Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-103

Manipulate user objects exclusively via commands

XMLWordPrintableJSON

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: None
    • Labels:
      None
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      JAVA-909 Done 2.12.0, 3.0.0
      PERL-254 Won't Fix 0.704.0.0
      RUBY-667 Done 1.10.0
      NODE-61 Done
      CSHARP-793 Done 1.9
      CDRIVER-232 Done
      PYTHON-552 Done 2.7
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion JAVA-909 Done 2.12.0, 3.0.0 PERL-254 Won't Fix 0.704.0.0 RUBY-667 Done 1.10.0 NODE-61 Done CSHARP-793 Done 1.9 CDRIVER-232 Done PYTHON-552 Done 2.7

      All CRUD on system.users is being replaced and enhanced with commands.

      Note that these commands will all take a write concern as an extra field.

      The point of this ticket is to ensure that a given driver's addUser / removeUser helpers work in a backward and forward compatible way. To do this your driver has to determine wether it has to use the new user manipulation commands or fall back to its existing code. Pseudo code looks something like this:

      try
    userInfo = db.runCommand({'usersInfo': username})
catch error
    if error code == 59 or error code == Null
        <fallback to existing code for backward compatibility>
    else
        re-raise error

if userInfo["users"]
    <use new updateUser command>
else
    <use new createUser command>

      Notes:

      1. By default the server will salt and hash the password sent in createUser and updateUser, assuming the password was passed to it in plaintext. This can be controlled using the "digestPassword" option. By default drivers should salt and hash the password client side, passing the password digest to the server instead of the plaintext password. You must pass {digestPassword: false}

        to the server when hashing the password client side.

      2. All drivers with an addUser helper must continue to support the 2 and 3 parameter versions of that method. See NOTE below for more details.
      3. Delegated authentication is gone in 2.5.x so any tests you have that make use of userSource should be skipped in >= 2.5.3.
      4. All users must have roles in 2.5.x. To get the equivalent of a legacy super user for testing you want at least ['readWriteAnyDatabase', 'userAdminAnyDatabase', 'dbAdminAnyDatabase', 'clusterAdmin']
      5. To remove all users from a database in 2.5.x use the command {"dropAllUsersFromDatabase": 1}

      NOTE - Although createUser requires a "roles" field the addUser helper must continue to support the legacy 2 and 3 parameter forms, i.e.:

      db.addUser('username', 'password')
# Read Only User
db.addUser('username', 'password', true)

      Drivers will follow the shell implementation specified in SERVER-10794. This requires some new built-in roles, specified in that ticket. Drivers should also warn when these forms are used, as specified in the server ticket.

            Assignee:
            barrie Barrie Segal
            Reporter:
            barrie Barrie Segal
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: