[SERVER-65832] Block mongod's CompactStructuredEncryptionData on shard server Created: 20/Apr/22 Updated: 29/Oct/23 Resolved: 02/May/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.0.0-rc5, 6.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v6.0
|
||||
| Sprint: | Security 2022-05-02, Security 2022-05-16 | ||||
| Participants: | |||||
| Description |
|
There are two implementations of CompactStructuredEncryptionData. One for sharded clusters and one for just replica sets. The replica set version (src/mongo/db/commands/fle2_compact_cmd.cpp) should not be run in a sharded cluster. If a client were to directly connect to a shard server, the command should error saying they should run the command through mongos. There are two methods we can use to check if we are shard svr instead of just a replica set. The method `ShardingState::get(opCtx)->enabled() ` should be a sufficient check. |
| Comments |
| Comment by Githook User [ 05/May/22 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 671486e7ba73cfac7e769f9839de9c7be023be21) |
| Comment by Githook User [ 02/May/22 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |