diff options
author | Maddie Zechar <mez2113@columbia.edu> | 2022-12-19 21:28:33 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-12-19 22:23:14 +0000 |
commit | 3b4da58b3d7b9ecae207fad1791b9e7f9a9a5a7d (patch) | |
tree | f16c473a4b93a9d2808a2682f77e7b056881e359 /src | |
parent | 22897155fc8ead04abb9a9bc66ae2a00d44fbbc2 (diff) | |
download | mongo-3b4da58b3d7b9ecae207fad1791b9e7f9a9a5a7d.tar.gz |
SERVER-71956 Add telemetryRead privilege action
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/db/auth/action_type.idl | 1 | ||||
-rw-r--r-- | src/mongo/db/auth/builtin_roles.yml | 1 | ||||
-rw-r--r-- | src/mongo/db/pipeline/aggregate_command.idl | 4 | ||||
-rw-r--r-- | src/mongo/db/pipeline/document_source_telemetry.h | 3 |
4 files changed, 8 insertions, 1 deletions
diff --git a/src/mongo/db/auth/action_type.idl b/src/mongo/db/auth/action_type.idl index 0d1172330eb..172c6810026 100644 --- a/src/mongo/db/auth/action_type.idl +++ b/src/mongo/db/auth/action_type.idl @@ -137,6 +137,7 @@ enums: planCacheIndexFilter : "planCacheIndexFilter" # view/update index filters planCacheRead : "planCacheRead" # view contents of plan cache planCacheWrite : "planCacheWrite" # clear cache, drop cache entry, pin/unpin/shun plans + telemetryRead: "telemetryRead" # view contents of telemetry store refineCollectionShardKey : "refineCollectionShardKey" reIndex : "reIndex" remove : "remove" diff --git a/src/mongo/db/auth/builtin_roles.yml b/src/mongo/db/auth/builtin_roles.yml index 43401882084..dfc1b718ca3 100644 --- a/src/mongo/db/auth/builtin_roles.yml +++ b/src/mongo/db/auth/builtin_roles.yml @@ -338,6 +338,7 @@ roles: - getClusterParameter - setChangeStreamState - getChangeStreamState + - telemetryRead - matchType: any_normal actions: &clusterManagerRoleDatabaseActions diff --git a/src/mongo/db/pipeline/aggregate_command.idl b/src/mongo/db/pipeline/aggregate_command.idl index 9cb77333eef..eccd8b9fb45 100644 --- a/src/mongo/db/pipeline/aggregate_command.idl +++ b/src/mongo/db/pipeline/aggregate_command.idl @@ -95,6 +95,10 @@ commands: - privilege: # $planCacheStats resource_pattern: exact_namespace action_type: planCacheRead + - privilege: # $telemetry + agg_stage: telemetry + resource_pattern: cluster + action_type: telemetryRead - privilege: # $changeStream resource_pattern: exact_namespace action_type: changeStream diff --git a/src/mongo/db/pipeline/document_source_telemetry.h b/src/mongo/db/pipeline/document_source_telemetry.h index 7d702aeb2b0..e85305f75b2 100644 --- a/src/mongo/db/pipeline/document_source_telemetry.h +++ b/src/mongo/db/pipeline/document_source_telemetry.h @@ -56,7 +56,8 @@ public: PrivilegeVector requiredPrivileges(bool isMongos, bool bypassDocumentValidation) const override { - return {}; + return {Privilege(ResourcePattern::forClusterResource(), ActionType::telemetryRead)}; + ; } bool allowedToPassthroughFromMongos() const final { |