[SERVER-10670] Build and maintain roles data structure from contents of admin.system.roles Created: 03/Sep/13  Updated: 02/Aug/18  Resolved: 11/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 2.5.3

Type: Task Priority: Major - P3
Reporter: Andy Schwerin Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Participants:

 Comments   
Comment by Githook User [ 03/Nov/14 ]

Author:

{u'username': u'stephenwlin', u'name': u'Stephen Lin', u'email': u'stephenwlin@gmail.com'}

Message: SERVER-10670 Add missed status return value check from initializeUserPrivilegesFromUserDocument

Closes #851

Signed-off-by: Benety Goh <benety@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/fc9c035d91ccbe16bd0d4412742d5d3352f3eeec

Comment by auto [ 11/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Add missing fassert codes.
Branch: master
https://github.com/mongodb/mongo/commit/0e179669313b05bd3709343e301f657b00d33872

Comment by auto [ 11/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Allow acquireUser to drop the cache mutex while doing disk/network IO.

Introduces CacheGuard abstraction and notion of "fetch phase" of updates, for handling
disk and network activity.
Branch: master
https://github.com/mongodb/mongo/commit/4e50e1e592e2109b7bf1a0fd6002cb0285916d0b

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Reenable auth unittests.

This fixes the authorization_session_test and all but two cases in the
authorization_manager_test. The two failing cases are labeled with a TODO and
disabled individually.
Branch: master
https://github.com/mongodb/mongo/commit/4de73d9215a0a72424d65b6dac0d0d295ee88e35

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Make isAuthEnabled a member rather than static function of AuthorizationManager.

It should have been from the beginning, and fixing it makes it easier to
write tests.
Branch: master
https://github.com/mongodb/mongo/commit/3a122656855ca33ee3ee84744b6d413ed30ade04

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 On a failure resulting from programming error, throw out the RoleGraph.
Branch: master
https://github.com/mongodb/mongo/commit/4f481600f817f5d3c6d2c1cee74e3c133c453681

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Fix concurrency error in examination of _roleGraphState in AuthzExternalStateMongod.
Branch: master
https://github.com/mongodb/mongo/commit/480e8e81f5d4a12134d55bfb8c91c0f33ff07741

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Make addRoleFromDocument and handleLogOp members of RoleGraph.
Branch: master
https://github.com/mongodb/mongo/commit/6e59b0de50d518bba9addb89b80c9160e438a3b2

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Add RoleGraph::replaceRole method.
Branch: master
https://github.com/mongodb/mongo/commit/11be81456ec4c24aa19cdf475fe9e7e79abe2066

Comment by auto [ 06/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Fix build break by checking for granted role existence during createUser.
Branch: master
https://github.com/mongodb/mongo/commit/1f5a1ba9f0b73bd1594959bacc03e4fbc1feccaf

Comment by auto [ 05/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Temporarily disable unit test while updating AuthzManagerExternalStateMock.
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/e33b371a9ccfe013c85660af5a1e36e7103e744a

Comment by auto [ 05/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Maintain role graph consistency.

Keeps the RoleGraph up to date in mongod, and converts MongoS to simply
ask the config server for required information about users and roles.

Performs somewhat aggressive cache invalidation of the users cache in mongod.
Still no cache invalidation in mongos.
Branch: master
https://github.com/mongodb/mongo/commit/54d8fdb24becdeed847567624475a96c7128fee0

Comment by auto [ 05/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Expose more parsing functionality from user_management_commands_parser.cpp
Branch: master
https://github.com/mongodb/mongo/commit/2fd675487ee609e35067021376b18d0ce01da086

Comment by auto [ 05/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Add setPrivileges and setRoleData methods to User.
Branch: master
https://github.com/mongodb/mongo/commit/ee34eb5c05c5b8072dc1354845ed34989596456b

Comment by auto [ 05/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Templatize the RoleNameIteratorImpl for std containers.
Branch: master
https://github.com/mongodb/mongo/commit/07c18d3c1147bd11ea50902542432a178f4f685f

Comment by auto [ 05/Oct/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Make ParsedPrivilege capable of representing the "any" resource.
Branch: master
https://github.com/mongodb/mongo/commit/ae56a7275c630dff4c8afa5805356953d8901c4d

Comment by auto [ 25/Sep/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10670 Encode role and user names into _id fields of privilege documents.
Branch: master
https://github.com/mongodb/mongo/commit/22c276a037ad102738e7b7c86070d3d613fd8e10

Generated at Thu Feb 08 03:23:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.