SERVER-40535 read signing keys with readConcern level majority

author: Misha Tyulenev <misha@mongodb.com> 2019-06-20 14:20:31 -0400
committer: Misha Tyulenev <misha@mongodb.com> 2019-06-20 14:20:55 -0400
commit: 1d158cabb504fa9dba3ed0f0688cdf14cb7b0cba (patch)
tree: ea16bd71c9747040309a964246b743b9fa9b9bdf /src/mongo
parent: 35424844fd9e10b042c435c83a8f1e23e42fb9e4 (diff)
download: mongo-1d158cabb504fa9dba3ed0f0688cdf14cb7b0cba.tar.gz
7 files changed, 33 insertions, 13 deletions
diff --git a/src/mongo/db/key_generator.cpp b/src/mongo/db/key_generator.cpp
index f3f43c0caad..ab4eb8ef11e 100644
--- a/src/mongo/db/key_generator.cpp
+++ b/src/mongo/db/key_generator.cpp
@@ -81,7 +81,7 @@ Status KeyGenerator::generateNewKeysIfNeeded(OperationContext* opCtx) {
     }
 
     auto currentTime = LogicalClock::get(opCtx)->getClusterTime();
-    auto keyStatus = _client->getNewKeys(opCtx, _purpose, currentTime);
+    auto keyStatus = _client->getNewKeys(opCtx, _purpose, currentTime, false);
 
     if (!keyStatus.isOK()) {
         return keyStatus.getStatus();
diff --git a/src/mongo/db/keys_collection_cache.cpp b/src/mongo/db/keys_collection_cache.cpp
index f4cff0dc905..20e3273af35 100644
--- a/src/mongo/db/keys_collection_cache.cpp
+++ b/src/mongo/db/keys_collection_cache.cpp
@@ -65,7 +65,7 @@ StatusWith<KeysCollectionDocument> KeysCollectionCache::refresh(OperationContext
                 "Cannot refresh keys collection cache during initial sync"};
     }
 
-    auto refreshStatus = _client->getNewKeys(opCtx, _purpose, newerThanThis);
+    auto refreshStatus = _client->getNewKeys(opCtx, _purpose, newerThanThis, true);
 
     if (!refreshStatus.isOK()) {
         return refreshStatus.getStatus();
diff --git a/src/mongo/db/keys_collection_client.h b/src/mongo/db/keys_collection_client.h
index 6f594db4805..54ac6fedc44 100644
--- a/src/mongo/db/keys_collection_client.h
+++ b/src/mongo/db/keys_collection_client.h
@@ -46,10 +46,14 @@ public:
     virtual ~KeysCollectionClient() = default;
 
     /**
-     * Returns keys for the given purpose and with an expiresAt value greater than newerThanThis.
+     * Returns keys for the given purpose and with an expiresAt value greater than newerThanThis,
+     * using readConcern level majority if possible.
      */
     virtual StatusWith<std::vector<KeysCollectionDocument>> getNewKeys(
-        OperationContext* opCtx, StringData purpose, const LogicalTime& newerThanThis) = 0;
+        OperationContext* opCtx,
+        StringData purpose,
+        const LogicalTime& newerThanThis,
+        bool useMajority) = 0;
 
     /**
     * Directly inserts a key document to the storage
diff --git a/src/mongo/db/keys_collection_client_direct.cpp b/src/mongo/db/keys_collection_client_direct.cpp
index 90316296378..861440f7707 100644
--- a/src/mongo/db/keys_collection_client_direct.cpp
+++ b/src/mongo/db/keys_collection_client_direct.cpp
@@ -74,16 +74,23 @@ bool isRetriableError(ErrorCodes::Error code, Shard::RetryPolicy options) {
 KeysCollectionClientDirect::KeysCollectionClientDirect() : _rsLocalClient() {}
 
 StatusWith<std::vector<KeysCollectionDocument>> KeysCollectionClientDirect::getNewKeys(
-    OperationContext* opCtx, StringData purpose, const LogicalTime& newerThanThis) {
+    OperationContext* opCtx,
+    StringData purpose,
+    const LogicalTime& newerThanThis,
+    bool useMajority) {
 
 
     BSONObjBuilder queryBuilder;
     queryBuilder.append("purpose", purpose);
     queryBuilder.append("expiresAt", BSON("$gt" << newerThanThis.asTimestamp()));
 
