[SERVER-80154] Audit synchronize job can temporarily overwrite new audit config value during FCV upgrade Created: 16/Aug/23  Updated: 29/Oct/23  Resolved: 23/Aug/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0

Type: Bug Priority: Major - P3
Reporter: Gabriel Marks Assignee: Gabriel Marks
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2023-08-21, Security 2023-09-04
Participants:
Linked BF Score: 45

 Description   

When upgrading FCV from 7.0 to 7.1, there is a phase in which we migrate audit config from the config.settings collection to the cluster parameters collection. When this happens, the in-memory audit config is updated to match the new one. However, since we are still in transitional 7.0-to-7.1 FCV while this happens, the audit synchronize job on mongod can run after this migration and overwrite the in-memory audit config, resulting in an unexpectedly empty timestamp. The fix is to block the audit synchronize job on mongod while we are in this transitional state.


Generated at Thu Feb 08 06:42:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.