[SERVER-84236] Forbid usage of CollectionCatalog::get without an open snapshot Created: 15/Dec/23  Updated: 21/Dec/23

Status: Open
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Jordi Olivares Provencio Assignee: Backlog - Catalog and Routing
Resolution: Unresolved Votes: 0
Labels: car-qw
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-84238 Inconsistent Catalog access during ag... Closed
Assigned Teams:
Catalog and Routing
Participants:
Story Points: 2

 Description   

The collection catalog allows a user to acquire the latest version of the catalog by calling CollectionCatalog::get(opCtx) without having a snapshot open.

However, this leaves open the possibility of first doing some computations on the catalog, acquiring the correct snaphsot via shard role acquisiton/AutoGetter, then getting the correct Catalog and continuing with the same assumptions.

This could lead to potential query/data inconsistencies if we had something existing at the latest catalog but not in the snapshotted one and the rest of the code assuming the first catalog for operations instead.

To avoid this we should forbid the implicit acquisition of the latest catalog without a snapshot and add an invariant that crashes the server if accessing the catalog without a snapshot open. We should still allow a user to explicitly ask for the latest version however.


Generated at Thu Feb 08 06:54:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.