[SERVER-39376] 4.2 with ssl has mixed translation in getCmdLineOpts Created: 05/Feb/19 Updated: 29/Oct/23 Resolved: 12/Feb/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.1.9 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Louisa Berger | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | mms-s | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Security 2019-02-25 | ||||
| Participants: | |||||
| Description |
|
If you start a 4.2 process with the following in the config file:
When you run getCmdLineOpts, you get the following:
The fact that the ssl arguments are translated at all is unexpected – the server hasn't done that for other deprecated args. Automation cares about this because we run getCmdLineOpts to check that the process is running with the correct process arguments. Our preference here would be that the server translates none of the arguments – that getCmdLineOpts returns what the user actually started with in the conf file. If that's not possible, to translate all of the arguments, and not leave the dangling "ssl" in a case like this. Thank you! |
| Comments |
| Comment by Githook User [ 12/Feb/19 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |
| Comment by Sara Golemon [ 12/Feb/19 ] |
|
It's not going to be possible to not-canonicalize the deprecated settings, it happens too early. I'm curious to hear more about "the server hasn't done that for other deprecated args" because that behavior isn't new. It's possible that deprecated args which you're thinking of are presented in the configs as separate arguments which happen to do the same thing (and we have quite a number of those). sslMode is special because it's not actually treated as a rename of the old settings since we validate the values passed translate (e.g. sslMode=requireSSL or tlsMode=requireTLS are okay, but sslMode=requireTLS or tlsMode=requireSSL are not). That said, I can easily add an explicit canonicalization to transform this to the tls variant so that it aligns with the rest of the normalized settings. |