SERVER-6823 Rename --tryClusterAuth to --transitionToAuth

9 files changed, 59 insertions, 57 deletions

diff --git a/jstests/auth/copyauth.js b/jstests/auth/copyauth.js
index 2ba4466dac6..f9baf5dee79 100644
--- a/jstests/auth/copyauth.js
+++ b/jstests/auth/copyauth.js
@@ -14,8 +14,8 @@ var baseName = "jstests_clone_copyauth";
  *
  * clusterType - type of cluster to start.  Options are "sharded", "repl", or "single".
  * startWithAuth - whether to start the cluster with authentication.
- * startWithTryClusterAuth - whether to start the cluster with --tryClusterAuth (startWithAuth must
- *also be true).
+ * startWithTransitionToAuth - whether to start the cluster with --transitionToAuth (startWithAuth
+ * must also be true).
  *
  * Member variables:
  *
@@ -28,12 +28,12 @@ var baseName = "jstests_clone_copyauth";
  *
  * stop() - stop and cleanup whatever nodes the helper spawned when it was created.
  */
-function ClusterSpawnHelper(clusterType, startWithAuth, startWithTryClusterAuth) {
+function ClusterSpawnHelper(clusterType, startWithAuth, startWithTransitionToAuth) {
     var singleNodeConfig = {};
     if (startWithAuth) {
         singleNodeConfig.keyFile = "jstests/libs/key1";
-        if (startWithTryClusterAuth) {
-            singleNodeConfig.tryClusterAuth = "";
+        if (startWithTransitionToAuth) {
+            singleNodeConfig.transitionToAuth = "";
         }
     }
     if (clusterType === "sharded") {
@@ -105,8 +105,8 @@ function copydbBetweenClustersTest(configObj) {
         'isSourceUsingAuth',
         'targetClusterType',
         'isTargetUsingAuth',
-        'isSourceUsingTryClusterAuth',
-        'isTargetUsingTryClusterAuth'
+        'isSourceUsingTransitionToAuth',
+        'isTargetUsingTransitionToAuth'
     ];
 
     var i;
@@ -118,7 +118,7 @@ function copydbBetweenClustersTest(configObj) {
     // 1. Get a connection to the source database, insert data and setup auth if applicable
     source = new ClusterSpawnHelper(configObj.sourceClusterType,
                                     configObj.isSourceUsingAuth,
-                                    configObj.isSourceUsingTryClusterAuth);
+                                    configObj.isSourceUsingTransitionToAuth);
 
     if (configObj.isSourceUsingAuth) {
         // Create a super user so we can create a regular user and not be locked out afterwards
@@ -139,8 +139,8 @@ function copydbBetweenClustersTest(configObj) {
         var readWhenLoggedOut = function() {
             source.conn.getDB(baseName)[baseName].findOne();
         };
-        if (configObj.isSourceUsingTryClusterAuth) {
-            // tryClusterAuth does not turn on access control
+        if (configObj.isSourceUsingTransitionToAuth) {
+            // transitionToAuth does not turn on access control
             assert.doesNotThrow(readWhenLoggedOut);
         } else {
             assert.throws(readWhenLoggedOut);
@@ -154,7 +154,7 @@ function copydbBetweenClustersTest(configObj) {
     // 2. Get a connection to the target database, and set up auth if necessary
     target = new ClusterSpawnHelper(configObj.targetClusterType,
                                     configObj.isTargetUsingAuth,
-                                    configObj.isTargetUsingTryClusterAuth);
+                                    configObj.isTargetUsingTransitionToAuth);
 
     if (configObj.isTargetUsingAuth) {
         target.conn.getDB("admin")
@@ -163,8 +163,8 @@ function copydbBetweenClustersTest(configObj) {
         var readWhenLoggedOut = function() {
             target.conn.getDB(baseName)[baseName].findOne();
         };
-        if (configObj.isTargetUsingTryClusterAuth) {
-            // tryClusterAuth does not turn on access control
+        if (configObj.isTargetUsingTransitionToAuth) {
+            // transitionToAuth does not turn on access control
             assert.doesNotThrow(readWhenLoggedOut);
         } else {
             assert.throws(readWhenLoggedOut);
@@ -199,10 +199,10 @@ function copydbBetweenClustersTest(configObj) {
 
