[SERVER-33008] Slice Authorization Framework with vtable to facilitate not using it in mobile Created: 30/Jan/18  Updated: 29/Oct/23  Resolved: 11/May/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 3.7 Required
Fix Version/s: 4.0.0-rc0

Type: Improvement Priority: Major - P3
Reporter: ADAM Martin (Inactive) Assignee: ADAM Martin (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-32645 Create a tracker for dependency upon ... Closed
is depended on by SERVER-33889 Remove commands from embedded that sh... Closed
is depended on by SERVER-34006 Ensure android builds target correct ... Closed
is depended on by SERVER-34894 Create Embedded-only auth-lite implem... Closed
is depended on by SERVER-34944 Create an Enterprise-shim-override me... Closed
Gantt Dependency
has to be done before SERVER-34894 Create Embedded-only auth-lite implem... Closed
Backwards Compatibility: Fully Compatible
Sprint: Platforms 2018-02-12, Platforms 2018-02-26, Platforms 2018-03-12, Platforms 2018-03-26, Platforms 2018-04-09, Platforms 2018-04-23, Platforms 2018-05-07, Platforms 2018-05-21
Participants:

 Comments   
Comment by Githook User [ 11/May/18 ]

Author:

{'name': 'ADAM David Alan Martin', 'email': 'adam.martin@10gen.com', 'username': 'adamlsd'}

Message: SERVER-33008 Slice Authorization framework

The Authorization framework was intertwined with many subsystems and
needed to be properly abstracted in order to facilitate cutting down
on certain unnecessary dependencies in some libraries. This also
facilitates creating a reduced authorization framework for use
in embedded builds.
Branch: master
https://github.com/mongodb/mongo/commit/ecf8ad987548705e773d23d5ddc3973cbc1ea7e5

Comment by Githook User [ 11/May/18 ]

Author:

{'name': 'ADAM David Alan Martin', 'email': 'adam.martin@10gen.com', 'username': 'adamlsd'}

Message: SERVER-33008 Slice auth framework for mobile.

There are some enterprise changes that needed to be made to accomodate the new
auth library layout.
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/7a0237a042206d6b7a1c45441fc4c73b09127146

Comment by Andy Schwerin [ 31/Jan/18 ]

AuthorizationSession has a lot of methods on it, most of which are implemented in terms of just one or two methods. What's our motivation for stubbing these out in the library? I mean, I understand that access control is effectively disabled, so why have the code, but is there a stronger reason?

Comment by ADAM Martin (Inactive) [ 30/Jan/18 ]

The two classes that I'm replacing with pure-virtual "interfaces" are `AuthorizationManager` and `AuthorizationSession`. Almost all of the code in the server uses these by pointer, so it should be a relatively simple change. The `AuthzExternalState` hierarchy will remain (effectively) identical as it does today, with the variants for MongoS and MongoD used to contain code specific to those processes.

I'll add you to the review when I put it up.

Comment by Andy Schwerin [ 30/Jan/18 ]

What types do you plan to do this to? Please include me in any WIP reviews,adam.martin.

Generated at Thu Feb 08 04:32:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.