1 files changed, 4 insertions, 48 deletions

diff --git a/src/mongo/db/multitenancy.cpp b/src/mongo/db/multitenancy.cpp
index 27ced8eee24..f12a4f7b55d 100644
--- a/src/mongo/db/multitenancy.cpp
+++ b/src/mongo/db/multitenancy.cpp
@@ -29,61 +29,17 @@
 
 #include "mongo/db/multitenancy.h"
 
-#include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/security_token.h"
-#include "mongo/db/multitenancy_gen.h"
+#include "mongo/db/auth/validated_tenancy_scope.h"
 #include "mongo/db/tenant_id.h"
-#include "mongo/logv2/log.h"
-
-#define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kDefault
-
 
 namespace mongo {
 
-// Holds the tenantId for the operation if it was provided in the request on the $tenant field only
-// if the tenantId was not also provided in the security token.
-const auto dollarTenantDecoration =
-    OperationContext::declareDecoration<boost::optional<mongo::TenantId>>();
-
-void parseDollarTenantFromRequest(OperationContext* opCtx, const OpMsg& request) {
-    // The internal security user is allowed to run commands on behalf of a tenant by passing
-    // the tenantId in the "$tenant" field.
-    auto tenantElem = request.body["$tenant"];
-    if (!tenantElem)
-        return;
-
-    uassert(ErrorCodes::InvalidOptions,
-            "Multitenancy not enabled, cannot set $tenant in command body",
-            gMultitenancySupport);
-
-    uassert(ErrorCodes::Unauthorized,
-            "'$tenant' may only be specified with the useTenant action type",
-            AuthorizationSession::get(opCtx->getClient())
-                ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
-                                                   ActionType::useTenant));
-
-    auto tenantId = TenantId::parseFromBSON(tenantElem);
-
-    uassert(6223901,
-            str::stream() << "Cannot pass $tenant id if also passing securityToken, securityToken: "
-                          << auth::getSecurityToken(opCtx)->getAuthenticatedUser().getTenant()
-                          << " $tenant: " << tenantId,
-            !auth::getSecurityToken(opCtx));
-
-
-    dollarTenantDecoration(opCtx) = std::move(tenantId);
-    LOGV2_DEBUG(
-        6223900, 4, "Setting tenantId from $tenant request parameter", "tenantId"_attr = tenantId);
-}
-
 boost::optional<TenantId> getActiveTenant(OperationContext* opCtx) {
-    auto token = auth::getSecurityToken(opCtx);
-    if (!token) {
-        return dollarTenantDecoration(opCtx);
+    if (auto token = auth::ValidatedTenancyScope::get(opCtx)) {
+        return token->tenantId();
     }
 
-    invariant(!dollarTenantDecoration(opCtx));
-    return token->getAuthenticatedUser().getTenant();
+    return boost::none;
 }
 
 }  // namespace mongo