     var sourceClusterTypeValues = ["single", "repl", "sharded"];
     var isSourceUsingAuthValues = [true, false];
-    var isSourceUsingTryClusterAuthValues = [true, false];
+    var isSourceUsingTransitionToAuthValues = [true, false];
     var targetClusterTypeValues = ["single", "repl", "sharded"];
     var isTargetUsingAuthValues = [true, false];
-    var isTargetUsingTryClusterAuthValues = [true, false];
+    var isTargetUsingTransitionToAuthValues = [true, false];
     for (var i = 0; i < sourceClusterTypeValues.length; i++) {
         for (var j = 0; j < isSourceUsingAuthValues.length; j++) {
             for (var k = 0; k < targetClusterTypeValues.length; k++) {
@@ -230,16 +230,16 @@ function copydbBetweenClustersTest(configObj) {
                         continue;
                     }
 
-                    for (var m = 0; m < isSourceUsingTryClusterAuthValues.length; m++) {
-                        if (isSourceUsingTryClusterAuthValues[m] === true &&
+                    for (var m = 0; m < isSourceUsingTransitionToAuthValues.length; m++) {
+                        if (isSourceUsingTransitionToAuthValues[m] === true &&
                             isSourceUsingAuthValues[j] === false) {
-                            // tryClusterAuth requires auth parameters
+                            // transitionToAuth requires auth parameters
                             continue;
                         }
-                        for (var n = 0; n < isTargetUsingTryClusterAuthValues.length; n++) {
-                            if (isTargetUsingTryClusterAuthValues[n] === true &&
+                        for (var n = 0; n < isTargetUsingTransitionToAuthValues.length; n++) {
+                            if (isTargetUsingTransitionToAuthValues[n] === true &&
                                 isTargetUsingAuthValues[l] === false) {
-                                // tryClusterAuth requires auth parameters
+                                // transitionToAuth requires auth parameters
                                 continue;
                             }
                             var testCase = {
@@ -247,8 +247,10 @@ function copydbBetweenClustersTest(configObj) {
                                 'isSourceUsingAuth': isSourceUsingAuthValues[j],
                                 'targetClusterType': targetClusterTypeValues[k],
                                 'isTargetUsingAuth': isTargetUsingAuthValues[l],
-                                'isSourceUsingTryClusterAuth': isSourceUsingTryClusterAuthValues[m],
-                                'isTargetUsingTryClusterAuth': isTargetUsingTryClusterAuthValues[n]
+                                'isSourceUsingTransitionToAuth':
+                                    isSourceUsingTransitionToAuthValues[m],
+                                'isTargetUsingTransitionToAuth':
+                                    isTargetUsingTransitionToAuthValues[n]
                             };
                             print("Running copydb with auth test:");
                             printjson(testCase);
diff --git a/jstests/auth/upgrade_noauth_to_keyfile.js b/jstests/auth/upgrade_noauth_to_keyfile.js
index 780acc9e6a6..372ae61af2b 100644
--- a/jstests/auth/upgrade_noauth_to_keyfile.js
+++ b/jstests/auth/upgrade_noauth_to_keyfile.js
@@ -17,16 +17,16 @@ load('jstests/multiVersion/libs/multi_rs.js');
     };
 
     // Undefine the flags we're replacing, otherwise upgradeSet will keep old values.
-    var tryClusterAuthOptions = {
+    var transitionToAuthOptions = {
         noauth: undefined,
         clusterAuthMode: 'keyFile',
         keyFile: keyFilePath,
-        tryClusterAuth: ''
+        transitionToAuth: ''
     };
     var keyFileOptions = {
         clusterAuthMode: 'keyFile',
         keyFile: keyFilePath,
-        tryClusterAuth: undefined
+        transitionToAuth: undefined
     };
 
     var rst = new ReplSetTest({name: 'noauthSet', nodes: 3, nodeOptions: noAuthOptions});
@@ -41,13 +41,13 @@ load('jstests/multiVersion/libs/multi_rs.js');
     rstConn1.getDB('test').a.insert({a: 1, str: 'TESTTESTTEST'});
     assert.eq(1, rstConn1.getDB('test').a.count(), 'Error interacting with replSet');
 
