Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-64187

move calls to validateShardKeyIsNotEncrypted into validateShardKeyIndexExistsOrCreateIfPossible

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security

    Description

      SERVER-63466 adds the function validateShardKeyIsNotEncrypted() to shard_key_util.cpp, which is used to check that none of the shard keys specified in a shardCollection, reshardCollection, or refineCollectionShardKey command are FLE2-encrypted fields. This check needs to occur in the primary shard's DDL coordinator, since it needs to check against the CollectionOptions of the target collection. Ideally, this call should be folded into the validateShardKeyIndexExistsOrCreateIfPossible() function, since that function is already called for validating the shard key for each of the relevant commands.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            erwin.pe@mongodb.com Erwin Pe
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: