|
Any oplog command we add in the future could impact authorization's ability to synchronize its caches with the on-disk representation of data. That log warning is actually pretty serious, and indicates that authorization is falling back into a degraded mode. As such, we really need to update authorization whenever a new command is introduced. I've filed a ticket, SERVER-38557 which will make our test infrastructure more aggressive about identifying these issues. I believe that we should continue to push more data than is strictly needed into the AuthorizationManager, as that is a much less serious situation than pushing too little. When the OpObservers have been further split up, the AuthorizationOpObserver could be written to be selective.
I believe this ticket should be closed out in favour of SERVER-38557 and SERVER-38556.
|
|
spencer.jackson, could you please confirm that the interesting commands for authorization only include drop, dropDatabase and renameCollection? Besides, authorization assumes it registers to all commands, which seems unnecessary. There might be some refactoring for auth we can do so that when we add new commands to replication, they won't confuse authorization logic.
tess.avitabile, can I nominate this ticket to Quick Wins or neweng, since it has caused confusions for several people.
|