-    print('=== UPGRADE noauth -> tryClusterAuth/keyFile ===');
-    rst.upgradeSet(tryClusterAuthOptions);
+    print('=== UPGRADE noauth -> transitionToAuth/keyFile ===');
+    rst.upgradeSet(transitionToAuthOptions);
     var rstConn2 = rst.getPrimary();
     rstConn2.getDB('test').a.insert({a: 1, str: 'TESTTESTTEST'});
     assert.eq(2, rstConn2.getDB('test').a.count(), 'Error interacting with replSet');
 
-    print('=== UPGRADE tryClusterAuth/keyFile -> keyFile ===');
+    print('=== UPGRADE transitionToAuth/keyFile -> keyFile ===');
     rst.upgradeSet(keyFileOptions, 'root', 'root');
 
     // upgradeSet leaves its connections logged in as root
diff --git a/jstests/auth/upgrade_noauth_to_keyfile_with_sharding.js b/jstests/auth/upgrade_noauth_to_keyfile_with_sharding.js
index f36c545f551..f6ecfec9abb 100644
--- a/jstests/auth/upgrade_noauth_to_keyfile_with_sharding.js
+++ b/jstests/auth/upgrade_noauth_to_keyfile_with_sharding.js
@@ -10,26 +10,26 @@ load('jstests/ssl/libs/ssl_helpers.js');
     var noAuthOptions = {
         noauth: ''
     };
-    var tryClusterAuthOptions = {
+    var transitionToAuthOptions = {
         clusterAuthMode: 'keyFile',
         keyFile: KEYFILE,
-        tryClusterAuth: ''
+        transitionToAuth: ''
     };
     var keyFileOptions = {
         clusterAuthMode: 'keyFile',
         keyFile: KEYFILE
     };
 
-    print('=== Testing no-auth/tryClusterAuth cluster ===');
-    mixedShardTest(noAuthOptions, tryClusterAuthOptions, true);
-    mixedShardTest(tryClusterAuthOptions, noAuthOptions, true);
+    print('=== Testing no-auth/transitionToAuth cluster ===');
+    mixedShardTest(noAuthOptions, transitionToAuthOptions, true);
+    mixedShardTest(transitionToAuthOptions, noAuthOptions, true);
 
-    print('=== Testing tryClusterAuth/tryClusterAuth cluster ===');
-    mixedShardTest(tryClusterAuthOptions, tryClusterAuthOptions, true);
+    print('=== Testing transitionToAuth/transitionToAuth cluster ===');
+    mixedShardTest(transitionToAuthOptions, transitionToAuthOptions, true);
 
-    print('=== Testing tryClusterAuth/keyFile cluster ===');
-    mixedShardTest(keyFileOptions, tryClusterAuthOptions, true);
-    mixedShardTest(tryClusterAuthOptions, keyFileOptions, true);
+    print('=== Testing transitionToAuth/keyFile cluster ===');
+    mixedShardTest(keyFileOptions, transitionToAuthOptions, true);
+    mixedShardTest(transitionToAuthOptions, keyFileOptions, true);
 
     print('=== Testing no-auth/keyFile cluster fails ===');
     mixedShardTest(noAuthOptions, keyFileOptions, false);
diff --git a/jstests/ssl/upgrade_allowssl_noauth_to_x509_ssl.js b/jstests/ssl/upgrade_allowssl_noauth_to_x509_ssl.js
index 4932014302f..e7ca25b7304 100644
--- a/jstests/ssl/upgrade_allowssl_noauth_to_x509_ssl.js
+++ b/jstests/ssl/upgrade_allowssl_noauth_to_x509_ssl.js
@@ -14,10 +14,10 @@ load('jstests/ssl/libs/ssl_helpers.js');
     var noAuthAllowSSL = Object.merge(allowSSL, {noauth: ''});
 
