Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-74896

Remove NamespaceString::createNamespaceStringForAuth

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.2.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Fully Compatible
    • Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18

      Once the ResourcePattern and ParsedPrivilege APIs handle tenantIds, change any remaining call sites to NamespaceString::createNamespaceStringForAuth to call the appropriate method on NamespaceStringUtil to construct NamespaceStrings instead. Then, remove NamespaceString::createNamespaceStringForAuth, as it skips validation that tenantIds exist when they should.

      Note that the current model for db-only resource patterns includes the db.coll delimiter.  In order to more accurately match the `NamespaceString(const DatabaseName&)` constructor's behavior, we should move auth usages of dbonly patterns to not include the delimiter.  This will require careful review of AuthorizationSessionImpl and UserManagementCommands.

            Assignee:
            gabriel.marks@mongodb.com Gabriel Marks
            Reporter:
            janna.golden@mongodb.com Janna Golden
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: