[SERVER-31552] Authorization User Cache should be able to hold select users in memory - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.1.4
Component/s: Admin
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2018-09-10, Security 2018-09-24, Security 2018-10-08
Linked BF Score:
19

Description

Currently, updating any user will invalidate its entry in the user cache. The next time that user attempts to perform an operation, the AuthorizationManager will pull the canonical document from disk, taking a shared lock on the system's user collection. If a long running operation has taken an exclusive lock on the whole system, the AuthorizationManager may block until it finishes. Attempting to run administrative operations such as killOp or currentOp may cause the AuthorizationManager to perform this update.

We should have a mechanism to ensure that at least some users are always held in memory. Authentication or authorization, and by extension running killOp, would never need to block.

Attachments

Issue Links

is duplicated by

SERVER-35637 DDL operations blocked by transactions also block authentication

Closed

is related to

SERVER-13586 Remove user cache invalidation from user management commands

Backlog

related to

SERVER-33648 Attempting to perform user- and role-management commands in db.eval() with nolock=false can lead to deadlock

Closed

SERVER-35890 Make Authorization user cache a general purpose lifetime manager

Closed

Activity

People

Assignee:: Jonathan Reams

Reporter:: Spencer Jackson

Participants:: Githook User, Jonathan Reams, Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Oct 13 2017 05:11:58 PM UTC

Updated:: Feb 15 2019 07:01:20 PM UTC

Resolved:: Oct 01 2018 07:51:02 PM UTC