     // Undefine the flags we're replacing, otherwise upgradeSet will keep old values.
-    var tryX509preferSSL =
-        Object.merge(preferSSL, {noauth: undefined, tryClusterAuth: '', clusterAuthMode: 'x509'});
+    var tryX509preferSSL = Object.merge(
+        preferSSL, {noauth: undefined, transitionToAuth: '', clusterAuthMode: 'x509'});
     var x509RequireSSL =
-        Object.merge(requireSSL, {tryClusterAuth: undefined, clusterAuthMode: 'x509'});
+        Object.merge(requireSSL, {transitionToAuth: undefined, clusterAuthMode: 'x509'});
 
     var rst = new ReplSetTest({name: 'noauthSet', nodes: 3, nodeOptions: noAuthAllowSSL});
     rst.startSet();
diff --git a/src/mongo/client/authenticate.cpp b/src/mongo/client/authenticate.cpp
index 477ae40dbb9..498b37480b5 100644
--- a/src/mongo/client/authenticate.cpp
+++ b/src/mongo/client/authenticate.cpp
@@ -242,7 +242,7 @@ void authX509(RunCommandHook runCommand,
 //
 
 bool isFailedAuthOk(const AuthResponse& response) {
-    return (response == ErrorCodes::AuthenticationFailed && serverGlobalParams.tryClusterAuth);
+    return (response == ErrorCodes::AuthenticationFailed && serverGlobalParams.transitionToAuth);
 }
 
 void auth(RunCommandHook runCommand,
@@ -253,8 +253,8 @@ void auth(RunCommandHook runCommand,
     std::string mechanism;
     auto authCompletionHandler = [handler](AuthResponse response) {
         if (isFailedAuthOk(response)) {
-            // If auth failed in tryClusterAuth, just pretend it succeeded.
-            log() << "Failed to authenticate in tryClusterAuth, falling back to no "
+            // If auth failed in transitionToAuth, just pretend it succeeded.
+            log() << "Failed to authenticate in transitionToAuth, falling back to no "
                      "authentication.";
 
             // We need to mock a successful AuthResponse.
diff --git a/src/mongo/db/auth/internal_user_auth.h b/src/mongo/db/auth/internal_user_auth.h
index edb8480232d..1147c22591e 100644
--- a/src/mongo/db/auth/internal_user_auth.h
+++ b/src/mongo/db/auth/internal_user_auth.h
@@ -33,7 +33,7 @@ class BSONObj;
 
 /**
  * @return true if internal authentication parameters has been set up. Note this does not
- * imply that auth is enabled. For instance, with the --tryClusterAuth flag this will
+ * imply that auth is enabled. For instance, with the --transitionToAuth flag this will
  * be set and auth will be disabled.
  */
 bool isInternalAuthSet();
diff --git a/src/mongo/db/initialize_server_global_state.cpp b/src/mongo/db/initialize_server_global_state.cpp
index 1341f61f3ff..c9a313491f8 100644
--- a/src/mongo/db/initialize_server_global_state.cpp
+++ b/src/mongo/db/initialize_server_global_state.cpp
@@ -352,7 +352,7 @@ bool initializeServerGlobalState() {
     // Auto-enable auth unless we are in mixed auth/no-auth or clusterAuthMode was not provided.
     // clusterAuthMode defaults to "keyFile" if a --keyFile parameter is provided.
     if (clusterAuthMode != ServerGlobalParams::ClusterAuthMode_undefined &&
-        !serverGlobalParams.tryClusterAuth) {
+        !serverGlobalParams.transitionToAuth) {
         getGlobalAuthorizationManager()->setAuthEnabled(true);
     }
 
diff --git a/src/mongo/db/server_options.h b/src/mongo/db/server_options.h
index 2e0e4acc180..0cbfba5e53a 100644
--- a/src/mongo/db/server_options.h
+++ b/src/mongo/db/server_options.h
@@ -110,8 +110,8 @@ struct ServerGlobalParams {
 
