# Copyright (C) 2020-present MongoDB, Inc. # # This program is free software: you can redistribute it and/or modify # it under the terms of the Server Side Public License, version 1, # as published by MongoDB, Inc. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # Server Side Public License for more details. # # You should have received a copy of the Server Side Public License # along with this program. If not, see # . # # As a special exception, the copyright holders give permission to link the # code of portions of this program with the OpenSSL library under certain # conditions as described in each individual source file and distribute # linked combinations including the program with the OpenSSL library. You # must comply with the Server Side Public License in all respects for # all of the code used other than as permitted herein. If you modify file(s) # with this exception, you may extend this exception to your version of the # file(s), but you are not obligated to do so. If you do not wish to do so, # delete this exception statement from your version. If you delete this # exception statement from all source files in the program, then also delete # it in the license file. # global: cpp_namespace: "mongo" imports: - "mongo/db/basic_types.idl" - "mongo/db/auth/auth_types.idl" - "mongo/db/auth/address_restriction.idl" - "mongo/db/auth/user_management_commands_parser.idl" - "mongo/db/multitenancy.idl" structs: dropAllUsersFromDatabaseReply: description: "Response for dropAllUsersFromDatabase command" strict: false is_command_reply: true fields: n: description: "Number of users dropped from database" type: int cpp_name: count dropAllRolesFromDatabaseReply: description: "Response for dropAllRolesFromDatabase command" strict: false is_command_reply: true fields: n: description: "Number of roles dropped from database" type: int cpp_name: count usersInfoReply: description: "Reply from usersInfo command" strict: false is_command_reply: true fields: users: description: "Users descriptions" type: array rolesInfoReply: description: "Reply from rolesInfo command" strict: false is_command_reply: true fields: roles: description: "Users descriptions" type: array optional: true userFragment: description: "Roles as user document fragment" type: object_owned optional: true GetUserCacheGenerationReply: description: "Reply from _getUserCacheGeneration command" strict: false is_command_reply: true fields: cacheGeneration: description: "Cache generation" type: objectid UMCTransactionFailPoint: description: Data for umcTransaction failpoint fields: commitDelayMS: type: int default: 0 validator: { gte: 0 } commands: createUser: description: "Create a user" command_name: createUser namespace: type api_version: "" type: string cpp_name: CreateUserCommand strict: true fields: pwd: description: "Initial user password" type: string optional: true customData: description: "Any arbitrary data" type: object optional: true roles: description: "Initial roles to grant to the user" type: array digestPassword: description: "True if the server should digest the password, false for pre-digested" type: safeBool default: true writeConcern: description: "The level of write concern for the creation operation" type: object optional: true authenticationRestrictions: description: "Authentication restrictions to enforce on the user" type: array optional: true mechanisms: description: "List of valid authentication mechanisms for the user" type: array optional: true updateUser: description: "Modify a user" command_name: updateUser namespace: type api_version: "" type: string cpp_name: UpdateUserCommand strict: true fields: pwd: description: "New user password" type: string optional: true customData: description: "Any arbitrary data" type: object optional: true roles: description: "New set of roles for the user" type: array optional: true digestPassword: description: "True if the server should digest the password, false for pre-digested" type: safeBool default: true writeConcern: description: "The level of write concern for the update operation" type: object optional: true authenticationRestrictions: description: "Authentication restrictions to enforce on the user" type: array optional: true mechanisms: description: "List of valid authentication mechanisms for the user" type: array optional: true dropUser: description: "Drop a single user" command_name: dropUser namespace: type api_version: "" type: string cpp_name: DropUserCommand strict: true dropAllUsersFromDatabase: description: "Drop all users in the database" command_name: dropAllUsersFromDatabase namespace: ignored api_version: "" cpp_name: DropAllUsersFromDatabaseCommand strict: true reply_type: dropAllUsersFromDatabaseReply grantRolesToUser: description: "Grant additional roles to a user" command_name: grantRolesToUser namespace: type api_version: "" type: string cpp_name: GrantRolesToUserCommand strict: true fields: roles: description: "Roles to grant to the user" type: array revokeRolesFromUser: description: "Revoke previously assigned roles from a user" command_name: revokeRolesFromUser namespace: type api_version: "" type: string cpp_name: RevokeRolesFromUserCommand strict: true fields: roles: description: "Roles to revoke from the user" type: array createRole: description: "Create a new role" command_name: createRole namespace: type api_version: "" type: string cpp_name: CreateRoleCommand strict: true fields: privileges: description: "Actions explicitly granted to this role" type: array roles: description: "Roles to inherit additional privileges from" type: array