[SERVER-35079] Provide a mechanism to redact PII out of db.currentOp() output Created: 18/May/18 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Querying |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Ramon Fernandez Marina | Assignee: | Backlog - Query Execution |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Query Execution
|
||||||||||||
| Participants: | |||||||||||||
| Description |
|
It would be useful to have a way to collect the output of db.currentOp() with PII redacted (like in log redaction). Something like:
or similar. |
| Comments |
| Comment by Bruce Lucas (Inactive) [ 23/May/18 ] |
|
Those primitives provide a programming language in which a redaction function could be written, as does JavaScript. The ask here is for such a function for specifically redacting currentOp. It could be provided separately from the server (whether as a server-side aggregation pipeline or a client-side JavaScript function), but it will need to have specific knowledge of the content of currentOp that can change from release to release, so I think it would be better if it were built into the server so that it can be maintained as currentOp us updated. |
| Comment by Asya Kamsky [ 22/May/18 ] |
|
Current op is now an aggregation stage so it should be possible to append various $redact, $project and/or $addFields after it to do any transformation desired.
|
| Comment by Ramon Fernandez Marina [ 19/May/18 ] |
|
I would not add a new privilege as part of the implementation of this functionality, as I don't think there's such need. |
| Comment by Eric Milkie [ 18/May/18 ] |
|
I mean the other way around; would we add a new privilege such that you could configure a user to run the redacted version but not the full one? |
| Comment by Ramon Fernandez Marina [ 18/May/18 ] |
|
Since redaction removes information I think it should be ok to allow any user that can get the output of db.currentOp() to get a redacted version of it... I do not believe there's any covert channels here. spencer.jackson, care to weigh in? |
| Comment by Eric Milkie [ 18/May/18 ] |
|
Would this new behavior be subject to additional privilege, or would its use (in place of unredacted execution) be trusted by the callers? |