     AuthState authState = AuthState::kUndefined;
 
-    bool tryClusterAuth = false;  // --tryClusterAuth, mixed mode for rolling auth upgrade
-    AtomicInt32 clusterAuthMode;  // --clusterAuthMode, the internal cluster auth mode
+    bool transitionToAuth = false;  // --transitionToAuth, mixed mode for rolling auth upgrade
+    AtomicInt32 clusterAuthMode;    // --clusterAuthMode, the internal cluster auth mode
 
     enum ClusterAuthModes {
         ClusterAuthMode_undefined,
diff --git a/src/mongo/db/server_options_helpers.cpp b/src/mongo/db/server_options_helpers.cpp
index 98fa47f8400..e5fde15b11e 100644
--- a/src/mongo/db/server_options_helpers.cpp
+++ b/src/mongo/db/server_options_helpers.cpp
@@ -276,7 +276,7 @@ Status addGeneralServerOptions(moe::OptionSection* options) {
         .setSources(moe::SourceAllLegacy)
         .incompatibleWith("auth")
         .incompatibleWith("keyFile")
-        .incompatibleWith("tryClusterAuth")
+        .incompatibleWith("transitionToAuth")
         .incompatibleWith("clusterAuthMode");
 
     options->addOptionChaining(
@@ -296,8 +296,8 @@ Status addGeneralServerOptions(moe::OptionSection* options) {
         .setSources(moe::SourceYAMLConfig);
 
     options->addOptionChaining(
-                 "security.tryClusterAuth",
-                 "tryClusterAuth",
+                 "security.transitionToAuth",
+                 "transitionToAuth",
                  moe::Switch,
                  "For rolling access control upgrade. Attempt to authenticate over outgoing "
                  "connections and proceed regardless of success. Accept incoming connections "
@@ -798,8 +798,8 @@ Status storeServerOptions(const moe::Environment& params, const std::vector<std:
         serverGlobalParams.isHttpInterfaceEnabled = params["net.http.enabled"].as<bool>();
     }
 
-    if (params.count("security.tryClusterAuth")) {
-        serverGlobalParams.tryClusterAuth = params["security.tryClusterAuth"].as<bool>();
+    if (params.count("security.transitionToAuth")) {
+        serverGlobalParams.transitionToAuth = params["security.transitionToAuth"].as<bool>();
     }
 
     if (params.count("security.clusterAuthMode")) {
@@ -967,7 +967,7 @@ Status storeServerOptions(const moe::Environment& params, const std::vector<std:
             boost::filesystem::absolute(params["security.keyFile"].as<string>()).generic_string();
     }
 
-    if (serverGlobalParams.tryClusterAuth ||
+    if (serverGlobalParams.transitionToAuth ||
         (params.count("security.authorization") &&
          params["security.authorization"].as<std::string>() == "disabled")) {
         serverGlobalParams.authState = ServerGlobalParams::AuthState::kDisabled;
@@ -1015,11 +1015,11 @@ Status storeServerOptions(const moe::Environment& params, const std::vector<std:
         serverGlobalParams.clusterAuthMode.store(ServerGlobalParams::ClusterAuthMode_keyFile);
     }
     int clusterAuthMode = serverGlobalParams.clusterAuthMode.load();
-    if (serverGlobalParams.tryClusterAuth &&
+    if (serverGlobalParams.transitionToAuth &&
         (clusterAuthMode != ServerGlobalParams::ClusterAuthMode_keyFile &&
          clusterAuthMode != ServerGlobalParams::ClusterAuthMode_x509)) {
         return Status(ErrorCodes::BadValue,
-                      "--tryClusterAuth must be used with keyFile or x509 authentication");
+                      "--transitionToAuth must be used with keyFile or x509 authentication");
     }
 #ifdef MONGO_CONFIG_SSL
     ret = storeSSLServerOptions(params);