SERVER-38489: convert server parameter to IDL

4 files changed, 118 insertions, 47 deletions

diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index 1357376c7c2..c86b421d8b7 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -333,12 +333,17 @@ env.Library(
     source=[
         'authz_manager_external_state_s.cpp',
         'authz_session_external_state_s.cpp',
-        'user_cache_invalidator_job.cpp'],
+        'user_cache_invalidator_job.cpp',
+        env.Idlc('user_cache_invalidator_job_parameters.idl')[0],
+        ],
     LIBDEPS=[
         'authservercommon',
         '$BUILD_DIR/mongo/s/catalog/dist_lock_manager',
         '$BUILD_DIR/mongo/s/coreshard',
     ],
+    LIBDEPS_PRIVATE=[
+        '$BUILD_DIR/mongo/idl/server_parameter',
+    ],
 )
 
 env.Library(
diff --git a/src/mongo/db/auth/user_cache_invalidator_job.cpp b/src/mongo/db/auth/user_cache_invalidator_job.cpp
index 360d156b465..6a67725a1a2 100644
--- a/src/mongo/db/auth/user_cache_invalidator_job.cpp
+++ b/src/mongo/db/auth/user_cache_invalidator_job.cpp
@@ -40,6 +40,7 @@
 #include "mongo/base/status_with.h"
 #include "mongo/client/connpool.h"
 #include "mongo/db/auth/authorization_manager.h"
+#include "mongo/db/auth/user_cache_invalidator_job_parameters_gen.h"
 #include "mongo/db/client.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/server_parameters.h"
@@ -49,6 +50,7 @@
 #include "mongo/stdx/mutex.h"
 #include "mongo/util/background.h"
 #include "mongo/util/concurrency/idle_thread_block.h"
+#include "mongo/util/duration.h"
 #include "mongo/util/exit.h"
 #include "mongo/util/log.h"
 #include "mongo/util/time_support.h"
@@ -56,43 +58,58 @@
 namespace mongo {
 namespace {
 
-// How often to check with the config servers whether authorization information has changed.
-AtomicInt32 userCacheInvalidationIntervalSecs(30);  // 30 second default
-stdx::mutex invalidationIntervalMutex;
-stdx::condition_variable invalidationIntervalChangedCondition;
-Date_t lastInvalidationTime;
-
-class ExportedInvalidationIntervalParameter
-    : public ExportedServerParameter<int, ServerParameterType::kStartupAndRuntime> {
-    using Base = ExportedServerParameter<int, ServerParameterType::kStartupAndRuntime>;
+class ThreadSleepInterval {
 
 public:
-    ExportedInvalidationIntervalParameter()
-        : Base(ServerParameterSet::getGlobal(),
-               "userCacheInvalidationIntervalSecs",
-               &userCacheInvalidationIntervalSecs) {}
-
-    // Don't hide Base::set(const BSONElement&)
-    using Base::set;
-
-    Status set(const int& newValue) override {
-        stdx::unique_lock<stdx::mutex> lock(invalidationIntervalMutex);
-        Status status = Base::set(newValue);
-        invalidationIntervalChangedCondition.notify_all();
-        return status;
+    explicit ThreadSleepInterval(Seconds interval) : _interval(interval) {}
+
+    void setInterval(Seconds interval) {
+        {
+            stdx::lock_guard<stdx::mutex> twiddle(_mutex);
+            MONGO_LOG(5) << "setInterval: old=" << _interval << ", new=" << interval;
+            _interval = interval;
+        }
+        _condition.notify_all();
+    }
+
+    void start() {
+        _last = Date_t::now();
     }
-};
 
-MONGO_COMPILER_VARIABLE_UNUSED auto _exportedInterval =
-    (new ExportedInvalidationIntervalParameter())
-        -> withValidator([](const int& potentialNewValue) {
-            if (potentialNewValue < 1 || potentialNewValue > 86400) {
-                return Status(ErrorCodes::BadValue,
-                              "userCacheInvalidationIntervalSecs must be between 1 "
-                              "and 86400 (24 hours)");
+    void wait() {
+        stdx::unique_lock<stdx::mutex> lock(_mutex);
+        while (true) {
+            Date_t now = Date_t::now();
+            Date_t expiry = _last + _interval;
+            MONGO_LOG(5) << "wait: now=" << now << ", expiry=" << expiry;
+
+            if (now >= expiry) {
+                _last = now;
+                MONGO_LOG(5) << "wait: done";
+                return;
             }
-            return Status::OK();
-        });
+
+            MONGO_LOG(5) << "wait: blocking";
+            MONGO_IDLE_THREAD_BLOCK;
+            _condition.wait_until(lock, expiry.toSystemTimePoint());
+        }
+    }
+
+private:
+    Seconds _interval;
+    stdx::mutex _mutex;
+    stdx::condition_variable _condition;
+    Date_t _last;
+};
+
+Seconds loadInterval() {
+    return Seconds(userCacheInvalidationIntervalSecs.load());
+}
+
+ThreadSleepInterval* globalInvalidationInterval() {
+    static auto p = new ThreadSleepInterval(loadInterval());
+    return p;
+}
 
