diff options
author | Siyuan Zhou <siyuan.zhou@mongodb.com> | 2016-07-01 21:54:32 -0400 |
---|---|---|
committer | Siyuan Zhou <siyuan.zhou@mongodb.com> | 2016-07-06 19:20:40 -0400 |
commit | 2988729f56f465277c6a1e5a2fc186b05281a0e3 (patch) | |
tree | 27fff480465eca931879f639940dfffb1e7a78ef | |
parent | ce8c7e46e290f1f1865f63327b7eb29b0bd8663a (diff) | |
download | mongo-2988729f56f465277c6a1e5a2fc186b05281a0e3.tar.gz |
SERVER-24900 Remove duplicated auth code of replset commands
-rw-r--r-- | src/mongo/db/auth/action_set.cpp | 6 | ||||
-rw-r--r-- | src/mongo/db/auth/action_set.h | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/action_set_test.cpp | 12 | ||||
-rw-r--r-- | src/mongo/db/repl/repl_set_command.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/repl/repl_set_command.h | 4 | ||||
-rw-r--r-- | src/mongo/db/repl/replset_commands.cpp | 146 |
6 files changed, 70 insertions, 102 deletions
diff --git a/src/mongo/db/auth/action_set.cpp b/src/mongo/db/auth/action_set.cpp index 924ec1e1439..d20fc022e2e 100644 --- a/src/mongo/db/auth/action_set.cpp +++ b/src/mongo/db/auth/action_set.cpp @@ -42,6 +42,12 @@ namespace mongo { +ActionSet::ActionSet(std::initializer_list<ActionType> actions) { + for (auto& action : actions) { + addAction(action); + } +} + void ActionSet::addAction(const ActionType& action) { if (action == ActionType::anyAction) { addAllActions(); diff --git a/src/mongo/db/auth/action_set.h b/src/mongo/db/auth/action_set.h index d78b70879fe..dc9b8cdc9c5 100644 --- a/src/mongo/db/auth/action_set.h +++ b/src/mongo/db/auth/action_set.h @@ -28,6 +28,7 @@ #pragma once #include <bitset> +#include <initializer_list> #include <vector> #include "mongo/base/status.h" @@ -44,6 +45,7 @@ namespace mongo { class ActionSet { public: ActionSet() : _actions(0) {} + ActionSet(std::initializer_list<ActionType> actions); void addAction(const ActionType& action); void addAllActionsFromSet(const ActionSet& actionSet); diff --git a/src/mongo/db/auth/action_set_test.cpp b/src/mongo/db/auth/action_set_test.cpp index 9689a656549..3db7e69f878 100644 --- a/src/mongo/db/auth/action_set_test.cpp +++ b/src/mongo/db/auth/action_set_test.cpp @@ -156,5 +156,17 @@ TEST(ActionSetTest, anyAction) { ASSERT_NOT_EQUALS("anyAction", set.toString()); } +TEST(ActionSetTest, constructor) { + ActionSet set1{}; + ASSERT_TRUE(set1.empty()); + + ActionSet set2{ActionType::find}; + ASSERT_EQUALS("find", set2.toString()); + + ActionSet set3{ActionType::find, ActionType::insert}; + ASSERT_TRUE(set3.contains(ActionType::find)); + ASSERT_TRUE(set3.contains(ActionType::insert)); +} + } // namespace } // namespace mongo diff --git a/src/mongo/db/repl/repl_set_command.cpp b/src/mongo/db/repl/repl_set_command.cpp index 2dd2178cdba..3d987c6d176 100644 --- a/src/mongo/db/repl/repl_set_command.cpp +++ b/src/mongo/db/repl/repl_set_command.cpp @@ -39,7 +39,7 @@ Status ReplSetCommand::checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) { if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), ActionType::internal)) { + ResourcePattern::forClusterResource(), getAuthActionSet())) { return {ErrorCodes::Unauthorized, "Unauthorized"}; } return Status::OK(); diff --git a/src/mongo/db/repl/repl_set_command.h b/src/mongo/db/repl/repl_set_command.h index 03320087835..6c4d1bd620f 100644 --- a/src/mongo/db/repl/repl_set_command.h +++ b/src/mongo/db/repl/repl_set_command.h @@ -62,6 +62,10 @@ protected: Status checkAuthForCommand(ClientBasic* client, const std::string& dbname, const BSONObj& cmdObj) override; + + virtual ActionSet getAuthActionSet() const { + return ActionSet{ActionType::internal}; + } }; } // namespace repl diff --git a/src/mongo/db/repl/replset_commands.cpp b/src/mongo/db/repl/replset_commands.cpp index 9130052de75..1b96dac313f 100644 --- a/src/mongo/db/repl/replset_commands.cpp +++ b/src/mongo/db/repl/replset_commands.cpp @@ -186,17 +186,6 @@ public: help << "{ replSetGetStatus : 1 }"; help << "\nhttp://dochub.mongodb.org/core/replicasetcommands"; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetGetStatus); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetGetStatus() : ReplSetCommand("replSetGetStatus", true) {} virtual bool run(OperationContext* txn, const string&, @@ -214,6 +203,11 @@ public: status = getGlobalReplicationCoordinator()->processReplSetGetStatus(&result); return appendCommandStatus(result, status); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetGetStatus}; + } } cmdReplSetGetStatus; class CmdReplSetGetConfig : public ReplSetCommand { @@ -223,17 +217,6 @@ public: help << "{ replSetGetConfig : 1 }"; help << "\nhttp://dochub.mongodb.org/core/replicasetcommands"; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetGetConfig); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetGetConfig() : ReplSetCommand("replSetGetConfig", true) {} virtual bool run(OperationContext* txn, const string&, @@ -248,6 +231,11 @@ public: getGlobalReplicationCoordinator()->processReplSetGetConfig(&result); return true; } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetGetConfig}; + } } cmdReplSetGetConfig; namespace { @@ -330,17 +318,6 @@ public: h << "Initiate/christen a replica set."; h << "\nhttp://dochub.mongodb.org/core/replicasetcommands"; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetConfigure); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } virtual bool run(OperationContext* txn, const string&, BSONObj& cmdObj, @@ -400,6 +377,11 @@ public: getGlobalReplicationCoordinator()->processReplSetInitiate(txn, configObj, &result); return appendCommandStatus(result, status); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetConfigure}; + } } cmdReplSetInitiate; class CmdReplSetReconfig : public ReplSetCommand { @@ -409,17 +391,6 @@ public: help << "{ replSetReconfig : config_object }"; help << "\nhttp://dochub.mongodb.org/core/replicasetcommands"; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetConfigure); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetReconfig() : ReplSetCommand("replSetReconfig") {} virtual bool run(OperationContext* txn, const string&, @@ -459,6 +430,11 @@ public: return appendCommandStatus(result, status); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetConfigure}; + } } cmdReplSetReconfig; class CmdReplSetFreeze : public ReplSetCommand { @@ -473,17 +449,6 @@ public: help << "A process restart unfreezes the member also.\n"; help << "\nhttp://dochub.mongodb.org/core/replicasetcommands"; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetStateChange); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetFreeze() : ReplSetCommand("replSetFreeze") {} virtual bool run(OperationContext* txn, const string&, @@ -499,6 +464,11 @@ public: return appendCommandStatus( result, getGlobalReplicationCoordinator()->processReplSetFreeze(secs, &result)); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetStateChange}; + } } cmdReplSetFreeze; class CmdReplSetStepDown : public ReplSetCommand { @@ -511,17 +481,6 @@ public: "primary.)\n"; help << "http://dochub.mongodb.org/core/replicasetcommands"; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetStateChange); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetStepDown() : ReplSetCommand("replSetStepDown") {} virtual bool run(OperationContext* txn, const string&, @@ -575,6 +534,11 @@ public: txn, force, Seconds(secondaryCatchUpPeriodSecs), Seconds(stepDownForSecs)); return appendCommandStatus(result, status); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetStateChange}; + } } cmdReplSetStepDown; class CmdReplSetMaintenance : public ReplSetCommand { @@ -583,17 +547,6 @@ public: help << "{ replSetMaintenance : bool }\n"; help << "Enable or disable maintenance mode."; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetStateChange); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetMaintenance() : ReplSetCommand("replSetMaintenance") {} virtual bool run(OperationContext* txn, const string&, @@ -609,6 +562,11 @@ public: getGlobalReplicationCoordinator()->setMaintenanceMode( cmdObj["replSetMaintenance"].trueValue())); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetStateChange}; + } } cmdReplSetMaintenance; class CmdReplSetSyncFrom : public ReplSetCommand { @@ -617,17 +575,6 @@ public: help << "{ replSetSyncFrom : \"host:port\" }\n"; help << "Change who this member is syncing from."; } - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetStateChange); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } CmdReplSetSyncFrom() : ReplSetCommand("replSetSyncFrom") {} virtual bool run(OperationContext* txn, const string&, @@ -648,6 +595,11 @@ public: result, getGlobalReplicationCoordinator()->processReplSetSyncFrom(targetHostAndPort, &result)); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetStateChange}; + } } cmdReplSetSyncFrom; class CmdReplSetUpdatePosition : public ReplSetCommand { @@ -895,21 +847,8 @@ private: class CmdReplSetStepUp : public ReplSetCommand { public: - virtual Status checkAuthForCommand(ClientBasic* client, - const std::string& dbname, - const BSONObj& cmdObj) { - ActionSet actions; - actions.addAction(ActionType::replSetStateChange); - if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), actions)) { - return Status(ErrorCodes::Unauthorized, "Unauthorized"); - } - return Status::OK(); - } - CmdReplSetStepUp() : ReplSetCommand("replSetStepUp") {} -private: virtual bool run(OperationContext* txn, const string&, BSONObj& cmdObj, @@ -924,6 +863,11 @@ private: return appendCommandStatus(result, status); } + +private: + ActionSet getAuthActionSet() const override { + return ActionSet{ActionType::replSetStateChange}; + } } cmdReplSetStepUp; } // namespace repl |