[SERVER-35079] Provide a mechanism to redact PII out of db.currentOp() output Created: 18/May/18  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Ramon Fernandez Marina Assignee: Backlog - Query Execution
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to SERVER-33880 Log currentOp information to mongod log Backlog
Assigned Teams:
Query Execution
Participants:

 Description   

It would be useful to have a way to collect the output of db.currentOp() with PII redacted (like in log redaction). Something like:

db.currentOp({redact:1})

or similar.



 Comments   
Comment by Bruce Lucas (Inactive) [ 23/May/18 ]

Those primitives provide a programming language in which a redaction function could be written, as does JavaScript. The ask here is for such a function for specifically redacting currentOp. It could be provided separately from the server (whether as a server-side aggregation pipeline or a client-side JavaScript function), but it will need to have specific knowledge of the content of currentOp that can change from release to release, so I think it would be better if it were built into the server so that it can be maintained as currentOp us updated.

Comment by Asya Kamsky [ 22/May/18 ]

Current op is now an aggregation stage so it should be possible to append various $redact, $project and/or $addFields  after it to do any transformation desired.

 

Comment by Ramon Fernandez Marina [ 19/May/18 ]

I would not add a new privilege as part of the implementation of this functionality, as I don't think there's such need.

Comment by Eric Milkie [ 18/May/18 ]

I mean the other way around; would we add a new privilege such that you could configure a user to run the redacted version but not the full one?

Comment by Ramon Fernandez Marina [ 18/May/18 ]

Since redaction removes information I think it should be ok to allow any user that can get the output of db.currentOp() to get a redacted version of it... I do not believe there's any covert channels here. spencer.jackson, care to weigh in?

Comment by Eric Milkie [ 18/May/18 ]

Would this new behavior be subject to additional privilege, or would its use (in place of unredacted execution) be trusted by the callers?

Generated at Thu Feb 08 04:38:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.