Skip to content

fix(data-service): use databases where user has built in roles in listDatabases COMPASS-5691 #2959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 7, 2022
Merged

fix(data-service): use databases where user has built in roles in listDatabases COMPASS-5691 #2959

merged 4 commits into from
Apr 7, 2022
+184 −8

Conversation

Anemy
Copy link
Member

@Anemy Anemy commented Apr 6, 2022

COMPASS-5691 https://github.com/mongodb-js/compass/issues/2953

Description

Atlas shared tier clusters (serverless, M0, M2) with MongoDB server version 5+ do not currently return privileges with the connectionStatus command response (fix might be in soon/already w/ CLOUDP-115805). It also fails to listDatabases. As a result, currently a user with permissions to only one database would not be able to see their database.

While there may be a release of Atlas soon making this issue go away, the changes in this PR introduce a workaround so users with exclusive database permissions can use their databases. These changes expand our extra listDatabases affordances by referencing the authenticatedUserRoles in the connectionStatus response. We then add all of the databases where a user has any of the read, readWrite, dbAdmin, dbOwner built-in roles.

Motivation and Context

  • Bugfix

Open Questions

Is there another way to get this information? Is there anything we can do for cases where users are using custom roles with custom privileges for their access management?

Types of changes

  • Patch (non-breaking change which fixes an issue)

lerouxb
lerouxb reviewed Apr 7, 2022
View reviewed changes
packages/data-service/src/data-service.ts
// NB: Order is important, we want listed collections to take precedence
// if they were fetched successfully
[...databasesFromPrivileges, ...listedDatabases],
[...databasesFromRoles, ...databasesFromPrivileges, ...listedDatabases],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm trying to make sense of the comment that was here before. Where's listed collections coming from?

Copy link
Collaborator

@mcasimir mcasimir Apr 7, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming this is a merge of databases taken from the privileges and the result of adminDb.command({listDatabases: ...}) + adminDb.command({listCollections: dbName}), probably the db objects returned by the commands are more accurate than the privileges one.

Databases taken from privileges are useful cause admins may assign privileges to non existing dbs or collections that would not show up otherwise.

lerouxb
lerouxb approved these changes Apr 7, 2022
View reviewed changes
Copy link
Contributor

@lerouxb lerouxb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will be interesting to see if we can get a release out with this fix before cloud just fixes it.

@lerouxb
Copy link
Contributor

lerouxb commented Apr 7, 2022
edited
Loading

The ubuntu failure is a flake (something about the timing of that leafygreen component I don't understand well enough to reliably work around) and the others are failing due to 5.3. Should be fixed by #2962

@lerouxb
Copy link
Contributor

lerouxb commented Apr 7, 2022

I updated the branch so long to pull in the e2e fix for 5.3

@Anemy Anemy merged commit b487f41 into main Apr 7, 2022
@Anemy Anemy deleted the COMPASS-5691-use-built-in-roles-for-displaying-databases branch April 7, 2022 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcasimir mcasimir mcasimir left review comments

@lerouxb lerouxb lerouxb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Anemy @lerouxb @mcasimir