SERVER-53029 Port the changes for SERVER-52955 to later branchesr4.4.3-rc0r4.4.3

4 files changed, 63 insertions, 1 deletions

diff --git a/buildscripts/resmokeconfig/suites/multiversion_auth.yml b/buildscripts/resmokeconfig/suites/multiversion_auth.yml
index afe6158a970..f5a4574f082 100644
--- a/buildscripts/resmokeconfig/suites/multiversion_auth.yml
+++ b/buildscripts/resmokeconfig/suites/multiversion_auth.yml
@@ -20,6 +20,9 @@ selector:
   # it attempts to connect to an upgraded mongoD. Un-blacklist when SERVER-42919 fixes this issue.
   - jstests/multiVersion/genericSetFCVUsage/crash_mongos_against_upgraded_cluster.js
 
+  # Skip any tests that run with auth explicitly.
+  - jstests/multiVersion/load_keys_on_upgrade.js
+
 # Multiversion tests start their own mongod's.
 executor:
   config:
diff --git a/jstests/multiVersion/libs/multi_rs.js b/jstests/multiVersion/libs/multi_rs.js
index 5c21853423f..a32a15645f2 100644
--- a/jstests/multiVersion/libs/multi_rs.js
+++ b/jstests/multiVersion/libs/multi_rs.js
@@ -80,6 +80,8 @@ ReplSetTest.prototype.upgradePrimary = function(primary, options, user, pwd) {
         this.nodeOptions[nodeName] = Object.merge(this.nodeOptions[nodeName], options);
     }
 
+    jsTest.authenticate(primary);
+
     let oldPrimary = this.stepdown(primary);
     this.waitForState(oldPrimary, ReplSetTest.State.SECONDARY);
 
diff --git a/jstests/multiVersion/load_keys_on_upgrade.js b/jstests/multiVersion/load_keys_on_upgrade.js
new file mode 100644
index 00000000000..5b5c8801d83
--- /dev/null
+++ b/jstests/multiVersion/load_keys_on_upgrade.js
@@ -0,0 +1,56 @@
+//
+// Tests to validate that correct read concern is used to load clusterTime signing keys from
+// admin.system.keys on upgrade.
+//
+
+load('./jstests/multiVersion/libs/multi_rs.js');
+
+var oldVersion = "last-stable";
+
+var nodes = {
+    n1: {binVersion: oldVersion},
+    n2: {binVersion: oldVersion},
+    n3: {binVersion: oldVersion}
+};
+
+var keyFile = "jstests/libs/key1";
+var rst = new ReplSetTest({nodes: nodes, keyFile: keyFile});
+
+rst.startSet();
+
+rst.initiateWithAnyNodeAsPrimary(
+    Object.extend(rst.getReplSetConfig(), {writeConcernMajorityJournalDefault: true}));
+
+// Wait for a primary node...
+var primary = rst.getPrimary();
+
+primary.getDB("admin").createUser({user: "root", pwd: "root", roles: ["root"]}, {w: 3});
+
+var rsConn = new Mongo(rst.getURL());
+assert.eq(1, rsConn.getDB("admin").auth("root", "root"));
+assert.commandWorked(rsConn.adminCommand({hello: 1}));
+print("clusterTime: " + tojson(rsConn.getDB("admin").getSession().getClusterTime()));
+
+jsTest.log("Upgrading replica set...");
+
+TestData.auth = true;
+TestData.keyFile = keyFile;
+TestData.authUser = "__system";
+TestData.keyFileData = "foopdedoop";
+TestData.authenticationDatabase = "local";
+rst.upgradeSet({keyFile: keyFile, binVersion: "latest"});
+
+jsTest.log("Replica set upgraded.");
+
+TestData.keyFile = undefined;
+
+try {
+    rsConn.adminCommand({hello: 1});
+} catch (e) {
+}
+
+assert.eq(1, rsConn.getDB("admin").auth("root", "root"));
+assert.commandWorked(rsConn.adminCommand({hello: 1}));
+print("clusterTime2: " + tojson(rsConn.getDB("admin").getSession().getClusterTime()));
+
+rst.stopSet();
\ No newline at end of file
diff --git a/src/mongo/db/keys_collection_client_direct.cpp b/src/mongo/db/keys_collection_client_direct.cpp
index 7b00475749a..b926b47e8e5 100644
--- a/src/mongo/db/keys_collection_client_direct.cpp
+++ b/src/mongo/db/keys_collection_client_direct.cpp
@@ -84,7 +84,8 @@ StatusWith<std::vector<KeysCollectionDocument>> KeysCollectionClientDirect::getN
     queryBuilder.append("purpose", purpose);
     queryBuilder.append("expiresAt", BSON("$gt" << newerThanThis.asTimestamp()));
 
-    auto readConcern = serverGlobalParams.enableMajorityReadConcern && useMajority
+    auto storageEngine = opCtx->getServiceContext()->getStorageEngine();
+    auto readConcern = storageEngine->supportsReadConcernMajority() && useMajority
         ? repl::ReadConcernLevel::kMajorityReadConcern
         : repl::ReadConcernLevel::kLocalReadConcern;