[SERVER-79128] Enforce that tenantIds are included in metadata collection documents Created: 19/Jul/23  Updated: 23/Jan/24

Status: Open
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Janna Golden Assignee: Backlog - Service Architecture
Resolution: Unresolved Votes: 0
Labels: ntdi_nice_to_have, ntdi_releasability
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Service Arch
Participants:
Story Points: 1

 Description   

Generally, any metadata collections that store data for a particular tenant should be made into per-tenant collections, and tenant information should not be stored in the documents in the collections themselves. This is both to mitigate the risk that tenantIds are leaked to users (if users can read the metadata collections), and to make restoring Serverless customers clusters simpler (the tenantId for a customer can change upon a restore).

This ticket is to enforce that tenantIds are not included in internal metadata collections (other than particular exceptions, like change collections, oplog). One potential way to do this is to add some hook that looks through internal collections and ensures a tenantId is not present.


Generated at Thu Feb 08 06:40:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.