[SERVER-68457] Remove dollar tenant from IDL command Created: 01/Aug/22  Updated: 22/Jan/24  Resolved: 22/Jan/24

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Sophia Tan Assignee: Backlog - Service Architecture
Resolution: Won't Fix Votes: 0
Labels: ntdi_nice_to_have
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Service Arch
Participants:
Story Points: 3

 Description   

The $tenant field is parsed by `OpMsgRequest::parse()` layer which verify the $tenant and puts it into ValidatedTenancyScope for read-only accessing.
In this ticket, we should block any accessing to this field on IDL command layer by removing the `IDLCommand::getDollarTenant` and `DILCommand::setDollarTenant`.



 Comments   
Comment by Didier Nadeau [ 22/Jan/24 ]

This is not applicable anymore as we are removing $tenant altogether.

Comment by Sophia Tan [ 07/Apr/23 ]

We will delete `getDollarTenant` from public API but keep `setDollarTenant` in the public API.

The motivation of this ticket is to avoid accessing unverified dollar tenant from command request object.

Comment by Sophia Tan [ 30/Mar/23 ]

IDLCommand classes' `setDollarTenant` is only used by src/mongo/db/fle_crud.cpp. Today, the OpMsgRequestBuilder can append $tenant with DatabaseName object's tenant id without depending on cmd object's $tenant. I think fle_crud.cpp need not call `setDollarTenant` any more.  

The `getDollarTenant1 is only used by idl_test.cpp. It can also be removed.

At last, the default dollarTenant field can be removed from the IDL compiler. 

 

Generated at Thu Feb 08 06:10:51 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.