SERVER-38533 Convert src/mongo/db/auth/authorization_manager_impl.cpp to IDL

4 files changed, 92 insertions, 14 deletions

diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index 15b65aa08f3..c86b421d8b7 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -128,6 +128,7 @@ env.Library(
         'authz_manager_external_state.cpp',
         'authz_session_external_state.cpp',
         'user_set.cpp',
+        env.Idlc('authorization_manager_impl_parameters.idl')[0],
     ],
     LIBDEPS=[
         'address_restriction',
@@ -153,6 +154,9 @@ env.Library(
         '$BUILD_DIR/mongo/util/net/ssl_manager',
         '$BUILD_DIR/mongo/util/net/ssl_types',
     ],
+    LIBDEPS_PRIVATE=[
+        '$BUILD_DIR/mongo/idl/server_parameter',
+    ],
 )
 
 env.Library(
diff --git a/src/mongo/db/auth/authorization_manager_impl.cpp b/src/mongo/db/auth/authorization_manager_impl.cpp
index 5973ac9b00e..88368a9fd17 100644
--- a/src/mongo/db/auth/authorization_manager_impl.cpp
+++ b/src/mongo/db/auth/authorization_manager_impl.cpp
@@ -46,6 +46,7 @@
 #include "mongo/crypto/mechanism_scram.h"
 #include "mongo/db/auth/action_set.h"
 #include "mongo/db/auth/address_restriction.h"
+#include "mongo/db/auth/authorization_manager_impl_parameters_gen.h"
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/authorization_session_impl.h"
 #include "mongo/db/auth/authz_manager_external_state.h"
@@ -113,15 +114,9 @@ MONGO_INITIALIZER_GENERAL(SetupInternalSecurityUser,
     return exceptionToStatus();
 }
 
-MONGO_EXPORT_STARTUP_SERVER_PARAMETER(authorizationManagerCacheSize, int, 100);
-
-class PinnedUserSetParameter final : public ServerParameter {
+class PinnedUserSetParameter {
 public:
-    PinnedUserSetParameter()
-        : ServerParameter(
-              ServerParameterSet::getGlobal(), "authorizationManagerPinnedUsers", true, true) {}
-
-    void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) override {
+    void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) const {
         BSONArrayBuilder sub(b.subarrayStart(name));
         for (const auto& username : _userNames) {
             BSONObjBuilder nameObj(sub.subobjStart());
@@ -130,7 +125,7 @@ public:
         }
     }
 
-    Status set(const BSONElement& newValueElement) override {
+    Status set(const BSONElement& newValueElement) {
         if (newValueElement.type() == String) {
             return setFromString(newValueElement.valuestrsafe());
         } else if (newValueElement.type() == Array) {
@@ -146,7 +141,7 @@ public:
             }
 
             stdx::unique_lock<stdx::mutex> lk(_mutex);
-            std::swap(_userNames, out);
+            _userNames = std::move(out);
             auto authzManager = _authzManager;
             if (!authzManager) {
                 return Status::OK();
@@ -162,7 +157,7 @@ public:
         }
     }
 
-    Status setFromString(const std::string& str) override {
+    Status setFromString(const std::string& str) {
         std::vector<std::string> strList;
         splitStringDelim(str, &strList, ',');
 
@@ -185,9 +180,10 @@ public:
             return Status::OK();
         }
 
-        stdx::unique_lock<stdx::mutex> lk(_mutex);
-        std::swap(out, _userNames);
-        lk.unlock();
+        {
+            stdx::lock_guard<stdx::mutex> lk(_mutex);
+            _userNames = std::move(out);
+        }
 
         authzManager->invalidateUserCache(Client::getCurrent()->getOperationContext());
         return Status::OK();
@@ -222,6 +218,21 @@ const auto inUserManagementCommandsFlag = OperationContext::declareDecoration<bo
 
 }  // namespace
 
+int authorizationManagerCacheSize;
+
+void AuthorizationManagerPinnedUsersHooks::appendBson(OperationContext* opCtx,
+                                                      BSONObjBuilder* out,
+                                                      StringData name) {
+    return authorizationManagerPinnedUsers.append(opCtx, *out, std::string(name));
+}
+
+Status AuthorizationManagerPinnedUsersHooks::fromBson(const BSONElement& newValue) {
+    return authorizationManagerPinnedUsers.set(newValue);
+}
+
+Status AuthorizationManagerPinnedUsersHooks::fromString(StringData str) {
+    return authorizationManagerPinnedUsers.setFromString(std::string(str));
+}
 
 MONGO_REGISTER_SHIM(AuthorizationManager::create)()->std::unique_ptr<AuthorizationManager> {
     return std::make_unique<AuthorizationManagerImpl>();
diff --git a/src/mongo/db/auth/authorization_manager_impl.h b/src/mongo/db/auth/authorization_manager_impl.h
index 52151139385..7d8794a5b35 100644
--- a/src/mongo/db/auth/authorization_manager_impl.h
+++ b/src/mongo/db/auth/authorization_manager_impl.h
@@ -259,4 +259,14 @@ private:
 
     AtomicBool _inUserManagementCommand{false};
 };
+
+extern int authorizationManagerCacheSize;
+
+// Hooks for IDL server parameter 'authorizationManagerPinnedUsers'.
+struct AuthorizationManagerPinnedUsersHooks {
+    static void appendBson(OperationContext* opCtx, BSONObjBuilder* out, StringData name);
+    static Status fromBson(const BSONElement& newValue);
+    static Status fromString(StringData str);
+};
+
 }  // namespace mongo
diff --git a/src/mongo/db/auth/authorization_manager_impl_parameters.idl b/src/mongo/db/auth/authorization_manager_impl_parameters.idl
new file mode 100644
index 00000000000..3cbabc74d50
--- /dev/null
+++ b/src/mongo/db/auth/authorization_manager_impl_parameters.idl
@@ -0,0 +1,53 @@
+# Copyright (C) 2018-present MongoDB, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the Server Side Public License, version 1,
+# as published by MongoDB, Inc.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# Server Side Public License for more details.
+#
+# You should have received a copy of the Server Side Public License
+# along with this program. If not, see
+# <http://www.mongodb.com/licensing/server-side-public-license>.
+#
+# As a special exception, the copyright holders give permission to link the
+# code of portions of this program with the OpenSSL library under certain
+# conditions as described in each individual source file and distribute
+# linked combinations including the program with the OpenSSL library. You
+# must comply with the Server Side Public License in all respects for
+# all of the code used other than as permitted herein. If you modify file(s)
+# with this exception, you may extend this exception to your version of the
+# file(s), but you are not obligated to do so. If you do not wish to do so,
+# delete this exception statement from your version. If you delete this
+# exception statement from all source files in the program, then also delete
+# it in the license file.
+
+global:
+  cpp_namespace: mongo
+  cpp_includes:
+    - mongo/db/auth/authorization_manager_impl.h
+
+imports:
+  - mongo/idl/basic_types.idl
+
+server_parameters:
+  authorizationManagerCacheSize:
+    description: >
+      Element count limit on the AuthorizationManager's user handle cache.
+    set_at:
+      - startup
+    cpp_varname: authorizationManagerCacheSize
+    default: 100
+
+  authorizationManagerPinnedUsers:
+    description: >
+      A comma-separated sequence of user names.
+    set_at:
+      - startup
+      - runtime
+    append_bson: AuthorizationManagerPinnedUsersHooks::appendBson
+    from_bson: AuthorizationManagerPinnedUsersHooks::fromBson
+    from_string: AuthorizationManagerPinnedUsersHooks::fromString