
5.88Defect ID: 2968769
Make new write path helper functions use acquireAndValidateBucketsCollection instead of acquireCollection

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

Last updated on 7/11/2016

Vendor details

Vendor details

Description

Info

Top User Comments

Steps to Reproduce

Links

Top MongoDB defects by risk score

Ready to prevent the next vendor outage?