Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-65832

Block mongod's CompactStructuredEncryptionData on shard server

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 6.0.0-rc5, 6.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • ALL
    • v6.0
    • Security 2022-05-02, Security 2022-05-16

      There are two implementations of CompactStructuredEncryptionData. One for sharded clusters and one for just replica sets. The replica set version (src/mongo/db/commands/fle2_compact_cmd.cpp) should not be run in a sharded cluster. If a client were to directly connect to a shard server, the command should error saying they should run the command through mongos.

      There are two methods we can use to check if we are shard svr instead of just a replica set. The method `ShardingState::get(opCtx)->enabled() ` should be a sufficient check.

      Reference:
      https://github.com/mongodb/mongo/blob/d84c2eff3e5bd195caadf8b202c736ae69e5735e/src/mongo/db/s/sharding_state.h#L77-L93

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: