[SERVER-80154] Audit synchronize job can temporarily overwrite new audit config value during FCV upgrade Created: 16/Aug/23 Updated: 29/Oct/23 Resolved: 23/Aug/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Gabriel Marks | Assignee: | Gabriel Marks |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Security 2023-08-21, Security 2023-09-04 | ||||
| Participants: | |||||
| Linked BF Score: | 45 | ||||
| Description |
|
When upgrading FCV from 7.0 to 7.1, there is a phase in which we migrate audit config from the config.settings collection to the cluster parameters collection. When this happens, the in-memory audit config is updated to match the new one. However, since we are still in transitional 7.0-to-7.1 FCV while this happens, the audit synchronize job on mongod can run after this migration and overwrite the in-memory audit config, resulting in an unexpectedly empty timestamp. The fix is to block the audit synchronize job on mongod while we are in this transitional state. |