As server developers, we often need to implement a workflow in which a command is sent and executed on the primary node of a shard. Additionally, we need this command to be interrupted as soon as the node step down.

Unfortunately, today there is no easy API that allow to implement this workflow easily.

In particular, the most common pattern today is the following:

• Send the command to the specific shard with ReadPreference::PrimaryOnly
• Implement the command on the shard as Command::AllowedOnSecondary::kNever
• Use setAlwaysInterruptAtStepDownOrUp_UNSAFE() function to mark the operation context on the shard as interruptable on stepdown

The problem is that setAlwaysInterruptAtStepDownOrUp_UNSAFE() does not provide strong guarantee around interruption, in fact, as suggested by its name, there is no actual guarantee the operation context will get interrupted on step down. This is because the function is not serialized with the replica set state change. In particular, it could happen that the node became secondary before or during the execution of this function. In this scenario, the operation context will not be interrupted, and the command will keep being executed on a secondary node.

I think we should make so that a command marked as Command::AllowedOnSecondary::kNever should automatically have the operation context interrupted on stepdown.