DOCS-14389 swap deprecated whitelist language for allowlist

Author: ajhuh-mdb

source/administration/security-checklist.txt

@@ -123,13 +123,13 @@ Pre-production Checklist/Considerations
 
   - the :setting:`net.bindIp` configuration setting
 
-  - the :setting:`security.clusterIpSourceWhitelist` configuration
+  - the :setting:`security.clusterIpSourceAllowlist` configuration
     setting
 
   - the :ref:`authenticationRestrictions
     <db-createUser-authenticationRestrictions>` field to the
     :method:`db.createUser()` command to specify a per-user IP
-    whitelist.
+    allow list.
 
 
 |arrow| Audit System Activity

source/reference/configuration-options.txt

@@ -2215,7 +2215,7 @@ Core Options
       transitionToAuth: <boolean>
       javascriptEnabled:  <boolean>
       redactClientLogData: <boolean>
-      clusterIpSourceWhitelist:
+      clusterIpSourceAllowlist:
         - <string>
       sasl:
          hostName: <string>
@@ -2433,13 +2433,55 @@ Core Options
    :parameter:`redactClientLogData` parameter to configure this setting.
 
 
-.. setting:: security.clusterIpSourceWhitelist
+.. setting:: security.clusterIpSourceAllowlist
 
    *Type*: list
+   
+   .. versionadded:: 5.0
+
+   A list of IP addresses/CIDR (`Classless Inter-Domain Routing
+   <https://tools.ietf.org/html/rfc4632>`__) ranges against which the
+   :binary:`~bin.mongod` validates authentication requests from other 
+   members of the replica set and, if part of a sharded cluster, the 
+   :binary:`~bin.mongos` instances. The :binary:`~bin.mongod` verifies 
+   that the originating IP is either explicitly in the list or belongs 
+   to a CIDR range in the list. If the IP address is not present, the 
+   server does not authenticate the :binary:`~bin.mongod` or 
+   :binary:`~bin.mongos`.
+   
+   :setting:`security.clusterIpSourceAllowlist` has no effect on a 
+   :binary:`~bin.mongod` started without
+   :ref:`authentication <authentication>`.
 
 
-   .. versionadded:: 3.6
+   :setting:`security.clusterIpSourceAllowlist` requires specifying each 
+   IPv4/6 address or Classless Inter-Domain Routing 
+   (`CIDR <https://tools.ietf.org/html/rfc4632>`_) range as a YAML list:
+   
+   .. code-block:: yaml
+      
+      security:
+        clusterIpSourceAllowlist:
+          - 192.0.2.0/24
+          - 127.0.0.1
+          - ::1
+
+   
+   .. important::
+   
+      Ensure :setting:`security.clusterIpSourceAllowlist` includes the 
+      IP address *or* CIDR ranges that include the IP address of each 
+      replica set member or :binary:`~bin.mongos` in the deployment to 
+      ensure healthy communication between cluster components.
+
+
+.. setting:: security.clusterIpSourceWhitelist
+
+   *Type*: list
 
+   *Deprecated in version 5.0:* Use 
+   :setting:`security.clusterIpSourceAllowlist` instead.
+
    A list of IP addresses/CIDR (`Classless Inter-Domain Routing
    <https://tools.ietf.org/html/rfc4632>`__) ranges against which the
    :binary:`~bin.mongod` validates authentication requests from other members of

source/reference/program/mongod.txt

@@ -267,13 +267,44 @@ Core Options
 
       ``--bind_ip`` and ``--bind_ip_all`` are mutually exclusive. That
       is, you can specify one or the other, but not both.
+      
+
+.. option:: --clusterIpSourceAllowlist <string>
+
+   .. versionadded:: 5.0
+      
+   A list of IP addresses/CIDR (`Classless Inter-Domain Routing
+   <https://tools.ietf.org/html/rfc4632>`__) ranges against which the
+   :binary:`~bin.mongod` validates authentication requests from other members of
+   the replica set and, if part of a sharded cluster, the :binary:`~bin.mongos`
+   instances. The :binary:`~bin.mongod` verifies that the originating IP is
+   either explicitly in the list or belongs to a CIDR range in the list. If the
+   IP address is not present, the server does not authenticate the
+   :binary:`~bin.mongod` or :binary:`~bin.mongos`.
+      
+   :option:`--clusterIpSourceAllowlist` has no effect on a :binary:`~bin.mongod` started without
+   :ref:`authentication <authentication>`.
 
+      
+   :option:`--clusterIpSourceAllowlist` accepts multiple comma-separated IPv4/6 addresses or Classless
+   Inter-Domain Routing (`CIDR <https://tools.ietf.org/html/rfc4632>`_) ranges:
+      
+   .. code-block:: bash
+      
+      mongod --clusterIpSourceAllowlist 192.0.2.0/24,127.0.0.1,::1
+   
+      
+   .. important::
+      
+      Ensure :option:`--clusterIpSourceAllowlist` includes the IP address *or* CIDR ranges that include the
+      IP address of each replica set member or :binary:`~bin.mongos` in the
+      deployment to ensure healthy communication between cluster components.
 
 
 .. option:: --clusterIpSourceWhitelist <string>
 
-   
-   .. versionadded:: 3.6
+   *Deprecated in version 5.0:*  
+   Use :option:`--clusterIpSourceAllowlist` instead.
 
    A list of IP addresses/CIDR (`Classless Inter-Domain Routing
    <https://tools.ietf.org/html/rfc4632>`__) ranges against which the

source/release-notes/5.0-compatibility.txt

@@ -328,6 +328,16 @@ Deprecations
 
   .. include:: /includes/deprecated-rs.printSlaveReplicationInfo.rst
 
+- :setting:`security.clusterIpSourceWhitelist`
+
+  *Deprecated in version 5.0:* Use 
+  :setting:`security.clusterIpSourceAllowlist` instead.
+
+- :option:`--clusterIpSourceWhitelist`
+  
+  *Deprecated in version 5.0:*  Use :option:`--clusterIpSourceAllowlist`
+  instead.
+
 - :dbcommand:`logout`
 
   *Deprecated in version 5.0:* Disconnect from the server to end your