Support MongoDB session-wide write concern

plugins/database/mongodb/connection_producer.go

@@ -2,6 +2,8 @@ package mongodb
 
 import (
 	"crypto/tls"
+	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
@@ -21,6 +23,7 @@ import (
 // interface for databases to make connections.
 type mongoDBConnectionProducer struct {
 	ConnectionURL string `json:"connection_url" structs:"connection_url" mapstructure:"connection_url"`
+	WriteConcern  string `json:"write_concern" structs:"write_concern" mapstructure:"write_concern"`
 
 	Initialized bool
 	Type        string
@@ -78,6 +81,32 @@ func (c *mongoDBConnectionProducer) Connection() (interface{}, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if c.WriteConcern != "" {
+		input := c.WriteConcern
+
+		// Try to base64 decode the input. If successful, consider the decoded
+		// value as input.
+		inputBytes, err := base64.StdEncoding.DecodeString(input)
+		if err == nil {
+			input = string(inputBytes)
+		}
+
+		var concern writeConcern
+		err = json.Unmarshal([]byte(input), &concern)
+		if err != nil {
+			return nil, err
+		}
+
+		c.session.SetSafe(&mgo.Safe{
+			W:        concern.W,
+			WMode:    concern.WMode,
+			WTimeout: concern.WTimeout,
+			FSync:    concern.FSync,
+			J:        concern.J,
+		})
+	}
+
 	c.session.SetSyncTimeout(1 * time.Minute)
 	c.session.SetSocketTimeout(1 * time.Minute)
 

plugins/database/mongodb/mongodb_test.go

@@ -16,6 +16,8 @@ import (
 
 const testMongoDBRole = `{ "db": "admin", "roles": [ { "role": "readWrite" } ] }`
 
+const testMongoDBWriteConcern = `{ "wmode": "majority", "wtimeout": 5000 }`
+
 func prepareMongoDBTestContainer(t *testing.T) (cleanup func(), retURL string) {
 	if os.Getenv("MONGODB_URL") != "" {
 		return func() {}, os.Getenv("MONGODB_URL")
@@ -129,6 +131,44 @@ func TestMongoDB_CreateUser(t *testing.T) {
 	}
 }
 
+func TestMongoDB_CreateUser_writeConcern(t *testing.T) {
+	cleanup, connURL := prepareMongoDBTestContainer(t)
+	defer cleanup()
+
+	connectionDetails := map[string]interface{}{
+		"connection_url": connURL,
+		"write_concern":  testMongoDBWriteConcern,
+	}
+
+	dbRaw, err := New()
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	db := dbRaw.(*MongoDB)
+	err = db.Initialize(connectionDetails, true)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	statements := dbplugin.Statements{
+		CreationStatements: testMongoDBRole,
+	}
+
+	usernameConfig := dbplugin.UsernameConfig{
+		DisplayName: "test",
+		RoleName:    "test",
+	}
+
+	username, password, err := db.CreateUser(statements, usernameConfig, time.Now().Add(time.Minute))
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if err := testCredsExist(t, connURL, username, password); err != nil {
+		t.Fatalf("Could not connect with new credentials: %s", err)
+	}
+}
+
 func TestMongoDB_RevokeUser(t *testing.T) {
 	cleanup, connURL := prepareMongoDBTestContainer(t)
 	defer cleanup()

plugins/database/mongodb/util.go

@@ -17,6 +17,16 @@ type mongoDBStatement struct {
 	Roles mongodbRoles `json:"roles"`
 }
 
+// writeConcern is the mgo.Safe struct with JSON tags
+// More info: https://godoc.org/gopkg.in/mgo.v2#Safe
+type writeConcern struct {
+	W        int    `json:"w"`        // Min # of servers to ack before success
+	WMode    string `json:"w_mode"`   // Write mode for MongoDB 2.0+ (e.g. "majority")
+	WTimeout int    `json:"wtimeout"` // Milliseconds to wait for W before timing out
+	FSync    bool   `json:"fsync"`    // Sync via the journal if present, or via data files sync otherwise
+	J        bool   `json:"j"`        // Sync via the journal if present
+}
+
 // Convert array of role documents like:
 //
 // [ { "role": "readWrite" }, { "role": "readWrite", "db": "test" } ]

website/source/api/secret/databases/mongodb.html.md

@@ -20,18 +20,26 @@ has a number of parameters to further configure a connection.
 
 | Method   | Path                         | Produces               |
 | :------- | :--------------------------- | :--------------------- |
-| `POST`   | `/database/config/:name`     | `204 (empty body)` |
+| `POST`   | `/database/config/:name`     | `204 (empty body)`     |
 
 ### Parameters
-- `connection_url` `(string: <required>)` – Specifies the MongoDB standard connection string (URI).
+
+- `connection_url` `(string: <required>)` – Specifies the MongoDB standard
+  connection string (URI).
+- `write_concern` `(string: "")` - Specifies the MongoDB [write
+  concern][mongodb-write-concern]. This is set for the entirety of the session,
+  maintained for the lifecycle of the plugin process. Must be a serialized JSON
+  object, or a base64-encoded serialized JSON object. The JSON payload values
+  map to the values in the [Safe][mgo-safe] struct from the mgo driver.
 
 ### Sample Payload
 
 ```json
 {
   "plugin_name": "mongodb-database-plugin",
   "allowed_roles": "readonly",
-  "connection_url": "mongodb://admin:[email protected]:27017/admin?ssl=true"
+  "connection_url": "mongodb://admin:[email protected]:27017/admin?ssl=true",
+  "write_concern": "{ \"wmode\": \"majority\", \"wtimeout\": 5000 }"
 }
 ```
 
@@ -68,7 +76,7 @@ list the plugin does not support that statement type.
   [MongoDB's documentation](https://docs.mongodb.com/manual/reference/method/db.createUser/).
 
 - `revocation_statements` `(string: "")` – Specifies the database statements to
-  be executed to revoke a user. Must be a serialized JSON object, or a base64-encoded 
+  be executed to revoke a user. Must be a serialized JSON object, or a base64-encoded
   serialized JSON object. The object can optionally contain a "db" string. If no
   "db" value is provided, it defaults to the "admin" database.
 
@@ -84,4 +92,7 @@ list the plugin does not support that statement type.
     }
   ]
 }
-```
+```
+
+[mongodb-write-concern]: https://docs.mongodb.com/manual/reference/write-concern/
+[mgo-safe]: https://godoc.org/gopkg.in/mgo.v2#Safe