[SERVER-64187] move calls to validateShardKeyIsNotEncrypted into validateShardKeyIndexExistsOrCreateIfPossible Created: 03/Mar/22  Updated: 05/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Erwin Pe Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-63466 Fail shardCollection if an indexed en... Closed
depends on SERVER-64175 Change refineCollectionShardKey index... Closed
Assigned Teams:
Server Security
Participants:

 Description   

SERVER-63466 adds the function validateShardKeyIsNotEncrypted() to shard_key_util.cpp, which is used to check that none of the shard keys specified in a shardCollection, reshardCollection, or refineCollectionShardKey command are FLE2-encrypted fields. This check needs to occur in the primary shard's DDL coordinator, since it needs to check against the CollectionOptions of the target collection. Ideally, this call should be folded into the validateShardKeyIndexExistsOrCreateIfPossible() function, since that function is already called for validating the shard key for each of the relevant commands.


Generated at Thu Feb 08 05:59:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.