-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
Server Serverless 2022-05-02, Server Serverless 2022-05-16, Server Serverless 2022-05-30, Server Serverless 2022-06-13
Today, we parse a command request before parsing and validating the tenantId sent in either the security token or $tenant field. We'd like to instead parse and validate the tenantId before parsing the command and set a separate field on the OpMsg itself with the validated tenantId. That way, when parsing the command request, we can use this validated tenantId when constructing the NamespaceString for the command. In order to do this we'll need to:
*Add an optional field 'tenantId' to OpMsg\https://github.com/mongodb/mongo/blob/fd399c5a5d340f029fcd09b8de112f01d71761f0/src/mongo/rpc/op_msg.h#L54. If this is set, it should mean a validated tenantId was sent with the command (either as security token or $tenant)
- After parsing/validating the tenantId in rpc::readRequestMetadata, set the tenantId field on the OpMsg. We probably should to change auth::readSecurityTokenMetadata and parseDollarTenantFromRequest to return the tenantId as opposed to grabbing it from the opCtx, since we may remove these decorations in the future.
- Move the call to rpc::readRequestMetadata() to before we parse the request:
- Let's add a test in rpc/metadata_test.cpp that asserts the tenantId field is set on the opMsg after readRequestMetadata() is called only if the tenantId has been validated.
- is depended on by
-
SERVER-65459 Construct NamespaceString using tenantId on the OpMsgRequest during command parsing for IDL defined commands
- Closed
-
SERVER-66586 Make UMC commands Tenant capable (EnableTestCommands only)
- Closed