Backport of DOCSP-16487 to 7.0 (#5594)

* Add useAuthorizationClaim

* fix formatting and add version

* one last formatting tweak

* review suggestions

* DOCS-16389 query plan cache subdocument (#5217)

* DOCS-16389 query plan cache subdocument

* *

* IF feedback

* clarity

* nit

* move to compatibility

* *

* wording

* wording

* (DOCS-16390) You can't specify WT encryption options in createCollection (#5260)

* (DOCS-16390) You can't specify WT encryption options in createCollection

* Includes change from tech review

* DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus (#5193)

* DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus

* add to TOC

* wording

* build error

* (DOCSP-34349) Adds release notes and compatibility changes for 7.2 (#5242)

* DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus (#5193)

* DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus

* add to TOC

* wording

* build error

* Includes PM external review changes

* Revert "Includes PM external review changes"

This reverts commit 0263ebe646848bf840c75b414815d3daa660e9fc.

* Includes changes from PM review

* Includes copy review changes

---------

Co-authored-by: Alison Huh <[email protected]>

* rewording

* staging to check formatting

* cleaning up the process

* formatting foo

* more review rewording and table formatting

* still trying to get the table format correct...

* funwith table formatting...

* table formatting...

* backport of docsp-16487 to 7.0

* fix table formatting and remove 7.2 release notes

* fix missing (*Also available in 7.0.5*) in previous PR

* review changes

* Update source/includes/fact-encryption-options-create-collection.rst

Co-authored-by: Alison Huh <[email protected]>

* DOCSP-34855-QE-update (#5587) (#5601)

* DOCSP-34855-QE-update

* DOCSP-34855-QE-update

* DOCSP-34855-QE-update

* DOCSP-34855-QE-update

* DOCSP-34855-QE-update

* DOCSP-34855-QE-update

* DOCSP-34855-QE-update

---------

Co-authored-by: jason-price-mongodb <[email protected]>

* DOCSP-35035 adding reference to large oplog section (#5598) (#5608)

* DOCSP-34820 4.4.27 Release notes (#5574) (#5590)

* DOCSP-35003-glossary-1 (#5596) (#5613)

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

* DOCSP-35003-glossary-1

---------

Co-authored-by: jason-price-mongodb <[email protected]>

* DOCS-14316-zones (#5551) (#5623)

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

* DOCS-14316-zones

---------

Co-authored-by: jason-price-mongodb <[email protected]>

* DOCSP-35004-glossary-2 (#5602) (#5629)

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

* DOCSP-35004-glossary-2

---------

Co-authored-by: jason-price-mongodb <[email protected]>

* fix backticks

* fix :: preceding code block

---------

Co-authored-by: Alison Huh <[email protected]>
Co-authored-by: Sarah Simpers <[email protected]>
Co-authored-by: jason-price-mongodb <[email protected]>
Co-authored-by: jason-price-mongodb <[email protected]>
Co-authored-by: ltran-mdb2 <[email protected]>
Co-authored-by: Kenneth P. J. Dyer <[email protected]>

Author: 7 people

source/core/hashed-sharding.txt

@@ -138,6 +138,8 @@ If you shard a populated collection using a hashed shard key:
 - After the initial chunk creation, the balancer moves ranges of the
   initial chunk when it needs to balance data.
 
+.. _shard-empty-collection:
+
 Shard an Empty Collection
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 

source/includes/fact-encryption-options-create-collection.rst

@@ -0,0 +1,4 @@
+Starting in MongoDB 7.2 (and 7.0.5), you can't specify ``wiredTiger`` storage
+engine encryption options when you create a collection with 
+:method:`db.createCollection()`. To configure encryption for 
+the WiredTiger storage engine, see :ref:`security-encryption-at-rest`. 

source/includes/fact-oidc-providers.rst

@@ -1,6 +1,6 @@
 .. list-table::
   :header-rows: 1
-  :widths: 20 25 35 20
+  :widths: 20 18 42 20
 
   * - Field
 
@@ -86,12 +86,11 @@
   * - ``requestScopes``
 
     - Optional
-     
+    
     - array[ string ] 
-
+    
     - Permissions and access levels that MongoDB requests from the IDP.
 
-
   * - ``principalName``
 
     - Optional 
@@ -103,17 +102,55 @@
 
       The default value is ``sub`` (stands for ``subject``). 
 
-
   * - ``authorizationClaim`` 
 
     - Conditional
-
+    
     - string
-
+    
     - Required, unless ``useAuthorizationClaim`` is set to ``false``.
 
       Claim extracted from access token that contains MongoDB role names.
 
+  * - ``useAuthorizationClaim`` 
+
+    - Optional
+
+    - Boolean
+
+    - Determines if the ``authorizationClaim`` field is required. The default 
+      value is ``true``.
+    
+      If the ``useAuthorizationClaim`` field is set to ``true``, the server requires 
+      an ``authorizationClaim`` for the identity provider's config. This is the 
+      default behavior.
+      
+      If the ``useAuthorizationClaim`` field is set to ``false``, the 
+      ``authorizationClaim`` field is optional (and ignored if provided). 
+      Instead, the server does the following:
+
+      - Searches the token for a claim whose name is listed in the 
+        ``principalNameClaim`` field. This is typically named ``sub``. For 
+        example:
+
+        ``sub: "[email protected]"``
+
+      - Constructs the internal username by concatenating the ``authNamePrefix``, 
+        a forward slash (``/``), and the contents of the claim identified by 
+        ``principalNameClaim`` within the access token. For example, with a 
+        ``authNamePrefix`` field value of "mdbinc", the internal username is:
+
+        ``mdbinc/[email protected]``
+
+      - Looks for the user with this username and authorize the client with the 
+        roles:
+
+        .. code-block:: javascript
+        
+           { user: "mdbinc/[email protected]", 
+             db: "$external" }
+
+      .. versionadded:: 7.2 (*Also available in 7.0.5*)
 
   * - ``logClaims``
 
@@ -124,22 +161,20 @@
     - List of access token claims to include in log and audit messages upon 
       authentication completion.
 
-
   * - ``JWKSPollSecs``
 
     - Optional
 
-    - integer
+    - Integer
 
     - Frequency, in seconds, to request an updated JSON Web Key Set (JWKS) from the IDP. 
       A setting of 0 disables polling.
 
-
   * - ``supportsHumanFlows``
 
     - Optional
 
-    - bool
+    - Boolean
 
     - Whether the OIDC provider supports human or machine workflows.  This
       affects the ``clientId`` and ``matchPattern`` fields.
@@ -149,5 +184,5 @@
 
       Default: ``true``.
 
-      .. versionadded:: 7.2
+      .. versionadded:: 7.2 (*Also available in 7.0.5*)
 

source/reference/command/create.txt

@@ -228,6 +228,8 @@ The ``create`` command has the following fields:
        validated and logged to the :term:`oplog` during replication to
        support replica sets with members that use different storage
        engines.
+
+       .. include:: /includes/fact-encryption-options-create-collection.rst
 
        .. seealso::
 
@@ -616,3 +618,5 @@ specific configuration string that MongoDB will pass to the
 ``wiredTiger`` storage engine. See the :wtdocs-v5.0:`WiredTiger documentation of
 collection level options </struct_w_t___s_e_s_s_i_o_n.html>`
 for specific ``wiredTiger`` options.
+
+.. include:: /includes/fact-encryption-options-create-collection.rst

source/reference/command/serverStatus.txt

@@ -1657,6 +1657,8 @@ metrics
          totalTimeToFirstNonAuthCommandMillis : Long("<num>")
       },
       operation : {
+         killedDueToClientDisconnect : Long("<num>"),  // Added in MongoDB 7.1 (*Also available in 7.0.5*)
+         killedDueToMaxTimeMSExpired : Long("<num>"),  // Added in MongoDB 7.2 (*Also available in 7.0.5*)
          numConnectionNetworkTimeouts : Long("<num>"),  // Added in MongoDB 6.3
          totalTimeWaitingBeforeConnectionTimeoutMillis : Long("<num>"),  // Added in MongoDB 6.3
          scanAndOrder : Long("<num>"),
@@ -1672,7 +1674,6 @@ metrics
       },
       query: {
          allowDiskUseFalse: Long("<num>"),
-         planCacheTotalSizeEstimateBytes: Long("<num>"),
          updateOneOpStyleBroadcastWithExactIDCount: Long("<num>"),
          lookup: {
             hashLookup: Long("<num>"),
@@ -2148,6 +2149,19 @@ metrics
    A document that holds counters for several types of update and query
    operations that MongoDB handles using special operation types.
 
