SERVER-38955 Convert AuthManager and FCV setParameters to IDL

8 files changed, 159 insertions, 110 deletions

diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index 4f505f5c88a..9c71ac46304 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -216,6 +216,10 @@ env.Library(
     target='authorization_manager_global',
     source=[
         'authorization_manager_global.cpp',
+        env.Idlc('authorization_manager_global_parameters.idl')[0],
+    ],
+    LIBDEPS_PRIVATE=[
+        '$BUILD_DIR/mongo/idl/server_parameter',
     ],
     LIBDEPS=[
         'auth',
@@ -366,7 +370,6 @@ env.Library(
         '$BUILD_DIR/mongo/db/dbdirectclient',
         '$BUILD_DIR/mongo/db/dbhelpers',
         '$BUILD_DIR/mongo/db/repl/repl_coordinator_interface',
-        '$BUILD_DIR/mongo/db/server_parameters',
     ],
     LIBDEPS_PRIVATE=[
         '$BUILD_DIR/mongo/db/concurrency/lock_manager',
diff --git a/src/mongo/db/auth/authorization_manager_global.cpp b/src/mongo/db/auth/authorization_manager_global.cpp
index 91ae1c0d742..8cac8ed933e 100644
--- a/src/mongo/db/auth/authorization_manager_global.cpp
+++ b/src/mongo/db/auth/authorization_manager_global.cpp
@@ -30,42 +30,21 @@
 
 #include "mongo/platform/basic.h"
 
-#include "mongo/base/disallow_copying.h"
-#include "mongo/base/init.h"
 #include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/authorization_manager_global_parameters_gen.h"
 #include "mongo/db/auth/authz_manager_external_state.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/server_options.h"
-#include "mongo/db/server_parameters.h"
 #include "mongo/db/service_context.h"
-#include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
 
 namespace mongo {
-namespace {
 
-const std::string kAuthSchemaVersionServerParameter = "authSchemaVersion";
-
-class AuthzVersionParameter : public ServerParameter {
-    MONGO_DISALLOW_COPYING(AuthzVersionParameter);
-
-public:
-    AuthzVersionParameter(ServerParameterSet* sps, const std::string& name);
-    virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name);
-    virtual Status set(const BSONElement& newValueElement);
-    virtual Status setFromString(const std::string& str);
-};
-
-MONGO_INITIALIZER_GENERAL(AuthzSchemaParameter,
-                          MONGO_NO_PREREQUISITES,
-                          ("BeginStartupOptionParsing"))
-(InitializerContext*) {
-    new AuthzVersionParameter(ServerParameterSet::getGlobal(), kAuthSchemaVersionServerParameter);
-    return Status::OK();
-}
-
-AuthzVersionParameter::AuthzVersionParameter(ServerParameterSet* sps, const std::string& name)
-    : ServerParameter(sps, name, false, false) {}
+// This setting is unique in that it is read-only.
+// The IDL subststem doesn't actually allow for that,
+// so we'll pretend it's startup-settable, then override it here.
+AuthzVersionParameter::AuthzVersionParameter(StringData name, ServerParameterType)
+    : ServerParameter(ServerParameterSet::getGlobal(), name, false, false) {}
 
 void AuthzVersionParameter::append(OperationContext* opCtx,
                                    BSONObjBuilder& b,
@@ -76,18 +55,10 @@ void AuthzVersionParameter::append(OperationContext* opCtx,
     b.append(name, authzVersion);
 }
 
-Status AuthzVersionParameter::set(const BSONElement& newValueElement) {
-    return Status(ErrorCodes::InternalError, "set called on unsettable server parameter");
-}
-
 Status AuthzVersionParameter::setFromString(const std::string& newValueString) {
-    return Status(ErrorCodes::InternalError, "set called on unsettable server parameter");
+    return {ErrorCodes::InternalError, "set called on unsettable server parameter"};
 }
 
-}  // namespace
-
-MONGO_EXPORT_STARTUP_SERVER_PARAMETER(startupAuthSchemaValidation, bool, true);
-
 ServiceContext::ConstructorActionRegisterer createAuthorizationManager(
     "CreateAuthorizationManager",
     {"OIDGeneration",
@@ -97,7 +68,7 @@ ServiceContext::ConstructorActionRegisterer createAuthorizationManager(
         auto authzManager = AuthorizationManager::create();
         authzManager->setAuthEnabled(serverGlobalParams.authState ==
                                      ServerGlobalParams::AuthState::kEnabled);
-        authzManager->setShouldValidateAuthSchemaOnStartup(startupAuthSchemaValidation);
+        authzManager->setShouldValidateAuthSchemaOnStartup(gStartupAuthSchemaValidation);
         AuthorizationManager::set(service, std::move(authzManager));
     });
 
diff --git a/src/mongo/db/auth/authorization_manager_global_parameters.idl b/src/mongo/db/auth/authorization_manager_global_parameters.idl
new file mode 100644
index 00000000000..b682bcd148d
--- /dev/null
+++ b/src/mongo/db/auth/authorization_manager_global_parameters.idl
@@ -0,0 +1,45 @@
+# Copyright (C) 2018-present MongoDB, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the Server Side Public License, version 1,
+# as published by MongoDB, Inc.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# Server Side Public License for more details.
+#
+# You should have received a copy of the Server Side Public License
+# along with this program. If not, see
+# <http://www.mongodb.com/licensing/server-side-public-license>.
+#
+# As a special exception, the copyright holders give permission to link the
+# code of portions of this program with the OpenSSL library under certain
+# conditions as described in each individual source file and distribute
+# linked combinations including the program with the OpenSSL library. You
+# must comply with the Server Side Public License in all respects for
+# all of the code used other than as permitted herein. If you modify file(s)
+# with this exception, you may extend this exception to your version of the
+# file(s), but you are not obligated to do so. If you do not wish to do so,
+# delete this exception statement from your version. If you delete this
+# exception statement from all source files in the program, then also delete
+# it in the license file.
+
+global:
+    cpp_namespace: mongo
+    cpp_includes:
+        - mongo/db/auth/authorization_manager_impl.h
+
+server_parameters:
+    authSchemaVersion:
+        description: 'Read-only value describing the current auth schema version'
+        set_at: startup # Actually, never.
+        cpp_class:
+            name: AuthzVersionParameter
+            override_ctor: true
+    startupAuthSchemaValidation:
+        description: 'Validate auth schema on startup'
+        set_at: startup
+        cpp_vartype: bool
+        cpp_varname: gStartupAuthSchemaValidation
+        default: true
diff --git a/src/mongo/db/commands/SConscript b/src/mongo/db/commands/SConscript
index 35808b12da5..21d9929984a 100644
--- a/src/mongo/db/commands/SConscript
+++ b/src/mongo/db/commands/SConscript
@@ -188,6 +188,7 @@ env.Library(
     target="mongod_fcv",
     source=[
         "feature_compatibility_version.cpp",
+        env.Idlc('feature_compatibility_version.idl')[0],
     ],
     LIBDEPS=[
         'feature_compatibility_parsers',
@@ -196,6 +197,7 @@ env.Library(
         '$BUILD_DIR/mongo/db/commands',
         '$BUILD_DIR/mongo/db/dbdirectclient',
         '$BUILD_DIR/mongo/db/kill_sessions_local',
+        '$BUILD_DIR/mongo/idl/server_parameter',
         '$BUILD_DIR/mongo/executor/egress_tag_closer_manager',
     ],
 )
diff --git a/src/mongo/db/commands/feature_compatibility_version.cpp b/src/mongo/db/commands/feature_compatibility_version.cpp
index 0e2cc66572e..db37ae4819b 100644
--- a/src/mongo/db/commands/feature_compatibility_version.cpp
+++ b/src/mongo/db/commands/feature_compatibility_version.cpp
@@ -37,6 +37,7 @@
 #include "mongo/base/status.h"
 #include "mongo/db/catalog_raii.h"
 #include "mongo/db/commands/feature_compatibility_version_documentation.h"
+#include "mongo/db/commands/feature_compatibility_version_gen.h"
 #include "mongo/db/commands/feature_compatibility_version_parser.h"
 #include "mongo/db/dbdirectclient.h"
 #include "mongo/db/kill_sessions_local.h"
@@ -256,73 +257,58 @@ void FeatureCompatibilityVersion::_runUpdateCommand(OperationContext* opCtx,
 /**
  * Read-only server parameter for featureCompatibilityVersion.
  */
-class FeatureCompatibilityVersionParameter : public ServerParameter {
-public:
-    FeatureCompatibilityVersionParameter()
-        : ServerParameter(ServerParameterSet::getGlobal(),
-                          FeatureCompatibilityVersionParser::kParameterName.toString(),
-                          false,  // allowedToChangeAtStartup
-                          false   // allowedToChangeAtRuntime
-                          ) {}
-
-    virtual void append(OperationContext* opCtx, BSONObjBuilder& b, const std::string& name) {
-        BSONObjBuilder featureCompatibilityVersionBuilder(b.subobjStart(name));
-        uassert(ErrorCodes::UnknownFeatureCompatibilityVersion,
-                str::stream() << FeatureCompatibilityVersionParser::kParameterName
-                              << " is not yet known.",
-                serverGlobalParams.featureCompatibility.isVersionInitialized());
-        switch (serverGlobalParams.featureCompatibility.getVersion()) {
-            case ServerGlobalParams::FeatureCompatibility::Version::kFullyUpgradedTo42:
-                featureCompatibilityVersionBuilder.append(
-                    FeatureCompatibilityVersionParser::kVersionField,
-                    FeatureCompatibilityVersionParser::kVersion42);
-                return;
-            case ServerGlobalParams::FeatureCompatibility::Version::kUpgradingTo42:
-                featureCompatibilityVersionBuilder.append(
-                    FeatureCompatibilityVersionParser::kVersionField,
-                    FeatureCompatibilityVersionParser::kVersion40);
-                featureCompatibilityVersionBuilder.append(
-                    FeatureCompatibilityVersionParser::kTargetVersionField,
-                    FeatureCompatibilityVersionParser::kVersion42);
-                return;
-            case ServerGlobalParams::FeatureCompatibility::Version::kDowngradingTo40:
-                featureCompatibilityVersionBuilder.append(
-                    FeatureCompatibilityVersionParser::kVersionField,
-                    FeatureCompatibilityVersionParser::kVersion40);
-                featureCompatibilityVersionBuilder.append(
-                    FeatureCompatibilityVersionParser::kTargetVersionField,
-                    FeatureCompatibilityVersionParser::kVersion40);
-                return;
-            case ServerGlobalParams::FeatureCompatibility::Version::kFullyDowngradedTo40:
-                featureCompatibilityVersionBuilder.append(
-                    FeatureCompatibilityVersionParser::kVersionField,
-                    FeatureCompatibilityVersionParser::kVersion40);
-                return;
-            case ServerGlobalParams::FeatureCompatibility::Version::kUnsetDefault40Behavior:
-                // getVersion() does not return this value.
-                MONGO_UNREACHABLE;
-        }
-    }
-
-    virtual Status set(const BSONElement& newValueElement) {
-        return Status(ErrorCodes::IllegalOperation,
-                      str::stream()
-                          << FeatureCompatibilityVersionParser::kParameterName
-                          << " cannot be set via setParameter. See "
-                          << feature_compatibility_version_documentation::kCompatibilityLink
-                          << ".");
+// No ability to specify 'none' as set_at type,
+// so use 'startup' in the IDL file, then override to none here.
+FeatureCompatibilityVersionParameter::FeatureCompatibilityVersionParameter(StringData name,
+                                                                           ServerParameterType)
+    : ServerParameter(ServerParameterSet::getGlobal(), name, false, false) {}
+
+void FeatureCompatibilityVersionParameter::append(OperationContext* opCtx,
+                                                  BSONObjBuilder& b,
+                                                  const std::string& name) {
+    uassert(ErrorCodes::UnknownFeatureCompatibilityVersion,
+            str::stream() << name << " is not yet known.",
+            serverGlobalParams.featureCompatibility.isVersionInitialized());
+
+    BSONObjBuilder featureCompatibilityVersionBuilder(b.subobjStart(name));
+    switch (serverGlobalParams.featureCompatibility.getVersion()) {
+        case ServerGlobalParams::FeatureCompatibility::Version::kFullyUpgradedTo42:
+            featureCompatibilityVersionBuilder.append(
+                FeatureCompatibilityVersionParser::kVersionField,
+                FeatureCompatibilityVersionParser::kVersion42);
+            return;
+        case ServerGlobalParams::FeatureCompatibility::Version::kUpgradingTo42:
+            featureCompatibilityVersionBuilder.append(
+                FeatureCompatibilityVersionParser::kVersionField,
+                FeatureCompatibilityVersionParser::kVersion40);
+            featureCompatibilityVersionBuilder.append(
+                FeatureCompatibilityVersionParser::kTargetVersionField,
+                FeatureCompatibilityVersionParser::kVersion42);
+            return;
+        case ServerGlobalParams::FeatureCompatibility::Version::kDowngradingTo40:
+            featureCompatibilityVersionBuilder.append(
+                FeatureCompatibilityVersionParser::kVersionField,
+                FeatureCompatibilityVersionParser::kVersion40);
+            featureCompatibilityVersionBuilder.append(
+                FeatureCompatibilityVersionParser::kTargetVersionField,
+                FeatureCompatibilityVersionParser::kVersion40);
+            return;
+        case ServerGlobalParams::FeatureCompatibility::Version::kFullyDowngradedTo40:
+            featureCompatibilityVersionBuilder.append(
+                FeatureCompatibilityVersionParser::kVersionField,
+                FeatureCompatibilityVersionParser::kVersion40);
+            return;
+        case ServerGlobalParams::FeatureCompatibility::Version::kUnsetDefault40Behavior:
+            // getVersion() does not return this value.
+            MONGO_UNREACHABLE;
     }
+}
 
