Get started with Pulumi in a free one hour introductory workshop. Register Now

CustomDbRole

mongodbatlas.CustomDbRole provides a Custom DB Role resource. The customDBRoles resource lets you retrieve, create and modify the custom MongoDB roles in your cluster. Use custom MongoDB roles to specify custom sets of actions which cannot be described by the built-in Atlas database user privileges.

IMPORTANT Custom roles cannot use actions unavailable to any cluster version in your project. Custom roles are defined at the project level, and must be compatible with each MongoDB version used by your project’s clusters. If you have a cluster in your project with MongoDB 3.4, you cannot create a custom role that uses actions introduced in MongoDB 3.6, such as useUUID.

NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.

Example Usage

using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

class MyStack : Stack
{
    public MyStack()
    {
        var testRole = new Mongodbatlas.CustomDbRole("testRole", new Mongodbatlas.CustomDbRoleArgs
        {
            Actions = 
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "UPDATE",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "INSERT",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "REMOVE",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
            },
            ProjectId = "<PROJECT-ID>",
            RoleName = "myCustomRole",
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-mongodbatlas/sdk/go/mongodbatlas"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := mongodbatlas.NewCustomDbRole(ctx, "testRole", &mongodbatlas.CustomDbRoleArgs{
            Actions: mongodbatlas.CustomDbRoleActionArray{
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("UPDATE"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            CollectionName: pulumi.String(""),
                            DatabaseName:   pulumi.String("anyDatabase"),
                        },
                    },
                },
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("INSERT"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            CollectionName: pulumi.String(""),
                            DatabaseName:   pulumi.String("anyDatabase"),
                        },
                    },
                },
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("REMOVE"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            CollectionName: pulumi.String(""),
                            DatabaseName:   pulumi.String("anyDatabase"),
                        },
                    },
                },
            },
            ProjectId: pulumi.String("<PROJECT-ID>"),
            RoleName:  pulumi.String("myCustomRole"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_mongodbatlas as mongodbatlas

test_role = mongodbatlas.CustomDbRole("testRole",
    actions=[
        mongodbatlas.CustomDbRoleActionArgs(
            action="UPDATE",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                collection_name="",
                database_name="anyDatabase",
            )],
        ),
        mongodbatlas.CustomDbRoleActionArgs(
            action="INSERT",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                collection_name="",
                database_name="anyDatabase",
            )],
        ),
        mongodbatlas.CustomDbRoleActionArgs(
            action="REMOVE",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                collection_name="",
                database_name="anyDatabase",
            )],
        ),
    ],
    project_id="<PROJECT-ID>",
    role_name="myCustomRole")
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const testRole = new mongodbatlas.CustomDbRole("test_role", {
    actions: [
        {
            action: "UPDATE",
            resources: [{
                collectionName: "",
                databaseName: "anyDatabase",
            }],
        },
        {
            action: "INSERT",
            resources: [{
                collectionName: "",
                databaseName: "anyDatabase",
            }],
        },
        {
            action: "REMOVE",
            resources: [{
                collectionName: "",
                databaseName: "anyDatabase",
            }],
        },
    ],
    projectId: "<PROJECT-ID>",
    roleName: "myCustomRole",
});

