[SERVER-62942] Mongo node should not check active status of KMIP key when rotating Created: 24/Jan/22 Updated: 29/Oct/23 Resolved: 04/Feb/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.3.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Shreyas Kalyan | Assignee: | Shreyas Kalyan |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Security 2022-02-07 | ||||
| Participants: | |||||
| Description |
|
When rotating a key, it does not make sense to check the active status of a key that the node is rotating off of. If the user is trying to rotate the key because it has been deactivated, we would still want to continue with the key rotation, which is not the current behavior. Instead we see - `{"t": {"$date":"2022-01-24T21:13:35.429+00:00"},"s":"E", "c":"STORAGE", "id":24248, "ctx":"initandlisten","msg":"Unable to retrieve key","attr":{"keyId":".system","error": {"code":2,"codeName":"BadValue","errmsg":"State of KMIP Key for ESE is not active on startup. UID: (1). State: deactivated"}}}` |
| Comments |
| Comment by Githook User [ 04/Feb/22 ] |
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}Message: |