SERVER-59261 Enable Feature flag for PM-2466

author: Mark Benvenuto <mark.benvenuto@mongodb.com> 2022-04-09 11:08:41 -0400
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2022-04-09 18:18:22 +0000
commit: 180baae184f16c26070b4a84d98d86ef164bdfc5 (patch)
tree: 3a8914cb3e048225e2f04ca072234adc7a21c9e7 /src
parent: dc271946221f20e8629d74104d3252862741949e (diff)
download: mongo-180baae184f16c26070b4a84d98d86ef164bdfc5.tar.gz
12 files changed, 63 insertions, 19 deletions
diff --git a/src/mongo/crypto/encryption_fields.idl b/src/mongo/crypto/encryption_fields.idl
index 0f298d7de76..1a1090ab59d 100644
--- a/src/mongo/crypto/encryption_fields.idl
+++ b/src/mongo/crypto/encryption_fields.idl
@@ -42,7 +42,8 @@ feature_flags:
     featureFlagFLE2:
         description: "Enable FLE2 support"
         cpp_varname: gFeatureFlagFLE2
-        default: false
+        default: true
+        version: 6.0
 
 structs:
 
diff --git a/src/mongo/crypto/fle_crypto.cpp b/src/mongo/crypto/fle_crypto.cpp
index 8523fc9b2cb..b9e50672e4e 100644
--- a/src/mongo/crypto/fle_crypto.cpp
+++ b/src/mongo/crypto/fle_crypto.cpp
@@ -969,6 +969,7 @@ void parseAndVerifyInsertUpdatePayload(std::vector<EDCServerPayloadInfo>* pField
 
 void collectEDCServerInfo(std::vector<EDCServerPayloadInfo>* pFields,
                           ConstDataRange cdr,
+
                           StringData fieldPath) {
 
     // TODO - validate field is actually indexed in the schema?
diff --git a/src/mongo/db/catalog/collection_options_validation.cpp b/src/mongo/db/catalog/collection_options_validation.cpp
index 1d64bce454a..e6d2a2682e4 100644
--- a/src/mongo/db/catalog/collection_options_validation.cpp
+++ b/src/mongo/db/catalog/collection_options_validation.cpp
@@ -58,10 +58,6 @@ Status validateStorageEngineOptions(const BSONObj& storageEngine) {
 
 EncryptedFieldConfig processAndValidateEncryptedFields(EncryptedFieldConfig config) {
 
-    if (!gFeatureFlagFLE2.isEnabledAndIgnoreFCV()) {
-        uasserted(6338408, "Feature flag FLE2 is not enabled");
-    }
-
     stdx::unordered_set<UUID, UUID::Hash> keys(config.getFields().size());
     std::vector<std::string> fieldPaths;
     fieldPaths.reserve(config.getFields().size());
diff --git a/src/mongo/db/commands/create_indexes.cpp b/src/mongo/db/commands/create_indexes.cpp
index df1fd7a3342..c85c7cf6743 100644
--- a/src/mongo/db/commands/create_indexes.cpp
+++ b/src/mongo/db/commands/create_indexes.cpp
@@ -199,7 +199,9 @@ void validateTTLOptions(OperationContext* opCtx,
 void checkEncryptedFieldIndexRestrictions(OperationContext* opCtx,
                                           const NamespaceString& ns,
                                           const CreateIndexesCommand& cmd) {
-    if (!gFeatureFlagFLE2.isEnabledAndIgnoreFCV()) {
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    if (serverGlobalParams.featureCompatibility.isVersionInitialized() &&
+        !gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) {
         return;
     }
 
diff --git a/src/mongo/db/commands/fle2_compact_cmd.cpp b/src/mongo/db/commands/fle2_compact_cmd.cpp
index 0cd2dabf61b..d96e9b28dac 100644
--- a/src/mongo/db/commands/fle2_compact_cmd.cpp
+++ b/src/mongo/db/commands/fle2_compact_cmd.cpp
@@ -72,7 +72,10 @@ CompactStats compactEncryptedCompactionCollection(OperationContext* opCtx,
                   str::stream() << "Collection '" << edcNss << "' does not exist");
     }
 
