[SERVER-72227] Investigate how ESE WiredTiger configuration string arguments may appear in replicated catalog data Created: 16/Dec/22 Updated: 31/Jul/23 Resolved: 31/Jul/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Jordi Olivares Provencio |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Assigned Teams: |
Storage Execution
|
||||||||||||||||||||||||||||
| Sprint: | Execution EMEA Team 2023-07-24, Execution EMEA Team 2023-08-07 | ||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Linked BF Score: | 13 | ||||||||||||||||||||||||||||
| Description |
|
In
|
| Comments |
| Comment by Jordi Olivares Provencio [ 31/Jul/23 ] | ||||||||||
|
Opened | ||||||||||
| Comment by Jordi Olivares Provencio [ 31/Jul/23 ] | ||||||||||
|
The creation string is shown to the user if performing a collStats command on the collection as can be seen here:
Considering the previous comment and in light of this information I suspect some external tooling must've been involved in order to first create a backup of the collection using collStats or some other way of obtaining the creationString. Then a subsequent restore would recreate the collection using the same creationString as the original. As such, closing this ticket as Cannot Reproduce since we currently cannot reproduce this issue and deem it to be caused due to external actors. | ||||||||||
| Comment by Jordi Olivares Provencio [ 21/Jul/23 ] | ||||||||||
|
I can't seem to reproduce this in 3.2+. My main issue with this is that the only way I can see for the metadata to contain the encryption config is if the collection is explicitly created with this option in the createCommand arguments. As far as I can tell the encryption config is only hooked in while building the creation config string. This string is never leaked into what goes into the collection catalog since it only stores what the user provided CollectionOptions contains. This has been the case since 3.2 as far as I can tell. | ||||||||||
| Comment by Jordi Olivares Provencio [ 21/Jul/23 ] | ||||||||||
|
I've been investigating how this could end up inside of the catalog information. There seems to have been a previous case of this ( |