diff options
Diffstat (limited to 'src/mongo')
| -rw-r--r-- | src/mongo/db/SConscript | 1 | ||||
| -rw-r--r-- | src/mongo/db/keys_collection_manager.cpp | 5 | ||||
| -rw-r--r-- | src/mongo/db/keys_collection_manager.h | 4 | ||||
| -rw-r--r-- | src/mongo/db/keys_collection_manager.idl | 42 |
4 files changed, 44 insertions, 8 deletions
diff --git a/src/mongo/db/SConscript b/src/mongo/db/SConscript index 5764d4f13bb..72086ed2ad3 100644 --- a/src/mongo/db/SConscript +++ b/src/mongo/db/SConscript @@ -1765,6 +1765,7 @@ env.Library( env.Library( target='keys_collection_manager', source=[ + env.Idlc('keys_collection_manager.idl')[0], 'keys_collection_manager.cpp', 'keys_collection_cache.cpp', 'key_generator.cpp', diff --git a/src/mongo/db/keys_collection_manager.cpp b/src/mongo/db/keys_collection_manager.cpp index 53cb0ac97c5..9e559e5d781 100644 --- a/src/mongo/db/keys_collection_manager.cpp +++ b/src/mongo/db/keys_collection_manager.cpp @@ -49,13 +49,8 @@ namespace mongo { -const Seconds KeysCollectionManager::kKeyValidInterval{3 * 30 * 24 * 60 * 60}; // ~3 months const std::string KeysCollectionManager::kKeyManagerPurposeString = "HMAC"; -MONGO_EXPORT_STARTUP_SERVER_PARAMETER(KeysRotationIntervalSec, - int, - KeysCollectionManager::kKeyValidInterval.count()); - namespace { Milliseconds kDefaultRefreshWaitTime(30 * 1000); diff --git a/src/mongo/db/keys_collection_manager.h b/src/mongo/db/keys_collection_manager.h index b0a4178cbcd..660d998f07f 100644 --- a/src/mongo/db/keys_collection_manager.h +++ b/src/mongo/db/keys_collection_manager.h @@ -35,6 +35,7 @@ #include "mongo/db/key_generator.h" #include "mongo/db/keys_collection_cache.h" #include "mongo/db/keys_collection_document.h" +#include "mongo/db/keys_collection_manager_gen.h" #include "mongo/stdx/functional.h" #include "mongo/stdx/mutex.h" #include "mongo/stdx/thread.h" @@ -48,8 +49,6 @@ class LogicalTime; class ServiceContext; class KeysCollectionClient; -extern int KeysRotationIntervalSec; - /** * The KeysCollectionManager queries the config servers for keys that can be used for * HMAC computation. It maintains an internal background thread that is used to periodically @@ -57,7 +56,6 @@ extern int KeysRotationIntervalSec; */ class KeysCollectionManager { public: - static const Seconds kKeyValidInterval; static const std::string kKeyManagerPurposeString; KeysCollectionManager(std::string purpose, diff --git a/src/mongo/db/keys_collection_manager.idl b/src/mongo/db/keys_collection_manager.idl new file mode 100644 index 00000000000..8f6d754432b --- /dev/null +++ b/src/mongo/db/keys_collection_manager.idl @@ -0,0 +1,42 @@ +# Copyright (C) 2019-present MongoDB, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the Server Side Public License, version 1, +# as published by MongoDB, Inc. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# Server Side Public License for more details. +# +# You should have received a copy of the Server Side Public License +# along with this program. If not, see +# <http://www.mongodb.com/licensing/server-side-public-license>. +# +# As a special exception, the copyright holders give permission to link the +# code of portions of this program with the OpenSSL library under certain +# conditions as described in each individual source file and distribute +# linked combinations including the program with the OpenSSL library. You +# must comply with the Server Side Public License in all respects for +# all of the code used other than as permitted herein. If you modify file(s) +# with this exception, you may extend this exception to your version of the +# file(s), but you are not obligated to do so. If you do not wish to do so, +# delete this exception statement from your version. If you delete this +# exception statement from all source files in the program, then also delete +# it in the license file. +# + +global: + cpp_namespace: "mongo" + +server_parameters: + KeysRotationIntervalSec: + description: >- + Specifies the number of seconds for which an HMAC signing key is valid before + rotating to the next one. This parameter is intended primarily to facilitate + authentication testing. + set_at: [ startup ] + cpp_vartype: int + cpp_varname: KeysRotationIntervalSec + default: + expr: 3 * 30 * 24 * 60 * 60 # ~3 months |