With Inherited Roles

using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

class MyStack : Stack
{
    public MyStack()
    {
        var inheritedRoleOne = new Mongodbatlas.CustomDbRole("inheritedRoleOne", new Mongodbatlas.CustomDbRoleArgs
        {
            Actions = 
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "INSERT",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
            },
            ProjectId = "<PROJECT-ID>",
            RoleName = "insertRole",
        });
        var inheritedRoleTwo = new Mongodbatlas.CustomDbRole("inheritedRoleTwo", new Mongodbatlas.CustomDbRoleArgs
        {
            Actions = 
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "SERVER_STATUS",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            Cluster = true,
                        },
                    },
                },
            },
            ProjectId = inheritedRoleOne.ProjectId,
            RoleName = "statusServerRole",
        });
        var testRole = new Mongodbatlas.CustomDbRole("testRole", new Mongodbatlas.CustomDbRoleArgs
        {
            Actions = 
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "UPDATE",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "REMOVE",
                    Resources = 
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
            },
            InheritedRoles = 
            {
                new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
                {
                    DatabaseName = "admin",
                    RoleName = inheritedRoleOne.RoleName,
                },
                new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
                {
                    DatabaseName = "admin",
                    RoleName = inheritedRoleTwo.RoleName,
                },
            },
            ProjectId = inheritedRoleOne.ProjectId,
            RoleName = "myCustomRole",
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-mongodbatlas/sdk/go/mongodbatlas"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        inheritedRoleOne, err := mongodbatlas.NewCustomDbRole(ctx, "inheritedRoleOne", &mongodbatlas.CustomDbRoleArgs{
            Actions: mongodbatlas.CustomDbRoleActionArray{
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("INSERT"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            CollectionName: pulumi.String(""),
                            DatabaseName:   pulumi.String("anyDatabase"),
                        },
                    },
                },
            },
            ProjectId: pulumi.String("<PROJECT-ID>"),
            RoleName:  pulumi.String("insertRole"),
        })
        if err != nil {
            return err
        }
        inheritedRoleTwo, err := mongodbatlas.NewCustomDbRole(ctx, "inheritedRoleTwo", &mongodbatlas.CustomDbRoleArgs{
            Actions: mongodbatlas.CustomDbRoleActionArray{
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("SERVER_STATUS"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            Cluster: pulumi.Bool(true),
                        },
                    },
                },
            },
            ProjectId: inheritedRoleOne.ProjectId,
            RoleName:  pulumi.String("statusServerRole"),
        })
        if err != nil {
            return err
        }
        _, err = mongodbatlas.NewCustomDbRole(ctx, "testRole", &mongodbatlas.CustomDbRoleArgs{
            Actions: mongodbatlas.CustomDbRoleActionArray{
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("UPDATE"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            CollectionName: pulumi.String(""),
                            DatabaseName:   pulumi.String("anyDatabase"),
                        },
                    },
                },
                &mongodbatlas.CustomDbRoleActionArgs{
                    Action: pulumi.String("REMOVE"),
                    Resources: mongodbatlas.CustomDbRoleActionResourceArray{
                        &mongodbatlas.CustomDbRoleActionResourceArgs{
                            CollectionName: pulumi.String(""),
                            DatabaseName:   pulumi.String("anyDatabase"),
                        },
                    },
                },
            },
            InheritedRoles: mongodbatlas.CustomDbRoleInheritedRoleArray{
                &mongodbatlas.CustomDbRoleInheritedRoleArgs{
                    DatabaseName: pulumi.String("admin"),
                    RoleName:     inheritedRoleOne.RoleName,
                },
                &mongodbatlas.CustomDbRoleInheritedRoleArgs{
                    DatabaseName: pulumi.String("admin"),
                    RoleName:     inheritedRoleTwo.RoleName,
                },
            },
            ProjectId: inheritedRoleOne.ProjectId,
            RoleName:  pulumi.String("myCustomRole"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_mongodbatlas as mongodbatlas

inherited_role_one = mongodbatlas.CustomDbRole("inheritedRoleOne",
    actions=[mongodbatlas.CustomDbRoleActionArgs(
        action="INSERT",
        resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
            collection_name="",
            database_name="anyDatabase",
        )],
    )],
    project_id="<PROJECT-ID>",
    role_name="insertRole")
inherited_role_two = mongodbatlas.CustomDbRole("inheritedRoleTwo",
    actions=[mongodbatlas.CustomDbRoleActionArgs(
        action="SERVER_STATUS",
        resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
            cluster=True,
        )],
    )],
    project_id=inherited_role_one.project_id,
    role_name="statusServerRole")
test_role = mongodbatlas.CustomDbRole("testRole",
    actions=[
        mongodbatlas.CustomDbRoleActionArgs(
            action="UPDATE",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                collection_name="",
                database_name="anyDatabase",
            )],
        ),
        mongodbatlas.CustomDbRoleActionArgs(
            action="REMOVE",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                collection_name="",
                database_name="anyDatabase",
            )],
        ),
    ],
    inherited_roles=[
        mongodbatlas.CustomDbRoleInheritedRoleArgs(
            database_name="admin",
            role_name=inherited_role_one.role_name,
        ),
        mongodbatlas.CustomDbRoleInheritedRoleArgs(
            database_name="admin",
            role_name=inherited_role_two.role_name,
        ),
    ],
    project_id=inherited_role_one.project_id,
    role_name="myCustomRole")
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const inheritedRoleOne = new mongodbatlas.CustomDbRole("inherited_role_one", {
    actions: [{
        action: "INSERT",
        resources: [{
            collectionName: "",
            databaseName: "anyDatabase",
        }],
    }],
    projectId: "<PROJECT-ID>",
    roleName: "insertRole",
});
const inheritedRoleTwo = new mongodbatlas.CustomDbRole("inherited_role_two", {
    actions: [{
        action: "SERVER_STATUS",
        resources: [{
            cluster: true,
        }],
    }],
    projectId: inheritedRoleOne.projectId,
    roleName: "statusServerRole",
});
const testRole = new mongodbatlas.CustomDbRole("test_role", {
    actions: [
        {
            action: "UPDATE",
            resources: [{
                collectionName: "",
                databaseName: "anyDatabase",
            }],
        },
        {
            action: "REMOVE",
            resources: [{
                collectionName: "",
                databaseName: "anyDatabase",
            }],
        },
    ],
    inheritedRoles: [
        {
            databaseName: "admin",
            roleName: inheritedRoleOne.roleName,
        },
        {
            databaseName: "admin",
            roleName: inheritedRoleTwo.roleName,
        },
    ],
    projectId: inheritedRoleOne.projectId,
    roleName: "myCustomRole",
});

Create a CustomDbRole Resource

def CustomDbRole(resource_name: str, opts: Optional[ResourceOptions] = None, actions: Optional[Sequence[CustomDbRoleActionArgs]] = None, inherited_roles: Optional[Sequence[CustomDbRoleInheritedRoleArgs]] = None, project_id: Optional[str] = None, role_name: Optional[str] = None)
func NewCustomDbRole(ctx *Context, name string, args CustomDbRoleArgs, opts ...ResourceOption) (*CustomDbRole, error)
name string
The unique name of the resource.
args CustomDbRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CustomDbRoleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CustomDbRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

CustomDbRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The CustomDbRole resource accepts the following input properties:

ProjectId string

The unique ID for the project to create the database user.

RoleName string

Name of the inherited role. This can either be another custom role or a built-in role.

Actions List<CustomDbRoleActionArgs>
InheritedRoles List<CustomDbRoleInheritedRoleArgs>
ProjectId string

The unique ID for the project to create the database user.

RoleName string

Name of the inherited role. This can either be another custom role or a built-in role.

Actions []CustomDbRoleAction
InheritedRoles []CustomDbRoleInheritedRole
projectId string

The unique ID for the project to create the database user.

roleName string

Name of the inherited role. This can either be another custom role or a built-in role.

actions CustomDbRoleAction[]
inheritedRoles CustomDbRoleInheritedRole[]
project_id str

The unique ID for the project to create the database user.

role_name str

Name of the inherited role. This can either be another custom role or a built-in role.

actions Sequence[CustomDbRoleActionArgs]
inherited_roles Sequence[CustomDbRoleInheritedRoleArgs]

Outputs

All input properties are implicitly available as output properties. Additionally, the CustomDbRole resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing CustomDbRole Resource

Get an existing CustomDbRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CustomDbRoleState, opts?: CustomResourceOptions): CustomDbRole
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, actions: Optional[Sequence[CustomDbRoleActionArgs]] = None, inherited_roles: Optional[Sequence[CustomDbRoleInheritedRoleArgs]] = None, project_id: Optional[str] = None, role_name: Optional[str] = None) -> CustomDbRole
func GetCustomDbRole(ctx *Context, name string, id IDInput, state *CustomDbRoleState, opts ...ResourceOption) (*CustomDbRole, error)
public static CustomDbRole Get(string name, Input<string> id, CustomDbRoleState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Actions List<CustomDbRoleActionArgs>
InheritedRoles List<CustomDbRoleInheritedRoleArgs>
ProjectId string

The unique ID for the project to create the database user.

RoleName string

Name of the inherited role. This can either be another custom role or a built-in role.

Actions []CustomDbRoleAction
InheritedRoles []CustomDbRoleInheritedRole
ProjectId string

The unique ID for the project to create the database user.

RoleName string

Name of the inherited role. This can either be another custom role or a built-in role.

actions CustomDbRoleAction[]
inheritedRoles CustomDbRoleInheritedRole[]
projectId string

The unique ID for the project to create the database user.

roleName string

Name of the inherited role. This can either be another custom role or a built-in role.

actions Sequence[CustomDbRoleActionArgs]
inherited_roles Sequence[CustomDbRoleInheritedRoleArgs]
project_id str

The unique ID for the project to create the database user.

role_name str

Name of the inherited role. This can either be another custom role or a built-in role.

Supporting Types

CustomDbRoleAction

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Action string

Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

Resources List<CustomDbRoleActionResourceArgs>

Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

Action string

Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

Resources []CustomDbRoleActionResource

Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

action string

Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

resources CustomDbRoleActionResource[]

Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

action str

Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

resources Sequence[CustomDbRoleActionResourceArgs]

Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

CustomDbRoleActionResource

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Cluster bool
CollectionName string
DatabaseName string

Database on which the inherited role is granted.

Cluster bool
CollectionName string
DatabaseName string

Database on which the inherited role is granted.

cluster boolean
collectionName string
databaseName string

Database on which the inherited role is granted.

cluster bool
collection_name str
database_name str

Database on which the inherited role is granted.

CustomDbRoleInheritedRole

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

DatabaseName string

Database on which the inherited role is granted.

RoleName string

Name of the inherited role. This can either be another custom role or a built-in role.

DatabaseName string

Database on which the inherited role is granted.

RoleName string

Name of the inherited role. This can either be another custom role or a built-in role.

databaseName string

Database on which the inherited role is granted.

roleName string

Name of the inherited role. This can either be another custom role or a built-in role.

database_name str

Database on which the inherited role is granted.

role_name str

Name of the inherited role. This can either be another custom role or a built-in role.

Package Details

Repository
https://github.com/pulumi/pulumi-mongodbatlas
License
Apache-2.0
Notes
This Pulumi package is based on the mongodbatlas Terraform Provider.