diff options
author | Alex Taskov <alex.taskov@mongodb.com> | 2020-11-20 16:23:08 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-11-21 02:37:36 +0000 |
commit | 58c8bb3b1b1e72d42b7ad2bb203e63271745401c (patch) | |
tree | fa7d5cc89032cad9b545b6c8605bc4984c53c42e | |
parent | a2d3dc6dc5b878f6806eaeb6810ba121fe24727a (diff) | |
download | mongo-58c8bb3b1b1e72d42b7ad2bb203e63271745401c.tar.gz |
SERVER-52955 KeysCollectionClientDirect should check if majority read concern is supported by storage engine
-rw-r--r-- | buildscripts/resmokeconfig/suites/multiversion_auth.yml | 2 | ||||
-rw-r--r-- | jstests/multiVersion/load_keys_on_upgrade.js | 68 | ||||
-rw-r--r-- | src/mongo/db/keys_collection_client_direct.cpp | 3 |
3 files changed, 72 insertions, 1 deletions
diff --git a/buildscripts/resmokeconfig/suites/multiversion_auth.yml b/buildscripts/resmokeconfig/suites/multiversion_auth.yml index 58421d804af..f3640884d0d 100644 --- a/buildscripts/resmokeconfig/suites/multiversion_auth.yml +++ b/buildscripts/resmokeconfig/suites/multiversion_auth.yml @@ -19,6 +19,8 @@ selector: # TODO: SERVER-30161 - jstests/multiVersion/dumprestore.js - jstests/multiVersion/dumprestore_sharded.js + # Skip any tests that run with auth explicitly. + - jstests/multiVersion/load_keys_on_upgrade.js # Multiversion tests start their own mongod's. executor: diff --git a/jstests/multiVersion/load_keys_on_upgrade.js b/jstests/multiVersion/load_keys_on_upgrade.js new file mode 100644 index 00000000000..f4b6707b53b --- /dev/null +++ b/jstests/multiVersion/load_keys_on_upgrade.js @@ -0,0 +1,68 @@ +// +// Tests to validate that correct read concern is used to load clusterTime signing keys from +// admin.system.keys on upgrade. +// + +load('./jstests/multiVersion/libs/multi_rs.js'); + +var oldVersion = "last-stable"; + +var nodes = { + n1: {binVersion: oldVersion}, + n2: {binVersion: oldVersion}, + n3: {binVersion: oldVersion} +}; + +function authAllNodes(rst) { + for (let node of rst.nodes) { + assert.eq(1, node.getDB("admin").auth("root", "root")); + } +} + +var keyFile = "jstests/libs/key1"; +var rst = new ReplSetTest({nodes: nodes, waitForKeys: false, nodeOptions: {keyFile: keyFile}}); + +rst.startSet(); + +rst.initiateWithAnyNodeAsPrimary( + Object.extend(rst.getReplSetConfig(), {writeConcernMajorityJournalDefault: true})); + +// Wait for a primary node... +var primary = rst.getPrimary(); + +primary.getDB("admin").createUser({user: "root", pwd: "root", roles: ["root"]}, {w: 3}); + +authAllNodes(rst); +primary.getDB("admin").createRole({ + role: "systemkeys", + privileges: [{resource: {db: "admin", collection: "system.keys"}, actions: ["find"]}], + roles: [] +}, + {w: 3}); +primary.getDB("admin").grantRolesToUser("root", ["systemkeys"], {w: 3}); + +assert.soonNoExcept(function(timeout) { + var keyCnt = primary.getCollection('admin.system.keys').find({purpose: 'HMAC'}).itcount(); + return keyCnt >= 2; +}, "Awaiting keys", 5 * 1000); + +var rsConn = new Mongo(rst.getURL()); +assert.eq(1, rsConn.getDB("admin").auth("root", "root")); +assert.commandWorked(rsConn.adminCommand({isMaster: 1})); +print("clusterTime: " + tojson(rsConn.getDB("admin").getSession().getClusterTime())); + +jsTest.log("Upgrading replica set..."); + +rst.upgradeSet({keyFile: keyFile, binVersion: "latest"}, "root", "root"); + +jsTest.log("Replica set upgraded."); + +try { + rsConn.adminCommand({isMaster: 1}); +} catch (e) { +} +assert.eq(1, rsConn.getDB("admin").auth("root", "root")); +assert.commandWorked(rsConn.adminCommand({isMaster: 1})); +print("clusterTime2: " + tojson(rsConn.getDB("admin").getSession().getClusterTime())); + +rst.stopSet();
\ No newline at end of file diff --git a/src/mongo/db/keys_collection_client_direct.cpp b/src/mongo/db/keys_collection_client_direct.cpp index 0eaf90ce7a9..443deb1dd1b 100644 --- a/src/mongo/db/keys_collection_client_direct.cpp +++ b/src/mongo/db/keys_collection_client_direct.cpp @@ -85,7 +85,8 @@ StatusWith<std::vector<KeysCollectionDocument>> KeysCollectionClientDirect::getN queryBuilder.append("purpose", purpose); queryBuilder.append("expiresAt", BSON("$gt" << newerThanThis.asTimestamp())); - auto readConcern = serverGlobalParams.enableMajorityReadConcern && useMajority + auto storageEngine = opCtx->getServiceContext()->getStorageEngine(); + auto readConcern = storageEngine->supportsReadConcernMajority() && useMajority ? repl::ReadConcernLevel::kMajorityReadConcern : repl::ReadConcernLevel::kLocalReadConcern; |