authenticationRestrictions: description: "Authentication restrictions to enforce on the user" type: array optional: true updateRole: description: "Update an existing role" command_name: updateRole namespace: type api_version: "" type: string cpp_name: UpdateRoleCommand strict: true fields: privileges: description: "Actions explicitly granted to this role" type: array optional: true roles: description: "Roles to inherit additional privileges from" type: array optional: true authenticationRestrictions: description: "Authentication restrictions to enforce on the user" type: array optional: true grantPrivilegesToRole: description: "Grants privileges to a role" command_name: grantPrivilegesToRole namespace: type api_version: "" type: string cpp_name: GrantPrivilegesToRoleCommand strict: true fields: privileges: description: "Privileges to grant to this role" type: array revokePrivilegesFromRole: description: "Grants privileges to a role" command_name: revokePrivilegesFromRole namespace: type api_version: "" type: string cpp_name: RevokePrivilegesFromRoleCommand strict: true fields: privileges: description: "Privileges to revoke from this role" type: array grantRolesToRole: description: "Grant roles to a role" command_name: grantRolesToRole namespace: type api_version: "" type: string cpp_name: GrantRolesToRoleCommand strict: true fields: roles: description: "Roles to grant to this role" type: array revokeRolesFromRole: description: "Revoke roles from a role" command_name: revokeRolesFromRole namespace: type api_version: "" type: string cpp_name: RevokeRolesFromRoleCommand strict: true fields: roles: description: "Roles to revoke from this role" type: array dropRole: description: >- Drops a single role. Before deleting the role completely it must remove it from any users or roles that reference it. If any errors occur in the middle of that process it's possible to be left in a state where the role has been removed from some user/roles but otherwise still exists. command_name: dropRole namespace: type api_version: "" type: string cpp_name: DropRoleCommand strict: true dropAllRolesFromDatabase: description: >- Drops all roles from the given database. Before deleting the roles completely it must remove them from any users or other roles that reference them. If any errors occur in the middle of that process it's possible to be left in a state where the roles have been removed from some user/roles but otherwise still exist. command_name: dropAllRolesFromDatabase namespace: ignored api_version: "" cpp_name: DropAllRolesFromDatabaseCommand strict: true reply_type: dropAllRolesFromDatabaseReply usersInfo: description: "Returns information about users." command_name: usersInfo namespace: type api_version: "" type: UsersInfoCommandArg cpp_name: UsersInfoCommand strict: true reply_type: usersInfoReply fields: showPrivileges: description: >- Set the field to true to show the user’s full set of privileges, including expanded information for the inherited roles. If viewing all users, you cannot specify this field. type: safeBool default: false showCredentials: description: >- Set the field to true to display the user’s password hash. type: safeBool default: false showAuthenticationRestrictions: description: >- Set the field to true to show the user’s authentication restrictions. If viewing all users, you cannot specify this field. type: safeBool default: false showCustomData: description: >- Set the field to false to omit the custom data provided by the client for the user. type: safeBool default: true filter: description: >- A document that specifies $match stage conditions to return information for users that match the filter conditions. type: object optional: true rolesInfo: description: "returns information about roles." command_name: rolesInfo namespace: type api_version: "" type: RolesInfoCommandArg cpp_name: RolesInfoCommand strict: true reply_type: rolesInfoReply fields: showPrivileges: description: >- Set the field to true to show the user’s full set of privileges, including expanded information for the inherited roles. If viewing all roles, you cannot specify this field. type: ParsedPrivilegeFormat default: false showBuiltinRoles: description: >- When the rolesInfo field is set to 1, set showBuiltinRoles to true to include built-in roles in the output. Otherwise the output for rolesInfo: 1 displays only user-defined roles. type: safeBool default: false showAuthenticationRestrictions: description: >- Set the field to true to show the user’s authentication restrictions. If viewing all users, you cannot specify this field. type: safeBool default: false invalidateUserCache: description: "Invalidate the user cache" namespace: ignored api_version: "" command_name: invalidateUserCache cpp_name: InvalidateUserCacheCommand strict: true _getUserCacheGeneration: description: "Returns the current user cache generation" namespace: ignored api_version: "" command_name: _getUserCacheGeneration cpp_name: GetUserCacheGenerationCommand strict: true reply_type: GetUserCacheGenerationReply _mergeAuthzCollections: description: "Internal command used by mongorestore for updating user/role data" namespace: ignored api_version: "" command_name: _mergeAuthzCollections cpp_name: MergeAuthzCollectionsCommand strict: true fields: tempUsersCollection: description: "Temporary users collection name" type: string default: '""' tempRolesCollection: description: "Temporary roles collection name" type: string default: '""' db: description: "Database name" type: string drop: description: "Drop temp collections when complete" type: bool default: false