 StatusWith<OID> getCurrentCacheGeneration(OperationContext* opCtx) {
     try {
@@ -112,6 +129,11 @@ StatusWith<OID> getCurrentCacheGeneration(OperationContext* opCtx) {
 
 }  // namespace
 
+Status userCacheInvalidationIntervalSecsNotify(const int& value) {
+    globalInvalidationInterval()->setInterval(loadInterval());
+    return Status::OK();
+}
+
 UserCacheInvalidator::UserCacheInvalidator(AuthorizationManager* authzManager)
     : _authzManager(authzManager) {}
 
@@ -142,21 +164,10 @@ void UserCacheInvalidator::initialize(OperationContext* opCtx) {
 
 void UserCacheInvalidator::run() {
     Client::initThread("UserCacheInvalidator");
-    lastInvalidationTime = Date_t::now();
-
+    auto interval = globalInvalidationInterval();
+    interval->start();
     while (true) {
-        stdx::unique_lock<stdx::mutex> lock(invalidationIntervalMutex);
-        Date_t sleepUntil =
-            lastInvalidationTime + Seconds(userCacheInvalidationIntervalSecs.load());
-        Date_t now = Date_t::now();
-        while (now < sleepUntil) {
-            MONGO_IDLE_THREAD_BLOCK;
-            invalidationIntervalChangedCondition.wait_until(lock, sleepUntil.toSystemTimePoint());
-            sleepUntil = lastInvalidationTime + Seconds(userCacheInvalidationIntervalSecs.load());
-            now = Date_t::now();
-        }
-        lastInvalidationTime = now;
-        lock.unlock();
+        interval->wait();
 
         if (globalInShutdownDeprecated()) {
             break;
diff --git a/src/mongo/db/auth/user_cache_invalidator_job.h b/src/mongo/db/auth/user_cache_invalidator_job.h
index 52958ff246d..e487f59dcde 100644
--- a/src/mongo/db/auth/user_cache_invalidator_job.h
+++ b/src/mongo/db/auth/user_cache_invalidator_job.h
@@ -27,6 +27,7 @@
  *    exception statement from all source files in the program, then also delete
  *    it in the license file.
  */
+#pragma once
 
 #include "mongo/bson/oid.h"
 #include "mongo/util/background.h"
@@ -60,4 +61,6 @@ private:
     OID _previousCacheGeneration;
 };
 
+Status userCacheInvalidationIntervalSecsNotify(const int& newValue);
+
 }  // namespace mongo
diff --git a/src/mongo/db/auth/user_cache_invalidator_job_parameters.idl b/src/mongo/db/auth/user_cache_invalidator_job_parameters.idl
new file mode 100644
index 00000000000..3f662facedb
--- /dev/null
+++ b/src/mongo/db/auth/user_cache_invalidator_job_parameters.idl
@@ -0,0 +1,52 @@
+# Copyright (C) 2018-present MongoDB, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the Server Side Public License, version 1,
+# as published by MongoDB, Inc.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# Server Side Public License for more details.
+#
+# You should have received a copy of the Server Side Public License
+# along with this program. If not, see
+# <http://www.mongodb.com/licensing/server-side-public-license>.
+#
+# As a special exception, the copyright holders give permission to link the
+# code of portions of this program with the OpenSSL library under certain
+# conditions as described in each individual source file and distribute
+# linked combinations including the program with the OpenSSL library. You
+# must comply with the Server Side Public License in all respects for
+# all of the code used other than as permitted herein. If you modify file(s)
+# with this exception, you may extend this exception to your version of the
+# file(s), but you are not obligated to do so. If you do not wish to do so,
+# delete this exception statement from your version. If you delete this
+# exception statement from all source files in the program, then also delete
+# it in the license file.
+
+global:
+  cpp_namespace: "mongo"
+  cpp_includes:
+    - "mongo/db/auth/user_cache_invalidator_job.h"
+
+imports:
+  - "mongo/idl/basic_types.idl"
+
+server_parameters:
+  userCacheInvalidationIntervalSecs:
+    description: >
+      On a mongos instance, specifies the interval (in seconds) at which the mongos instance
+      checks to determine whether the in-memory cache of user objects has stale data, and if so,
+      clears the cache. If there are no changes to user objects, mongos will not clear the cache.
+    cpp_varname: userCacheInvalidationIntervalSecs
+    cpp_vartype: AtomicInt32
+    set_at:
+      - startup
+      - runtime
+    default: 30
+    on_update: userCacheInvalidationIntervalSecsNotify
+    validator:
+      gte: 1
+      lte: 86400
+