feat: Allow configuration of temporary user timeout when connecting to atlas cluster (#544)

Author: jeroenvervaeke

README.md

@@ -338,25 +338,26 @@ The MongoDB MCP Server can be configured using multiple methods, with the follow
 
 ### Configuration Options
 
-| CLI Option                | Environment Variable                 | Default    | Description                                                                                                                                                   |
-| ------------------------- | ------------------------------------ | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `apiClientId`             | `MDB_MCP_API_CLIENT_ID`              | <not set>  | Atlas API client ID for authentication. Required for running Atlas tools.                                                                                     |
-| `apiClientSecret`         | `MDB_MCP_API_CLIENT_SECRET`          | <not set>  | Atlas API client secret for authentication. Required for running Atlas tools.                                                                                 |
-| `connectionString`        | `MDB_MCP_CONNECTION_STRING`          | <not set>  | MongoDB connection string for direct database connections. Optional, if not set, you'll need to call the `connect` tool before interacting with MongoDB data. |
-| `loggers`                 | `MDB_MCP_LOGGERS`                    | disk,mcp   | Comma separated values, possible values are `mcp`, `disk` and `stderr`. See [Logger Options](#logger-options) for details.                                    |
-| `logPath`                 | `MDB_MCP_LOG_PATH`                   | see note\* | Folder to store logs.                                                                                                                                         |
-| `disabledTools`           | `MDB_MCP_DISABLED_TOOLS`             | <not set>  | An array of tool names, operation types, and/or categories of tools that will be disabled.                                                                    |
-| `readOnly`                | `MDB_MCP_READ_ONLY`                  | false      | When set to true, only allows read, connect, and metadata operation types, disabling create/update/delete operations.                                         |
-| `indexCheck`              | `MDB_MCP_INDEX_CHECK`                | false      | When set to true, enforces that query operations must use an index, rejecting queries that perform a collection scan.                                         |
-| `telemetry`               | `MDB_MCP_TELEMETRY`                  | enabled    | When set to disabled, disables telemetry collection.                                                                                                          |
-| `transport`               | `MDB_MCP_TRANSPORT`                  | stdio      | Either 'stdio' or 'http'.                                                                                                                                     |
-| `httpPort`                | `MDB_MCP_HTTP_PORT`                  | 3000       | Port number.                                                                                                                                                  |
-| `httpHost`                | `MDB_MCP_HTTP_HOST`                  | 127.0.0.1  | Host to bind the http server.                                                                                                                                 |
-| `idleTimeoutMs`           | `MDB_MCP_IDLE_TIMEOUT_MS`            | 600000     | Idle timeout for a client to disconnect (only applies to http transport).                                                                                     |
-| `notificationTimeoutMs`   | `MDB_MCP_NOTIFICATION_TIMEOUT_MS`    | 540000     | Notification timeout for a client to be aware of diconnect (only applies to http transport).                                                                  |
-| `exportsPath`             | `MDB_MCP_EXPORTS_PATH`               | see note\* | Folder to store exported data files.                                                                                                                          |
-| `exportTimeoutMs`         | `MDB_MCP_EXPORT_TIMEOUT_MS`          | 300000     | Time in milliseconds after which an export is considered expired and eligible for cleanup.                                                                    |
-| `exportCleanupIntervalMs` | `MDB_MCP_EXPORT_CLEANUP_INTERVAL_MS` | 120000     | Time in milliseconds between export cleanup cycles that remove expired export files.                                                                          |
+| CLI Option                             | Environment Variable                                | Default    | Description                                                                                                                                                   |
