[SERVER-74896] Remove NamespaceString::createNamespaceStringForAuth Created: 15/Mar/23 Updated: 29/Oct/23 Resolved: 14/Sep/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.2.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Janna Golden | Assignee: | Gabriel Marks |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Sprint: | Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
Once the ResourcePattern and ParsedPrivilege APIs handle tenantIds, change any remaining call sites to NamespaceString::createNamespaceStringForAuth to call the appropriate method on NamespaceStringUtil to construct NamespaceStrings instead. Then, remove NamespaceString::createNamespaceStringForAuth, as it skips validation that tenantIds exist when they should. Note that the current model for db-only resource patterns includes the db.coll delimiter. In order to more accurately match the `NamespaceString(const DatabaseName&)` constructor's behavior, we should move auth usages of dbonly patterns to not include the delimiter. This will require careful review of AuthorizationSessionImpl and UserManagementCommands. |
| Comments |
| Comment by Githook User [ 15/Sep/23 ] |
|
Author: {'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}Message: |