1. Packages
  2. MongoDB Atlas
  3. API Docs
  4. CustomDbRole
MongoDB Atlas v3.16.0 published on Wednesday, Jun 12, 2024 by Pulumi

mongodbatlas.CustomDbRole

Explore with Pulumi AI

mongodbatlas logo
MongoDB Atlas v3.16.0 published on Wednesday, Jun 12, 2024 by Pulumi

    mongodbatlas.CustomDbRole provides a Custom DB Role resource. The customDBRoles resource lets you retrieve, create and modify the custom MongoDB roles in your cluster. Use custom MongoDB roles to specify custom sets of actions which cannot be described by the built-in Atlas database user privileges.

    IMPORTANT You define custom roles at the project level for all clusters in the project. The mongodbatlas.CustomDbRole resource supports a subset of MongoDB privilege actions. For a complete list of privilege actions available for this resource, see Custom Role actions. Custom roles must include actions that all project’s clusters support, and that are compatible with each MongoDB version used by your project’s clusters. For example, if your project has MongoDB 4.2 clusters, you can’t create custom roles that use actions introduced in MongoDB 4.4.

    NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as mongodbatlas from "@pulumi/mongodbatlas";
    
    const testRole = new mongodbatlas.CustomDbRole("test_role", {
        projectId: "<PROJECT-ID>",
        roleName: "myCustomRole",
        actions: [
            {
                action: "UPDATE",
                resources: [{
                    collectionName: "",
                    databaseName: "anyDatabase",
                }],
            },
            {
                action: "INSERT",
                resources: [{
                    collectionName: "",
                    databaseName: "anyDatabase",
                }],
            },
            {
                action: "REMOVE",
                resources: [{
                    collectionName: "",
                    databaseName: "anyDatabase",
                }],
            },
        ],
    });
    
    import pulumi
    import pulumi_mongodbatlas as mongodbatlas
    
    test_role = mongodbatlas.CustomDbRole("test_role",
        project_id="<PROJECT-ID>",
        role_name="myCustomRole",
        actions=[
            mongodbatlas.CustomDbRoleActionArgs(
                action="UPDATE",
                resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                    collection_name="",
                    database_name="anyDatabase",
                )],
            ),
            mongodbatlas.CustomDbRoleActionArgs(
                action="INSERT",
                resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                    collection_name="",
                    database_name="anyDatabase",
                )],
            ),
            mongodbatlas.CustomDbRoleActionArgs(
                action="REMOVE",
                resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                    collection_name="",
                    database_name="anyDatabase",
                )],
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := mongodbatlas.NewCustomDbRole(ctx, "test_role", &mongodbatlas.CustomDbRoleArgs{
    			ProjectId: pulumi.String("<PROJECT-ID>"),
    			RoleName:  pulumi.String("myCustomRole"),
    			Actions: mongodbatlas.CustomDbRoleActionArray{
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("UPDATE"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							CollectionName: pulumi.String(""),
    							DatabaseName:   pulumi.String("anyDatabase"),
    						},
    					},
    				},
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("INSERT"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							CollectionName: pulumi.String(""),
    							DatabaseName:   pulumi.String("anyDatabase"),
    						},
    					},
    				},
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("REMOVE"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							CollectionName: pulumi.String(""),
    							DatabaseName:   pulumi.String("anyDatabase"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Mongodbatlas = Pulumi.Mongodbatlas;
    
    return await Deployment.RunAsync(() => 
    {
        var testRole = new Mongodbatlas.CustomDbRole("test_role", new()
        {
            ProjectId = "<PROJECT-ID>",
            RoleName = "myCustomRole",
            Actions = new[]
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "UPDATE",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "INSERT",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "REMOVE",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.CustomDbRole;
    import com.pulumi.mongodbatlas.CustomDbRoleArgs;
    import com.pulumi.mongodbatlas.inputs.CustomDbRoleActionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testRole = new CustomDbRole("testRole", CustomDbRoleArgs.builder()
                .projectId("<PROJECT-ID>")
                .roleName("myCustomRole")
                .actions(            
                    CustomDbRoleActionArgs.builder()
                        .action("UPDATE")
                        .resources(CustomDbRoleActionResourceArgs.builder()
                            .collectionName("")
                            .databaseName("anyDatabase")
                            .build())
                        .build(),
                    CustomDbRoleActionArgs.builder()
                        .action("INSERT")
                        .resources(CustomDbRoleActionResourceArgs.builder()
                            .collectionName("")
                            .databaseName("anyDatabase")
                            .build())
                        .build(),
                    CustomDbRoleActionArgs.builder()
                        .action("REMOVE")
                        .resources(CustomDbRoleActionResourceArgs.builder()
                            .collectionName("")
                            .databaseName("anyDatabase")
                            .build())
                        .build())
                .build());
    
        }
    }
    
    resources:
      testRole:
        type: mongodbatlas:CustomDbRole
        name: test_role
        properties:
          projectId: <PROJECT-ID>
          roleName: myCustomRole
          actions:
            - action: UPDATE
              resources:
                - collectionName:
                  databaseName: anyDatabase
            - action: INSERT
              resources:
                - collectionName:
                  databaseName: anyDatabase
            - action: REMOVE
              resources:
                - collectionName:
                  databaseName: anyDatabase
    