+| -------------------------------------- | --------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `apiClientId`                          | `MDB_MCP_API_CLIENT_ID`                             | <not set>  | Atlas API client ID for authentication. Required for running Atlas tools.                                                                                     |
+| `apiClientSecret`                      | `MDB_MCP_API_CLIENT_SECRET`                         | <not set>  | Atlas API client secret for authentication. Required for running Atlas tools.                                                                                 |
+| `connectionString`                     | `MDB_MCP_CONNECTION_STRING`                         | <not set>  | MongoDB connection string for direct database connections. Optional, if not set, you'll need to call the `connect` tool before interacting with MongoDB data. |
+| `loggers`                              | `MDB_MCP_LOGGERS`                                   | disk,mcp   | Comma separated values, possible values are `mcp`, `disk` and `stderr`. See [Logger Options](#logger-options) for details.                                    |
+| `logPath`                              | `MDB_MCP_LOG_PATH`                                  | see note\* | Folder to store logs.                                                                                                                                         |
+| `disabledTools`                        | `MDB_MCP_DISABLED_TOOLS`                            | <not set>  | An array of tool names, operation types, and/or categories of tools that will be disabled.                                                                    |
+| `readOnly`                             | `MDB_MCP_READ_ONLY`                                 | false      | When set to true, only allows read, connect, and metadata operation types, disabling create/update/delete operations.                                         |
+| `indexCheck`                           | `MDB_MCP_INDEX_CHECK`                               | false      | When set to true, enforces that query operations must use an index, rejecting queries that perform a collection scan.                                         |
+| `telemetry`                            | `MDB_MCP_TELEMETRY`                                 | enabled    | When set to disabled, disables telemetry collection.                                                                                                          |
+| `transport`                            | `MDB_MCP_TRANSPORT`                                 | stdio      | Either 'stdio' or 'http'.                                                                                                                                     |
+| `httpPort`                             | `MDB_MCP_HTTP_PORT`                                 | 3000       | Port number.                                                                                                                                                  |
+| `httpHost`                             | `MDB_MCP_HTTP_HOST`                                 | 127.0.0.1  | Host to bind the http server.                                                                                                                                 |
+| `idleTimeoutMs`                        | `MDB_MCP_IDLE_TIMEOUT_MS`                           | 600000     | Idle timeout for a client to disconnect (only applies to http transport).                                                                                     |
+| `notificationTimeoutMs`                | `MDB_MCP_NOTIFICATION_TIMEOUT_MS`                   | 540000     | Notification timeout for a client to be aware of diconnect (only applies to http transport).                                                                  |
+| `exportsPath`                          | `MDB_MCP_EXPORTS_PATH`                              | see note\* | Folder to store exported data files.                                                                                                                          |
+| `exportTimeoutMs`                      | `MDB_MCP_EXPORT_TIMEOUT_MS`                         | 300000     | Time in milliseconds after which an export is considered expired and eligible for cleanup.                                                                    |
+| `exportCleanupIntervalMs`              | `MDB_MCP_EXPORT_CLEANUP_INTERVAL_MS`                | 120000     | Time in milliseconds between export cleanup cycles that remove expired export files.                                                                          |
+| `atlasTemporaryDatabaseUserLifetimeMs` | `MDB_MCP_ATLAS_TEMPORARY_DATABASE_USER_LIFETIME_MS` | 14400000   | Time in milliseconds that temporary database users created when connecting to MongoDB Atlas clusters will remain active before being automatically deleted.   |
 
 #### Logger Options
 

src/common/config.ts

@@ -48,6 +48,7 @@ const OPTIONS = {
         "tlsCertificateSelector",
         "tlsDisabledProtocols",
         "username",
+        "atlasTemporaryDatabaseUserLifetimeMs",
     ],
     boolean: [
         "apiDeprecationErrors",
@@ -90,7 +91,15 @@ const OPTIONS = {
         "greedy-arrays": true,
         "short-option-groups": false,
     },
-} as const;
+} as Readonly<Options>;
+
+interface Options {
+    string: string[];
+    boolean: string[];
+    array: string[];
+    alias: Record<string, string>;
+    configuration: Record<string, boolean>;
+}
 
 const ALL_CONFIG_KEYS = new Set(
     (OPTIONS.string as readonly string[])
@@ -161,14 +170,15 @@ export interface UserConfig extends CliOptions {
     loggers: Array<"stderr" | "disk" | "mcp">;
     idleTimeoutMs: number;
     notificationTimeoutMs: number;
+    atlasTemporaryDatabaseUserLifetimeMs: number;
 }
 
 export const defaultUserConfig: UserConfig = {
     apiBaseUrl: "https://cloud.mongodb.com/",
     logPath: getLogPath(),
     exportsPath: getExportsPath(),
-    exportTimeoutMs: 300000, // 5 minutes
-    exportCleanupIntervalMs: 120000, // 2 minutes
+    exportTimeoutMs: 5 * 60 * 1000, // 5 minutes
+    exportCleanupIntervalMs: 2 * 60 * 1000, // 2 minutes
     disabledTools: [],
     telemetry: "enabled",
     readOnly: false,
@@ -177,9 +187,10 @@ export const defaultUserConfig: UserConfig = {
     httpPort: 3000,
     httpHost: "127.0.0.1",
     loggers: ["disk", "mcp"],
-    idleTimeoutMs: 600000, // 10 minutes
-    notificationTimeoutMs: 540000, // 9 minutes
+    idleTimeoutMs: 10 * 60 * 1000, // 10 minutes
+    notificationTimeoutMs: 9 * 60 * 1000, // 9 minutes
     httpHeaders: {},
+    atlasTemporaryDatabaseUserLifetimeMs: 4 * 60 * 60 * 1000, // 4 hours
 };
 
 export const config = setupUserConfig({

src/tools/atlas/connect/connectCluster.ts

@@ -9,7 +9,6 @@ import type { AtlasClusterConnectionInfo } from "../../../common/connectionManag
 import { getDefaultRoleFromConfig } from "../../../common/atlas/roles.js";
 import { AtlasArgs } from "../../args.js";
 
-const EXPIRY_MS = 1000 * 60 * 60 * 12; // 12 hours
 const addedIpAccessListMessage =
     "Note: Your current IP address has been added to the Atlas project's IP access list to enable secure connection.";
 
@@ -81,7 +80,7 @@ export class ConnectClusterTool extends AtlasToolBase {
         const username = `mcpUser${Math.floor(Math.random() * 100000)}`;
         const password = await generateSecurePassword();
 
-        const expiryDate = new Date(Date.now() + EXPIRY_MS);
+        const expiryDate = new Date(Date.now() + this.config.atlasTemporaryDatabaseUserLifetimeMs);
         const role = getDefaultRoleFromConfig(this.config);
 
         await this.session.apiClient.createDatabaseUser({

tests/unit/common/config.test.ts

@@ -41,6 +41,11 @@ describe("config", () => {
                 { envVar: "MDB_MCP_HTTP_HOST", property: "httpHost", value: "localhost" },
                 { envVar: "MDB_MCP_IDLE_TIMEOUT_MS", property: "idleTimeoutMs", value: 5000 },
                 { envVar: "MDB_MCP_NOTIFICATION_TIMEOUT_MS", property: "notificationTimeoutMs", value: 5000 },
+                {
+                    envVar: "MDB_MCP_ATLAS_TEMPORARY_DATABASE_USER_LIFETIME_MS",
+                    property: "atlasTemporaryDatabaseUserLifetimeMs",
+                    value: 12345,
+                },
             ] as const;
 
             for (const { envVar, property, value } of testCases) {
@@ -129,6 +134,10 @@ describe("config", () => {
                     cli: ["--notificationTimeoutMs", "42"],
                     expected: { notificationTimeoutMs: "42" },
                 },
+                {
+                    cli: ["--atlasTemporaryDatabaseUserLifetimeMs", "12345"],
+                    expected: { atlasTemporaryDatabaseUserLifetimeMs: "12345" },
+                },
                 {
                     cli: ["--telemetry", "enabled"],
                     expected: { telemetry: "enabled" },