SERVER-74486 Always include tenant in collection name attributes in error messages

author: Sophia Tan <sophia_tll@hotmail.com> 2023-04-18 07:41:17 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2023-04-18 08:57:59 +0000
commit: 274cb477d2a1b64ac81b85e9f1b3172387ce0184 (patch)
tree: e89f778fa52a40413403b6a125b69271cf8469c0 /src/mongo/db/auth/authorization_checks.cpp
parent: 8863b04c282557081cf2634bce0e26f4fa5389b2 (diff)
download: mongo-274cb477d2a1b64ac81b85e9f1b3172387ce0184.tar.gz
1 files changed, 14 insertions, 9 deletions
diff --git a/src/mongo/db/auth/authorization_checks.cpp b/src/mongo/db/auth/authorization_checks.cpp
index ac37ab4b000..58f8bd7e806 100644
--- a/src/mongo/db/auth/authorization_checks.cpp
+++ b/src/mongo/db/auth/authorization_checks.cpp
@@ -77,11 +77,12 @@ Status checkAuthForFind(AuthorizationSession* authSession,
                         bool hasTerm) {
     if (MONGO_unlikely(ns.isCommand())) {
         return Status(ErrorCodes::InternalError,
-                      str::stream() << "Checking query auth on command namespace " << ns.ns());
+                      str::stream() << "Checking query auth on command namespace "
+                                    << ns.toStringForErrorMsg());
     }
     if (!authSession->isAuthorizedForActionsOnNamespace(ns, ActionType::find)) {
         return Status(ErrorCodes::Unauthorized,
-                      str::stream() << "not authorized for query on " << ns.ns());
+                      str::stream() << "not authorized for query on " << ns.toStringForErrorMsg());
     }
 
     // Only internal clients (such as other nodes in a replica set) are allowed to use
@@ -91,7 +92,8 @@ Status checkAuthForFind(AuthorizationSession* authSession,
         !authSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
                                                        ActionType::internal)) {
         return Status(ErrorCodes::Unauthorized,
-                      str::stream() << "not authorized for query with term on " << ns.ns());
+                      str::stream()
+                          << "not authorized for query with term on " << ns.toStringForErrorMsg());
     }
 
     return Status::OK();
@@ -116,7 +118,8 @@ Status checkAuthForGetMore(AuthorizationSession* authSession,
         !authSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
                                                        ActionType::internal)) {
         return Status(ErrorCodes::Unauthorized,
-                      str::stream() << "not authorized for getMore with term on " << ns.ns());
+                      str::stream() << "not authorized for getMore with term on "
+                                    << ns.toStringForErrorMsg());
     }
 
     return Status::OK();
@@ -131,7 +134,7 @@ Status checkAuthForInsert(AuthorizationSession* authSession,
     }
     if (!authSession->isAuthorizedForActionsOnNamespace(ns, required)) {
         return Status(ErrorCodes::Unauthorized,
-                      str::stream() << "not authorized for insert on " << ns.ns());
+                      str::stream() << "not authorized for insert on " << ns.toStringForErrorMsg());
     }
 
     return Status::OK();
@@ -157,7 +160,8 @@ Status checkAuthForUpdate(AuthorizationSession* authSession,
 
     if (!authSession->isAuthorizedForActionsOnNamespace(ns, required)) {
         return Status(ErrorCodes::Unauthorized,
-                      str::stream() << "not authorized for " << operationType << " on " << ns.ns());
+                      str::stream() << "not authorized for " << operationType << " on "
+                                    << ns.toStringForErrorMsg());
     }
 
     return Status::OK();
@@ -169,7 +173,8 @@ Status checkAuthForDelete(AuthorizationSession* authSession,
                           const BSONObj& query) {
     if (!authSession->isAuthorizedForActionsOnNamespace(ns, ActionType::remove)) {
         return Status(ErrorCodes::Unauthorized,
-                      str::stream() << "not authorized to remove from " << ns.ns());
+                      str::stream()
+                          << "not authorized to remove from " << ns.toStringForErrorMsg());
     }
     return Status::OK();
 }
@@ -198,7 +203,7 @@ Status checkAuthForKillCursors(AuthorizationSession* authSession,
     }
 
     return Status(ErrorCodes::Unauthorized,
-                  str::stream() << "not authorized to kill cursor on " << ns.ns());
+                  str::stream() << "not authorized to kill cursor on " << ns.toStringForErrorMsg());
 }
 
 Status checkAuthForCreate(OperationContext* opCtx,
@@ -284,7 +289,7 @@ StatusWith<PrivilegeVector> getPrivilegesForAggregate(AuthorizationSession* auth
                                                       bool isMongos) {
     if (!nss.isValid()) {
         return Status(ErrorCodes::InvalidNamespace,
-                      str::stream() << "Invalid input namespace, " << nss.ns());
+                      str::stream() << "Invalid input namespace, " << nss.toStringForErrorMsg());
     }
 
     PrivilegeVector privileges;
author	Sophia Tan <sophia_tll@hotmail.com>	2023-04-18 07:41:17 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2023-04-18 08:57:59 +0000
commit	274cb477d2a1b64ac81b85e9f1b3172387ce0184 (patch)
tree	e89f778fa52a40413403b6a125b69271cf8469c0 /src/mongo/db/auth/authorization_checks.cpp
parent	8863b04c282557081cf2634bce0e26f4fa5389b2 (diff)
download	mongo-274cb477d2a1b64ac81b85e9f1b3172387ce0184.tar.gz