diff options
| author | Andy Schwerin <schwerin@10gen.com> | 2013-10-28 13:51:37 -0400 |
|---|---|---|
| committer | Andy Schwerin <schwerin@10gen.com> | 2013-10-31 09:57:35 -0400 |
| commit | 01afc9b2b1290f16c10c8d591affbdbe157a6d18 (patch) | |
| tree | 5eed5898e12f15e6eab59fcbfd29c13dfb685014 | |
| parent | ab09b4d6369c8623d4d56248da899e685782d908 (diff) | |
| download | mongo-01afc9b2b1290f16c10c8d591affbdbe157a6d18.tar.gz | |
SERVER-9516 Update admin.system.version as part of user management commands.
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 28 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 19 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_test.cpp | 2 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 1 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_d.cpp | 5 | ||||
| -rw-r--r-- | src/mongo/db/commands/user_management_commands.cpp | 2 |
6 files changed, 44 insertions, 13 deletions
diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index 003592c812f..c57aace2a58 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -89,7 +89,10 @@ namespace mongo { const NamespaceString AuthorizationManager::usersCollectionNamespace("admin.system.users"); const NamespaceString AuthorizationManager::versionCollectionNamespace("admin.system.version"); + const BSONObj AuthorizationManager::versionDocumentQuery = BSON("_id" << "authSchema"); + const std::string AuthorizationManager::schemaVersionServerParameter = "authSchemaVersion"; + const std::string AuthorizationManager::schemaVersionFieldName = "currentVersion"; #ifndef _MSC_EXTENSIONS const int AuthorizationManager::schemaVersion24; @@ -235,7 +238,7 @@ namespace mongo { AuthorizationManager::AuthorizationManager(AuthzManagerExternalState* externalState) : _authEnabled(false), _externalState(externalState), - _version(schemaVersion26Final), + _version(schemaVersionInvalid), _cacheGeneration(0), _isFetchPhaseBusy(false) { } @@ -291,6 +294,20 @@ namespace mongo { return _externalState->hasAnyPrivilegeDocuments(); } + Status AuthorizationManager::writeAuthSchemaVersionIfNeeded() { + Status status = _externalState->updateOne( + AuthorizationManager::versionCollectionNamespace, + AuthorizationManager::versionDocumentQuery, + BSON("$set" << BSON(AuthorizationManager::schemaVersionFieldName << + AuthorizationManager::schemaVersion26Final)), + true, // upsert + BSONObj()); // write concern + if (status == ErrorCodes::NoMatchingDocument) { // SERVER-11492 + status = Status::OK(); + } + return status; + } + Status AuthorizationManager::insertPrivilegeDocument(const std::string& dbname, const BSONObj& userObj, const BSONObj& writeConcern) const { @@ -764,10 +781,8 @@ namespace mongo { // Make sure the internal user stays in the cache. _userCache.insert(make_pair(internalSecurity.user->getName(), internalSecurity.user)); - // If the authorization manager was running with version 2.4 schema data, check to - // see if the version has updated next time we go to add data to the cache. - if (schemaVersion24 == _version) - _version = schemaVersionInvalid; + // Reread the schema version before acquiring the next user. + _version = schemaVersionInvalid; } Status AuthorizationManager::initialize() { @@ -889,7 +904,6 @@ namespace mongo { const NamespaceString newusersCollectionNamespace( AuthorizationManager::usersAltCollectionNamespace); const NamespaceString backupUsersCollectionNamespace("admin.backup.users"); - const BSONObj versionDocumentQuery = BSON("_id" << 1); /** * Fetches the admin.system.version document and extracts the currentVersion field's @@ -899,7 +913,7 @@ namespace mongo { BSONObj versionDoc; Status status = externalState->findOne( AuthorizationManager::versionCollectionNamespace, - versionDocumentQuery, + AuthorizationManager::versionDocumentQuery, &versionDoc); if (!status.isOK() && ErrorCodes::NoMatchingDocument != status) { return status; diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 4161d81f6a0..017fef0b637 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -89,11 +89,22 @@ namespace mongo { static const NamespaceString versionCollectionNamespace; /** + * Query to match the auth schema version document in the versionCollectionNamespace. + */ + static const BSONObj versionDocumentQuery; + + /** * Name of the server parameter used to report the auth schema version (via getParameter). */ static const std::string schemaVersionServerParameter; /** + * Name of the field in the auth schema version document containing the current schema + * version. + */ + static const std::string schemaVersionFieldName; + + /** * Value used to represent that the schema version is not cached or invalid. */ static const int schemaVersionInvalid = 0; @@ -168,6 +179,14 @@ namespace mongo { bool hasAnyPrivilegeDocuments() const; /** + * Updates the auth schema version document to reflect that the system is upgraded to + * schemaVersion26Final. + * + * Do not call if getAuthorizationVersion() reports a value other than schemaVersion26Final. + */ + Status writeAuthSchemaVersionIfNeeded(); + + /** * Creates the given user object in the given database. * 'writeConcern' contains the arguments to be passed to getLastError to block for * successful completion of the write. diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp index 2748a55396f..69e73785d9f 100644 --- a/src/mongo/db/auth/authorization_manager_test.cpp +++ b/src/mongo/db/auth/authorization_manager_test.cpp @@ -157,7 +157,6 @@ namespace { }; TEST_F(AuthorizationManagerTest, testAcquireV0User) { - return; externalState->setAuthzVersion(AuthorizationManager::schemaVersion24); ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), @@ -194,7 +193,6 @@ namespace { } TEST_F(AuthorizationManagerTest, testAcquireV1User) { - return; externalState->setAuthzVersion(AuthorizationManager::schemaVersion24); ASSERT_OK(externalState->insert(NamespaceString("test.system.users"), diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index a4ac7511b12..f6a033fc1ee 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -421,7 +421,6 @@ namespace { TEST_F(AuthorizationSessionTest, ImplicitAcquireFromSomeDatabasesWithV1Users) { - return; managerState->setAuthzVersion(AuthorizationManager::schemaVersion24); managerState->insert(NamespaceString("test.system.users"), diff --git a/src/mongo/db/auth/authz_manager_external_state_d.cpp b/src/mongo/db/auth/authz_manager_external_state_d.cpp index 77e79953188..c2ad359dfe4 100644 --- a/src/mongo/db/auth/authz_manager_external_state_d.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_d.cpp @@ -113,9 +113,10 @@ namespace { Client::ReadContext ctx(AuthorizationManager::versionCollectionNamespace.ns()); BSONObj versionDoc; if (Helpers::findOne(AuthorizationManager::versionCollectionNamespace.ns(), - BSON("_id" << 1), + AuthorizationManager::versionDocumentQuery, versionDoc)) { - BSONElement versionElement = versionDoc["currentVersion"]; + BSONElement versionElement = versionDoc[ + AuthorizationManager::schemaVersionFieldName]; if (versionElement.isNumber()) { *outVersion = versionElement.numberInt(); return Status::OK(); diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp index 2a6f78c918b..69bcd6f712a 100644 --- a/src/mongo/db/commands/user_management_commands.cpp +++ b/src/mongo/db/commands/user_management_commands.cpp @@ -241,7 +241,7 @@ namespace mongo { "schema version " << AuthorizationManager::schemaVersion26Final << " but found " << foundSchemaVersion); } - return Status::OK(); + return authzManager->writeAuthSchemaVersionIfNeeded(); } static Status requireAuthSchemaVersion26UpgradeOrFinal(AuthorizationManager* authzManager) { |