[SERVER-48715] Sending cluster time to an arbiter with auth enabled results in an error Created: 11/Jun/20 Updated: 29/Oct/23 Resolved: 16/Jun/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.7.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Kevin Albertson | Assignee: | Kevin Pulo |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | PM-1645-Milestone-3 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Sprint: | Sharding 2020-06-29 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 25 | ||||||||||||
| Description |
|
Commands including a $clusterTime sent to an arbiter result in an error when auth is enabled on the server. I reproduced locally by creating a three node (PSA) replica set with auth enabled using mlaunch:
The error can be reproduced by sending a command to the arbiter with a $clusterTime obtained from another node. Example with the shell:
Replies with:
Interestingly, this occurs without authenticating the connection, but I cannot reproduce this if the server is started without auth enabled. Behavior appears in server version 4.5.0-1606-gbd74e90, but not 4.5.0-1602-g5c6e1e5. The most relevant looking server commit is 7074dee1fbf6763c0d463c377c2e47d8ef2c4f6f. This originally appeared as a C driver test failure in |
| Comments |
| Comment by Githook User [ 11/Jul/20 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: Until Also skips the DNS auth test failures described in |
| Comment by Githook User [ 16/Jun/20 ] |
|
Author: {'name': 'Kevin Pulo', 'email': 'kevin.pulo@mongodb.com', 'username': 'devkev'}Message: |
| Comment by Githook User [ 15/Jun/20 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message: Until Also skips the DNS auth test failures described in |