+    auto readConcern = serverGlobalParams.enableMajorityReadConcern && useMajority
+        ? repl::ReadConcernLevel::kMajorityReadConcern
+        : repl::ReadConcernLevel::kLocalReadConcern;
+
     auto findStatus = _query(opCtx,
                              ReadPreferenceSetting(ReadPreference::Nearest, TagSet{}),
-                             repl::ReadConcernLevel::kLocalReadConcern,
+                             readConcern,
                              KeysCollectionDocument::ConfigNS,
                              queryBuilder.obj(),
                              BSON("expiresAt" << 1),
diff --git a/src/mongo/db/keys_collection_client_direct.h b/src/mongo/db/keys_collection_client_direct.h
index 16aef9c7b73..9ad5dbb7490 100644
--- a/src/mongo/db/keys_collection_client_direct.h
+++ b/src/mongo/db/keys_collection_client_direct.h
@@ -46,10 +46,13 @@ class KeysCollectionClientDirect : public KeysCollectionClient {
 public:
     KeysCollectionClientDirect();
     /**
-     * Returns keys for the given purpose and with an expiresAt value greater than newerThanThis.
+     * Returns keys for the given purpose and with an expiresAt value greater than newerThanThis,
+     * using readConcern level majority if possible.
      */
-    StatusWith<std::vector<KeysCollectionDocument>> getNewKeys(
-        OperationContext* opCtx, StringData purpose, const LogicalTime& newerThanThis) override;
+    StatusWith<std::vector<KeysCollectionDocument>> getNewKeys(OperationContext* opCtx,
+                                                               StringData purpose,
+                                                               const LogicalTime& newerThanThis,
+                                                               bool useMajority) override;
 
     /**
     * Directly inserts a key document to the storage
diff --git a/src/mongo/db/keys_collection_client_sharded.cpp b/src/mongo/db/keys_collection_client_sharded.cpp
index 55a15465460..5a6a37bd210 100644
--- a/src/mongo/db/keys_collection_client_sharded.cpp
+++ b/src/mongo/db/keys_collection_client_sharded.cpp
@@ -40,7 +40,10 @@ KeysCollectionClientSharded::KeysCollectionClientSharded(ShardingCatalogClient*
 
 
 StatusWith<std::vector<KeysCollectionDocument>> KeysCollectionClientSharded::getNewKeys(
-    OperationContext* opCtx, StringData purpose, const LogicalTime& newerThanThis) {
+    OperationContext* opCtx,
+    StringData purpose,
+    const LogicalTime& newerThanThis,
+    bool useMajority) {
 
     return _catalogClient->getNewKeys(
         opCtx, purpose, newerThanThis, repl::ReadConcernLevel::kMajorityReadConcern);
diff --git a/src/mongo/db/keys_collection_client_sharded.h b/src/mongo/db/keys_collection_client_sharded.h
index 69fb5483aff..eabd0f2051d 100644
--- a/src/mongo/db/keys_collection_client_sharded.h
+++ b/src/mongo/db/keys_collection_client_sharded.h
@@ -40,10 +40,13 @@ public:
     KeysCollectionClientSharded(ShardingCatalogClient*);
 
     /**
-     * Returns keys for the given purpose and with an expiresAt value greater than newerThanThis.
+     * Returns keys for the given purpose and with an expiresAt value greater than newerThanThis,
+     * using readConcern level majority if possible.
      */
-    StatusWith<std::vector<KeysCollectionDocument>> getNewKeys(
-        OperationContext* opCtx, StringData purpose, const LogicalTime& newerThanThis) override;
+    StatusWith<std::vector<KeysCollectionDocument>> getNewKeys(OperationContext* opCtx,
+                                                               StringData purpose,
+                                                               const LogicalTime& newerThanThis,
+                                                               bool useMajority) override;
 
     /**
     * Directly inserts a key document to the storage
author	Misha Tyulenev <misha@mongodb.com>	2019-06-20 14:20:31 -0400
committer	Misha Tyulenev <misha@mongodb.com>	2019-06-20 14:20:55 -0400
commit	1d158cabb504fa9dba3ed0f0688cdf14cb7b0cba (patch)
tree	ea16bd71c9747040309a964246b743b9fa9b9bdf /src/mongo
parent	35424844fd9e10b042c435c83a8f1e23e42fb9e4 (diff)
download	mongo-1d158cabb504fa9dba3ed0f0688cdf14cb7b0cba.tar.gz