Details
-
Task
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Fully Compatible
-
Server Serverless 2022-08-08
Description
The tenant access blockers are removed at three locations for shard split :
- When expireAt is set for an aborted migration
- When a document is deleted
- When the collection is dropped
This opens up a race condition as split tries to remove a blocker for a tenant twice for aborted migration (when setting expireAt and when deleting the document). Therefore we can have the following scenario :
- Starting split for tenantA with id 1
- Blockers are installed for tenantA for split 1
- Split 1 aborts due to an error
- forgetShardSplit is called for split 1. It sets expireAt and remove blocker for tenantA
- A new split is started with id 2
- Blockers are installed for tenantA for split 2
- The state document is removed for split 1. The blocker for tenantA is removed in onDelete (this blocker is owned by split 2)
- Split 2 triggers an invariant as it expects to have a blocker for tenantA