Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Security Level: Public
-
None
-
CBG Sprint 146
-
1
Description
getAuthScopeHandleCreateDB uses DecodeAndSanitiseConfig when scanning the incoming config to find the bucket being used. This is going to trigger environment variable validation on the config, leading to confusing errors.
The subsequent actual config persistence correctly uses readSanitizeDbConfigJSON which applies the AllowDbConfigEnvVars check, so it's not the case that environment variables will be applied. However, we should switch getAuthScopeHandleCreateDB to either use readSanitizeDbConfigJSON, or something else more tailored to bucket retrieval that also bypasses the environment variable check.