diff options
-rw-r--r-- | buildscripts/resmokeconfig/suites/multiversion_auth.yml | 3 | ||||
-rw-r--r-- | jstests/multiVersion/libs/multi_rs.js | 2 | ||||
-rw-r--r-- | jstests/multiVersion/load_keys_on_upgrade.js | 56 | ||||
-rw-r--r-- | src/mongo/db/keys_collection_client_direct.cpp | 3 |
4 files changed, 63 insertions, 1 deletions
diff --git a/buildscripts/resmokeconfig/suites/multiversion_auth.yml b/buildscripts/resmokeconfig/suites/multiversion_auth.yml index afe6158a970..f5a4574f082 100644 --- a/buildscripts/resmokeconfig/suites/multiversion_auth.yml +++ b/buildscripts/resmokeconfig/suites/multiversion_auth.yml @@ -20,6 +20,9 @@ selector: # it attempts to connect to an upgraded mongoD. Un-blacklist when SERVER-42919 fixes this issue. - jstests/multiVersion/genericSetFCVUsage/crash_mongos_against_upgraded_cluster.js + # Skip any tests that run with auth explicitly. + - jstests/multiVersion/load_keys_on_upgrade.js + # Multiversion tests start their own mongod's. executor: config: diff --git a/jstests/multiVersion/libs/multi_rs.js b/jstests/multiVersion/libs/multi_rs.js index 5c21853423f..a32a15645f2 100644 --- a/jstests/multiVersion/libs/multi_rs.js +++ b/jstests/multiVersion/libs/multi_rs.js @@ -80,6 +80,8 @@ ReplSetTest.prototype.upgradePrimary = function(primary, options, user, pwd) { this.nodeOptions[nodeName] = Object.merge(this.nodeOptions[nodeName], options); } + jsTest.authenticate(primary); + let oldPrimary = this.stepdown(primary); this.waitForState(oldPrimary, ReplSetTest.State.SECONDARY); diff --git a/jstests/multiVersion/load_keys_on_upgrade.js b/jstests/multiVersion/load_keys_on_upgrade.js new file mode 100644 index 00000000000..5b5c8801d83 --- /dev/null +++ b/jstests/multiVersion/load_keys_on_upgrade.js @@ -0,0 +1,56 @@ +// +// Tests to validate that correct read concern is used to load clusterTime signing keys from +// admin.system.keys on upgrade. +// + +load('./jstests/multiVersion/libs/multi_rs.js'); + +var oldVersion = "last-stable"; + +var nodes = { + n1: {binVersion: oldVersion}, + n2: {binVersion: oldVersion}, + n3: {binVersion: oldVersion} +}; + +var keyFile = "jstests/libs/key1"; +var rst = new ReplSetTest({nodes: nodes, keyFile: keyFile}); + +rst.startSet(); + +rst.initiateWithAnyNodeAsPrimary( + Object.extend(rst.getReplSetConfig(), {writeConcernMajorityJournalDefault: true})); + +// Wait for a primary node... +var primary = rst.getPrimary(); + +primary.getDB("admin").createUser({user: "root", pwd: "root", roles: ["root"]}, {w: 3}); + +var rsConn = new Mongo(rst.getURL()); +assert.eq(1, rsConn.getDB("admin").auth("root", "root")); +assert.commandWorked(rsConn.adminCommand({hello: 1})); +print("clusterTime: " + tojson(rsConn.getDB("admin").getSession().getClusterTime())); + +jsTest.log("Upgrading replica set..."); + +TestData.auth = true; +TestData.keyFile = keyFile; +TestData.authUser = "__system"; +TestData.keyFileData = "foopdedoop"; +TestData.authenticationDatabase = "local"; +rst.upgradeSet({keyFile: keyFile, binVersion: "latest"}); + +jsTest.log("Replica set upgraded."); + +TestData.keyFile = undefined; + +try { + rsConn.adminCommand({hello: 1}); +} catch (e) { +} + +assert.eq(1, rsConn.getDB("admin").auth("root", "root")); +assert.commandWorked(rsConn.adminCommand({hello: 1})); +print("clusterTime2: " + tojson(rsConn.getDB("admin").getSession().getClusterTime())); + +rst.stopSet();
\ No newline at end of file diff --git a/src/mongo/db/keys_collection_client_direct.cpp b/src/mongo/db/keys_collection_client_direct.cpp index 7b00475749a..b926b47e8e5 100644 --- a/src/mongo/db/keys_collection_client_direct.cpp +++ b/src/mongo/db/keys_collection_client_direct.cpp @@ -84,7 +84,8 @@ StatusWith<std::vector<KeysCollectionDocument>> KeysCollectionClientDirect::getN queryBuilder.append("purpose", purpose); queryBuilder.append("expiresAt", BSON("$gt" << newerThanThis.asTimestamp())); - auto readConcern = serverGlobalParams.enableMajorityReadConcern && useMajority + auto storageEngine = opCtx->getServiceContext()->getStorageEngine(); + auto readConcern = storageEngine->supportsReadConcernMajority() && useMajority ? repl::ReadConcernLevel::kMajorityReadConcern : repl::ReadConcernLevel::kLocalReadConcern; |