diff options
author | Kaloian Manassiev <kaloian.manassiev@mongodb.com> | 2019-12-29 19:13:13 -0500 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-01-16 12:41:35 +0000 |
commit | 73b89c6fc4ed6279b52e2588c102c7fc1182189b (patch) | |
tree | 0da24518364ce1e7cc753d64b53419595085bf6e /src/mongo/db/auth/user.h | |
parent | d4a93cea2eee5d2823d7a4d0224db06b4cd15b50 (diff) | |
download | mongo-73b89c6fc4ed6279b52e2588c102c7fc1182189b.tar.gz |
SERVER-43721 Make the AuthorizationManager use DistCache
The DistCache (to be later renamed to ReadThroughCache) was derived from
the same implementation under AuthorizationManager and this change
removes the code duplication.
In addition, it makes the following changes to InvalidatingLRUCache and
the DistCache:
* Simplifies and optimises the InvalidatingLRUCache:
The way it is implemented now, it performs up to 3 operations per
lookup, unvalidates entries unnecessarily and has overly complicated
logic, which is source of a crash. Instead of fixing the bug, this
change rewrites it in a simpler way, which introduces a ValueHandle
instead of bare shared_ptr for the return value, and only performs
additional work if entries fall off the underlying LRUCache.
* Moves the DistCache under src/util and adds unit tests:
This change pulls the DistCache (which is the main consumer of
InvalidatingLRUCache) into its own library and moves it to be
under src/util like the other caches and adds unit tests.
delete mode 100644 jstests/auth/pinned_users.js
create mode 100644 jstests/auth/pinned_users_clear_pinned_user_list.js
create mode 100644 jstests/auth/pinned_users_exclusive_lock_on_admin.js
create mode 100644 jstests/auth/pinned_users_remove_user_document_unpins_user.js
create mode 100644 src/mongo/util/dist_cache.cpp
rename src/mongo/{db => util}/dist_cache.h (56%)
create mode 100644 src/mongo/util/dist_cache_test.cpp
Diffstat (limited to 'src/mongo/db/auth/user.h')
-rw-r--r-- | src/mongo/db/auth/user.h | 36 |
1 files changed, 10 insertions, 26 deletions
diff --git a/src/mongo/db/auth/user.h b/src/mongo/db/auth/user.h index f38f90bd084..c5114d19694 100644 --- a/src/mongo/db/auth/user.h +++ b/src/mongo/db/auth/user.h @@ -42,6 +42,7 @@ #include "mongo/platform/atomic_word.h" #include "mongo/stdx/unordered_map.h" #include "mongo/stdx/unordered_set.h" +#include "mongo/util/dist_cache.h" namespace mongo { @@ -64,6 +65,8 @@ class User { User& operator=(const User&) = delete; public: + using UserId = std::vector<std::uint8_t>; + template <typename HashBlock> struct SCRAMCredentials { SCRAMCredentials() : iterationCount(0), salt(""), serverKey(""), storedKey("") {} @@ -87,6 +90,7 @@ public: return !iterationCount && salt.empty() && serverKey.empty() && storedKey.empty(); } }; + struct CredentialData { CredentialData() : scram_sha1(), scram_sha256(), isExternal(false) {} @@ -104,11 +108,11 @@ public: const SCRAMCredentials<HashBlock>& scram() const; }; - typedef stdx::unordered_map<ResourcePattern, Privilege> ResourcePrivilegeMap; + using ResourcePrivilegeMap = stdx::unordered_map<ResourcePattern, Privilege>; explicit User(const UserName& name); + User(User&&) = default; - using UserId = std::vector<std::uint8_t>; const UserId& getID() const { return _id; } @@ -131,7 +135,6 @@ public: return _digest; } - /** * Returns an iterator over the names of the user's direct roles */ @@ -169,13 +172,6 @@ public: */ bool hasActionsForResource(const ResourcePattern& resource) const; - /** - * Returns true if this copy of information about this user is still valid. If this returns - * false, this object should no longer be used and should be returned to the - * AuthorizationManager and a new User object for this user should be requested. - */ - bool isValid() const; - // Mutators below. Mutation functions should *only* be called by the AuthorizationManager /** @@ -232,21 +228,11 @@ public: } void getRestrictions() && = delete; -protected: - friend class AuthorizationManagerImpl; - /** - * Marks this instance of the User object as invalid, most likely because information about - * the user has been updated and needs to be reloaded from the AuthorizationManager. - * - * This method should *only* be called by the AuthorizationManager. - */ - void _invalidate(); - private: - // Unique ID (often UUID) for this user. - // May be empty for legacy users. + // Unique ID (often UUID) for this user. May be empty for legacy users. UserId _id; + // The full user name (as specified by the administrator) UserName _name; // Digest of the full username @@ -266,11 +252,9 @@ private: // Restrictions which must be met by a Client in order to authenticate as this user. RestrictionDocuments _restrictions; - - // Indicates whether the user has been marked as invalid by the AuthorizationManager. - AtomicWord<bool> _isValid{true}; }; -using UserHandle = std::shared_ptr<User>; +using UserDistCache = DistCache<UserName, User>; +using UserHandle = UserDistCache::ValueHandle; } // namespace mongo |