SERVER-43721 Make the AuthorizationManager use DistCache

The DistCache (to be later renamed to ReadThroughCache) was derived from the same implementation under AuthorizationManager and this change removes the code duplication. In addition, it makes the following changes to InvalidatingLRUCache and the DistCache: * Simplifies and optimises the InvalidatingLRUCache: The way it is implemented now, it performs up to 3 operations per lookup, unvalidates entries unnecessarily and has overly complicated logic, which is source of a crash. Instead of fixing the bug, this change rewrites it in a simpler way, which introduces a ValueHandle instead of bare shared_ptr for the return value, and only performs additional work if entries fall off the underlying LRUCache. * Moves the DistCache under src/util and adds unit tests: This change pulls the DistCache (which is the main consumer of InvalidatingLRUCache) into its own library and moves it to be under src/util like the other caches and adds unit tests. delete mode 100644 jstests/auth/pinned_users.js create mode 100644 jstests/auth/pinned_users_clear_pinned_user_list.js create mode 100644 jstests/auth/pinned_users_exclusive_lock_on_admin.js create mode 100644 jstests/auth/pinned_users_remove_user_document_unpins_user.js create mode 100644 src/mongo/util/dist_cache.cpp rename src/mongo/{db => util}/dist_cache.h (56%) create mode 100644 src/mongo/util/dist_cache_test.cpp
author: Kaloian Manassiev <kaloian.manassiev@mongodb.com> 2019-12-29 19:13:13 -0500
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-01-16 12:41:35 +0000
commit: 73b89c6fc4ed6279b52e2588c102c7fc1182189b (patch)
tree: 0da24518364ce1e7cc753d64b53419595085bf6e /src/mongo/db/auth/authorization_manager.h
parent: d4a93cea2eee5d2823d7a4d0224db06b4cd15b50 (diff)
download: mongo-73b89c6fc4ed6279b52e2588c102c7fc1182189b.tar.gz
1 files changed, 3 insertions, 23 deletions
diff --git a/src/mongo/db/auth/authorization_manager.h b/src/mongo/db/auth/authorization_manager.h
index 7f11e10739c..3ac6c7cc7ce 100644
--- a/src/mongo/db/auth/authorization_manager.h
+++ b/src/mongo/db/auth/authorization_manager.h
@@ -29,28 +29,18 @@
 
 #pragma once
 
-#include <functional>
-#include <memory>
-#include <string>
-
 #include <boost/optional.hpp>
+#include <memory>
 
-#include "mongo/base/secure_allocator.h"
 #include "mongo/base/status.h"
-#include "mongo/bson/mutable/element.h"
 #include "mongo/bson/oid.h"
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/privilege_format.h"
 #include "mongo/db/auth/resource_pattern.h"
 #include "mongo/db/auth/role_graph.h"
 #include "mongo/db/auth/user.h"
-#include "mongo/db/auth/user_name.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/db/namespace_string.h"
-#include "mongo/db/server_options.h"
-#include "mongo/platform/mutex.h"
-#include "mongo/stdx/condition_variable.h"
-#include "mongo/stdx/unordered_map.h"
 
 namespace mongo {
 
@@ -58,7 +48,6 @@ class AuthorizationSession;
 class AuthzManagerExternalState;
 class OperationContext;
 class ServiceContext;
-class UserDocumentParser;
 
 /**
  * Internal secret key info.
@@ -91,11 +80,11 @@ public:
     static AuthorizationManager* get(ServiceContext& service);
     static void set(ServiceContext* service, std::unique_ptr<AuthorizationManager> authzManager);
 
-    virtual ~AuthorizationManager() = default;
+    static std::unique_ptr<AuthorizationManager> create();
 
     AuthorizationManager() = default;
 
-    static std::unique_ptr<AuthorizationManager> create();
+    virtual ~AuthorizationManager() = default;
 
     static constexpr StringData USERID_FIELD_NAME = "userId"_sd;
     static constexpr StringData USER_NAME_FIELD_NAME = "user"_sd;
@@ -115,7 +104,6 @@ public:
     static const NamespaceString defaultTempUsersCollectionNamespace;  // for mongorestore
     static const NamespaceString defaultTempRolesCollectionNamespace;  // for mongorestore
 
-
     /**
      * Status to be returned when authentication fails. Being consistent about our returned Status
      * prevents information leakage.
@@ -302,14 +290,6 @@ public:
     virtual void updatePinnedUsersList(std::vector<UserName> names) = 0;
 
     /**
-     * Parses privDoc and fully initializes the user object (credentials, roles, and privileges)
-     * with the information extracted from the privilege document.
-     * This should never be called from outside the AuthorizationManager - the only reason it's
-     * public instead of private is so it can be unit tested.
-     */
-    virtual Status _initializeUserFromPrivilegeDocument(User* user, const BSONObj& privDoc) = 0;
-
-    /**
      * Hook called by replication code to let the AuthorizationManager observe changes
      * to relevant collections.
      */
author	Kaloian Manassiev <kaloian.manassiev@mongodb.com>	2019-12-29 19:13:13 -0500
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-01-16 12:41:35 +0000
commit	73b89c6fc4ed6279b52e2588c102c7fc1182189b (patch)
tree	0da24518364ce1e7cc753d64b53419595085bf6e /src/mongo/db/auth/authorization_manager.h
parent	d4a93cea2eee5d2823d7a4d0224db06b4cd15b50 (diff)
download	mongo-73b89c6fc4ed6279b52e2588c102c7fc1182189b.tar.gz