diff options
author | Allison Easton <allison.easton@mongodb.com> | 2023-05-10 06:04:34 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-05-10 06:41:57 +0000 |
commit | 7fc5589de0c4ee771a58ada749e1261d19f15160 (patch) | |
tree | 1d4ee9709d58ced927d6700c3e543fc8c5461386 /src | |
parent | 05d534fd10aab9b3aaefa740618595e524576143 (diff) | |
download | mongo-7fc5589de0c4ee771a58ada749e1261d19f15160.tar.gz |
SERVER-76337 Add a server status metric to track unauthorized direct connections to shards
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/s/sharding_statistics.cpp | 6 | ||||
-rw-r--r-- | src/mongo/db/s/sharding_statistics.h | 5 | ||||
-rw-r--r-- | src/mongo/db/service_entry_point_common.cpp | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/mongo/db/s/sharding_statistics.cpp b/src/mongo/db/s/sharding_statistics.cpp index 527804c1689..ab141c405df 100644 --- a/src/mongo/db/s/sharding_statistics.cpp +++ b/src/mongo/db/s/sharding_statistics.cpp @@ -81,6 +81,12 @@ void ShardingStatistics::report(BSONObjBuilder* builder) const { // (Ignore FCV check): This feature flag doesn't have any upgrade/downgrade concerns. if (mongo::feature_flags::gConcurrencyInChunkMigration.isEnabledAndIgnoreFCVUnsafe()) builder->append("chunkMigrationConcurrency", chunkMigrationConcurrencyCnt.load()); + // The serverStatus command is run before the FCV is initialized so we ignore it when + // checking whether the direct shard operations feature flag is enabled. + if (mongo::feature_flags::gCheckForDirectShardOperations + .isEnabledAndIgnoreFCVUnsafeAtStartup()) { + builder->append("unauthorizedDirectShardOps", unauthorizedDirectShardOperations.load()); + } } } // namespace mongo diff --git a/src/mongo/db/s/sharding_statistics.h b/src/mongo/db/s/sharding_statistics.h index 9479bbc87bd..541b6df1bd0 100644 --- a/src/mongo/db/s/sharding_statistics.h +++ b/src/mongo/db/s/sharding_statistics.h @@ -129,6 +129,11 @@ struct ShardingStatistics { // Current number for chunkMigrationConcurrency that defines concurrent fetchers and inserters // used for _migrateClone(step 4) of chunk migration AtomicWord<int> chunkMigrationConcurrencyCnt{1}; + + // Total number of commands run directly against this shard without the directShardOperations + // role. + AtomicWord<long long> unauthorizedDirectShardOperations{0}; + /** * Obtains the per-process instance of the sharding statistics object. */ diff --git a/src/mongo/db/service_entry_point_common.cpp b/src/mongo/db/service_entry_point_common.cpp index b4a47137d64..45609430298 100644 --- a/src/mongo/db/service_entry_point_common.cpp +++ b/src/mongo/db/service_entry_point_common.cpp @@ -1772,6 +1772,7 @@ void ExecCommandDatabase::_initiateCommand() { "directShardOperations role. Please connect via a router.", "command"_attr = request.getCommandName()); } + ShardingStatistics::get(opCtx).unauthorizedDirectShardOperations.addAndFetch(1); } } } |