[SERVER-65832] Block mongod's CompactStructuredEncryptionData on shard server Created: 20/Apr/22  Updated: 29/Oct/23  Resolved: 02/May/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.0.0-rc5, 6.1.0-rc0

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v6.0
Sprint: Security 2022-05-02, Security 2022-05-16
Participants:

 Description   

There are two implementations of CompactStructuredEncryptionData. One for sharded clusters and one for just replica sets. The replica set version (src/mongo/db/commands/fle2_compact_cmd.cpp) should not be run in a sharded cluster. If a client were to directly connect to a shard server, the command should error saying they should run the command through mongos.

There are two methods we can use to check if we are shard svr instead of just a replica set. The method `ShardingState::get(opCtx)->enabled() ` should be a sufficient check.

Reference:
https://github.com/mongodb/mongo/blob/d84c2eff3e5bd195caadf8b202c736ae69e5735e/src/mongo/db/s/sharding_state.h#L77-L93



 Comments   
Comment by Githook User [ 05/May/22 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-65832 Block mongod CompactStructuredEncryptionData on shard server

(cherry picked from commit 671486e7ba73cfac7e769f9839de9c7be023be21)
Branch: v6.0
https://github.com/mongodb/mongo/commit/0d025d08cf2792a19b48678f5c146268a80c193f

Comment by Githook User [ 02/May/22 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-65832 Block mongod CompactStructuredEncryptionData on shard server
Branch: master
https://github.com/mongodb/mongo/commit/671486e7ba73cfac7e769f9839de9c7be023be21

Generated at Thu Feb 08 06:03:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.