Add docs on what privileges are needed for using metricbeat mongodb m…

…odule (elastic#13932)

(cherry picked from commit 324e9a4)

metricbeat/docs/modules/mongodb.asciidoc

@@ -55,6 +55,33 @@ The default metricsets are `collstats`, `dbstats` and `status`.
 The MongoDB metricsets were tested with MongoDB 3.4 and 3.0 and are expected to
 work with all versions >= 2.8.
 
+[float]
+=== MongoDB Privileges
+
+In order to use the metricsets, the MongoDB user specified in the module configuration needs to have certain https://docs.mongodb.com/manual/core/authorization/#privileges[privileges].
+
+We recommend using the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role] to cover all the necessary privileges.
+
+You can use the following command in Mongo shell to create the privileged user (make sure you are using the `admin` db by using `db` command in Mongo shell).
+
+["source","js",subs="attributes"]
+----
+db.createUser(
+    {
+        user: "beats",
+        pwd: "pass",
+        roles: ["clusterMonitor"]
+    }
+)
+----
+
+You can use the following command in Mongo shell to grant the role to an existing user (make sure you are using the `admin` db by using `db` command in Mongo shell).
+
+["source","js",subs="attributes"]
+----
+db.grantRolesToUser("user", ["clusterMonitor"])
+----
+
 
 [float]
 === Example configuration

metricbeat/module/mongodb/_meta/docs.asciidoc

@@ -47,3 +47,30 @@ The default metricsets are `collstats`, `dbstats` and `status`.
 
 The MongoDB metricsets were tested with MongoDB 3.4 and 3.0 and are expected to
 work with all versions >= 2.8.
+
+[float]
+=== MongoDB Privileges
+
+In order to use the metricsets, the MongoDB user specified in the module configuration needs to have certain https://docs.mongodb.com/manual/core/authorization/#privileges[privileges].
+
+We recommend using the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role] to cover all the necessary privileges.
+
+You can use the following command in Mongo shell to create the privileged user (make sure you are using the `admin` db by using `db` command in Mongo shell).
+
+["source","js",subs="attributes"]
+----
+db.createUser(
+    {
+        user: "beats",
+        pwd: "pass",
+        roles: ["clusterMonitor"]
+    }
+)
+----
+
+You can use the following command in Mongo shell to grant the role to an existing user (make sure you are using the `admin` db by using `db` command in Mongo shell).
+
+["source","js",subs="attributes"]
+----
+db.grantRolesToUser("user", ["clusterMonitor"])
+----

metricbeat/module/mongodb/collstats/_meta/docs.asciidoc

@@ -11,3 +11,7 @@ It is using the `top` administrative command to return usage statistics for each
 - update
 - remove
 - commands
+
+It requires the following privileges, which is covered by the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role]:
+
+- https://docs.mongodb.com/manual/reference/privilege-actions/#top[`top` action] on https://docs.mongodb.com/manual/reference/resource-document/#cluster-resource[`cluster` resource]

metricbeat/module/mongodb/dbstats/_meta/docs.asciidoc

@@ -1 +1,6 @@
 This is the `dbstats` metricset of the MongoDB module.
+
+It requires the following privileges, which is covered by the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role]:
+
+- https://docs.mongodb.com/manual/reference/privilege-actions/#listDatabases[`listDatabases` action] on https://docs.mongodb.com/manual/reference/resource-document/#cluster-resource[`cluster` resource]
+- for each of the databases, also need https://docs.mongodb.com/manual/reference/privilege-actions/#dbStats[`dbStats` action] on the https://docs.mongodb.com/manual/reference/resource-document/#database-and-or-collection-resource[`database` resource]

metricbeat/module/mongodb/metrics/_meta/docs.asciidoc

@@ -1 +1,5 @@
-This is the `metrics` metricset of the MongoDB module.
+This is the `metrics` metricset of the MongoDB module.
+
+It requires the following privileges, which is covered by the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role]:
+
+- https://docs.mongodb.com/manual/reference/privilege-actions/#serverStatus[`serverStatus` action] on https://docs.mongodb.com/manual/reference/resource-document/#cluster-resource[`cluster` resource]

metricbeat/module/mongodb/replstatus/_meta/docs.asciidoc

@@ -1 +1,7 @@
 This is the `replstatus` metricset of the module mongodb.
+
+It requires the following privileges, which is covered by the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role]:
+
+- https://docs.mongodb.com/manual/reference/privilege-actions/#find[`find`/`listCollections` action] on https://docs.mongodb.com/manual/reference/local-database/[the `local` database resource]
+- https://docs.mongodb.com/manual/reference/privilege-actions/#collStats[`collStats` action] on https://docs.mongodb.com/manual/reference/local-database/#local.oplog.rs[the `local.oplog.rs` collection resource]
+- https://docs.mongodb.com/manual/reference/privilege-actions/#replSetGetStatus[`replSetGetStatus` action] on https://docs.mongodb.com/manual/reference/resource-document/#cluster-resource[`cluster` resource]

metricbeat/module/mongodb/status/_meta/docs.asciidoc

@@ -1 +1,5 @@
 This is the `status` metricset of the MongoDB module.
+
+It requires the following privileges, which is covered by the https://docs.mongodb.com/manual/reference/built-in-roles/#clusterMonitor[`clusterMonitor` role]:
+
+- https://docs.mongodb.com/manual/reference/privilege-actions/#serverStatus[`serverStatus` action] on https://docs.mongodb.com/manual/reference/resource-document/#cluster-resource[`cluster` resource]