X509AuthenticationDatabaseUser

mongodbatlas.X509AuthenticationDatabaseUser provides a X509 Authentication Database User resource. The mongodbatlas.X509AuthenticationDatabaseUser resource lets you manage MongoDB users who authenticate using X.509 certificates. You can manage these X.509 certificates or let Atlas do it for you.

Management	Description
Atlas	Atlas manages your Certificate Authority and can generate certificates for your MongoDB users. No additional X.509 configuration is required.
Customer	You must provide a Certificate Authority and generate certificates for your MongoDB users.

NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.

Example Usage

Example Usage: Generate an Atlas-managed X.509 certificate for a MongoDB user

using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

class MyStack : Stack
{
    public MyStack()
    {
        var user = new Mongodbatlas.DatabaseUser("user", new Mongodbatlas.DatabaseUserArgs
        {
            DatabaseName = "$external",
            Labels = 
            {
                new Mongodbatlas.Inputs.DatabaseUserLabelArgs
                {
                    Key = "My Key",
                    Value = "My Value",
                },
            },
            ProjectId = "<PROJECT-ID>",
            Roles = 
            {
                new Mongodbatlas.Inputs.DatabaseUserRoleArgs
                {
                    DatabaseName = "admin",
                    RoleName = "atlasAdmin",
                },
            },
            Username = "myUsername",
            X509Type = "MANAGED",
        });
        var test = new Mongodbatlas.X509AuthenticationDatabaseUser("test", new Mongodbatlas.X509AuthenticationDatabaseUserArgs
        {
            MonthsUntilExpiration = 2,
            ProjectId = user.ProjectId,
            Username = user.Username,
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-mongodbatlas/sdk/go/mongodbatlas"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        user, err := mongodbatlas.NewDatabaseUser(ctx, "user", &mongodbatlas.DatabaseUserArgs{
            DatabaseName: pulumi.String(fmt.Sprintf("%v%v", "$", "external")),
            Labels: mongodbatlas.DatabaseUserLabelArray{
                &mongodbatlas.DatabaseUserLabelArgs{
                    Key:   pulumi.String("My Key"),
                    Value: pulumi.String("My Value"),
                },
            },
            ProjectId: pulumi.String("<PROJECT-ID>"),
            Roles: mongodbatlas.DatabaseUserRoleArray{
                &mongodbatlas.DatabaseUserRoleArgs{
                    DatabaseName: pulumi.String("admin"),
                    RoleName:     pulumi.String("atlasAdmin"),
                },
            },
            Username: pulumi.String("myUsername"),
            X509Type: pulumi.String("MANAGED"),
        })
        if err != nil {
            return err
        }
        _, err = mongodbatlas.NewX509AuthenticationDatabaseUser(ctx, "test", &mongodbatlas.X509AuthenticationDatabaseUserArgs{
            MonthsUntilExpiration: pulumi.Int(2),
            ProjectId:             user.ProjectId,
            Username:              user.Username,
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_mongodbatlas as mongodbatlas

user = mongodbatlas.DatabaseUser("user",
    database_name="$external",
    labels=[mongodbatlas.DatabaseUserLabelArgs(
        key="My Key",
        value="My Value",
    )],
    project_id="<PROJECT-ID>",
    roles=[mongodbatlas.DatabaseUserRoleArgs(
        database_name="admin",
        role_name="atlasAdmin",
    )],
    username="myUsername",
    x509_type="MANAGED")
test = mongodbatlas.X509AuthenticationDatabaseUser("test",
    months_until_expiration=2,
    project_id=user.project_id,
    username=user.username)

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const user = new mongodbatlas.DatabaseUser("user", {
    databaseName: "$external",
    labels: [{
        key: "My Key",
        value: "My Value",
    }],
    projectId: "<PROJECT-ID>",
    roles: [{
        databaseName: "admin",
        roleName: "atlasAdmin",
    }],
    username: "myUsername",
    x509Type: "MANAGED",
});
const test = new mongodbatlas.X509AuthenticationDatabaseUser("test", {
    monthsUntilExpiration: 2,
    projectId: user.projectId,
    username: user.username,
});

