Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-79336

[Security] Audit v7.0 feature flag

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 7.0.2
    • None
    • None
    • None
    • Server Security
    • Fully Compatible
    • Security 2023-08-21, Security 2023-09-04

    Description

      Intial sync can temporarily reset the fcv value to uninitialized and sets the new value afterwards. This can cause call sites trying to inspect the fcv value to hit this invariant. We need to audit feature flag usage and determine which should do one of the following:

      • It can never be called when initial sync is running. So do nothing. Note that this can be tricky to prove as we once thought the catalog cache loader can never be run while initial sync is happening but it can.
      • It is safe to ignore fcv version so use isEnabledAndIgnoreFCVUnsafe instead
      • It is safe to turn off the feature anytime (even if feature flag is actually on) so use isEnabledUseDefaultFCVWhenUninitialized instead.
      • Special logic is needed if fcv is not initialized

      gFeatureFlagConfigurableX509ClusterAuthn
      gFeatureFlagAuditConfigClusterParameter
      gFeatureFlagFLE2CompactForProtocolV2
      gFeatureFlagFLE2Range
      gFeatureFlagUserRoles

      Attachments

        Activity

          People

            gabriel.marks@mongodb.com Gabriel Marks
            randolph@mongodb.com Randolph Tan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: