SERVER-28127 Integrate KeyManager to LogicalClock

author: Randolph Tan <randolph@10gen.com> 2017-05-01 14:37:16 -0400
committer: Randolph Tan <randolph@10gen.com> 2017-05-22 10:59:36 -0400
commit: 8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4 (patch)
tree: e5484224ac87be90ffb8b24d25beb97f07ab5d01 /src/mongo/rpc/metadata.cpp
parent: b035e46ec65088885d8b934af235481f294af77f (diff)
download: mongo-8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4.tar.gz
1 files changed, 7 insertions, 35 deletions
diff --git a/src/mongo/rpc/metadata.cpp b/src/mongo/rpc/metadata.cpp
index 80046bdad58..7b35b2c7821 100644
--- a/src/mongo/rpc/metadata.cpp
+++ b/src/mongo/rpc/metadata.cpp
@@ -30,12 +30,7 @@
 
 #include "mongo/rpc/metadata.h"
 
-#include "mongo/base/init.h"
 #include "mongo/client/dbclientinterface.h"
-#include "mongo/db/auth/action_set.h"
-#include "mongo/db/auth/action_type.h"
-#include "mongo/db/auth/authorization_session.h"
-#include "mongo/db/auth/privilege.h"
 #include "mongo/db/jsobj.h"
 #include "mongo/db/logical_clock.h"
 #include "mongo/db/logical_time_validator.h"
@@ -49,27 +44,6 @@
 namespace mongo {
 namespace rpc {
 
-namespace {
-
-std::vector<Privilege> advanceLogicalClockPrivilege;
-
-MONGO_INITIALIZER(InitializeAdvanceLogicalClockPrivilegeVector)(InitializerContext* const) {
-    ActionSet actions;
-    actions.addAction(ActionType::internal);
-    advanceLogicalClockPrivilege.emplace_back(ResourcePattern::forClusterResource(), actions);
-    return Status::OK();
-}
-
-bool isAuthorizedToAdvanceClock(OperationContext* opCtx) {
-    auto client = opCtx->getClient();
-    // Note: returns true if auth is off, courtesy of
-    // AuthzSessionExternalStateServerCommon::shouldIgnoreAuthChecks.
-    return AuthorizationSession::get(client)->isAuthorizedForPrivileges(
-        advanceLogicalClockPrivilege);
-}
-
-}  // unnamed namespace
-
 BSONObj makeEmptyMetadata() {
     return BSONObj();
 }
@@ -124,16 +98,14 @@ void readRequestMetadata(OperationContext* opCtx, const BSONObj& metadataObj) {
         // default constructed SignedLogicalTime should be ignored.
         if (signedTime.getTime() != LogicalTime::kUninitialized) {
             auto logicalTimeValidator = LogicalTimeValidator::get(opCtx);
-            if (isAuthorizedToAdvanceClock(opCtx)) {
-                if (logicalTimeValidator) {
-                    logicalTimeValidator->updateCacheTrustedSource(signedTime);
+            if (!LogicalTimeValidator::isAuthorizedToAdvanceClock(opCtx)) {
+                if (!logicalTimeValidator) {
+                    uasserted(ErrorCodes::CannotVerifyAndSignLogicalTime,
+                              "Cannot accept logicalTime: " + signedTime.getTime().toString() +
+                                  ". May not be a part of a sharded cluster");
+                } else {
+                    uassertStatusOK(logicalTimeValidator->validate(opCtx, signedTime));
                 }
-            } else if (!logicalTimeValidator) {
-                uasserted(ErrorCodes::CannotVerifyAndSignLogicalTime,
-                          "Cannot accept logicalTime: " + signedTime.getTime().toString() +
-                              ". May not be a part of a sharded cluster");
-            } else {
-                uassertStatusOK(logicalTimeValidator->validate(signedTime));
             }
 
             uassertStatusOK(logicalClock->advanceClusterTime(signedTime.getTime()));
author	Randolph Tan <randolph@10gen.com>	2017-05-01 14:37:16 -0400
committer	Randolph Tan <randolph@10gen.com>	2017-05-22 10:59:36 -0400
commit	8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4 (patch)
tree	e5484224ac87be90ffb8b24d25beb97f07ab5d01 /src/mongo/rpc/metadata.cpp
parent	b035e46ec65088885d8b934af235481f294af77f (diff)
download	mongo-8edbf46a78494ae034e8faa982c8f8bdcd5c3ef4.tar.gz