+.. serverstatus:: metrics.operation.killedDueToClientDisconnect
+
+   .. versionadded:: 7.1 (*Also available in 7.0.5*)
+
+   Total number of operations cancelled before completion 
+   because the client disconnected.
+
+.. serverstatus:: metrics.operation.killedDueToMaxTimeMSExpired
+
+   .. versionadded:: 7.2 (*Also available in 7.0.5*)
+
+   Total number of operations that timed out before completion.
+
 .. serverstatus:: metrics.operation.numConnectionNetworkTimeouts
 
    .. versionadded:: 6.3
@@ -3853,15 +3867,41 @@ planCache
 
 .. code-block:: javascript
 
-   planCache: {
-      classic: { hits: Long("<num>"), misses: Long("<num>") },
-      sbe: { hits: Long("<num>"), misses: Long("<num>") }
+   planCache : {
+      totalQueryShapes : Long("<num>"),
+      totalSizeEstimateBytes : Long("<num>"),
+      classic : { 
+         hits : Long("<num>"), 
+         misses : Long("<num>") 
+      },
+      sbe : { 
+         hits : Long("<num>"), 
+         misses: Long("<num>") 
+      }
    }
 
 .. serverstatus:: planCache
 
    A document that reports query plan cache statistics.
 
+.. serverstatus:: planCache.totalQueryShapes
+      
+   Approximate number of :term:`query shapes <query shape>`. 
+
+   Prior to version 7.2, information on the number of query shapes was stored in 
+   the ``query.planCacheTotalQueryShapes`` field.
+
+   .. versionadded:: 7.2 (*Also available in 7.0.5*)
+
+.. serverstatus:: planCache.totalSizeEstimateBytes
+
+   Total size of the plan cache in bytes.
+
+   Prior to version 7.2, information on the plan cache size was stored in the  
+   ``query.planCacheTotalSizeEstimateBytes`` field.
+
+   .. versionadded:: 7.2 (*Also available in 7.0.5*)
+
 .. serverstatus:: planCache.classic.hits
 
    Number of classic execution engine query plans found in the query 
@@ -3874,12 +3914,12 @@ planCache
 
 .. serverstatus:: planCache.sbe.hits
 
-   Number of slot-based execution engine query plans found in the query 
+   Number of |sbe-short| query plans found in the query 
    cache and reused to avoid the query planning phase.
 
 .. serverstatus:: planCache.sbe.misses
 
-   Number of slot-based execution engine query plans which were not found 
+   Number of |sbe-short| plans which were not found 
    in the query cache and went through the query planning phase.
 
 .. _server-status-queryAnalyzers:                                       
@@ -6733,7 +6773,7 @@ wiredTiger
 
    .. serverstatus:: wiredTiger.cache.bytes currently in the cache
 
-      Size in byte of the data currently in cache. This value should
+      Size in bytes of the data currently in cache. This value should
       not be greater than the ``maximum bytes configured`` value.
 
    .. serverstatus:: wiredTiger.cache.unmodified pages evicted

source/reference/method/db.createCollection.txt

@@ -259,6 +259,8 @@ The ``options`` document contains the following fields:
        to support replica sets with members that use different storage
        engines.
 
+       .. include:: /includes/fact-encryption-options-create-collection.rst
+
        .. seealso::
 
           :ref:`create-collection-storage-engine-options`
@@ -542,3 +544,5 @@ specific configuration string that MongoDB will pass to the
 ``wiredTiger`` storage engine. See the :wtdocs-v5.0:`WiredTiger documentation of
 collection level options </struct_w_t___s_e_s_s_i_o_n.html>`
 for specific ``wiredTiger`` options.
+
+.. include:: /includes/fact-encryption-options-create-collection.rst