Example Usage: Save a customer-managed X.509 configuration for an Atlas project

using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

class MyStack : Stack
{
    public MyStack()
    {
        var test = new Mongodbatlas.X509AuthenticationDatabaseUser("test", new Mongodbatlas.X509AuthenticationDatabaseUserArgs
        {
            CustomerX509Cas = @"  -----BEGIN CERTIFICATE-----
  MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
  VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
  c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
  SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
  MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
  VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
  BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
  c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
  iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
  cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
  Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
  SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
  7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
  iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
  -----END CERTIFICATE-----""

",
            ProjectId = "<PROJECT-ID>",
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-mongodbatlas/sdk/go/mongodbatlas"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := mongodbatlas.NewX509AuthenticationDatabaseUser(ctx, "test", &mongodbatlas.X509AuthenticationDatabaseUserArgs{
            CustomerX509Cas: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "  -----BEGIN CERTIFICATE-----\n", "  MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC\n", "  VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl\n", "  c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG\n", "  SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy\n", "  MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF\n", "  VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV\n", "  BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp\n", "  c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n", "  iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr\n", "  cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O\n", "  Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG\n", "  SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA\n", "  7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A\n", "  iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz\n", "  -----END CERTIFICATE-----\"\n", "\n")),
            ProjectId:       pulumi.String("<PROJECT-ID>"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_mongodbatlas as mongodbatlas

test = mongodbatlas.X509AuthenticationDatabaseUser("test",
    customer_x509_cas="""  -----BEGIN CERTIFICATE-----
  MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
  VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
  c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
  SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
  MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
  VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
  BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
  c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
  iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
  cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
  Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
  SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
  7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
  iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
  -----END CERTIFICATE-----"

""",
    project_id="<PROJECT-ID>")

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const test = new mongodbatlas.X509AuthenticationDatabaseUser("test", {
    customerX509Cas: `  -----BEGIN CERTIFICATE-----
  MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
  VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
  c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
  SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
  MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
  VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
  BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
  c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
  iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
  cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
  Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
  SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
  7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
  iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
  -----END CERTIFICATE-----"
`,
    projectId: "<PROJECT-ID>",
});

Create a X509AuthenticationDatabaseUser Resource

new X509AuthenticationDatabaseUser(name: string, args: X509AuthenticationDatabaseUserArgs, opts?: CustomResourceOptions);

def X509AuthenticationDatabaseUser(resource_name: str, opts: Optional[ResourceOptions] = None, customer_x509_cas: Optional[str] = None, months_until_expiration: Optional[int] = None, project_id: Optional[str] = None, username: Optional[str] = None)

func NewX509AuthenticationDatabaseUser(ctx *Context, name string, args X509AuthenticationDatabaseUserArgs, opts ...ResourceOption) (*X509AuthenticationDatabaseUser, error)

public X509AuthenticationDatabaseUser(string name, X509AuthenticationDatabaseUserArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args X509AuthenticationDatabaseUserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args X509AuthenticationDatabaseUserArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args X509AuthenticationDatabaseUserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

X509AuthenticationDatabaseUser Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The X509AuthenticationDatabaseUser resource accepts the following input properties:

ProjectId string: Identifier for the Atlas project associated with the X.509 configuration.
CustomerX509Cas string: PEM string containing one or more customer CAs for database user authentication.
MonthsUntilExpiration int: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
Username string: Username of the database user to create a certificate for.

ProjectId string: Identifier for the Atlas project associated with the X.509 configuration.
CustomerX509Cas string: PEM string containing one or more customer CAs for database user authentication.
MonthsUntilExpiration int: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
Username string: Username of the database user to create a certificate for.

projectId string: Identifier for the Atlas project associated with the X.509 configuration.
customerX509Cas string: PEM string containing one or more customer CAs for database user authentication.
monthsUntilExpiration number: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
username string: Username of the database user to create a certificate for.

project_id str: Identifier for the Atlas project associated with the X.509 configuration.
customer_x509_cas str: PEM string containing one or more customer CAs for database user authentication.
months_until_expiration int: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
username str: Username of the database user to create a certificate for.

Outputs

All input properties are implicitly available as output properties. Additionally, the X509AuthenticationDatabaseUser resource produces the following output properties:

Certificates List<X509AuthenticationDatabaseUserCertificate>: Array of objects where each details one unexpired database user certificate.
CurrentCertificate string: Contains the last X.509 certificate and private key created for a database user.
Id string: The provider-assigned unique ID for this managed resource.

