/**
* Copyright (C) 2013 MongoDB Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see .
*
* As a special exception, the copyright holders give permission to link the
* code of portions of this program with the OpenSSL library under certain
* conditions as described in each individual source file and distribute
* linked combinations including the program with the OpenSSL library. You
* must comply with the GNU Affero General Public License in all respects
* for all of the code used other than as permitted herein. If you modify
* file(s) with this exception, you may extend this exception to your
* version of the file(s), but you are not obligated to do so. If you do not
* wish to do so, delete this exception statement from your version. If you
* delete this exception statement from all source files in the program,
* then also delete it in the license file.
*/
#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kCommand
#include "mongo/platform/basic.h"
#include
#include
#include "mongo/base/status.h"
#include "mongo/base/status_with.h"
#include "mongo/client/connpool.h"
#include "mongo/client/dbclientinterface.h"
#include "mongo/db/auth/authorization_manager.h"
#include "mongo/db/auth/authorization_manager_global.h"
#include "mongo/db/auth/authz_documents_update_guard.h"
#include "mongo/db/auth/user_management_commands_parser.h"
#include "mongo/db/commands/user_management_commands.h"
#include "mongo/s/cluster_client_internal.h"
#include "mongo/s/config.h"
#include "mongo/s/shard.h"
#include "mongo/s/type_shard.h"
#include "mongo/util/log.h"
namespace mongo {
using std::endl;
using std::string;
namespace {
/**
* Returns the ConnectionStrings identifying all of the shards.
*/
std::vector getShardConnectionStrings() {
std::vector allShards;
Shard::getAllShards(allShards);
std::vector result;
for (size_t i = 0; i < allShards.size(); ++i) {
result.push_back(allShards[i].getAddress());
}
return result;
}
/**
* Runs the authSchemaUpgrade command on the given connection, with the supplied maxSteps
* and writeConcern parameters.
*
* Used to upgrade individual shards.
*/
Status runUpgradeOnConnection(DBClientBase* conn, int maxSteps, const BSONObj& writeConcern) {
std::string errorMessage;
BSONObj result;
BSONObjBuilder cmdObjBuilder;
cmdObjBuilder << "authSchemaUpgrade" << 1 << "maxSteps" << maxSteps;
if (!writeConcern.isEmpty()) {
cmdObjBuilder << "writeConcern" << writeConcern;
}
try {
conn->runCommand(
"admin",
cmdObjBuilder.done(),
result);
}
catch (const DBException& ex) {
return ex.toStatus();
}
return Command::getStatusFromCommandResult(result);
}
/**
* Runs the authSchemaUpgrade on all shards, with the given maxSteps and writeConcern
* parameters.
*
* Upgrades each shard serially, and stops on first failure. Returned error indicates that
* failure.
*/
Status runUpgradeOnAllShards(int maxSteps, const BSONObj& writeConcern) {
std::vector shardServers;
try {
shardServers = getShardConnectionStrings();
}
catch (const DBException& ex) {
return ex.toStatus();
}
// Upgrade each shard in turn, stopping on first failure.
for (size_t i = 0; i < shardServers.size(); ++i) {
std::string errorMessage;
ScopedDbConnection shardConn(shardServers[i]);
Status status = runUpgradeOnConnection(shardConn.get(), maxSteps, writeConcern);
if (!status.isOK()) {
return Status(
status.code(),
mongoutils::str::stream() << status.reason() << " on shard " <<
shardServers[i].toString());
}
shardConn.done();
}
return Status::OK();
}
class CmdAuthSchemaUpgradeS : public CmdAuthSchemaUpgrade {
virtual bool run(
OperationContext* txn,
const string& dbname,
BSONObj& cmdObj,
int options,
string& errmsg,
BSONObjBuilder& result,
bool fromRepl) {
int maxSteps;
bool upgradeShardServers;
BSONObj writeConcern;
Status status = auth::parseAuthSchemaUpgradeStepCommand(
cmdObj,
dbname,
&maxSteps,
&upgradeShardServers,
&writeConcern);
if (!status.isOK()) {
return appendCommandStatus(result, status);
}
AuthorizationManager* authzManager = getGlobalAuthorizationManager();
AuthzDocumentsUpdateGuard updateGuard(authzManager);
if (!updateGuard.tryLock("auth schema upgrade")) {
return appendCommandStatus(
result,
Status(ErrorCodes::LockBusy, "Could not lock auth data update lock."));
}
status = checkClusterMongoVersions(configServer.getConnectionString(), "2.7.6");
if (!status.isOK()) {
log() << "Auth schema upgrade failed: " << status << endl;
return appendCommandStatus(result, status);
}
status = authzManager->upgradeSchema(txn, maxSteps, writeConcern);
if (!status.isOK())
return appendCommandStatus(result, status);
if (upgradeShardServers) {
status = runUpgradeOnAllShards(maxSteps, writeConcern);
if (!status.isOK())
return appendCommandStatus(result, status);
}
result.append("done", true);
return true;
}
} cmdAuthSchemaUpgradeStep;
} // namespace
} // namespace mongo