SERVER-43721 Make the AuthorizationManager use DistCache

The DistCache (to be later renamed to ReadThroughCache) was derived from the same implementation under AuthorizationManager and this change removes the code duplication. In addition, it makes the following changes to InvalidatingLRUCache and the DistCache: * Simplifies and optimises the InvalidatingLRUCache: The way it is implemented now, it performs up to 3 operations per lookup, unvalidates entries unnecessarily and has overly complicated logic, which is source of a crash. Instead of fixing the bug, this change rewrites it in a simpler way, which introduces a ValueHandle instead of bare shared_ptr for the return value, and only performs additional work if entries fall off the underlying LRUCache. * Moves the DistCache under src/util and adds unit tests: This change pulls the DistCache (which is the main consumer of InvalidatingLRUCache) into its own library and moves it to be under src/util like the other caches and adds unit tests. delete mode 100644 jstests/auth/pinned_users.js create mode 100644 jstests/auth/pinned_users_clear_pinned_user_list.js create mode 100644 jstests/auth/pinned_users_exclusive_lock_on_admin.js create mode 100644 jstests/auth/pinned_users_remove_user_document_unpins_user.js create mode 100644 src/mongo/util/dist_cache.cpp rename src/mongo/{db => util}/dist_cache.h (56%) create mode 100644 src/mongo/util/dist_cache_test.cpp
author: Kaloian Manassiev <kaloian.manassiev@mongodb.com> 2019-12-29 19:13:13 -0500
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-01-16 12:41:35 +0000
commit: 73b89c6fc4ed6279b52e2588c102c7fc1182189b (patch)
tree: 0da24518364ce1e7cc753d64b53419595085bf6e /src/mongo/db/auth/user.h
parent: d4a93cea2eee5d2823d7a4d0224db06b4cd15b50 (diff)
download: mongo-73b89c6fc4ed6279b52e2588c102c7fc1182189b.tar.gz
1 files changed, 10 insertions, 26 deletions
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h
index f38f90bd084..c5114d19694 100644
--- a/src/mongo/db/auth/user.h
+++ b/src/mongo/db/auth/user.h
@@ -42,6 +42,7 @@
 #include "mongo/platform/atomic_word.h"
 #include "mongo/stdx/unordered_map.h"
 #include "mongo/stdx/unordered_set.h"
+#include "mongo/util/dist_cache.h"
 
 namespace mongo {
 
@@ -64,6 +65,8 @@ class User {
     User& operator=(const User&) = delete;
 
 public:
+    using UserId = std::vector<std::uint8_t>;
+
     template <typename HashBlock>
     struct SCRAMCredentials {
         SCRAMCredentials() : iterationCount(0), salt(""), serverKey(""), storedKey("") {}
@@ -87,6 +90,7 @@ public:
             return !iterationCount && salt.empty() && serverKey.empty() && storedKey.empty();
         }
     };
+
     struct CredentialData {
         CredentialData() : scram_sha1(), scram_sha256(), isExternal(false) {}
 
@@ -104,11 +108,11 @@ public:
         const SCRAMCredentials<HashBlock>& scram() const;
     };
 
-    typedef stdx::unordered_map<ResourcePattern, Privilege> ResourcePrivilegeMap;
+    using ResourcePrivilegeMap = stdx::unordered_map<ResourcePattern, Privilege>;
 
     explicit User(const UserName& name);
+    User(User&&) = default;
 
-    using UserId = std::vector<std::uint8_t>;
     const UserId& getID() const {
         return _id;
     }
@@ -131,7 +135,6 @@ public:
         return _digest;
     }
 
-
     /**
      * Returns an iterator over the names of the user's direct roles
      */
@@ -169,13 +172,6 @@ public:
      */
     bool hasActionsForResource(const ResourcePattern& resource) const;
 
-    /**
-     * Returns true if this copy of information about this user is still valid. If this returns
-     * false, this object should no longer be used and should be returned to the
-     * AuthorizationManager and a new User object for this user should be requested.
-     */
-    bool isValid() const;
-
     // Mutators below.  Mutation functions should *only* be called by the AuthorizationManager
 
     /**
@@ -232,21 +228,11 @@ public:
     }
     void getRestrictions() && = delete;
 
-protected:
-    friend class AuthorizationManagerImpl;
-    /**
-     * Marks this instance of the User object as invalid, most likely because information about
-     * the user has been updated and needs to be reloaded from the AuthorizationManager.
-     *
-     * This method should *only* be called by the AuthorizationManager.
-     */
-    void _invalidate();
-
 private:
-    // Unique ID (often UUID) for this user.
-    // May be empty for legacy users.
+    // Unique ID (often UUID) for this user. May be empty for legacy users.
     UserId _id;
 
+    // The full user name (as specified by the administrator)
     UserName _name;
 
     // Digest of the full username
@@ -266,11 +252,9 @@ private:
 
     // Restrictions which must be met by a Client in order to authenticate as this user.
     RestrictionDocuments _restrictions;
-
-    // Indicates whether the user has been marked as invalid by the AuthorizationManager.
-    AtomicWord<bool> _isValid{true};
 };
 
-using UserHandle = std::shared_ptr<User>;
+using UserDistCache = DistCache<UserName, User>;
+using UserHandle = UserDistCache::ValueHandle;
 
 }  // namespace mongo
author	Kaloian Manassiev <kaloian.manassiev@mongodb.com>	2019-12-29 19:13:13 -0500
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-01-16 12:41:35 +0000
commit	73b89c6fc4ed6279b52e2588c102c7fc1182189b (patch)
tree	0da24518364ce1e7cc753d64b53419595085bf6e /src/mongo/db/auth/user.h
parent	d4a93cea2eee5d2823d7a4d0224db06b4cd15b50 (diff)
download	mongo-73b89c6fc4ed6279b52e2588c102c7fc1182189b.tar.gz