[SERVER-65832] Block mongod's CompactStructuredEncryptionData on shard server - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.0.0-rc5, 6.1.0-rc0
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v6.0
Sprint:
Security 2022-05-02, Security 2022-05-16

Description

There are two implementations of CompactStructuredEncryptionData. One for sharded clusters and one for just replica sets. The replica set version (src/mongo/db/commands/fle2_compact_cmd.cpp) should not be run in a sharded cluster. If a client were to directly connect to a shard server, the command should error saying they should run the command through mongos.

There are two methods we can use to check if we are shard svr instead of just a replica set. The method `ShardingState::get(opCtx)->enabled() ` should be a sufficient check.

Reference:
https://github.com/mongodb/mongo/blob/d84c2eff3e5bd195caadf8b202c736ae69e5735e/src/mongo/db/s/sharding_state.h#L77-L93

Attachments

Activity

People

Assignee:: Mark Benvenuto

Reporter:: Mark Benvenuto

Participants:: Githook User, Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: Apr 20 2022 03:28:51 PM UTC

Updated:: May 05 2022 06:49:22 PM UTC

Resolved:: May 02 2022 06:47:16 PM UTC