feat: add DB users tools

Author: fmenezes

scripts/filter.ts

@@ -24,6 +24,8 @@ function filterOpenapi(openapi: OpenAPIV3_1.Document): OpenAPIV3_1.Document {
         "listClusters",
         "createCluster",
         "listClustersForAllProjects",
+        "createDatabaseUser",
+        "listDatabaseUsers",
     ];
 
     const filteredPaths = {};

src/common/atlas/client.ts src/common/atlas/apiClient.tssrc/common/atlas/client.ts renamed to src/common/atlas/apiClient.ts

@@ -6,6 +6,8 @@ import {
     PaginatedAtlasGroupView,
     ClusterDescription20240805,
     PaginatedClusterDescription20240805,
+    CloudDatabaseUser,
+    PaginatedApiAtlasDatabaseUserView,
 } from "./openapi.js";
 
 export interface OAuthToken {
@@ -294,4 +296,15 @@ export class ApiClient {
             body: JSON.stringify(cluster),
         });
     }
+
+    async createDatabaseUser(groupId: string, user: CloudDatabaseUser): Promise<CloudDatabaseUser> {
+        return await this.do<CloudDatabaseUser>(`/groups/${groupId}/databaseUsers`, {
+            method: "POST",
+            body: JSON.stringify(user),
+        });
+    }
+
+    async listDatabaseUsers(groupId: string): Promise<PaginatedApiAtlasDatabaseUserView> {
+        return await this.do<PaginatedApiAtlasDatabaseUserView>(`/groups/${groupId}/databaseUsers`);
+    }
 }

src/common/atlas/auth.ts

@@ -1,4 +1,4 @@
-import { ApiClient } from "./client";
+import { ApiClient } from "./apiClient";
 import { State } from "../../state";
 
 export async function ensureAuthenticated(state: State, apiClient: ApiClient): Promise<void> {

src/common/atlas/openapi.d.ts

@@ -13,7 +13,6 @@ export const config = {
     apiBaseURL: process.env.API_BASE_URL || "https://cloud.mongodb.com/",
     clientID: process.env.CLIENT_ID || "0oabtxactgS3gHIR0297",
     stateFile: process.env.STATE_FILE || path.resolve("./state.json"),
-    projectID: process.env.PROJECT_ID,
     userAgent: `AtlasMCP/${packageJson.version} (${process.platform}; ${process.arch}; ${process.env.HOSTNAME || "unknown"})`,
 };
 

src/config.ts

@@ -1,5 +1,5 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { ApiClient } from "./common/atlas/client.js";
+import { ApiClient } from "./common/atlas/apiClient.js";
 import { State, saveState, loadState } from "./state.js";
 import { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
 import { registerAtlasTools } from "./tools/atlas/tools.js";

src/server.ts

@@ -1,6 +1,6 @@
 import fs from "fs";
 import config from "./config.js";
-import { OauthDeviceCode, OAuthToken } from "./common/atlas/client.js";
+import { OauthDeviceCode, OAuthToken } from "./common/atlas/apiClient.js";
 
 export interface State {
     auth: {

src/state.ts

@@ -1,5 +1,5 @@
 import { ToolBase } from "../tool.js";
-import { ApiClient } from "../../common/atlas/client.js";
+import { ApiClient } from "../../common/atlas/apiClient.js";
 import { State } from "../../state.js";
 import { ensureAuthenticated } from "../../common/atlas/auth.js";
 

src/tools/atlas/atlasTool.ts

@@ -0,0 +1,63 @@
+import { z } from "zod";
+import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { AtlasToolBase } from "./atlasTool.js";
+import { ToolArgs } from "../tool.js";
+import { CloudDatabaseUser, DatabaseUserRole, UserScope } from "../../common/atlas/openapi.js";
+
+export class CreateDBUserTool extends AtlasToolBase {
+    protected name = "atlas-create-db-user";
+    protected description = "Create an MongoDB Atlas user";
+    protected argsShape = {
+        projectId: z.string().describe("Atlas project ID"),
+        username: z.string().describe("Username for the new user"),
+        password: z.string().describe("Password for the new user"),
+        roles: z.array(z.object({
+            roleName: z.string().describe("Role name"),
+            databaseName: z.string().describe("Database name").default("admin"),
+            collectionName: z.string().describe("Collection name").optional(),
+        })).describe("Roles for the new user"),
+        clusters: z.array(z.string()).describe("Clusters to assign the user to, leave empty for access to all clusters").optional(),
+    };
+
+    protected async execute({ projectId, username, password, roles, clusters }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
+        await this.ensureAuthenticated();
+
+        const input = {
+            groupId: projectId,
+            awsIAMType: "NONE",
+            databaseName: "admin",
+            ldapAuthType: "NONE",
+            oidcAuthType: "NONE",
+            x509Type: "NONE",
+            username,
+            password,
+            roles: roles as unknown as DatabaseUserRole[],
+            scopes: clusters?.length ? clusters.map(cluster => ({
+                type: "CLUSTER",
+                name: cluster,
+            })) : undefined,
+        } as CloudDatabaseUser;
+        
+        await this.apiClient!.createDatabaseUser(projectId, input);
+
+        return {
+            content: [
+                { type: "text", text: `User "${username}" created sucessfully.` },
+            ],
+        };
+    }
+}
+
+function formatRoles(roles?: DatabaseUserRole[]) {
+    if (!roles?.length) {
+        return "N/A";
+    }
+    return roles.map(role => `${role.roleName}@${role.databaseName}${role.collectionName ? `:${role.collectionName}` : ""}`).join(", ");
+}
+
+function formatScopes(scopes?: UserScope[]) {
+    if (!scopes?.length) {
+        return "All";
+    }
+    return scopes.map(scope => `${scope.type}:${scope.name}`).join(", ");
+}

src/tools/atlas/createDBUser.ts

@@ -15,16 +15,15 @@ export class ListClustersTool extends AtlasToolBase {
     protected async execute({ projectId }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
         await this.ensureAuthenticated();
 
-        const selectedProjectId = projectId || config.projectID;
-        if (!selectedProjectId) {
+        if (!projectId) {
             const data = await this.apiClient.listClustersForAllProjects();
 
             return this.formatAllClustersTable(data);
         } else {
-            const project = await this.apiClient.getProject(selectedProjectId);
+            const project = await this.apiClient.getProject(projectId);
 
             if (!project?.id) {
-                throw new Error(`Project with ID "${selectedProjectId}" not found.`);
+                throw new Error(`Project with ID "${projectId}" not found.`);
             }
 
             const data = await this.apiClient.listClusters(project.id || "");