-    uassert(6319903, "Feature flag FLE2 is not enabled", gFeatureFlagFLE2.isEnabledAndIgnoreFCV());
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    uassert(6319903,
+            "FLE 2 is only supported when FCV supports 6.0",
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
 
     uassert(6346807,
             "Target namespace is not an encrypted collection",
diff --git a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp
index 2a540ffa88b..55b2a097a2e 100644
--- a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp
+++ b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp
@@ -820,6 +820,22 @@ private:
                         deletionStatus.isOK() ||
                             deletionStatus.code() == ErrorCodes::NamespaceNotFound);
             }
+
+            // Block downgrade for collections with encrypted fields
+            // TODO SERVER-65077: Remove once FCV 6.0 becomes last-lts.
+            for (const auto& tenantDbName : DatabaseHolder::get(opCtx)->getNames()) {
+                const auto& dbName = tenantDbName.dbName();
+                Lock::DBLock dbLock(opCtx, dbName, MODE_IX);
+                catalog::forEachCollectionFromDb(
+                    opCtx, tenantDbName, MODE_X, [&](const CollectionPtr& collection) {
+                        uassert(
+                            ErrorCodes::CannotDowngrade,
+                            str::stream() << "Cannot downgrade the cluster as collection "
+                                          << collection->ns() << " has 'encryptedFields'",
+                            !collection->getCollectionOptions().encryptedFieldConfig.has_value());
+                        return true;
+                    });
+            }
         }
 
         {
diff --git a/src/mongo/db/fle_crud.cpp b/src/mongo/db/fle_crud.cpp
index b52e0d3ba0b..626def45735 100644
--- a/src/mongo/db/fle_crud.cpp
+++ b/src/mongo/db/fle_crud.cpp
@@ -803,9 +803,10 @@ FLEBatchResult processFLEBatch(OperationContext* opCtx,
                                BatchedCommandResponse* response,
                                boost::optional<OID> targetEpoch) {
 
-    if (!gFeatureFlagFLE2.isEnabledAndIgnoreFCV()) {
-        uasserted(6371209, "Feature flag FLE2 is not enabled");
-    }
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    uassert(6371209,
+            "FLE 2 is only supported when FCV supports 6.0",
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
 
     if (request.getBatchType() == BatchedCommandRequest::BatchType_Insert) {
         auto insertRequest = request.getInsertRequest();
@@ -1058,8 +1059,9 @@ FLEBatchResult processFLEFindAndModify(OperationContext* opCtx,
         return FLEBatchResult::kNotProcessed;
     }
 
-    if (!gFeatureFlagFLE2.isEnabledAndIgnoreFCV()) {
-        uasserted(6371405, "Feature flag FLE2 is not enabled");
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    if (!gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) {
+        uasserted(6371405, "FLE 2 is only supported when FCV supports 6.0");
     }
 
     // FLE2 Mongos CRUD operations loopback through MongoS with EncryptionInformation as
diff --git a/src/mongo/db/fle_crud.h b/src/mongo/db/fle_crud.h
index d1499ccb669..2bd2c0f8086 100644
--- a/src/mongo/db/fle_crud.h
+++ b/src/mongo/db/fle_crud.h
@@ -42,6 +42,7 @@
 #include "mongo/db/ops/write_ops_gen.h"
 #include "mongo/db/pipeline/pipeline.h"
 #include "mongo/db/query/count_command_gen.h"
+#include "mongo/db/server_options.h"
 #include "mongo/db/transaction_api.h"
 #include "mongo/s/write_ops/batch_write_exec.h"
 #include "mongo/s/write_ops/batched_command_response.h"
@@ -213,12 +214,18 @@ std::unique_ptr<Pipeline, PipelineDeleter> processFLEPipelineD(
  */
 template <typename T>
 bool shouldDoFLERewrite(const std::unique_ptr<T>& cmd) {
-    return gFeatureFlagFLE2.isEnabledAndIgnoreFCV() && cmd->getEncryptionInformation();
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    return (!serverGlobalParams.featureCompatibility.isVersionInitialized() ||
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) &&
+        cmd->getEncryptionInformation();
 }
 
 template <typename T>
 bool shouldDoFLERewrite(const T& cmd) {
-    return gFeatureFlagFLE2.isEnabledAndIgnoreFCV() && cmd.getEncryptionInformation();
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    return (!serverGlobalParams.featureCompatibility.isVersionInitialized() ||
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) &&
+        cmd.getEncryptionInformation();
 }
 
 /**
diff --git a/src/mongo/db/fle_crud_mongod.cpp b/src/mongo/db/fle_crud_mongod.cpp
index 9253954457e..01b0628b7e8 100644
--- a/src/mongo/db/fle_crud_mongod.cpp
+++ b/src/mongo/db/fle_crud_mongod.cpp
@@ -175,6 +175,10 @@ FLEBatchResult processFLEInsert(OperationContext* opCtx,
             repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() ==
                 repl::ReplicationCoordinator::modeReplSet);
 
