[SERVER-69288] Disallow mixing tenantIds within transactions Created: 31/Aug/22 Updated: 15/Nov/23 Resolved: 09/Nov/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Hugh Tong (Inactive) | Assignee: | Backlog - Service Architecture |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | ntdi_nice_to_have | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Service Arch
|
||||||||
| Participants: | |||||||||
| Description |
|
A transaction should result from a single session with a single tenant. Currently, we don't perform any enforcement at the oplog entry level to prevent mixing tenantIds in a transaction. Enforcing this would mean that the top-level tenantId in the oplog entry should also match the tenantIds in all operations in the applyOps array. However, this is also used as a method of testing for tenantIds in transactions in unit tests, which will need to be modified to either detect this or accommodate this. |
| Comments |
| Comment by Githook User [ 15/Nov/23 ] |
|
Author: {'name': 'Didier Nadeau', 'email': 'didier.nadeau@mongodb.com', 'username': 'nadeaudi'}Message: |
| Comment by Sophia Tan [ 30/Mar/23 ] |
|
I think mongod need not perform any enforcement at any layer (either command process level or oplog entry level) to prevent mixing tenantids in a transaction. We should trust the AtlasProxy always inject the right tenant id into requests which includes non-transaction operations and transaction operations. For a tenant user, one transaction is related to the single tenant only. The AtlasProxy should ensure it. For a cloud super user, the cloud client should not doing operations cross multiple tenants within one transaction. The cloud client should ensure it. We are going to close this ticket. janna.golden@mongodb.com Would you please point us to someone of serverless cloud team for double check before closing it? |