[SERVER-12691] Custom validation of database and collection names Created: 12/Feb/14  Updated: 06/Dec/22  Resolved: 07/Apr/17

Status: Closed
Project: Core Server
Component/s: Usability
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Jon Rangel (Inactive) Assignee: Backlog - Storage Execution Team
Resolution: Won't Fix Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Storage Execution
Participants:

 Description   

Often, developers / DBAs accidentally create databases with names that are nonsensical. This could be for a number of reasons, such as:

  • the database name chosen is not sufficiently descriptive and thus hard to identify by other teams
  • typos
  • running a bogus command such as the following in the shell (this is a real example)

mongos> use *
mongos> 

It would be good to be able to specify a regex that a database name must match before creation can occur, so that sensible naming conventions could be enforced. This should also be made user-specific in some way.

e.g. In a large organization, provide the ability to enforce some kind of naming conventions for certain groups to only be able to create databases named 'groupname_foo'.

The above description equally applies to validation of collection names.



 Comments   
Comment by Ian Whalen (Inactive) [ 07/Apr/17 ]

After discussing with asya: since this ticket was filed we've added extensive role-based access control which we believe is more appropriate since the feature as requested above still does not protect against unintended database creation.

Comment by Kevin J. Rice [ 19/Feb/14 ]

Our concern is not database files being created. Just having the databases exist matters significantly.

We have a large infrastructure that monitors our Mongo databases. It finds all running mongod's, finds their config files and/or parses their command lines from 'ps -ef ' output, and connects to them. it then queries admin database to find which databases this daemon is handling. Each database found is queried for operations counts (inserts, updates, etc.), various status counts like number of chunks, etc. This monitoring infrastructure reports these numbers back and automatically creates Graphite (http://github.com/graphite-project/graphite-web) graphs of this data.

Since MongoDB non-intuitively creates a database 'dbname' by merely doing 'use dbname', (instead of other databases's convention of 'create database'), it is very easy to accidentally create databases. Even reasonably cautious users can mistype names during a query and thus create databases. This is so easy that it causes problems. Short of changing the effects of the command 'use dbname' to not automatically create databases, we need to control their creation somehow.

Further, we have a large number of groups within our organization that are sharing the use of a larger MongoDB cluster. Any of these groups can create a database and we have no control over, or visibility / auditability into, who has created a database. We'd like some control over who owns what. Thus, this is a problem we must solve by more than guesswork. it results in having databases that no one owns, no one knows how they came to be, and whether or not we can delete them safely.

Thus, we're requesting a way to enforce that any database a user creates has to have a naming convention. We're open to any way you have of solving this mystery database question, but this case identifies a real problem here at our company.

Comment by Daniel Pasette (Inactive) [ 18/Feb/14 ]

This case can easily be handled by DBA's using client side scripts. Unless data is written, no database files will be created.

Generated at Thu Feb 08 03:29:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.