[SERVER-72172] Tenant information set by dollar tenant on applyOps command is dropped off when checking operation authorization Created: 16/Dec/22 Updated: 27/Oct/23 Resolved: 16/Dec/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Sophia Tan | Assignee: | Backlog - Service Architecture |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Service Arch
|
| Operating System: | ALL |
| Participants: |
| Description |
|
The function OplogApplicationChecks::checkOperationAuthorization does not handle the tenant information which is set by $tenant on the applyOps command request. That makes the server returns error message "TenantId must be set on nss list_collections_no_views.system.views" and error code 6972100. This issue is found when we test the applyOps command with injected dollar tenant. Here are some jstests which run command "applyOps":
|
| Comments |
| Comment by Sophia Tan [ 16/Dec/22 ] |
|
It isn't a bug. For applying oplog entries during an apply ops command, the tenant information should either come from the prefix in the "ns" field or the "tid" field. The $tenant should be ignored. We can't actually test those tests in our passthrough suite though, because we'd have to inject either a "tid" or prefix on the "ns" field for these tests, which I don't think we really want to do. So, those jstest files mentioned in the description should be excluded from the pass through test suite. |