From 68bcabb45941a98b7be16f50afa5df3f3885eca7 Mon Sep 17 00:00:00 2001
From: Mark Benvenuto <mark.benvenuto@mongodb.com>
Date: Mon, 6 Feb 2023 10:49:42 -0500
Subject: SERVER-73190 Add a second serverParameter to guard test only server
 status metrics in EmuBinary

---
 src/mongo/crypto/SConscript         |  1 +
 src/mongo/crypto/fle_options.cpp    | 54 +++++++++++++++++++++++++++++++++++++
 src/mongo/crypto/fle_options.idl    | 41 ++++++++++++++++++++++++++++
 src/mongo/crypto/fle_stats.cpp      |  4 ++-
 src/mongo/crypto/fle_stats_test.cpp |  5 +++-
 5 files changed, 103 insertions(+), 2 deletions(-)
 create mode 100644 src/mongo/crypto/fle_options.cpp
 create mode 100644 src/mongo/crypto/fle_options.idl

(limited to 'src/mongo/crypto')

diff --git a/src/mongo/crypto/SConscript b/src/mongo/crypto/SConscript
index f11e3d834d4..84847b5dac8 100644
--- a/src/mongo/crypto/SConscript
+++ b/src/mongo/crypto/SConscript
@@ -99,6 +99,7 @@ fleCryptoEnv.Library(
     source=[
         "encryption_fields_util.cpp",
         "fle_crypto.cpp",
+        "fle_options.idl",
         "fle_tags.cpp",
         "fle_stats.cpp",
         "fle_stats.idl",
diff --git a/src/mongo/crypto/fle_options.cpp b/src/mongo/crypto/fle_options.cpp
new file mode 100644
index 00000000000..6e53f4ce6c0
--- /dev/null
+++ b/src/mongo/crypto/fle_options.cpp
@@ -0,0 +1,54 @@
+/**
+ *    Copyright (C) 2023-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+
+#include "mongo/base/init.h"
+#include "mongo/crypto/fle_options_gen.h"
+#include "mongo/logv2/log.h"
+
+#define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kDefault
+
+
+namespace mongo {
+namespace {
+
+MONGO_INITIALIZER_WITH_PREREQUISITES(TestingDiagnostics, ("EndStartupOptionStorage"))
+(InitializerContext*) {
+    if (gUnsupportedDangerousTestingFLEDiagnosticsEnabledAtStartup) {
+        LOGV2_OPTIONS(7319001,
+                      {logv2::LogTag::kStartupWarnings},
+                      "Queryable Encryption Testing behaviors are enabled. This has serious "
+                      "implications for both "
+                      "performance and security of Queryable Encryption. This configuration is not "
+                      "supported.");
+    }
+}
+
+}  // namespace
+}  // namespace mongo
diff --git a/src/mongo/crypto/fle_options.idl b/src/mongo/crypto/fle_options.idl
new file mode 100644
index 00000000000..ccc93c44487
--- /dev/null
+++ b/src/mongo/crypto/fle_options.idl
@@ -0,0 +1,41 @@
+#    Copyright (C) 2023-present MongoDB, Inc.
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the Server Side Public License, version 1,
+#    as published by MongoDB, Inc.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    Server Side Public License for more details.
+#
+#    You should have received a copy of the Server Side Public License
+#    along with this program. If not, see
+#    <http://www.mongodb.com/licensing/server-side-public-license>.
+#
+#    As a special exception, the copyright holders give permission to link the
+#    code of portions of this program with the OpenSSL library under certain
+#    conditions as described in each individual source file and distribute
+#    linked combinations including the program with the OpenSSL library. You
+#    must comply with the Server Side Public License in all respects for
+#    all of the code used other than as permitted herein. If you modify file(s)
+#    with this exception, you may extend this exception to your version of the
+#    file(s), but you are not obligated to do so. If you do not wish to do so,
+#    delete this exception statement from your version. If you delete this
+#    exception statement from all source files in the program, then also delete
+#    it in the license file.
+#
+
+global:
+  cpp_namespace: "mongo"
+
+imports:
+  - "mongo/db/basic_types.idl"
+
+server_parameters:
+  unsupportedDangerousTestingFLEDiagnosticsEnabled:
+    description: 'Start with test-only FLE statistics behavior enabled'
+    set_at: startup
+    cpp_vartype: bool
+    cpp_varname: gUnsupportedDangerousTestingFLEDiagnosticsEnabledAtStartup
+    default: false
diff --git a/src/mongo/crypto/fle_stats.cpp b/src/mongo/crypto/fle_stats.cpp
index e34be1412a6..e89c6755c1a 100644
--- a/src/mongo/crypto/fle_stats.cpp
+++ b/src/mongo/crypto/fle_stats.cpp
@@ -31,6 +31,7 @@
 
 #include "mongo/crypto/fle_stats.h"
 
+#include "mongo/crypto/fle_options_gen.h"
 #include "mongo/util/system_tick_source.h"
 #include "mongo/util/testing_options_gen.h"
 
@@ -69,7 +70,8 @@ BSONObj FLEStatusSection::generateSection(OperationContext* opCtx,
         temp.serialize(&sub);
     }
 
-    if (gTestingDiagnosticsEnabledAtStartup) {
+    if (gTestingDiagnosticsEnabledAtStartup &&
+        gUnsupportedDangerousTestingFLEDiagnosticsEnabledAtStartup) {
         auto sub = BSONObjBuilder(builder.subobjStart("emuBinaryStats"));
         sub << "calls" << emuBinaryCalls.loadRelaxed();
         sub << "suboperations" << emuBinarySuboperation.loadRelaxed();
diff --git a/src/mongo/crypto/fle_stats_test.cpp b/src/mongo/crypto/fle_stats_test.cpp
index b6f4e412c8c..e1f35effe57 100644
--- a/src/mongo/crypto/fle_stats_test.cpp
+++ b/src/mongo/crypto/fle_stats_test.cpp
@@ -33,6 +33,7 @@
 
 #include "mongo/bson/unordered_fields_bsonobj_comparator.h"
 #include "mongo/db/operation_context_noop.h"
+#include "mongo/idl/server_parameter_test_util.h"
 #include "mongo/unittest/unittest.h"
 #include "mongo/util/testing_options_gen.h"
 #include "mongo/util/tick_source_mock.h"
@@ -109,7 +110,9 @@ TEST_F(FLEStatsTest, BinaryEmuStatsAreEmptyWithoutTesting) {
 }
 
 TEST_F(FLEStatsTest, BinaryEmuStatsArePopulatedWithTesting) {
-    gTestingDiagnosticsEnabledAtStartup = true;
+    RAIIServerParameterControllerForTest controller1(
+        "unsupportedDangerousTestingFLEDiagnosticsEnabled", true);
+    RAIIServerParameterControllerForTest controller2("testingDiagnosticsEnabled", true);
 
     {
         auto tracker = instance->makeEmuBinaryTracker();
-- 
cgit v1.2.1