# Copyright (C) 2021-present MongoDB, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the Server Side Public License, version 1,
# as published by MongoDB, Inc.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# Server Side Public License for more details.
#
# You should have received a copy of the Server Side Public License
# along with this program. If not, see
# <http://www.mongodb.com/licensing/server-side-public-license>.
#
# As a special exception, the copyright holders give permission to link the
# code of portions of this program with the OpenSSL library under certain
# conditions as described in each individual source file and distribute
# linked combinations including the program with the OpenSSL library. You
# must comply with the Server Side Public License in all respects for
# all of the code used other than as permitted herein. If you modify file(s)
# with this exception, you may extend this exception to your version of the
# file(s), but you are not obligated to do so. If you do not wish to do so,
# delete this exception statement from your version. If you delete this
# exception statement from all source files in the program, then also delete
# it in the license file.
#
global:
    cpp_namespace: "mongo"

imports:
  - "mongo/crypto/sha1_block.idl"
  - "mongo/db/basic_types.idl"

structs:
    keysCollectionDocumentBase:
        description: >-
            Contains the fields shared by key documents stored in admin.system.keys and
            config.external_validation_keys.
        strict: true
        fields:
            purpose:
                type: string
                description: "The purpose of the key."
            key:
                type: sha1Block
                description: "20 byte key generated with secure PRNG in BinData."
            expiresAt:
                type: logicalTime
                description: "The logical time at which the key will expire."

    keysCollectionDocument:
        description: >-
            Represents a key document stored in admin.system.keys.
        strict: true
        inline_chained_structs: true
        chained_structs:
            keysCollectionDocumentBase: keysCollectionDocumentBase
        fields:
            _id:
                type: safeInt64
                description: >-
                    NumberLong representation of the cluster time at which the key was created.
                cpp_name: keyId

    externalKeysCollectionDocument:
        description: >-
            Represents a key document stored in config.external_validation_keys.
        strict: true
        inline_chained_structs: true
        chained_structs:
            keysCollectionDocumentBase: keysCollectionDocumentBase
        fields:
            _id:
                type: objectid
                description: "Unique identifier for this key document."
                cpp_name: id
            keyId:
                type: safeInt64
                description: >-
                    NumberLong representation of the cluster time at which the key was created.
                    Corresponds to the _id of the admin.system.keys document for this key.
                cpp_name: keyId
            migrationId:
                type: uuid
                description: "The id of the tenant migration that inserted this key."
            ttlExpiresAt:
                type: date
                description: >-
                    The wall-clock time at which this key document should be removed by the
                    TTL monitor.
                cpp_name: TTLExpiresAt
                optional: true