summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSiyuan Zhou <siyuan.zhou@mongodb.com>2016-07-01 21:54:32 -0400
committerSiyuan Zhou <siyuan.zhou@mongodb.com>2016-07-06 19:20:40 -0400
commit2988729f56f465277c6a1e5a2fc186b05281a0e3 (patch)
tree27fff480465eca931879f639940dfffb1e7a78ef
parentce8c7e46e290f1f1865f63327b7eb29b0bd8663a (diff)
downloadmongo-2988729f56f465277c6a1e5a2fc186b05281a0e3.tar.gz
SERVER-24900 Remove duplicated auth code of replset commands
Diffstat
-rw-r--r--src/mongo/db/auth/action_set.cpp6
-rw-r--r--src/mongo/db/auth/action_set.h2
-rw-r--r--src/mongo/db/auth/action_set_test.cpp12
-rw-r--r--src/mongo/db/repl/repl_set_command.cpp2
-rw-r--r--src/mongo/db/repl/repl_set_command.h4
-rw-r--r--src/mongo/db/repl/replset_commands.cpp146
6 files changed, 70 insertions, 102 deletions
diff --git a/src/mongo/db/auth/action_set.cpp b/src/mongo/db/auth/action_set.cpp
index 924ec1e1439..d20fc022e2e 100644
--- a/src/mongo/db/auth/action_set.cpp
+++ b/src/mongo/db/auth/action_set.cpp
@@ -42,6 +42,12 @@
namespace mongo {
+ActionSet::ActionSet(std::initializer_list<ActionType> actions) {
+ for (auto& action : actions) {
+ addAction(action);
+ }
+}
+
void ActionSet::addAction(const ActionType& action) {
if (action == ActionType::anyAction) {
addAllActions();
diff --git a/src/mongo/db/auth/action_set.h b/src/mongo/db/auth/action_set.h
index d78b70879fe..dc9b8cdc9c5 100644
--- a/src/mongo/db/auth/action_set.h
+++ b/src/mongo/db/auth/action_set.h
@@ -28,6 +28,7 @@
#pragma once
#include <bitset>
+#include <initializer_list>
#include <vector>
#include "mongo/base/status.h"
@@ -44,6 +45,7 @@ namespace mongo {
class ActionSet {
public:
ActionSet() : _actions(0) {}
+ ActionSet(std::initializer_list<ActionType> actions);
void addAction(const ActionType& action);
void addAllActionsFromSet(const ActionSet& actionSet);
diff --git a/src/mongo/db/auth/action_set_test.cpp b/src/mongo/db/auth/action_set_test.cpp
index 9689a656549..3db7e69f878 100644
--- a/src/mongo/db/auth/action_set_test.cpp
+++ b/src/mongo/db/auth/action_set_test.cpp
@@ -156,5 +156,17 @@ TEST(ActionSetTest, anyAction) {
ASSERT_NOT_EQUALS("anyAction", set.toString());
}
+TEST(ActionSetTest, constructor) {
+ ActionSet set1{};
+ ASSERT_TRUE(set1.empty());
+
+ ActionSet set2{ActionType::find};
+ ASSERT_EQUALS("find", set2.toString());
+
+ ActionSet set3{ActionType::find, ActionType::insert};
+ ASSERT_TRUE(set3.contains(ActionType::find));
+ ASSERT_TRUE(set3.contains(ActionType::insert));
+}
+
} // namespace
} // namespace mongo
diff --git a/src/mongo/db/repl/repl_set_command.cpp b/src/mongo/db/repl/repl_set_command.cpp
index 2dd2178cdba..3d987c6d176 100644
--- a/src/mongo/db/repl/repl_set_command.cpp
+++ b/src/mongo/db/repl/repl_set_command.cpp
@@ -39,7 +39,7 @@ Status ReplSetCommand::checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) {
if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), ActionType::internal)) {
+ ResourcePattern::forClusterResource(), getAuthActionSet())) {
return {ErrorCodes::Unauthorized, "Unauthorized"};
}
return Status::OK();
diff --git a/src/mongo/db/repl/repl_set_command.h b/src/mongo/db/repl/repl_set_command.h
index 03320087835..6c4d1bd620f 100644
--- a/src/mongo/db/repl/repl_set_command.h
+++ b/src/mongo/db/repl/repl_set_command.h
@@ -62,6 +62,10 @@ protected:
Status checkAuthForCommand(ClientBasic* client,
const std::string& dbname,
const BSONObj& cmdObj) override;
+
+ virtual ActionSet getAuthActionSet() const {
+ return ActionSet{ActionType::internal};
+ }
};
} // namespace repl
diff --git a/src/mongo/db/repl/replset_commands.cpp b/src/mongo/db/repl/replset_commands.cpp
index 9130052de75..1b96dac313f 100644
--- a/src/mongo/db/repl/replset_commands.cpp
+++ b/src/mongo/db/repl/replset_commands.cpp
@@ -186,17 +186,6 @@ public:
help << "{ replSetGetStatus : 1 }";
help << "\nhttp://dochub.mongodb.org/core/replicasetcommands";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetGetStatus);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetGetStatus() : ReplSetCommand("replSetGetStatus", true) {}
virtual bool run(OperationContext* txn,
const string&,
@@ -214,6 +203,11 @@ public:
status = getGlobalReplicationCoordinator()->processReplSetGetStatus(&result);
return appendCommandStatus(result, status);
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetGetStatus};
+ }
} cmdReplSetGetStatus;
class CmdReplSetGetConfig : public ReplSetCommand {
@@ -223,17 +217,6 @@ public:
help << "{ replSetGetConfig : 1 }";
help << "\nhttp://dochub.mongodb.org/core/replicasetcommands";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetGetConfig);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetGetConfig() : ReplSetCommand("replSetGetConfig", true) {}
virtual bool run(OperationContext* txn,
const string&,
@@ -248,6 +231,11 @@ public:
