summaryrefslogtreecommitdiff
path: root/src/mongo/db/commands/user_management_commands.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/commands/user_management_commands.cpp')
-rw-r--r--src/mongo/db/commands/user_management_commands.cpp114
1 files changed, 37 insertions, 77 deletions
diff --git a/src/mongo/db/commands/user_management_commands.cpp b/src/mongo/db/commands/user_management_commands.cpp
index 44edd0d4fd8..b0d55c65396 100644
--- a/src/mongo/db/commands/user_management_commands.cpp
+++ b/src/mongo/db/commands/user_management_commands.cpp
@@ -908,16 +908,25 @@ private:
// Used by most UMC commands.
struct UMCStdParams {
+ static constexpr bool adminOnly = false;
static constexpr bool supportsWriteConcern = true;
static constexpr auto allowedOnSecondary = BasicCommand::AllowedOnSecondary::kNever;
};
// Used by {usersInfo:...} and {rolesInfo:...}
struct UMCInfoParams {
+ static constexpr bool adminOnly = false;
static constexpr bool supportsWriteConcern = false;
static constexpr auto allowedOnSecondary = BasicCommand::AllowedOnSecondary::kOptIn;
};
+// Used by {invalidateUserCache:...} and {_getUserCacheGeneration:...}
+struct UMCCacheParams {
+ static constexpr bool adminOnly = true;
+ static constexpr bool supportsWriteConcern = false;
+ static constexpr auto allowedOnSecondary = BasicCommand::AllowedOnSecondary::kAlways;
+};
+
template <typename RequestT, typename ReplyT, typename Params = UMCStdParams>
class CmdUMCTyped : public TypedCommand<CmdUMCTyped<RequestT, ReplyT, Params>> {
public:
@@ -941,11 +950,15 @@ public:
auth::checkAuthForTypedCommand(opCtx->getClient(), request());
}
- NamespaceString ns() const override {
+ NamespaceString ns() const final {
return NamespaceString(request().getDbName(), "");
}
};
+ bool adminOnly() const final {
+ return Params::adminOnly;
+ }
+
typename TC::AllowedOnSecondary secondaryAllowed(ServiceContext*) const final {
return Params::allowedOnSecondary;
}
@@ -1943,83 +1956,30 @@ RolesInfoReply CmdUMCTyped<RolesInfoCommand, RolesInfoReply, UMCInfoParams>::Inv
return reply;
}
-class CmdInvalidateUserCache : public BasicCommand {
-public:
- CmdInvalidateUserCache() : BasicCommand("invalidateUserCache") {}
-
- AllowedOnSecondary secondaryAllowed(ServiceContext*) const override {
- return AllowedOnSecondary::kAlways;
- }
-
- bool adminOnly() const override {
- return true;
- }
-
- bool supportsWriteConcern(const BSONObj& cmd) const override {
- return false;
- }
-
- std::string help() const override {
- return "Invalidates the in-memory cache of user information";
- }
-
- Status checkAuthForCommand(Client* client,
- const std::string& dbname,
- const BSONObj& cmdObj) const override {
- return auth::checkAuthForInvalidateUserCacheCommand(client);
- }
-
- bool run(OperationContext* opCtx,
- const std::string& dbname,
- const BSONObj& cmdObj,
- BSONObjBuilder& result) override {
- AuthorizationManager* authzManager = AuthorizationManager::get(opCtx->getServiceContext());
- auto lk = requireReadableAuthSchema26Upgrade(opCtx, authzManager);
- authzManager->invalidateUserCache(opCtx);
- return true;
- }
-
-} cmdInvalidateUserCache;
-
-class CmdGetCacheGeneration : public BasicCommand {
-public:
- CmdGetCacheGeneration() : BasicCommand("_getUserCacheGeneration") {}
-
- AllowedOnSecondary secondaryAllowed(ServiceContext*) const override {
- return AllowedOnSecondary::kAlways;
- }
-
- bool adminOnly() const override {
- return true;
- }
-
- bool supportsWriteConcern(const BSONObj& cmd) const override {
- return false;
- }
-
- std::string help() const override {
- return "internal";
- }
-
- Status checkAuthForCommand(Client* client,
- const std::string& dbname,
- const BSONObj& cmdObj) const override {
- return auth::checkAuthForGetUserCacheGenerationCommand(client);
- }
-
- bool run(OperationContext* opCtx,
- const std::string& dbname,
- const BSONObj& cmdObj,
- BSONObjBuilder& result) override {
- uassert(ErrorCodes::IllegalOperation,
- "_getUserCacheGeneration can only be run on config servers",
- serverGlobalParams.clusterRole == ClusterRole::ConfigServer);
- AuthorizationManager* authzManager = AuthorizationManager::get(opCtx->getServiceContext());
- result.append("cacheGeneration", authzManager->getCacheGeneration());
- return true;
- }
+CmdUMCTyped<InvalidateUserCacheCommand, void, UMCCacheParams> cmdInvalidateUserCache;
+template <>
+void CmdUMCTyped<InvalidateUserCacheCommand, void, UMCCacheParams>::Invocation::typedRun(
+ OperationContext* opCtx) {
+ auto* authzManager = AuthorizationManager::get(opCtx->getServiceContext());
+ auto lk = requireReadableAuthSchema26Upgrade(opCtx, authzManager);
+ authzManager->invalidateUserCache(opCtx);
+}
-} cmdGetCacheGeneration;
+CmdUMCTyped<GetUserCacheGenerationCommand, GetUserCacheGenerationReply, UMCCacheParams>
+ cmdGetUserCacheGeneration;
+template <>
+GetUserCacheGenerationReply
+CmdUMCTyped<GetUserCacheGenerationCommand, GetUserCacheGenerationReply, UMCCacheParams>::
+ Invocation::typedRun(OperationContext* opCtx) {
+ uassert(ErrorCodes::IllegalOperation,
+ "_getUserCacheGeneration can only be run on config servers",
+ serverGlobalParams.clusterRole == ClusterRole::ConfigServer);
+
+ GetUserCacheGenerationReply reply;
+ auto* authzManager = AuthorizationManager::get(opCtx->getServiceContext());
+ reply.setCacheGeneration(authzManager->getCacheGeneration());
+ return reply;
+}
/**
* This command is used only by mongorestore to handle restoring users/roles. We do this so
View Lorry Controller Status