[SERVER-75932] Allow Configuration of mongod to authenticate search query requests to local mongot, but not search index management requests to the local Envoy Created: 11/Apr/23  Updated: 29/Oct/23  Resolved: 17/Apr/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0, 7.1.0-rc0, 6.0.7

Type: Improvement Priority: Major - P3
Reporter: Evan Plotkin Assignee: George Wangensteen
Resolution: Fixed Votes: 0
Labels: mongot-cross-team, release-blocking
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Duplicate
is duplicated by SERVER-75931 Allow Configuration of mongod to auth... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v7.0, v6.0, v5.0
Sprint: Service Arch 2023-04-17, Service Arch 2023-05-01
Participants:

 Description   

Currently, mongod uses the same TaskExecutor to execute search queries and to issue Search Index Management commands.  This executor can be configured with a skipAuthenticationToMongot parameter, which configures this TaskExecutor to issue requests without authentication.

In the decoupled Atlas Search architecture, both search query commands and search index management commands will be sent to a local Envoy, without authentication.

However, in the coupled Atlas Search architecture, search query commands should be sent directly to mongot, with authentication.  Search Index Management commands will be sent to the local Envoy, without authentication (same as the decoupled architecture).

We need a way to configure mongod & mongos in the coupled architecture to provide authentication when making search query requests, but skip authentication when making search index management requests.


Generated at Thu Feb 08 06:31:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.