summaryrefslogtreecommitdiff
path: root/src/mongo/db/repl
diff options
context:
space:
mode:
authorAndy Schwerin <schwerin@10gen.com>2013-09-20 10:36:01 -0400
committerAndy Schwerin <schwerin@10gen.com>2013-09-23 16:20:12 -0400
commita7f7c028c4cdda1ab0939c6c7788bb39bd94cc5f (patch)
tree270b9930bff0f280252850cd90ef0bf8e7de0a17 /src/mongo/db/repl
parent234f50a33cd6d2a2e0a30c4b1bddb1c7de176799 (diff)
downloadmongo-a7f7c028c4cdda1ab0939c6c7788bb39bd94cc5f.tar.gz
SERVER-1105 Use ResourcePattern type when identifying the resource component of required privileges.
This patch has two principal components. First, it changes the interface to Privilege and AuthorizationSession to use ResourcePattern in place of std::string for identifying resources. Second, it examines all call sites of the authorization session interface in commands and other code to ensure that the correct resource requirements are conveyed to the authorization_session.
Diffstat (limited to 'src/mongo/db/repl')
-rw-r--r--src/mongo/db/repl/consensus.cpp4
-rw-r--r--src/mongo/db/repl/heartbeat.cpp2
-rw-r--r--src/mongo/db/repl/master_slave.cpp2
-rw-r--r--src/mongo/db/repl/replset_commands.cpp16
-rw-r--r--src/mongo/db/repl/rs_initiate.cpp2
5 files changed, 13 insertions, 13 deletions
diff --git a/src/mongo/db/repl/consensus.cpp b/src/mongo/db/repl/consensus.cpp
index 3974eeb0a7d..e91684da572 100644
--- a/src/mongo/db/repl/consensus.cpp
+++ b/src/mongo/db/repl/consensus.cpp
@@ -46,7 +46,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetFresh);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
private:
@@ -143,7 +143,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetElect);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
private:
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
diff --git a/src/mongo/db/repl/heartbeat.cpp b/src/mongo/db/repl/heartbeat.cpp
index 2a89e15075e..a64b520eb5c 100644
--- a/src/mongo/db/repl/heartbeat.cpp
+++ b/src/mongo/db/repl/heartbeat.cpp
@@ -89,7 +89,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetHeartbeat);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
if( replSetBlind ) {
diff --git a/src/mongo/db/repl/master_slave.cpp b/src/mongo/db/repl/master_slave.cpp
index d46645bc44a..e1983cbd096 100644
--- a/src/mongo/db/repl/master_slave.cpp
+++ b/src/mongo/db/repl/master_slave.cpp
@@ -98,7 +98,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::resync);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
void help(stringstream&h) const { h << "resync (from scratch) an out of date replica slave.\nhttp://dochub.mongodb.org/core/masterslave"; }
CmdResync() : Command("resync") { }
diff --git a/src/mongo/db/repl/replset_commands.cpp b/src/mongo/db/repl/replset_commands.cpp
index 6c101ab9f8e..1539436b9a1 100644
--- a/src/mongo/db/repl/replset_commands.cpp
+++ b/src/mongo/db/repl/replset_commands.cpp
@@ -120,7 +120,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetGetRBID);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
if( !check(errmsg, result) )
@@ -154,7 +154,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetGetStatus);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetGetStatus() : ReplSetCommand("replSetGetStatus", true) { }
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
@@ -181,7 +181,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetReconfig);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetReconfig() : ReplSetCommand("replSetReconfig"), mutex("rsreconfig") { }
virtual bool run(const string& a, BSONObj& b, int e, string& errmsg, BSONObjBuilder& c, bool d) {
@@ -276,7 +276,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetFreeze);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetFreeze() : ReplSetCommand("replSetFreeze") { }
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
@@ -306,7 +306,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetStepDown);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetStepDown() : ReplSetCommand("replSetStepDown") { }
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
@@ -361,7 +361,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetMaintenance);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetMaintenance() : ReplSetCommand("replSetMaintenance") { }
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
@@ -393,7 +393,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetSyncFrom);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetSyncFrom() : ReplSetCommand("replSetSyncFrom") { }
virtual bool run(const string&,
@@ -421,7 +421,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetUpdatePosition);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
CmdReplSetUpdatePosition() : ReplSetCommand("replSetUpdatePosition") { }
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg,
diff --git a/src/mongo/db/repl/rs_initiate.cpp b/src/mongo/db/repl/rs_initiate.cpp
index e1fee73b175..43b8bf858cc 100644
--- a/src/mongo/db/repl/rs_initiate.cpp
+++ b/src/mongo/db/repl/rs_initiate.cpp
@@ -174,7 +174,7 @@ namespace mongo {
std::vector<Privilege>* out) {
ActionSet actions;
actions.addAction(ActionType::replSetInitiate);
- out->push_back(Privilege(AuthorizationManager::SERVER_RESOURCE_NAME, actions));
+ out->push_back(Privilege(ResourcePattern::forClusterResource(), actions));
}
virtual bool run(const string& , BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
log() << "replSet replSetInitiate admin command received from client" << rsLog;
View Lorry Controller Status