I configured mongosync for two self-managed replications. Synchronization runs well. I have troubles in reversing with “mongosync” user.
source cluster:
user: ‘mongosync’,
db: ‘admin’,
roles: [
{ role: ‘restore’, db: ‘admin’ },
{ role: ‘backup’, db: ‘admin’ },
{ role: ‘clusterManager’, db: ‘admin’ },
{ role: ‘clusterMonitor’, db: ‘admin’ },
{ role: ‘readWriteAnyDatabase’, db: ‘admin’ }
Destination cluster:
user: ‘mongosync’,
db: ‘admin’,
roles: [
{ role: ‘restore’, db: ‘admin’ },
{ role: ‘backup’, db: ‘admin’ },
{ role: ‘clusterManager’, db: ‘admin’ },
{ role: ‘clusterMonitor’, db: ‘admin’ },
{ role: ‘dbAdmin’, db: ‘admin’ },
{ role: ‘readWriteAnyDatabase’, db: ‘admin’ }
[root@mongo2 ~]# curl localhost:27182/api/v1/reverse -XPOST --data ‘{ }’ | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 610 100 607 100 3 728 3 0:00:01 --:–:-- 0:00:01 732
{
“success”: false,
“error”: “APIError”,
“errorDescription”: "error dropping database mongosync_reserved_for_internal_use: failed to execute a command on the MongoDB execute command { dropDatabase: 1, writeConcern: { w: "majority", j: true, wtimeout: 120000 }, lsid: { id: UUID("d835e7cb-912, 4), signature: { hash: BinData(0, 564DAF0075DD6B46B7D6B38834483B3FA00D5B04), keyId: 7404745595098759175 } }, $db: "mongo
}
I also tested reversing with root-role users. It’s ok.
I would like to grant minimum privileges. Everyone helps me. Thanks alot.