Certificates []X509AuthenticationDatabaseUserCertificate: Array of objects where each details one unexpired database user certificate.
CurrentCertificate string: Contains the last X.509 certificate and private key created for a database user.
Id string: The provider-assigned unique ID for this managed resource.

certificates X509AuthenticationDatabaseUserCertificate[]: Array of objects where each details one unexpired database user certificate.
currentCertificate string: Contains the last X.509 certificate and private key created for a database user.
id string: The provider-assigned unique ID for this managed resource.

certificates Sequence[X509AuthenticationDatabaseUserCertificate]: Array of objects where each details one unexpired database user certificate.
current_certificate str: Contains the last X.509 certificate and private key created for a database user.
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing X509AuthenticationDatabaseUser Resource

Get an existing X509AuthenticationDatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: X509AuthenticationDatabaseUserState, opts?: CustomResourceOptions): X509AuthenticationDatabaseUser

@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, certificates: Optional[Sequence[X509AuthenticationDatabaseUserCertificateArgs]] = None, current_certificate: Optional[str] = None, customer_x509_cas: Optional[str] = None, months_until_expiration: Optional[int] = None, project_id: Optional[str] = None, username: Optional[str] = None) -> X509AuthenticationDatabaseUser

func GetX509AuthenticationDatabaseUser(ctx *Context, name string, id IDInput, state *X509AuthenticationDatabaseUserState, opts ...ResourceOption) (*X509AuthenticationDatabaseUser, error)

public static X509AuthenticationDatabaseUser Get(string name, Input<string> id, X509AuthenticationDatabaseUserState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Certificates List<X509AuthenticationDatabaseUserCertificateArgs>: Array of objects where each details one unexpired database user certificate.
CurrentCertificate string: Contains the last X.509 certificate and private key created for a database user.
CustomerX509Cas string: PEM string containing one or more customer CAs for database user authentication.
MonthsUntilExpiration int: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
ProjectId string: Identifier for the Atlas project associated with the X.509 configuration.
Username string: Username of the database user to create a certificate for.

Certificates []X509AuthenticationDatabaseUserCertificate: Array of objects where each details one unexpired database user certificate.
CurrentCertificate string: Contains the last X.509 certificate and private key created for a database user.
CustomerX509Cas string: PEM string containing one or more customer CAs for database user authentication.
MonthsUntilExpiration int: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
ProjectId string: Identifier for the Atlas project associated with the X.509 configuration.
Username string: Username of the database user to create a certificate for.

certificates X509AuthenticationDatabaseUserCertificate[]: Array of objects where each details one unexpired database user certificate.
currentCertificate string: Contains the last X.509 certificate and private key created for a database user.
customerX509Cas string: PEM string containing one or more customer CAs for database user authentication.
monthsUntilExpiration number: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
projectId string: Identifier for the Atlas project associated with the X.509 configuration.
username string: Username of the database user to create a certificate for.

certificates Sequence[X509AuthenticationDatabaseUserCertificateArgs]: Array of objects where each details one unexpired database user certificate.
current_certificate str: Contains the last X.509 certificate and private key created for a database user.
customer_x509_cas str: PEM string containing one or more customer CAs for database user authentication.
months_until_expiration int: A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
project_id str: Identifier for the Atlas project associated with the X.509 configuration.
username str: Username of the database user to create a certificate for.

Supporting Types

X509AuthenticationDatabaseUserCertificate

See the output API doc for this type.

CreatedAt string
GroupId string
Id int
NotAfter string
Subject string

CreatedAt string
GroupId string
Id int
NotAfter string
Subject string

createdAt string
groupId string
id number
notAfter string
subject string

created_at str
group_id str
id int
not_after str
subject str

Import

X.509 Certificates for a User can be imported using project ID and username, in the format project_id-username, e.g.

 $ pulumi import mongodbatlas:index/x509AuthenticationDatabaseUser:X509AuthenticationDatabaseUser test 1112222b3bf99403840e8934-myUsername

For more information seeMongoDB Atlas API Reference. Current X.509 Configuration can be imported using project ID, in the format project_id, e.g.

 $ pulumi import mongodbatlas:index/x509AuthenticationDatabaseUser:X509AuthenticationDatabaseUser test 1112222b3bf99403840e8934

For more information seeMongoDB Atlas API Reference.

Package Details

Repository: https://github.com/pulumi/pulumi-mongodbatlas
License: Apache-2.0
Notes: This Pulumi package is based on the mongodbatlas Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud