From 49802bc44a41271ae1dac871b28bdf1146f77ece Mon Sep 17 00:00:00 2001 From: Mark Benvenuto Date: Mon, 11 Jul 2022 13:51:44 -0400 Subject: SERVER-65077 Remove FCV gating logic for FLE 2 after branching 6.0 --- jstests/fle2/convert_encrypted_to_capped.js | 1 - jstests/fle2/create_encrypted_collection.js | 1 - jstests/fle2/create_encrypted_indexes.js | 1 - jstests/fle2/implicit_schema_validation.js | 1 - jstests/fle2/modify_encrypted_collection.js | 1 - jstests/fle2/shard_collection.js | 1 - .../targetedTestsLastLtsFeatures/fle2_downgrade.js | 52 ---------------------- src/mongo/crypto/encryption_fields.idl | 6 --- src/mongo/db/catalog/collection_options_test.cpp | 15 ------- src/mongo/db/commands/create_indexes.cpp | 6 --- src/mongo/db/commands/fle2_compact_cmd.cpp | 5 --- .../set_feature_compatibility_version_command.cpp | 26 ----------- src/mongo/db/fle_crud.cpp | 10 ----- src/mongo/db/fle_crud.h | 10 +---- src/mongo/db/fle_crud_mongod.cpp | 16 ------- src/mongo/db/s/shard_key_util.cpp | 5 --- ..._compact_structured_encryption_data_command.cpp | 4 -- src/mongo/shell/shell_options.cpp | 1 - 18 files changed, 2 insertions(+), 160 deletions(-) delete mode 100644 jstests/multiVersion/targetedTestsLastLtsFeatures/fle2_downgrade.js diff --git a/jstests/fle2/convert_encrypted_to_capped.js b/jstests/fle2/convert_encrypted_to_capped.js index 256a247258e..eedf91f81f4 100644 --- a/jstests/fle2/convert_encrypted_to_capped.js +++ b/jstests/fle2/convert_encrypted_to_capped.js @@ -2,7 +2,6 @@ /** * @tags: [ - * requires_fcv_60, * assumes_unsharded_collection, * requires_non_retryable_commands, * assumes_against_mongod_not_mongos diff --git a/jstests/fle2/create_encrypted_collection.js b/jstests/fle2/create_encrypted_collection.js index f827475ca14..f5e5b4dbb2a 100644 --- a/jstests/fle2/create_encrypted_collection.js +++ b/jstests/fle2/create_encrypted_collection.js @@ -2,7 +2,6 @@ /** * @tags: [ - * requires_fcv_60, * assumes_unsharded_collection * ] */ diff --git a/jstests/fle2/create_encrypted_indexes.js b/jstests/fle2/create_encrypted_indexes.js index 295cdc7334b..3c414bb4e6e 100644 --- a/jstests/fle2/create_encrypted_indexes.js +++ b/jstests/fle2/create_encrypted_indexes.js @@ -2,7 +2,6 @@ /** * @tags: [ - * requires_fcv_60, * assumes_unsharded_collection * ] */ diff --git a/jstests/fle2/implicit_schema_validation.js b/jstests/fle2/implicit_schema_validation.js index 81098070d7d..041a92c4589 100644 --- a/jstests/fle2/implicit_schema_validation.js +++ b/jstests/fle2/implicit_schema_validation.js @@ -2,7 +2,6 @@ /** * @tags: [ - * requires_fcv_60, * assumes_unsharded_collection, * does_not_support_transactions * ] diff --git a/jstests/fle2/modify_encrypted_collection.js b/jstests/fle2/modify_encrypted_collection.js index 6fb3afe2292..ad3ce413168 100644 --- a/jstests/fle2/modify_encrypted_collection.js +++ b/jstests/fle2/modify_encrypted_collection.js @@ -2,7 +2,6 @@ /** * @tags: [ - * requires_fcv_60, * assumes_unsharded_collection * ] */ diff --git a/jstests/fle2/shard_collection.js b/jstests/fle2/shard_collection.js index ff2e86452dd..a9707bd0d6d 100644 --- a/jstests/fle2/shard_collection.js +++ b/jstests/fle2/shard_collection.js @@ -2,7 +2,6 @@ * Verify valid and invalid scenarios for shard collection * * @tags: [ - * requires_fcv_60 * ] */ load("jstests/fle2/libs/encrypted_client_util.js"); diff --git a/jstests/multiVersion/targetedTestsLastLtsFeatures/fle2_downgrade.js b/jstests/multiVersion/targetedTestsLastLtsFeatures/fle2_downgrade.js deleted file mode 100644 index 6c9e495b31c..00000000000 --- a/jstests/multiVersion/targetedTestsLastLtsFeatures/fle2_downgrade.js +++ /dev/null @@ -1,52 +0,0 @@ -/** - * Tests that the cluster cannot be downgraded when encrypted fields present - * - * @tags: [ - * requires_fcv_60, - * __TEMPORARILY_DISABLED__, - * ] - */ - -load("jstests/fle2/libs/encrypted_client_util.js"); - -(function() { -"use strict"; - -const rst = new ReplSetTest({nodes: 1}); -rst.startSet(); -rst.initiate(); -rst.awaitReplication(); - -let dbName = 'downgrade_test'; -let conn = rst.getPrimary(); -let db = conn.getDB("admin"); -let client = new EncryptedClient(conn, dbName); - -function runTest(targetFCV) { - assert.commandWorked(client.createEncryptionCollection("basic", { - encryptedFields: { - "fields": [ - {"path": "first", "bsonType": "string", "queries": {"queryType": "equality"}}, - {"path": "middle", "bsonType": "string"}, - {"path": "aka", "bsonType": "string", "queries": {"queryType": "equality"}}, - ] - } - })); - - let res = assert.commandFailedWithCode( - db.adminCommand({setFeatureCompatibilityVersion: targetFCV}), ErrorCodes.CannotDowngrade); - - assert(client.getDB().fle2.basic.ecoc.drop()); - assert(client.getDB().fle2.basic.ecc.drop()); - assert(client.getDB().fle2.basic.esc.drop()); - assert(client.getDB().basic.drop()); - - assert.commandWorked(db.adminCommand({setFeatureCompatibilityVersion: targetFCV})); - assert.commandWorked(db.adminCommand({setFeatureCompatibilityVersion: latestFCV})); -} - -runTest(lastLTSFCV); -runTest(lastContinuousFCV); - -rst.stopSet(); -}()); \ No newline at end of file diff --git a/src/mongo/crypto/encryption_fields.idl b/src/mongo/crypto/encryption_fields.idl index 9b0b877e9a1..3f573d68f9f 100644 --- a/src/mongo/crypto/encryption_fields.idl +++ b/src/mongo/crypto/encryption_fields.idl @@ -41,12 +41,6 @@ enums: Range: "range" feature_flags: - featureFlagFLE2: - description: "Enable Queryable Encryption support" - cpp_varname: gFeatureFlagFLE2 - default: true - version: 6.0 - featureFlagFLE2Range: description: "Enable support for range indexes in Queryable Encryption" cpp_varname: gFeatureFlagFLE2Range diff --git a/src/mongo/db/catalog/collection_options_test.cpp b/src/mongo/db/catalog/collection_options_test.cpp index 33e3082e6ab..6312989cb09 100644 --- a/src/mongo/db/catalog/collection_options_test.cpp +++ b/src/mongo/db/catalog/collection_options_test.cpp @@ -359,8 +359,6 @@ TEST(CollectionOptions, NExtentsNoError) { // Duplicate fields is not allowed TEST(FLECollectionOptions, MultipleFields) { - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); - ASSERT_STATUS_CODE(6338402, CollectionOptions::parse(fromjson(R"({ encryptedFields: { "fields": [ @@ -382,8 +380,6 @@ TEST(FLECollectionOptions, MultipleFields) { // Duplicate key ids are bad, it breaks the design TEST(FLECollectionOptions, DuplicateKeyIds) { - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); - ASSERT_STATUS_CODE(6338401, CollectionOptions::parse(fromjson(R"({ encryptedFields: { "fields": [ @@ -404,7 +400,6 @@ TEST(FLECollectionOptions, DuplicateKeyIds) { } TEST(FLECollectionOptions, NonConflictingPrefixes) { - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); ASSERT_OK(CollectionOptions::parse(fromjson(R"({ encryptedFields: { "fields": [ @@ -445,8 +440,6 @@ TEST(FLECollectionOptions, NonConflictingPrefixes) { } TEST(FLECollectionOptions, ConflictingPrefixes) { - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); - ASSERT_STATUS_CODE(6338403, CollectionOptions::parse(fromjson(R"({ encryptedFields: { "fields": [ @@ -503,10 +496,6 @@ TEST(FLECollectionOptions, ConflictingPrefixes) { } TEST(FLECollectionOptions, DuplicateQueryTypes) { - - - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); - ASSERT_STATUS_CODE(6338404, CollectionOptions::parse(fromjson(R"({ encryptedFields: { "fields": [ @@ -521,8 +510,6 @@ TEST(FLECollectionOptions, DuplicateQueryTypes) { } TEST(FLECollectionOptions, AllowedTypes) { - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); - std::vector typesAllowedIndexed({ "string", "binData", @@ -591,8 +578,6 @@ TEST(FLECollectionOptions, AllowedTypes) { TEST(FLECollectionOptions, DisAllowedTypes) { - RAIIServerParameterControllerForTest featureFlagController("featureFlagFLE2", true); - std::vector typesDisallowedIndexed({ "minKey", "missing", diff --git a/src/mongo/db/commands/create_indexes.cpp b/src/mongo/db/commands/create_indexes.cpp index ef79e828556..dfb1c8f0db6 100644 --- a/src/mongo/db/commands/create_indexes.cpp +++ b/src/mongo/db/commands/create_indexes.cpp @@ -203,12 +203,6 @@ void validateTTLOptions(OperationContext* opCtx, void checkEncryptedFieldIndexRestrictions(OperationContext* opCtx, const NamespaceString& ns, const CreateIndexesCommand& cmd) { - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - if (serverGlobalParams.featureCompatibility.isVersionInitialized() && - !gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) { - return; - } - AutoGetCollection collection(opCtx, ns, MODE_IS); if (!collection) { return; diff --git a/src/mongo/db/commands/fle2_compact_cmd.cpp b/src/mongo/db/commands/fle2_compact_cmd.cpp index 1867f50ad78..bd3df18eb8d 100644 --- a/src/mongo/db/commands/fle2_compact_cmd.cpp +++ b/src/mongo/db/commands/fle2_compact_cmd.cpp @@ -89,11 +89,6 @@ CompactStats compactEncryptedCompactionCollection(OperationContext* opCtx, str::stream() << "Collection '" << edcNss << "' does not exist"); } - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - uassert(6319903, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); - validateCompactRequest(request, *edc.get()); auto namespaces = diff --git a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp index fcbe33dc343..3bdd4f03141 100644 --- a/src/mongo/db/commands/set_feature_compatibility_version_command.cpp +++ b/src/mongo/db/commands/set_feature_compatibility_version_command.cpp @@ -351,17 +351,6 @@ public: if (request.getPhase() == SetFCVPhaseEnum::kStart) { invariant(serverGlobalParams.clusterRole == ClusterRole::ShardServer); - // TODO SERVER-65077: Remove FCV check once 6.0 is released - if (actualVersion > requestedVersion && - !gFeatureFlagFLE2.isEnabledOnVersion(requestedVersion)) { - // No more (recoverable) CompactStructuredEncryptionDataCoordinator will start - // because we have already switched the FCV value to kDowngrading. Wait for the - // ongoing CompactStructuredEncryptionDataCoordinator to finish. - ShardingDDLCoordinatorService::getService(opCtx) - ->waitForCoordinatorsOfGivenTypeToComplete( - opCtx, DDLCoordinatorTypeEnum::kCompactStructuredEncryptionData); - } - // If we are only running phase-1, then we are done return true; } @@ -536,21 +525,6 @@ private: return collection->getTimeseriesOptions() != boost::none; }); } - - // Block downgrade for collections with encrypted fields - // TODO SERVER-65077: Remove once FCV 6.0 becomes last-lts. - for (const auto& dbName : DatabaseHolder::get(opCtx)->getNames()) { - Lock::DBLock dbLock(opCtx, dbName, MODE_IX); - catalog::forEachCollectionFromDb( - opCtx, dbName, MODE_X, [&](const CollectionPtr& collection) { - uassert( - ErrorCodes::CannotDowngrade, - str::stream() << "Cannot downgrade the cluster as collection " - << collection->ns() << " has 'encryptedFields'", - !collection->getCollectionOptions().encryptedFieldConfig.has_value()); - return true; - }); - } } { diff --git a/src/mongo/db/fle_crud.cpp b/src/mongo/db/fle_crud.cpp index 18eeeeb8e7c..38cc9cd5510 100644 --- a/src/mongo/db/fle_crud.cpp +++ b/src/mongo/db/fle_crud.cpp @@ -931,11 +931,6 @@ FLEBatchResult processFLEBatch(OperationContext* opCtx, return FLEBatchResult::kNotProcessed; } - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - uassert(6371209, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); - if (request.getBatchType() == BatchedCommandRequest::BatchType_Insert) { auto insertRequest = request.getInsertRequest(); @@ -1220,11 +1215,6 @@ FLEBatchResult processFLEFindAndModify(OperationContext* opCtx, return FLEBatchResult::kNotProcessed; } - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - if (!gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) { - uasserted(6371405, "Queryable Encryption is only supported when FCV supports 6.0"); - } - // FLE2 Mongos CRUD operations loopback through MongoS with EncryptionInformation as // findAndModify so query can do any necessary transformations. But on the nested call, CRUD // does not need to do any more work. diff --git a/src/mongo/db/fle_crud.h b/src/mongo/db/fle_crud.h index 7c8d93ae1f9..c91f7c1eee4 100644 --- a/src/mongo/db/fle_crud.h +++ b/src/mongo/db/fle_crud.h @@ -218,18 +218,12 @@ std::unique_ptr processFLEPipelineD( */ template bool shouldDoFLERewrite(const std::unique_ptr& cmd) { - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - return (!serverGlobalParams.featureCompatibility.isVersionInitialized() || - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) && - cmd->getEncryptionInformation(); + return cmd->getEncryptionInformation().has_value(); } template bool shouldDoFLERewrite(const T& cmd) { - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - return (!serverGlobalParams.featureCompatibility.isVersionInitialized() || - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) && - cmd.getEncryptionInformation(); + return cmd.getEncryptionInformation().has_value(); } /** diff --git a/src/mongo/db/fle_crud_mongod.cpp b/src/mongo/db/fle_crud_mongod.cpp index 1e488f1f65a..46098aa20f7 100644 --- a/src/mongo/db/fle_crud_mongod.cpp +++ b/src/mongo/db/fle_crud_mongod.cpp @@ -180,10 +180,6 @@ FLEBatchResult processFLEInsert(OperationContext* opCtx, repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() == repl::ReplicationCoordinator::modeReplSet); - uassert(5926101, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); - auto [batchResult, insertReplyReturn] = processInsert(opCtx, insertRequest, &getTransactionWithRetriesForMongoD); @@ -206,10 +202,6 @@ write_ops::DeleteCommandReply processFLEDelete( repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() == repl::ReplicationCoordinator::modeReplSet); - uassert(5926102, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); - auto deleteReply = processDelete(opCtx, deleteRequest, &getTransactionWithRetriesForMongoD); setMongosFieldsInReply(opCtx, &deleteReply.getWriteCommandReplyBase()); @@ -225,10 +217,6 @@ write_ops::FindAndModifyCommandReply processFLEFindAndModify( repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() == repl::ReplicationCoordinator::modeReplSet); - uassert(5926103, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); - auto reply = processFindAndModifyRequest( opCtx, findAndModifyRequest, &getTransactionWithRetriesForMongoD); @@ -243,10 +231,6 @@ write_ops::UpdateCommandReply processFLEUpdate( repl::ReplicationCoordinator::get(opCtx->getServiceContext())->getReplicationMode() == repl::ReplicationCoordinator::modeReplSet); - uassert(5926104, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); - auto updateReply = processUpdate(opCtx, updateRequest, &getTransactionWithRetriesForMongoD); setMongosFieldsInReply(opCtx, &updateReply.getWriteCommandReplyBase()); diff --git a/src/mongo/db/s/shard_key_util.cpp b/src/mongo/db/s/shard_key_util.cpp index a0363a907d4..2bacf4b94c5 100644 --- a/src/mongo/db/s/shard_key_util.cpp +++ b/src/mongo/db/s/shard_key_util.cpp @@ -235,11 +235,6 @@ bool validateShardKeyIndexExistsOrCreateIfPossible(OperationContext* opCtx, void validateShardKeyIsNotEncrypted(OperationContext* opCtx, const NamespaceString& nss, const ShardKeyPattern& shardKeyPattern) { - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - if (!gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)) { - return; - } - AutoGetCollection collection(opCtx, nss, MODE_IS, AutoGetCollectionViewMode::kViewsPermitted); if (!collection || collection.getView()) { return; diff --git a/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp b/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp index 18eb42ef46f..1bbb55c6da3 100644 --- a/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp +++ b/src/mongo/db/s/shardsvr_compact_structured_encryption_data_command.cpp @@ -77,10 +77,6 @@ public: using InvocationBase::InvocationBase; Reply typedRun(OperationContext* opCtx) { - // TODO (SERVER-65077): Remove FCV check once 6.0 is released - uassert(6350499, - "Queryable Encryption is only supported when FCV supports 6.0", - gFeatureFlagFLE2.isEnabled(serverGlobalParams.featureCompatibility)); FixedFCVRegion fixedFcvRegion(opCtx); auto compact = makeRequest(opCtx); diff --git a/src/mongo/shell/shell_options.cpp b/src/mongo/shell/shell_options.cpp index 2c8fd8e2326..48b1d9fdf71 100644 --- a/src/mongo/shell/shell_options.cpp +++ b/src/mongo/shell/shell_options.cpp @@ -67,7 +67,6 @@ const std::set kSetShellParameterAllowlist = { "awsEC2InstanceMetadataUrl", "awsECSInstanceMetadataUrl", "disabledSecureAllocatorDomains", - "featureFlagFLE2", "newLineAfterPasswordPromptForTest", "ocspClientHttpTimeoutSecs", "ocspEnabled", -- cgit v1.2.1