-    virtual Status setFromString(const std::string& str) {
-        return Status(ErrorCodes::IllegalOperation,
-                      str::stream()
-                          << FeatureCompatibilityVersionParser::kParameterName
-                          << " cannot be set via setParameter. See "
+Status FeatureCompatibilityVersionParameter::setFromString(const std::string&) {
+    return {ErrorCodes::IllegalOperation,
+            str::stream() << name() << " cannot be set via setParameter. See "
                           << feature_compatibility_version_documentation::kCompatibilityLink
-                          << ".");
-    }
-} featureCompatibilityVersionParameter;
-
-MONGO_EXPORT_STARTUP_SERVER_PARAMETER(internalValidateFeaturesAsMaster, bool, true);
+                          << "."};
+}
 
 }  // namespace mongo
diff --git a/src/mongo/db/commands/feature_compatibility_version.h b/src/mongo/db/commands/feature_compatibility_version.h
index 77ff5a3b9fc..9c2871e9ef9 100644
--- a/src/mongo/db/commands/feature_compatibility_version.h
+++ b/src/mongo/db/commands/feature_compatibility_version.h
@@ -41,12 +41,6 @@ namespace mongo {
 class BSONObj;
 class OperationContext;
 
-/**
- * Startup parameter to ignore featureCompatibilityVersion checks. This parameter cannot be set if
- * the node is started with --replSet. This should never be set by end users.
- */
-extern bool internalValidateFeaturesAsMaster;
-
 class FeatureCompatibilityVersion {
 public:
     /**
diff --git a/src/mongo/db/commands/feature_compatibility_version.idl b/src/mongo/db/commands/feature_compatibility_version.idl
new file mode 100644
index 00000000000..ca4ff5652a9
--- /dev/null
+++ b/src/mongo/db/commands/feature_compatibility_version.idl
@@ -0,0 +1,47 @@
+# Copyright (C) 2018-present MongoDB, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the Server Side Public License, version 1,
+# as published by MongoDB, Inc.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# Server Side Public License for more details.
+#
+# You should have received a copy of the Server Side Public License
+# along with this program. If not, see
+# <http://www.mongodb.com/licensing/server-side-public-license>.
+#
+# As a special exception, the copyright holders give permission to link the
+# code of portions of this program with the OpenSSL library under certain
+# conditions as described in each individual source file and distribute
+# linked combinations including the program with the OpenSSL library. You
+# must comply with the Server Side Public License in all respects for
+# all of the code used other than as permitted herein. If you modify file(s)
+# with this exception, you may extend this exception to your version of the
+# file(s), but you are not obligated to do so. If you do not wish to do so,
+# delete this exception statement from your version. If you delete this
+# exception statement from all source files in the program, then also delete
+# it in the license file.
+#
+
+global:
+  cpp_namespace: "mongo"
+
+server_parameters:
+    featureCompatibilityVersion:
+        description: 'Read-only view of current Feature Compatability Version'
+        # Actually, never.
+        set_at: startup
+        cpp_class:
+            name: FeatureCompatibilityVersionParameter
+            override_ctor: true
+    internalValidateFeaturesAsMaster:
+        description: >
+            Startup parameter to ignore featureCompatibilityVersion checks. This parameter cannot be set if
+            the node is started with --replSet. This should never be set by end users.
+        set_at: startup
+        cpp_vartype: bool
+        cpp_varname: gInternalValidateFeaturesAsMaster
+        default: true
diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp
index 1a990445279..8d07347ca5b 100644
--- a/src/mongo/db/db.cpp
+++ b/src/mongo/db/db.cpp
@@ -62,6 +62,7 @@
 #include "mongo/db/client.h"
 #include "mongo/db/clientcursor.h"
 #include "mongo/db/commands/feature_compatibility_version.h"
+#include "mongo/db/commands/feature_compatibility_version_gen.h"
 #include "mongo/db/concurrency/d_concurrency.h"
 #include "mongo/db/concurrency/lock_state.h"
 #include "mongo/db/concurrency/write_conflict_exception.h"
@@ -601,7 +602,7 @@ ExitCode _initAndListen(int listenPort) {
             startTTLBackgroundJob();
         }
 
-        if (replSettings.usingReplSets() || !internalValidateFeaturesAsMaster) {
+        if (replSettings.usingReplSets() || !gInternalValidateFeaturesAsMaster) {
             serverGlobalParams.validateFeaturesAsMaster.store(false);
         }
     }