diff options
author | Kaloian Manassiev <kaloian.manassiev@mongodb.com> | 2019-12-29 19:13:13 -0500 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-01-16 12:41:35 +0000 |
commit | 73b89c6fc4ed6279b52e2588c102c7fc1182189b (patch) | |
tree | 0da24518364ce1e7cc753d64b53419595085bf6e /src/mongo/db/auth/authorization_manager.h | |
parent | d4a93cea2eee5d2823d7a4d0224db06b4cd15b50 (diff) | |
download | mongo-73b89c6fc4ed6279b52e2588c102c7fc1182189b.tar.gz |
SERVER-43721 Make the AuthorizationManager use DistCache
The DistCache (to be later renamed to ReadThroughCache) was derived from
the same implementation under AuthorizationManager and this change
removes the code duplication.
In addition, it makes the following changes to InvalidatingLRUCache and
the DistCache:
* Simplifies and optimises the InvalidatingLRUCache:
The way it is implemented now, it performs up to 3 operations per
lookup, unvalidates entries unnecessarily and has overly complicated
logic, which is source of a crash. Instead of fixing the bug, this
change rewrites it in a simpler way, which introduces a ValueHandle
instead of bare shared_ptr for the return value, and only performs
additional work if entries fall off the underlying LRUCache.
* Moves the DistCache under src/util and adds unit tests:
This change pulls the DistCache (which is the main consumer of
InvalidatingLRUCache) into its own library and moves it to be
under src/util like the other caches and adds unit tests.
delete mode 100644 jstests/auth/pinned_users.js
create mode 100644 jstests/auth/pinned_users_clear_pinned_user_list.js
create mode 100644 jstests/auth/pinned_users_exclusive_lock_on_admin.js
create mode 100644 jstests/auth/pinned_users_remove_user_document_unpins_user.js
create mode 100644 src/mongo/util/dist_cache.cpp
rename src/mongo/{db => util}/dist_cache.h (56%)
create mode 100644 src/mongo/util/dist_cache_test.cpp
Diffstat (limited to 'src/mongo/db/auth/authorization_manager.h')
-rw-r--r-- | src/mongo/db/auth/authorization_manager.h | 26 |
1 files changed, 3 insertions, 23 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h index 7f11e10739c..3ac6c7cc7ce 100644 --- a/src/mongo/db/auth/authorization_manager.h +++ b/src/mongo/db/auth/authorization_manager.h @@ -29,28 +29,18 @@ #pragma once -#include <functional> -#include <memory> -#include <string> - #include <boost/optional.hpp> +#include <memory> -#include "mongo/base/secure_allocator.h" #include "mongo/base/status.h" -#include "mongo/bson/mutable/element.h" #include "mongo/bson/oid.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/privilege_format.h" #include "mongo/db/auth/resource_pattern.h" #include "mongo/db/auth/role_graph.h" #include "mongo/db/auth/user.h" -#include "mongo/db/auth/user_name.h" #include "mongo/db/jsobj.h" #include "mongo/db/namespace_string.h" -#include "mongo/db/server_options.h" -#include "mongo/platform/mutex.h" -#include "mongo/stdx/condition_variable.h" -#include "mongo/stdx/unordered_map.h" namespace mongo { @@ -58,7 +48,6 @@ class AuthorizationSession; class AuthzManagerExternalState; class OperationContext; class ServiceContext; -class UserDocumentParser; /** * Internal secret key info. @@ -91,11 +80,11 @@ public: static AuthorizationManager* get(ServiceContext& service); static void set(ServiceContext* service, std::unique_ptr<AuthorizationManager> authzManager); - virtual ~AuthorizationManager() = default; + static std::unique_ptr<AuthorizationManager> create(); AuthorizationManager() = default; - static std::unique_ptr<AuthorizationManager> create(); + virtual ~AuthorizationManager() = default; static constexpr StringData USERID_FIELD_NAME = "userId"_sd; static constexpr StringData USER_NAME_FIELD_NAME = "user"_sd; @@ -115,7 +104,6 @@ public: static const NamespaceString defaultTempUsersCollectionNamespace; // for mongorestore static const NamespaceString defaultTempRolesCollectionNamespace; // for mongorestore - /** * Status to be returned when authentication fails. Being consistent about our returned Status * prevents information leakage. @@ -302,14 +290,6 @@ public: virtual void updatePinnedUsersList(std::vector<UserName> names) = 0; /** - * Parses privDoc and fully initializes the user object (credentials, roles, and privileges) - * with the information extracted from the privilege document. - * This should never be called from outside the AuthorizationManager - the only reason it's - * public instead of private is so it can be unit tested. - */ - virtual Status _initializeUserFromPrivilegeDocument(User* user, const BSONObj& privDoc) = 0; - - /** * Hook called by replication code to let the AuthorizationManager observe changes * to relevant collections. */ |