+    uassert(5926101,
+            "FLE 2 is only supported when FCV supports 6.0",
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
+
     auto [batchResult, insertReplyReturn] =
         processInsert(opCtx, insertRequest, &getTransactionWithRetriesForMongoD);
 
@@ -197,6 +201,10 @@ write_ops::DeleteCommandReply processFLEDelete(
             repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() ==
                 repl::ReplicationCoordinator::modeReplSet);
 
+    uassert(5926102,
+            "FLE 2 is only supported when FCV supports 6.0",
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
+
     auto deleteReply = processDelete(opCtx, deleteRequest, &getTransactionWithRetriesForMongoD);
 
     setMongosFieldsInReply(opCtx, &deleteReply.getWriteCommandReplyBase());
@@ -212,6 +220,10 @@ write_ops::FindAndModifyCommandReply processFLEFindAndModify(
             repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() ==
                 repl::ReplicationCoordinator::modeReplSet);
 
+    uassert(5926103,
+            "FLE 2 is only supported when FCV supports 6.0",
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
+
     auto reply = processFindAndModifyRequest<write_ops::FindAndModifyCommandReply>(
         opCtx, findAndModifyRequest, &getTransactionWithRetriesForMongoD);
 
@@ -226,6 +238,10 @@ write_ops::UpdateCommandReply processFLEUpdate(
             repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() ==
                 repl::ReplicationCoordinator::modeReplSet);
 
+    uassert(5926104,
+            "FLE 2 is only supported when FCV supports 6.0",
+            gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
+
     auto updateReply = processUpdate(opCtx, updateRequest, &getTransactionWithRetriesForMongoD);
 
     setMongosFieldsInReply(opCtx, &updateReply.getWriteCommandReplyBase());
diff --git a/src/mongo/db/s/shard_key_util.cpp b/src/mongo/db/s/shard_key_util.cpp
index 2a081555d0e..5a0acaeb2a4 100644
--- a/src/mongo/db/s/shard_key_util.cpp
+++ b/src/mongo/db/s/shard_key_util.cpp
@@ -213,7 +213,8 @@ bool validateShardKeyIndexExistsOrCreateIfPossible(OperationContext* opCtx,
 void validateShardKeyIsNotEncrypted(OperationContext* opCtx,
                                     const NamespaceString& nss,
                                     const ShardKeyPattern& shardKeyPattern) {
-    if (!gFeatureFlagFLE2.isEnabledAndIgnoreFCV()) {
+    // TODO (SERVER-65077): Remove FCV check once 6.0 is released
+    if (!gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) {
         return;
     }
 
diff --git a/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp b/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp
index b4cd3882aff..b29e42a741e 100644
--- a/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp
+++ b/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp
@@ -74,9 +74,10 @@ public:
         using InvocationBase::InvocationBase;
 
         Reply typedRun(OperationContext* opCtx) {
+            // TODO (SERVER-65077): Remove FCV check once 6.0 is released
             uassert(6350499,
-                    "Feature flag FLE2 is not enabled",
-                    gFeatureFlagFLE2.isEnabledAndIgnoreFCV());
+                    "FLE 2 is only supported when FCV supports 6.0",
+                    gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility));
 
             auto compact = makeRequest(opCtx);
             if (!compact) {
diff --git a/src/mongo/shell/servers_misc.js b/src/mongo/shell/servers_misc.js
index 3b82705015b..87eb1192527 100644
--- a/src/mongo/shell/servers_misc.js
+++ b/src/mongo/shell/servers_misc.js
@@ -157,8 +157,6 @@ startParallelShell = function(jsCode, port, noConnect, ...optionArgs) {
     }
 
     args.push(...optionArgs);
-    args.push("--setShellParameter");
-    args.push("featureFlagFLE2=true");
     args.push("--eval", jsCode);
 
     var pid = startMongoProgramNoConnect.apply(null, args);
author	Mark Benvenuto <mark.benvenuto@mongodb.com>	2022-04-09 11:08:41 -0400
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2022-04-09 18:18:22 +0000
commit	180baae184f16c26070b4a84d98d86ef164bdfc5 (patch)
tree	3a8914cb3e048225e2f04ca072234adc7a21c9e7 /src
parent	dc271946221f20e8629d74104d3252862741949e (diff)
download	mongo-180baae184f16c26070b4a84d98d86ef164bdfc5.tar.gz