diff options
| author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2021-05-11 17:36:06 -0400 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-05-12 15:11:07 +0000 |
| commit | 0e82245a62542483e88c7a46abde402ac91ac9ca (patch) | |
| tree | 74b0495c7ee30f35e12b4d21b2f0e507167287ec /src/mongo/db/auth | |
| parent | c8acbf14bff6ae3aef1f0d3562ba95dde48663b5 (diff) | |
| download | mongo-0e82245a62542483e88c7a46abde402ac91ac9ca.tar.gz | |
SERVER-55908 Remove feature flag featureFlagAuthorizationContract
Diffstat (limited to 'src/mongo/db/auth')
| -rw-r--r-- | src/mongo/db/auth/SConscript | 1 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_contract.idl | 39 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_session_impl.cpp | 19 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_session_impl.h | 7 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 1 |
5 files changed, 1 insertions, 66 deletions
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index 22ee3ed3f6d..f0e4da41fc7 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -143,7 +143,6 @@ env.Library( env.Library( target='auth_impl_internal', source=[ - 'authorization_contract.idl', 'authorization_manager_impl.cpp', 'authorization_session_impl.cpp', 'authz_manager_external_state.cpp', diff --git a/src/mongo/db/auth/authorization_contract.idl b/src/mongo/db/auth/authorization_contract.idl deleted file mode 100644 index 2afe30b4983..00000000000 --- a/src/mongo/db/auth/authorization_contract.idl +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (C) 2021-present MongoDB, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the Server Side Public License, version 1, -# as published by MongoDB, Inc. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# Server Side Public License for more details. -# -# You should have received a copy of the Server Side Public License -# along with this program. If not, see -# <http://www.mongodb.com/licensing/server-side-public-license>. -# -# As a special exception, the copyright holders give permission to link the -# code of portions of this program with the OpenSSL library under certain -# conditions as described in each individual source file and distribute -# linked combinations including the program with the OpenSSL library. You -# must comply with the Server Side Public License in all respects for -# all of the code used other than as permitted herein. If you modify file(s) -# with this exception, you may extend this exception to your version of the -# file(s), but you are not obligated to do so. If you do not wish to do so, -# delete this exception statement from your version. If you delete this -# exception statement from all source files in the program, then also delete -# it in the license file. -# - -global: - cpp_namespace: "mongo::feature_flags" - -feature_flags: - # TODO SERVER-55908 - Remove feature flag - featureFlagAuthorizationContract: - description: "Control support for authorization contracts for tests" - cpp_varname: gFeatureFlagAuthorizationContract - default: true - version: 5.0 - diff --git a/src/mongo/db/auth/authorization_session_impl.cpp b/src/mongo/db/auth/authorization_session_impl.cpp index 97d5e42e2c0..d9e3544c109 100644 --- a/src/mongo/db/auth/authorization_session_impl.cpp +++ b/src/mongo/db/auth/authorization_session_impl.cpp @@ -42,7 +42,6 @@ #include "mongo/db/audit.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/action_type.h" -#include "mongo/db/auth/authorization_contract_gen.h" #include "mongo/db/auth/authz_session_external_state.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/bson/dotted_path_support.h" @@ -74,15 +73,6 @@ auto authorizationSessionCreateRegistration = constexpr StringData ADMIN_DBNAME = "admin"_sd; bool checkContracts() { - - // Only check contracts if the feature is enabled. - // TODO SERVER-55908 - Remove feature flag check - if (!serverGlobalParams.featureCompatibility.isVersionInitialized() || - !feature_flags::gFeatureFlagAuthorizationContract.isEnabled( - serverGlobalParams.featureCompatibility)) { - return false; - } - // Only check contracts in testing modes, invalid contracts should not break customers. if (!TestingProctor::instance().isEnabled()) { return false; @@ -96,7 +86,7 @@ MONGO_FAIL_POINT_DEFINE(allowMultipleUsersWithApiStrict); AuthorizationSessionImpl::AuthorizationSessionImpl( std::unique_ptr<AuthzSessionExternalState> externalState, InstallMockForTestingOrAuthImpl) - : _externalState(std::move(externalState)), _impersonationFlag(false), _checkContracts(false) {} + : _externalState(std::move(externalState)), _impersonationFlag(false) {} AuthorizationSessionImpl::~AuthorizationSessionImpl() { invariant(_authenticatedUsers.count() == 0, @@ -114,11 +104,9 @@ void AuthorizationSessionImpl::startRequest(OperationContext* opCtx) { void AuthorizationSessionImpl::startContractTracking() { if (!checkContracts()) { - _checkContracts = false; return; } - _checkContracts = true; _contract.clear(); } @@ -906,11 +894,6 @@ void AuthorizationSessionImpl::verifyContract(const AuthorizationContract* contr return; } - // Do not check a contract if we decided earlier not to clear the contract tracking state. - if (!_checkContracts) { - return; - } - // Make a mutable copy so that the common auth checks can be added. auto tempContract = *contract; diff --git a/src/mongo/db/auth/authorization_session_impl.h b/src/mongo/db/auth/authorization_session_impl.h index aa9b1d9bac7..8887a06fc4b 100644 --- a/src/mongo/db/auth/authorization_session_impl.h +++ b/src/mongo/db/auth/authorization_session_impl.h @@ -202,12 +202,5 @@ private: // of authorization checks they perform. After a command completes running, MongoDB verifies the // set of checks performed is a subset of the checks declared in the contract. AuthorizationContract _contract; - - // Contract checking is feature guarded. As such we may decide at the start of command to not - // track it but reach a different decision after the command has been run because the FCV has - // changed. We must record our first decision. - // - // TODO SERVER-55908 - remove this variable after the feature flag is removed. - bool _checkContracts; }; } // namespace mongo diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 05a275774c5..87d31f656a9 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -126,7 +126,6 @@ protected: AuthorizationManager* authzManager; std::unique_ptr<AuthorizationSessionForTest> authzSession; BSONObj credentials; - RAIIServerParameterControllerForTest controller{"featureFlagAuthorizationContract", 1}; }; const NamespaceString testFooNss("test.foo"); |