diff options
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/db/catalog/rename_collection.cpp | 10 | ||||
-rw-r--r-- | src/mongo/db/s/rename_collection_coordinator.cpp | 7 | ||||
-rw-r--r-- | src/mongo/db/s/sharded_rename_collection.idl | 5 | ||||
-rw-r--r-- | src/mongo/db/s/shardsvr_rename_collection_command.cpp | 3 | ||||
-rw-r--r-- | src/mongo/s/commands/cluster_rename_collection_cmd.cpp | 4 | ||||
-rw-r--r-- | src/mongo/s/request_types/sharded_ddl_commands.idl | 10 | ||||
-rw-r--r-- | src/mongo/shell/assert.js | 3 |
7 files changed, 35 insertions, 7 deletions
diff --git a/src/mongo/db/catalog/rename_collection.cpp b/src/mongo/db/catalog/rename_collection.cpp index b2ea5e5ff4a..3cb953f04c1 100644 --- a/src/mongo/db/catalog/rename_collection.cpp +++ b/src/mongo/db/catalog/rename_collection.cpp @@ -117,7 +117,10 @@ Status checkSourceAndTargetNamespaces(OperationContext* opCtx, str::stream() << "Source collection " << source.ns() << " does not exist"); } - if (sourceColl->getCollectionOptions().encryptedFieldConfig) { + if (sourceColl->getCollectionOptions().encryptedFieldConfig && + !AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::setUserWriteBlockMode)) { return Status(ErrorCodes::IllegalOperation, "Cannot rename an encrypted collection"); } @@ -130,7 +133,10 @@ Status checkSourceAndTargetNamespaces(OperationContext* opCtx, return Status(ErrorCodes::NamespaceExists, str::stream() << "a view already exists with that name: " << target); } else { - if (targetColl->getCollectionOptions().encryptedFieldConfig) { + if (targetColl->getCollectionOptions().encryptedFieldConfig && + !AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::setUserWriteBlockMode)) { return Status(ErrorCodes::IllegalOperation, "Cannot rename to an existing encrypted collection"); } diff --git a/src/mongo/db/s/rename_collection_coordinator.cpp b/src/mongo/db/s/rename_collection_coordinator.cpp index 391d57133b4..b96a89e62d7 100644 --- a/src/mongo/db/s/rename_collection_coordinator.cpp +++ b/src/mongo/db/s/rename_collection_coordinator.cpp @@ -32,6 +32,7 @@ #include "mongo/db/s/rename_collection_coordinator.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/catalog/collection_catalog.h" #include "mongo/db/catalog/collection_uuid_mismatch.h" #include "mongo/db/catalog/database_holder.h" @@ -156,7 +157,8 @@ ExecutorFuture<void> RenameCollectionCoordinator::_runImpl( uassert(ErrorCodes::IllegalOperation, "Cannot rename an encrypted collection", - !coll || !coll->getCollectionOptions().encryptedFieldConfig); + !coll || !coll->getCollectionOptions().encryptedFieldConfig || + _doc.getAllowEncryptedCollectionRename().value_or(false)); } // Make sure the source collection exists @@ -229,7 +231,8 @@ ExecutorFuture<void> RenameCollectionCoordinator::_runImpl( opCtx, toNss, *coll, _doc.getExpectedTargetUUID()); uassert(ErrorCodes::IllegalOperation, "Cannot rename to an existing encrypted collection", - !coll || !coll->getCollectionOptions().encryptedFieldConfig); + !coll || !coll->getCollectionOptions().encryptedFieldConfig || + _doc.getAllowEncryptedCollectionRename().value_or(false)); } } catch (const DBException&) { diff --git a/src/mongo/db/s/sharded_rename_collection.idl b/src/mongo/db/s/sharded_rename_collection.idl index 1d43633d5e8..0d972dc6f64 100644 --- a/src/mongo/db/s/sharded_rename_collection.idl +++ b/src/mongo/db/s/sharded_rename_collection.idl @@ -123,6 +123,11 @@ structs: type: uuid description: "ID of the existing collection getting dropped." optional: true + allowEncryptedCollectionRename: + description: "Encrypted Collection renames are usually disallowed to minimize user error. + C2C needs to do the renames to replicate create collection." + type: bool + optional: true RenameCollectionParticipantDocument: description: "Represents a rename collection operation on a participant shard." diff --git a/src/mongo/db/s/shardsvr_rename_collection_command.cpp b/src/mongo/db/s/shardsvr_rename_collection_command.cpp index df68acc6801..d7bf1db2b03 100644 --- a/src/mongo/db/s/shardsvr_rename_collection_command.cpp +++ b/src/mongo/db/s/shardsvr_rename_collection_command.cpp @@ -98,6 +98,9 @@ public: coordinatorDoc.setRenameCollectionRequest(req.getRenameCollectionRequest()); coordinatorDoc.setShardingDDLCoordinatorMetadata( {{fromNss, DDLCoordinatorTypeEnum::kRenameCollection}}); + coordinatorDoc.setAllowEncryptedCollectionRename( + req.getAllowEncryptedCollectionRename().value_or(false)); + auto service = ShardingDDLCoordinatorService::getService(opCtx); auto renameCollectionCoordinator = checked_pointer_cast<RenameCollectionCoordinator>( service->getOrCreateInstance(opCtx, coordinatorDoc.toBSON())); diff --git a/src/mongo/s/commands/cluster_rename_collection_cmd.cpp b/src/mongo/s/commands/cluster_rename_collection_cmd.cpp index 7fdb7767d47..1df93f9458e 100644 --- a/src/mongo/s/commands/cluster_rename_collection_cmd.cpp +++ b/src/mongo/s/commands/cluster_rename_collection_cmd.cpp @@ -93,6 +93,10 @@ public: ShardsvrRenameCollection renameCollRequest(fromNss); renameCollRequest.setDbName(fromNss.db()); renameCollRequest.setRenameCollectionRequest(renameCollReq); + renameCollRequest.setAllowEncryptedCollectionRename( + AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::setUserWriteBlockMode)); auto catalogCache = Grid::get(opCtx)->catalogCache(); auto swDbInfo = Grid::get(opCtx)->catalogCache()->getDatabase(opCtx, fromNss.db()); diff --git a/src/mongo/s/request_types/sharded_ddl_commands.idl b/src/mongo/s/request_types/sharded_ddl_commands.idl index b3cc1ed7246..001551acaf6 100644 --- a/src/mongo/s/request_types/sharded_ddl_commands.idl +++ b/src/mongo/s/request_types/sharded_ddl_commands.idl @@ -322,6 +322,12 @@ commands: api_version: "" chained_structs: RenameCollectionRequest: RenameCollectionRequest + fields: + allowEncryptedCollectionRename: + description: "Encrypted Collection renames are usually disallowed to minimize user error. + C2C needs to do the renames to replicate create collection." + type: bool + optional: true _shardsvrSetAllowMigrations: command_name: _shardsvrSetAllowMigrations @@ -367,7 +373,7 @@ commands: namespace: concatenate_with_db api_version: "" strict: false - chained_structs: + chained_structs: RefineCollectionShardKeyRequest: RefineCollectionShardKeyRequest _configsvrRefineCollectionShardKey: @@ -400,7 +406,7 @@ commands: namespace: concatenate_with_db api_version: "" strict: false - chained_structs: + chained_structs: DropIndexesRequest: DropIndexesRequest _configsvrCreateDatabase: diff --git a/src/mongo/shell/assert.js b/src/mongo/shell/assert.js index 87fe3232814..1e5c7115280 100644 --- a/src/mongo/shell/assert.js +++ b/src/mongo/shell/assert.js @@ -110,7 +110,8 @@ assert = (function() { doassert("msg function cannot expect any parameters."); } } else if (typeof msg !== "string" && typeof msg !== "object") { - doassert("msg parameter must be a string, function or object."); + doassert("msg parameter must be a string, function or object. Found type: " + + typeof (msg)); } if (msg && assert._debug) { |