diff options
author | Jason Carey <jcarey@argv.me> | 2019-04-03 13:42:14 -0400 |
---|---|---|
committer | Jason Carey <jcarey@argv.me> | 2019-04-19 10:29:42 -0400 |
commit | 788a884caa1833fc77966d5f28de357db9aec36e (patch) | |
tree | 2960e7a66ea34baef4ad3c7b19ba21bf73e565f0 /src/mongo/executor | |
parent | 1bd8e7d577c4d10eb1efda793b5b6e213a6e66d5 (diff) | |
download | mongo-788a884caa1833fc77966d5f28de357db9aec36e.tar.gz |
SERVER-40464 skip auth option for connection pools
Add support for a new connection pool option which allows us to skip
authentication, even if the server as a whole has auth on.
This is to support special pools which don't need to auth
Diffstat (limited to 'src/mongo/executor')
-rw-r--r-- | src/mongo/executor/connection_pool.h | 5 | ||||
-rw-r--r-- | src/mongo/executor/connection_pool_tl.cpp | 7 | ||||
-rw-r--r-- | src/mongo/executor/connection_pool_tl.h | 14 | ||||
-rw-r--r-- | src/mongo/executor/network_interface_tl.cpp | 2 |
4 files changed, 23 insertions, 5 deletions
diff --git a/src/mongo/executor/connection_pool.h b/src/mongo/executor/connection_pool.h index 7066177e438..f3bfb691ff5 100644 --- a/src/mongo/executor/connection_pool.h +++ b/src/mongo/executor/connection_pool.h @@ -132,6 +132,11 @@ public: * The manager will hold this pool for the lifetime of the pool. */ EgressTagCloserManager* egressTagCloserManager = nullptr; + + /** + * Connections created through this connection pool will not attempt to authenticate. + */ + bool skipAuthentication = false; }; explicit ConnectionPool(std::shared_ptr<DependentTypeFactoryInterface> impl, diff --git a/src/mongo/executor/connection_pool_tl.cpp b/src/mongo/executor/connection_pool_tl.cpp index 25141e09a1e..e4a0d9e35ae 100644 --- a/src/mongo/executor/connection_pool_tl.cpp +++ b/src/mongo/executor/connection_pool_tl.cpp @@ -237,6 +237,10 @@ void TLConnection::setup(Milliseconds timeout, SetupCallback cb) { return _client->initWireVersion("NetworkInterfaceTL", isMasterHook.get()); }) .then([this, isMasterHook] { + if (_skipAuth) { + return Future<void>::makeReady(); + } + boost::optional<std::string> mechanism; if (!isMasterHook->saslMechsForInternalAuth().empty()) mechanism = isMasterHook->saslMechsForInternalAuth().front(); @@ -331,7 +335,8 @@ std::shared_ptr<ConnectionPool::ConnectionInterface> TLTypeFactory::makeConnecti hostAndPort, sslMode, generation, - _onConnectHook.get()); + _onConnectHook.get(), + _connPoolOptions.skipAuthentication); fasten(conn.get()); return conn; } diff --git a/src/mongo/executor/connection_pool_tl.h b/src/mongo/executor/connection_pool_tl.h index d614436c49d..31317c280ef 100644 --- a/src/mongo/executor/connection_pool_tl.h +++ b/src/mongo/executor/connection_pool_tl.h @@ -48,8 +48,12 @@ public: TLTypeFactory(transport::ReactorHandle reactor, transport::TransportLayer* tl, - std::unique_ptr<NetworkConnectionHook> onConnectHook) - : _reactor(std::move(reactor)), _tl(tl), _onConnectHook(std::move(onConnectHook)) {} + std::unique_ptr<NetworkConnectionHook> onConnectHook, + const ConnectionPool::Options& connPoolOptions) + : _reactor(std::move(reactor)), + _tl(tl), + _onConnectHook(std::move(onConnectHook)), + _connPoolOptions(connPoolOptions) {} std::shared_ptr<ConnectionPool::ConnectionInterface> makeConnection( const HostAndPort& hostAndPort, @@ -71,6 +75,7 @@ private: transport::ReactorHandle _reactor; transport::TransportLayer* _tl; std::unique_ptr<NetworkConnectionHook> _onConnectHook; + const ConnectionPool::Options _connPoolOptions; mutable stdx::mutex _mutex; AtomicWord<bool> _inShutdown{false}; @@ -130,12 +135,14 @@ public: HostAndPort peer, transport::ConnectSSLMode sslMode, size_t generation, - NetworkConnectionHook* onConnectHook) + NetworkConnectionHook* onConnectHook, + bool skipAuth) : ConnectionInterface(generation), TLTypeFactory::Type(factory), _reactor(reactor), _serviceContext(serviceContext), _timer(factory->makeTimer()), + _skipAuth(skipAuth), _peer(std::move(peer)), _sslMode(sslMode), _onConnectHook(onConnectHook) {} @@ -165,6 +172,7 @@ private: transport::ReactorHandle _reactor; ServiceContext* const _serviceContext; std::shared_ptr<ConnectionPool::TimerInterface> _timer; + const bool _skipAuth; HostAndPort _peer; transport::ConnectSSLMode _sslMode; diff --git a/src/mongo/executor/network_interface_tl.cpp b/src/mongo/executor/network_interface_tl.cpp index 1ad164f5c44..a760e6f120d 100644 --- a/src/mongo/executor/network_interface_tl.cpp +++ b/src/mongo/executor/network_interface_tl.cpp @@ -97,7 +97,7 @@ void NetworkInterfaceTL::startup() { _reactor = _tl->getReactor(transport::TransportLayer::kNewReactor); auto typeFactory = std::make_unique<connection_pool_tl::TLTypeFactory>( - _reactor, _tl, std::move(_onConnectHook)); + _reactor, _tl, std::move(_onConnectHook), _connPoolOpts); _pool = std::make_unique<ConnectionPool>( std::move(typeFactory), std::string("NetworkInterfaceTL-") + _instanceName, _connPoolOpts); _ioThread = stdx::thread([this] { |