Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.1.0-rc0, 8.0.0-rc5
Affects Version/s: None
Component/s: None
Labels:
- time-series

Assigned Teams:

Catalog and Routing
Backwards Compatibility:
Fully Compatible
Backport Requested:

v8.0
Sprint:
Execution Team 2024-03-04, CAR Team 2024-04-15, CAR Team 2024-04-29, CAR Team 2024-05-13
Linked BF Score:
9

Prior to MongoDB 5.0 it wasn't possible for an external client to create a system.buckets collection, even if such a client was authenticated as the __system user. This is because collections which are prefixed with system. are protected at a level outside the access control system where unrecognized system collections cannot be created (full stop). With the introduction of timeseries collections in MongoDB 5.0, this constraint was relaxed and it became possible for external clients to create system.buckets collections directly. The intended use case was likely for mongorestore for performance reasons to directly write the bucket documents. However despite the only valid use case for system.buckets collection to be for a timeseries collection, this isn't actually enforced by the server at all.

This gap in input validation leaves open a risk where Server engineers make poor assumptions about NamespaceString::isTimeseriesBucketsCollection() implying the collection is actually timeseries without consulting the local mdb catalog. Or where mongosync wants to rely on checking whether the namespace has a system.buckets. prefix and therefore requires special DDL handling to deal with the associated view namespace. We should instead move the server semantics into one where the assumptions engineers are making turn out also to be true.

rs:PRIMARY> db.dropDatabase()
rs:PRIMARY> db.system.buckets.a.runCommand("create")
{
        "ok" : 1,
        "$clusterTime" : {
                "clusterTime" : Timestamp(1690936687, 1),
                "signature" : {
                        "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
                        "keyId" : NumberLong(0)
                }
        },
        "operationTime" : Timestamp(1690936687, 1)
}

depends on

SERVER-89087 Allow renaming a bucket colleciton without timeseries options

Closed

SERVER-79499 "Fix" non-time-series bucket collections in tests.

Closed

is depended on by

SERVER-89557 ViewDefinition::timeseries() doesn't check for TimeSeries option

Closed

SERVER-89089 Simplify rename collection checks for bucket collections

Backlog

SERVER-89999 Remove DisallowBucketCollectionWithoutTimeseriesOptions feature flag

Backlog

SERVER-89956 Remove renameCollectionCoordinatorV3 feature flag

Closed

is duplicated by

SERVER-89557 ViewDefinition::timeseries() doesn't check for TimeSeries option

Closed

is related to

SERVER-90862 Creating a collection or a view should fail if a bucket namespace exists without its view

Backlog

SERVER-87231 Catalog drop collection command should not translate timeseries namespaces if no timeseries options are present

Closed

SERVER-88200 Time-series writes on manually-created buckets may misbehave

Closed

SERVER-79499 "Fix" non-time-series bucket collections in tests.

Closed

related to

SERVER-95500 Rephrase error message about inconsistent bucket collection on upgrade to 8.0

Open

SERVER-89906 Prohibit explicit creation of system.buckets* collections in the fuzzer

Closed

(1 is depended on by, 1 is duplicated by, 4 is related to, 2 related to)

Assignee:: Tommaso Tocci

Reporter:: Max Hirschhorn

Participants:: Githook User, Gregory Noma, Max Hirschhorn, Tommaso Tocci

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: Aug 02 2023 05:49:51 PM UTC

Updated:: Oct 03 2024 05:02:31 PM UTC

Resolved:: May 03 2024 03:28:07 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates