feat: add DB users tools (#41)

fmenezes · web-flow · commit 280ceaf3c7ea · 2025-04-10T11:56:01.000+01:00
diff --git a/scripts/filter.ts b/scripts/filter.ts
@@ -24,6 +24,8 @@ function filterOpenapi(openapi: OpenAPIV3_1.Document): OpenAPIV3_1.Document {
         "listClusters",
         "createCluster",
         "listClustersForAllProjects",
+        "createDatabaseUser",
+        "listDatabaseUsers",
         "listProjectIpAccessLists",
         "createProjectIpAccessList",
     ];
diff --git a/src/common/atlas/apiClient.ts b/src/common/atlas/apiClient.ts
@@ -8,6 +8,8 @@ import {
     PaginatedClusterDescription20240805,
     PaginatedNetworkAccessView,
     NetworkPermissionEntry,
+    CloudDatabaseUser,
+    PaginatedApiAtlasDatabaseUserView,
 } from "./openapi.js";
 
 export interface OAuthToken {
@@ -310,4 +312,15 @@ export class ApiClient {
             body: JSON.stringify(cluster),
         });
     }
+
+    async createDatabaseUser(groupId: string, user: CloudDatabaseUser): Promise<CloudDatabaseUser> {
+        return await this.do<CloudDatabaseUser>(`/groups/${groupId}/databaseUsers`, {
+            method: "POST",
+            body: JSON.stringify(user),
+        });
+    }
+
+    async listDatabaseUsers(groupId: string): Promise<PaginatedApiAtlasDatabaseUserView> {
+        return await this.do<PaginatedApiAtlasDatabaseUserView>(`/groups/${groupId}/databaseUsers`);
+    }
 }
diff --git a/src/common/atlas/auth.ts b/src/common/atlas/auth.ts
@@ -1,4 +1,4 @@
-import { ApiClient } from "./client";
+import { ApiClient } from "./apiClient";
 import { State } from "../../state";
 
 export async function ensureAuthenticated(state: State, apiClient: ApiClient): Promise<void> {
diff --git a/src/common/atlas/openapi.d.ts b/src/common/atlas/openapi.d.ts
diff --git a/src/config.ts b/src/config.ts
@@ -15,7 +15,6 @@ export const config = {
     apiBaseURL: process.env.API_BASE_URL || "https://cloud.mongodb.com/",
     clientID: process.env.CLIENT_ID || "0oabtxactgS3gHIR0297",
     stateFile: process.env.STATE_FILE || path.resolve("./state.json"),
-    projectID: process.env.PROJECT_ID,
     userAgent: `AtlasMCP/${packageJson.version} (${process.platform}; ${process.arch}; ${process.env.HOSTNAME || "unknown"})`,
     localDataPath: getLocalDataPath(),
 };
diff --git a/src/server.ts b/src/server.ts
@@ -1,5 +1,5 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { ApiClient } from "./common/atlas/client.js";
+import { ApiClient } from "./common/atlas/apiClient.js";
 import { State, saveState, loadState } from "./state.js";
 import { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
 import { registerAtlasTools } from "./tools/atlas/tools.js";
diff --git a/src/state.ts b/src/state.ts
@@ -1,6 +1,6 @@
 import fs from "fs";
 import config from "./config.js";
-import { OauthDeviceCode, OAuthToken } from "./common/atlas/client.js";
+import { OauthDeviceCode, OAuthToken } from "./common/atlas/apiClient.js";
 
 export interface State {
     auth: {
diff --git a/src/tools/atlas/atlasTool.ts b/src/tools/atlas/atlasTool.ts
@@ -1,5 +1,5 @@
 import { ToolBase } from "../tool.js";
-import { ApiClient } from "../../common/atlas/client.js";
+import { ApiClient } from "../../common/atlas/apiClient.js";
 import { State } from "../../state.js";
 import { ensureAuthenticated } from "../../common/atlas/auth.js";
 
diff --git a/src/tools/atlas/createDBUser.ts b/src/tools/atlas/createDBUser.ts
@@ -0,0 +1,62 @@
+import { z } from "zod";
+import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { AtlasToolBase } from "./atlasTool.js";
+import { ToolArgs } from "../tool.js";
+import { CloudDatabaseUser, DatabaseUserRole } from "../../common/atlas/openapi.js";
+
+export class CreateDBUserTool extends AtlasToolBase {
+    protected name = "atlas-create-db-user";
+    protected description = "Create an MongoDB Atlas user";
+    protected argsShape = {
+        projectId: z.string().describe("Atlas project ID"),
+        username: z.string().describe("Username for the new user"),
+        password: z.string().describe("Password for the new user"),
+        roles: z
+            .array(
+                z.object({
+                    roleName: z.string().describe("Role name"),
+                    databaseName: z.string().describe("Database name").default("admin"),
+                    collectionName: z.string().describe("Collection name").optional(),
+                })
+            )
+            .describe("Roles for the new user"),
+        clusters: z
+            .array(z.string())
+            .describe("Clusters to assign the user to, leave empty for access to all clusters")
+            .optional(),
+    };
+
+    protected async execute({
+        projectId,
+        username,
+        password,
+        roles,
+        clusters,
+    }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
+        await this.ensureAuthenticated();
+
+        const input = {
+            groupId: projectId,
+            awsIAMType: "NONE",
+            databaseName: "admin",
+            ldapAuthType: "NONE",
+            oidcAuthType: "NONE",
+            x509Type: "NONE",
+            username,
+            password,
+            roles: roles as unknown as DatabaseUserRole[],
+            scopes: clusters?.length
+                ? clusters.map((cluster) => ({
+                      type: "CLUSTER",
+                      name: cluster,
+                  }))
+                : undefined,
+        } as CloudDatabaseUser;
+
+        await this.apiClient!.createDatabaseUser(projectId, input);
+
+        return {
+            content: [{ type: "text", text: `User "${username}" created sucessfully.` }],
+        };
+    }
+}
diff --git a/src/tools/atlas/listClusters.ts b/src/tools/atlas/listClusters.ts
@@ -1,5 +1,4 @@
 import { z } from "zod";
-import { config } from "../../config.js";
 import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { AtlasToolBase } from "./atlasTool.js";
 import { ToolArgs } from "../tool.js";
@@ -15,16 +14,15 @@ export class ListClustersTool extends AtlasToolBase {
     protected async execute({ projectId }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
         await this.ensureAuthenticated();
 
-        const selectedProjectId = projectId || config.projectID;
-        if (!selectedProjectId) {
+        if (!projectId) {
             const data = await this.apiClient.listClustersForAllProjects();
 
             return this.formatAllClustersTable(data);
         } else {
-            const project = await this.apiClient.getProject(selectedProjectId);
+            const project = await this.apiClient.getProject(projectId);
 
             if (!project?.id) {
-                throw new Error(`Project with ID "${selectedProjectId}" not found.`);
+                throw new Error(`Project with ID "${projectId}" not found.`);
             }
 
             const data = await this.apiClient.listClusters(project.id || "");
diff --git a/src/tools/atlas/listDBUsers.ts b/src/tools/atlas/listDBUsers.ts
@@ -0,0 +1,55 @@
+import { z } from "zod";
+import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { AtlasToolBase } from "./atlasTool.js";
+import { ToolArgs } from "../tool.js";
+import { DatabaseUserRole, UserScope } from "../../common/atlas/openapi.js";
+
+export class ListDBUsersTool extends AtlasToolBase {
+    protected name = "atlas-list-db-users";
+    protected description = "List MongoDB Atlas users";
+    protected argsShape = {
+        projectId: z.string().describe("Atlas project ID to filter DB users"),
+    };
+
+    protected async execute({ projectId }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
+        await this.ensureAuthenticated();
+
+        const data = await this.apiClient!.listDatabaseUsers(projectId);
+
+        if (!data.results?.length) {
+            throw new Error("No database users found.");
+        }
+
+        const output =
+            `Username | Roles | Scopes
+----------------|----------------|----------------
+` +
+            data.results
+                .map((user) => {
+                    return `${user.username} | ${formatRoles(user.roles)} | ${formatScopes(user.scopes)}`;
+                })
+                .join("\n");
+        return {
+            content: [{ type: "text", text: output }],
+        };
+    }
+}
+
+function formatRoles(roles?: DatabaseUserRole[]) {
+    if (!roles?.length) {
+        return "N/A";
+    }
+    return roles
+        .map(
+            (role) =>
+                `${role.roleName}${role.databaseName ? `@${role.databaseName}${role.collectionName ? `:${role.collectionName}` : ""}` : ""}`
+        )
+        .join(", ");
+}
+
+function formatScopes(scopes?: UserScope[]) {
+    if (!scopes?.length) {
+        return "All";
+    }
+    return scopes.map((scope) => `${scope.type}:${scope.name}`).join(", ");
+}
diff --git a/src/tools/atlas/tools.ts b/src/tools/atlas/tools.ts
@@ -1,5 +1,5 @@
 import { ToolBase } from "../tool.js";
-import { ApiClient } from "../../common/atlas/client.js";
+import { ApiClient } from "../../common/atlas/apiClient.js";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { State } from "../../state.js";
 import { AuthTool } from "./auth.js";
@@ -9,6 +9,8 @@ import { InspectClusterTool } from "./inspectCluster.js";
 import { CreateFreeClusterTool } from "./createFreeCluster.js";
 import { CreateAccessListTool } from "./createAccessList.js";
 import { InspectAccessListTool } from "./inspectAccessList.js";
+import { ListDBUsersTool } from "./listDBUsers.js";
+import { CreateDBUserTool } from "./createDBUser.js";
 
 export function registerAtlasTools(server: McpServer, state: State, apiClient: ApiClient) {
     const tools: ToolBase[] = [
@@ -19,6 +21,8 @@ export function registerAtlasTools(server: McpServer, state: State, apiClient: A
         new CreateFreeClusterTool(state, apiClient),
         new CreateAccessListTool(state, apiClient),
         new InspectAccessListTool(state, apiClient),
+        new ListDBUsersTool(state, apiClient),
+        new CreateDBUserTool(state, apiClient),
     ];
 
     for (const tool of tools) {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { ApiClient } from "./client";`
	`1`	`+import { ApiClient } from "./apiClient";`
`2`	`2`	`import { State } from "../../state";`
`3`	`3`
`4`	`4`	`export async function ensureAuthenticated(state: State, apiClient: ApiClient): Promise<void> {`