[SERVER-66332] FLE2 find does not work on secondaries Created: 10/May/22 Updated: 06/Dec/22 |
|
| Status: | Needs Scheduling |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Operating System: | ALL |
| Participants: |
| Description |
|
When a client sends a find command on an FLE2 encrypted collection directly to a secondary (e.g by way of readPreference {mode: "secondary"} ), the server always returns the error code NotPrimaryNoSecondaryOk with error message "not master and slaveOk=false". Cursory debugging reveals that this error happens on a count command; and occurs when rewriteQuery() starts an internal transaction that calls queryImpl->countDocuments() here. |
| Comments |
| Comment by Erwin Pe [ 10/May/22 ] |
|
Per slack conversation w/ Mark, transactions, in general, currently do not work on secondaries; but this should be fixable in the future with snapshot reads. |