summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/authz_manager_external_state_local.cpp
diff options
context:
space:
mode:
authorJonathan Reams <jbreams@mongodb.com>2019-04-15 18:01:23 -0400
committerJonathan Reams <jbreams@mongodb.com>2019-05-28 12:27:34 -0400
commitc926e1a80996bb41997e2ec28b117cc3a1c25e7d (patch)
tree370b9fc8e20c2177cf85f6df3eed374c0b187e35 /src/mongo/db/auth/authz_manager_external_state_local.cpp
parent757b6e216c2e6fb7c48cbf29a044feb6d8fba8fe (diff)
downloadmongo-c926e1a80996bb41997e2ec28b117cc3a1c25e7d.tar.gz
SERVER-40529 Refresh pinned users in background thread
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state_local.cpp')
-rw-r--r--src/mongo/db/auth/authz_manager_external_state_local.cpp43
1 files changed, 12 insertions, 31 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state_local.cpp b/src/mongo/db/auth/authz_manager_external_state_local.cpp
index 386a82e9f1e..e3184bef814 100644
--- a/src/mongo/db/auth/authz_manager_external_state_local.cpp
+++ b/src/mongo/db/auth/authz_manager_external_state_local.cpp
@@ -49,11 +49,6 @@
namespace mongo {
-namespace {
-
-const auto inUserManagementCommandsFlag = OperationContext::declareDecoration<bool>();
-}
-
using std::vector;
Status AuthzManagerExternalStateLocal::initialize(OperationContext* opCtx) {
@@ -545,18 +540,16 @@ public:
_op(op),
_nss(nss),
_o(o.getOwned()),
- _o2(o2 ? boost::optional<BSONObj>(o2->getOwned()) : boost::none),
- _refreshedPinnedUsers(_invalidateRelevantCacheData()) {}
+ _o2(o2 ? boost::optional<BSONObj>(o2->getOwned()) : boost::none) {
- void commit(boost::optional<Timestamp>) final {
+ _invalidateRelevantCacheData();
+ }
+
+ void commit(boost::optional<Timestamp> timestamp) final {
if (_nss == AuthorizationManager::rolesCollectionNamespace ||
_nss == AuthorizationManager::adminCommandNamespace) {
_refreshRoleGraph();
}
-
- if (_refreshedPinnedUsers) {
- _authzManager->setPinnedUsers(std::move(*_refreshedPinnedUsers));
- }
}
void rollback() final {}
@@ -612,18 +605,11 @@ private:
}
}
- boost::optional<std::vector<UserHandle>> _invalidateRelevantCacheData() {
- // When we're doing a user management command we lock the admin DB for the duration
- // of the command and invalidate the cache at the end of the command, so we don't need
- // to invalidate it based on calls to logOp().
- if (inUserManagementCommandsFlag(_opCtx)) {
- LOG(1) << "Skipping cache invalidation in opObserver because of active user command";
- return boost::none;
- }
-
+ void _invalidateRelevantCacheData() {
if (_nss == AuthorizationManager::rolesCollectionNamespace ||
_nss == AuthorizationManager::versionCollectionNamespace) {
- return _authzManager->invalidateUserCacheNoPin(_opCtx);
+ _authzManager->invalidateUserCache(_opCtx);
+ return;
}
if (_op == "i" || _op == "d" || _op == "u") {
@@ -639,11 +625,12 @@ private:
warning() << "Invalidating user cache based on user being updated failed, will "
"invalidate the entire cache instead: "
<< userName.getStatus();
- return _authzManager->invalidateUserCacheNoPin(_opCtx);
+ _authzManager->invalidateUserCache(_opCtx);
+ return;
}
- return _authzManager->invalidateUserByNameNoPin(_opCtx, userName.getValue());
+ _authzManager->invalidateUserByName(_opCtx, userName.getValue());
} else {
- return _authzManager->invalidateUserCacheNoPin(_opCtx);
+ _authzManager->invalidateUserCache(_opCtx);
}
}
@@ -655,8 +642,6 @@ private:
const NamespaceString _nss;
const BSONObj _o;
const boost::optional<BSONObj> _o2;
-
- boost::optional<std::vector<UserHandle>> _refreshedPinnedUsers;
};
void AuthzManagerExternalStateLocal::logOp(OperationContext* opCtx,
@@ -681,8 +666,4 @@ void AuthzManagerExternalStateLocal::logOp(OperationContext* opCtx,
}
}
-void AuthzManagerExternalStateLocal::setInUserManagementCommand(OperationContext* opCtx, bool val) {
- inUserManagementCommandsFlag(opCtx) = val;
-}
-
} // namespace mongo
View Lorry Controller Status