getGlobalReplicationCoordinator()->processReplSetGetConfig(&result);
return true;
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetGetConfig};
+ }
} cmdReplSetGetConfig;
namespace {
@@ -330,17 +318,6 @@ public:
h << "Initiate/christen a replica set.";
h << "\nhttp://dochub.mongodb.org/core/replicasetcommands";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetConfigure);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
virtual bool run(OperationContext* txn,
const string&,
BSONObj& cmdObj,
@@ -400,6 +377,11 @@ public:
getGlobalReplicationCoordinator()->processReplSetInitiate(txn, configObj, &result);
return appendCommandStatus(result, status);
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetConfigure};
+ }
} cmdReplSetInitiate;
class CmdReplSetReconfig : public ReplSetCommand {
@@ -409,17 +391,6 @@ public:
help << "{ replSetReconfig : config_object }";
help << "\nhttp://dochub.mongodb.org/core/replicasetcommands";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetConfigure);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetReconfig() : ReplSetCommand("replSetReconfig") {}
virtual bool run(OperationContext* txn,
const string&,
@@ -459,6 +430,11 @@ public:
return appendCommandStatus(result, status);
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetConfigure};
+ }
} cmdReplSetReconfig;
class CmdReplSetFreeze : public ReplSetCommand {
@@ -473,17 +449,6 @@ public:
help << "A process restart unfreezes the member also.\n";
help << "\nhttp://dochub.mongodb.org/core/replicasetcommands";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetStateChange);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetFreeze() : ReplSetCommand("replSetFreeze") {}
virtual bool run(OperationContext* txn,
const string&,
@@ -499,6 +464,11 @@ public:
return appendCommandStatus(
result, getGlobalReplicationCoordinator()->processReplSetFreeze(secs, &result));
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetStateChange};
+ }
} cmdReplSetFreeze;
class CmdReplSetStepDown : public ReplSetCommand {
@@ -511,17 +481,6 @@ public:
"primary.)\n";
help << "http://dochub.mongodb.org/core/replicasetcommands";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetStateChange);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetStepDown() : ReplSetCommand("replSetStepDown") {}
virtual bool run(OperationContext* txn,
const string&,
@@ -575,6 +534,11 @@ public:
txn, force, Seconds(secondaryCatchUpPeriodSecs), Seconds(stepDownForSecs));
return appendCommandStatus(result, status);
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetStateChange};
+ }
} cmdReplSetStepDown;
class CmdReplSetMaintenance : public ReplSetCommand {
@@ -583,17 +547,6 @@ public:
help << "{ replSetMaintenance : bool }\n";
help << "Enable or disable maintenance mode.";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetStateChange);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetMaintenance() : ReplSetCommand("replSetMaintenance") {}
virtual bool run(OperationContext* txn,
const string&,
@@ -609,6 +562,11 @@ public:
getGlobalReplicationCoordinator()->setMaintenanceMode(
cmdObj["replSetMaintenance"].trueValue()));
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetStateChange};
+ }
} cmdReplSetMaintenance;
class CmdReplSetSyncFrom : public ReplSetCommand {
@@ -617,17 +575,6 @@ public:
help << "{ replSetSyncFrom : \"host:port\" }\n";
help << "Change who this member is syncing from.";
}
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetStateChange);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
CmdReplSetSyncFrom() : ReplSetCommand("replSetSyncFrom") {}
virtual bool run(OperationContext* txn,
const string&,
@@ -648,6 +595,11 @@ public:
result,
getGlobalReplicationCoordinator()->processReplSetSyncFrom(targetHostAndPort, &result));
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetStateChange};
+ }
} cmdReplSetSyncFrom;
class CmdReplSetUpdatePosition : public ReplSetCommand {
@@ -895,21 +847,8 @@ private:
class CmdReplSetStepUp : public ReplSetCommand {
public:
- virtual Status checkAuthForCommand(ClientBasic* client,
- const std::string& dbname,
- const BSONObj& cmdObj) {
- ActionSet actions;
- actions.addAction(ActionType::replSetStateChange);
- if (!AuthorizationSession::get(client)->isAuthorizedForActionsOnResource(
- ResourcePattern::forClusterResource(), actions)) {
- return Status(ErrorCodes::Unauthorized, "Unauthorized");
- }
- return Status::OK();
- }
-
CmdReplSetStepUp() : ReplSetCommand("replSetStepUp") {}
-private:
virtual bool run(OperationContext* txn,
const string&,
BSONObj& cmdObj,
@@ -924,6 +863,11 @@ private:
return appendCommandStatus(result, status);
}
+
+private:
+ ActionSet getAuthActionSet() const override {
+ return ActionSet{ActionType::replSetStateChange};
+ }
} cmdReplSetStepUp;
} // namespace repl
View Lorry Controller Status