[SERVER-25492] mongod startup should gracefully handle invalid view definitions Created: 08/Aug/16 Updated: 02/Dec/16 Resolved: 17/Aug/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Storage |
| Affects Version/s: | None |
| Fix Version/s: | 3.3.12 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Max Hirschhorn | Assignee: | Kyle Suarez |
| Resolution: | Done | Votes: | 0 |
| Labels: | read-only-views | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||||||
| Steps To Reproduce: |
Output
|
||||||||||||||||||||||||||||||||
| Sprint: | Integration 2016-08-29 | ||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||
| Description |
|
The current behavior is for mongod to fail to start. This is unacceptable because it doesn't allow for any user remediation to drop invalid view definitions. |
| Comments |
| Comment by Kyle Suarez [ 17/Aug/16 ] |
|
I'm marking this as "Documentation changes needed" to ensure that we document the behavior of the server in the event a user manually tampers with system.views. |
| Comment by Githook User [ 17/Aug/16 ] |
|
Author: {u'username': u'ksuarz', u'name': u'Kyle Suarez', u'email': u'kyle.suarez@mongodb.com'}Message: Allows mongod to be (re)started, even in the presence of invalid view |
| Comment by Geert Bosch [ 17/Aug/16 ] |
|
Discussion with schwerin led us to use an explicit system.views collection, but not prohibit direct access as trying to make exceptions based on recovery-state, internal vs external client etc tends to get messy/buggy. Direct access can be limited instead through the usual authorization mechanisms where needed. It is the case today that you can get your system in bad state by directly writing to system collections. |
| Comment by Kyle Suarez [ 09/Aug/16 ] |
|
pasette, that was our original intention, but because of the way the replication system works, geert.bosch determined it would not be possible to prohibit inconsistencies in system.views. |
| Comment by Daniel Pasette (Inactive) [ 08/Aug/16 ] |
|
Is there any reason to allow direct inserts into system.views? Let's turn this off at the source. |