diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2020-10-26 17:26:31 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-11-09 18:16:52 +0000 |
commit | 5e0d73d0d8e559e34203740af93b6ca03d573ea5 (patch) | |
tree | 3ddc4e4ddde8af5fb575ffe819d0bb4b3acee271 /src/mongo/db/auth/authz_manager_external_state.h | |
parent | fa826f6a5b77eb059fe03d411276c3ee7eb303d5 (diff) | |
download | mongo-5e0d73d0d8e559e34203740af93b6ca03d573ea5.tar.gz |
SERVER-51864 IDLify usersInfo and rolesInfo commands
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state.h')
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state.h | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state.h b/src/mongo/db/auth/authz_manager_external_state.h index aff473d496f..b693d3e0622 100644 --- a/src/mongo/db/auth/authz_manager_external_state.h +++ b/src/mongo/db/auth/authz_manager_external_state.h @@ -124,23 +124,29 @@ public: ResolveRoleOption option) = 0; /** - * Writes into "result" a document describing the named role is and returns Status::OK(). If - * showPrivileges is kOmit or kShowPrivileges, the description includes the roles which the - * named roles are a member of, including those memberships held implicitly through other roles - * (indirect roles). If "showPrivileges" is kShowPrivileges, then the description documents - * will also include a full list of the roles' privileges. If "showPrivileges" is - * kShowAsUserFragment, then the description returned will take the form of a partial user - * document, describing a hypothetical user which possesses the provided and implicit roles, - * and all inherited privileges. In the event that some of this information is inconsistent, - * the document will contain a "warnings" array, with std::string messages describing - * inconsistencies. + * Fetches and returns objects representing named roles. + * + * Each BSONObj in the $result vector contains a full role description + * as retrieved from admin.system.roles plus inherited role/privilege + * information as appropriate. */ - virtual Status getRolesDescription(OperationContext* opCtx, const std::vector<RoleName>& roles, PrivilegeFormat showPrivileges, AuthenticationRestrictionsFormat, - BSONObj* result) = 0; + std::vector<BSONObj>* result) = 0; + + /** + * Fetches named roles and synthesizes them into a fragment of a user document. + * + * The document synthesized into $result looks like a complete user document + * representing the $roles specified and their subordinates, but without + * an actual user name or credentials. + */ + virtual Status getRolesAsUserFragment(OperationContext* opCtx, + const std::vector<RoleName>& roles, + AuthenticationRestrictionsFormat, + BSONObj* result) = 0; /** * Writes into "result" documents describing the roles that are defined on the given @@ -159,7 +165,7 @@ public: PrivilegeFormat showPrivileges, AuthenticationRestrictionsFormat, bool showBuiltinRoles, - BSONArrayBuilder* result) = 0; + std::vector<BSONObj>* result) = 0; /** * Returns true if there exists at least one privilege document in the system. |