-
Type: Task
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Server Security
SERVER-63466 adds the function validateShardKeyIsNotEncrypted() to shard_key_util.cpp, which is used to check that none of the shard keys specified in a shardCollection, reshardCollection, or refineCollectionShardKey command are FLE2-encrypted fields. This check needs to occur in the primary shard's DDL coordinator, since it needs to check against the CollectionOptions of the target collection. Ideally, this call should be folded into the validateShardKeyIndexExistsOrCreateIfPossible() function, since that function is already called for validating the shard key for each of the relevant commands.
- depends on
-
SERVER-63466 Fail shardCollection if an indexed encrypted field is used as a shard key
- Closed
-
SERVER-64175 Change refineCollectionShardKey index validation checks
- Closed