SERVER-48715 correctly handle $clusterTime on arbiters when auth is enabled

author: Kevin Pulo <kevin.pulo@mongodb.com> 2020-06-15 19:38:28 +1000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-06-16 01:23:43 +0000
commit: 2d910ef001820ede2d16e597947a4e0893040030 (patch)
tree: 948890b15a6d0f35c9dd3749c3294ab0a53e572e
parent: ab67e0ffef124954d5244d94c8ee5b8b1380571e (diff)
download: mongo-2d910ef001820ede2d16e597947a4e0893040030.tar.gz
2 files changed, 66 insertions, 20 deletions
diff --git a/jstests/auth/arbiter.js b/jstests/auth/arbiter.js
index e7483632f49..1254172dd88 100644
--- a/jstests/auth/arbiter.js
+++ b/jstests/auth/arbiter.js
@@ -2,34 +2,74 @@
 // any other nodes in the replset.
 // @tags: [requires_replication]
 
-var name = "arbiter_localhost_test";
-var key = "jstests/libs/key1";
-var replTest = new ReplSetTest({name: name, nodes: 3, keyFile: key});
-var nodes = replTest.nodeList();
+(function() {
+
+const name = "arbiter_localhost_test";
+const key = "jstests/libs/key1";
+const replTest = new ReplSetTest({name: name, nodes: 2, keyFile: key});
+const nodes = replTest.nodeList();
 
 replTest.startSet();
 replTest.initiate({
     _id: name,
-    members: [
-        {"_id": 0, "host": nodes[0], priority: 3},
-        {"_id": 1, "host": nodes[1]},
-        {"_id": 2, "host": nodes[2], arbiterOnly: true}
-    ],
+    members: [{"_id": 0, "host": nodes[0]}, {"_id": 1, "host": nodes[1], arbiterOnly: true}],
 });
 
-var primaryAdmin = replTest.nodes[0].getDB("admin");
-var arbiterAdmin = replTest.nodes[2].getDB("admin");
+const primary = replTest.nodes[0];
+const arbiter = replTest.nodes[1];
 
-var cmd0 = {getCmdLineOpts: 1};
-var cmd1 = {getParameter: 1, logLevel: 1};
-var cmd2 = {serverStatus: 1};
+const testCases = [
+    {
+        command: {getCmdLineOpts: 1},
+        expectedPrimaryCode: ErrorCodes.Unauthorized,
+        expectedArbiterCode: ErrorCodes.OK,
+    },
+    {
+        command: {getParameter: 1, logLevel: 1},
+        expectedPrimaryCode: ErrorCodes.Unauthorized,
+        expectedArbiterCode: ErrorCodes.OK,
+    },
+    {
+        command: {serverStatus: 1},
+        expectedPrimaryCode: ErrorCodes.Unauthorized,
+        expectedArbiterCode: ErrorCodes.OK,
+    },
+    {
+        command: {
+            ping: 1,
+            "$clusterTime": {
+                clusterTime: Timestamp(1, 1),
+                signature: {hash: BinData(0, "AAAAAAAAAAAAAAAAAAAAAAAAAAA="), keyId: NumberLong(0)}
+            }
+        },
+        expectedPrimaryCode: ErrorCodes.OK,
+        expectedArbiterCode: ErrorCodes.OK,
+    },
+    {
+        command: {
+            isMaster: 1,
+            "$clusterTime": {
+                clusterTime: Timestamp(1, 1),
+                signature: {hash: BinData(0, "AAAAAAAAAAAAAAAAAAAAAAAAAAA="), keyId: NumberLong(0)}
+            }
+        },
+        expectedPrimaryCode: ErrorCodes.OK,
+        expectedArbiterCode: ErrorCodes.OK,
+    },
+];
 
-assert.commandFailedWithCode(primaryAdmin.runCommand(cmd0), 13);
-assert.commandFailedWithCode(primaryAdmin.runCommand(cmd1), 13);
-assert.commandFailedWithCode(primaryAdmin.runCommand(cmd2), 13);
+function _runTestCommandOnConn(conn, command, expectedCode) {
+    if (expectedCode) {
+        assert.commandFailedWithCode(conn.adminCommand(command), expectedCode);
+    } else {
+        assert.commandWorked(conn.adminCommand(command));
+    }
+}
 
-assert.commandWorked(arbiterAdmin.runCommand(cmd0));
-assert.commandWorked(arbiterAdmin.runCommand(cmd1));
-assert.commandWorked(arbiterAdmin.runCommand(cmd2));
+for (var testCase of testCases) {
+    _runTestCommandOnConn(primary, testCase.command, testCase.expectedPrimaryCode);
+    _runTestCommandOnConn(arbiter, testCase.command, testCase.expectedArbiterCode);
+}
 
 replTest.stopSet();
+})();
diff --git a/src/mongo/db/vector_clock.cpp b/src/mongo/db/vector_clock.cpp
index 24ce442a417..89b0f3ccd90 100644
--- a/src/mongo/db/vector_clock.cpp
+++ b/src/mongo/db/vector_clock.cpp
@@ -349,6 +349,9 @@ const VectorClock::ComponentArray<std::unique_ptr<VectorClock::GossipFormat>>
 bool VectorClock::gossipOut(OperationContext* opCtx,
                             BSONObjBuilder* outMessage,
                             const transport::Session::TagMask defaultClientSessionTags) const {
+    if (!isEnabled()) {
+        return false;
+    }
     auto clientSessionTags = defaultClientSessionTags;
     if (opCtx && opCtx->getClient()) {
         clientSessionTags = opCtx->getClient()->getSessionTags();
@@ -365,6 +368,9 @@ void VectorClock::gossipIn(OperationContext* opCtx,
                            const BSONObj& inMessage,
                            bool couldBeUnauthenticated,
                            const transport::Session::TagMask defaultClientSessionTags) {
+    if (!isEnabled()) {
+        return;
+    }
     auto clientSessionTags = defaultClientSessionTags;
     if (opCtx && opCtx->getClient()) {
         clientSessionTags = opCtx->getClient()->getSessionTags();
author	Kevin Pulo <kevin.pulo@mongodb.com>	2020-06-15 19:38:28 +1000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-06-16 01:23:43 +0000
commit	2d910ef001820ede2d16e597947a4e0893040030 (patch)
tree	948890b15a6d0f35c9dd3749c3294ab0a53e572e
parent	ab67e0ffef124954d5244d94c8ee5b8b1380571e (diff)
download	mongo-2d910ef001820ede2d16e597947a4e0893040030.tar.gz