    With Inherited Roles

    import * as pulumi from "@pulumi/pulumi";
    import * as mongodbatlas from "@pulumi/mongodbatlas";
    
    const inheritedRoleOne = new mongodbatlas.CustomDbRole("inherited_role_one", {
        projectId: "<PROJECT-ID>",
        roleName: "insertRole",
        actions: [{
            action: "INSERT",
            resources: [{
                collectionName: "",
                databaseName: "anyDatabase",
            }],
        }],
    });
    const inheritedRoleTwo = new mongodbatlas.CustomDbRole("inherited_role_two", {
        projectId: inheritedRoleOne.projectId,
        roleName: "statusServerRole",
        actions: [{
            action: "SERVER_STATUS",
            resources: [{
                cluster: true,
            }],
        }],
    });
    const testRole = new mongodbatlas.CustomDbRole("test_role", {
        projectId: inheritedRoleOne.projectId,
        roleName: "myCustomRole",
        actions: [
            {
                action: "UPDATE",
                resources: [{
                    collectionName: "",
                    databaseName: "anyDatabase",
                }],
            },
            {
                action: "REMOVE",
                resources: [{
                    collectionName: "",
                    databaseName: "anyDatabase",
                }],
            },
        ],
        inheritedRoles: [
            {
                roleName: inheritedRoleOne.roleName,
                databaseName: "admin",
            },
            {
                roleName: inheritedRoleTwo.roleName,
                databaseName: "admin",
            },
        ],
    });
    
    import pulumi
    import pulumi_mongodbatlas as mongodbatlas
    
    inherited_role_one = mongodbatlas.CustomDbRole("inherited_role_one",
        project_id="<PROJECT-ID>",
        role_name="insertRole",
        actions=[mongodbatlas.CustomDbRoleActionArgs(
            action="INSERT",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                collection_name="",
                database_name="anyDatabase",
            )],
        )])
    inherited_role_two = mongodbatlas.CustomDbRole("inherited_role_two",
        project_id=inherited_role_one.project_id,
        role_name="statusServerRole",
        actions=[mongodbatlas.CustomDbRoleActionArgs(
            action="SERVER_STATUS",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                cluster=True,
            )],
        )])
    test_role = mongodbatlas.CustomDbRole("test_role",
        project_id=inherited_role_one.project_id,
        role_name="myCustomRole",
        actions=[
            mongodbatlas.CustomDbRoleActionArgs(
                action="UPDATE",
                resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                    collection_name="",
                    database_name="anyDatabase",
                )],
            ),
            mongodbatlas.CustomDbRoleActionArgs(
                action="REMOVE",
                resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                    collection_name="",
                    database_name="anyDatabase",
                )],
            ),
        ],
        inherited_roles=[
            mongodbatlas.CustomDbRoleInheritedRoleArgs(
                role_name=inherited_role_one.role_name,
                database_name="admin",
            ),
            mongodbatlas.CustomDbRoleInheritedRoleArgs(
                role_name=inherited_role_two.role_name,
                database_name="admin",
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		inheritedRoleOne, err := mongodbatlas.NewCustomDbRole(ctx, "inherited_role_one", &mongodbatlas.CustomDbRoleArgs{
    			ProjectId: pulumi.String("<PROJECT-ID>"),
    			RoleName:  pulumi.String("insertRole"),
    			Actions: mongodbatlas.CustomDbRoleActionArray{
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("INSERT"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							CollectionName: pulumi.String(""),
    							DatabaseName:   pulumi.String("anyDatabase"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		inheritedRoleTwo, err := mongodbatlas.NewCustomDbRole(ctx, "inherited_role_two", &mongodbatlas.CustomDbRoleArgs{
    			ProjectId: inheritedRoleOne.ProjectId,
    			RoleName:  pulumi.String("statusServerRole"),
    			Actions: mongodbatlas.CustomDbRoleActionArray{
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("SERVER_STATUS"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							Cluster: pulumi.Bool(true),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = mongodbatlas.NewCustomDbRole(ctx, "test_role", &mongodbatlas.CustomDbRoleArgs{
    			ProjectId: inheritedRoleOne.ProjectId,
    			RoleName:  pulumi.String("myCustomRole"),
    			Actions: mongodbatlas.CustomDbRoleActionArray{
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("UPDATE"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							CollectionName: pulumi.String(""),
    							DatabaseName:   pulumi.String("anyDatabase"),
    						},
    					},
    				},
    				&mongodbatlas.CustomDbRoleActionArgs{
    					Action: pulumi.String("REMOVE"),
    					Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    						&mongodbatlas.CustomDbRoleActionResourceArgs{
    							CollectionName: pulumi.String(""),
    							DatabaseName:   pulumi.String("anyDatabase"),
    						},
    					},
    				},
    			},
    			InheritedRoles: mongodbatlas.CustomDbRoleInheritedRoleArray{
    				&mongodbatlas.CustomDbRoleInheritedRoleArgs{
    					RoleName:     inheritedRoleOne.RoleName,
    					DatabaseName: pulumi.String("admin"),
    				},
    				&mongodbatlas.CustomDbRoleInheritedRoleArgs{
    					RoleName:     inheritedRoleTwo.RoleName,
    					DatabaseName: pulumi.String("admin"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Mongodbatlas = Pulumi.Mongodbatlas;
    
    return await Deployment.RunAsync(() => 
    {
        var inheritedRoleOne = new Mongodbatlas.CustomDbRole("inherited_role_one", new()
        {
            ProjectId = "<PROJECT-ID>",
            RoleName = "insertRole",
            Actions = new[]
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "INSERT",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
            },
        });
    
        var inheritedRoleTwo = new Mongodbatlas.CustomDbRole("inherited_role_two", new()
        {
            ProjectId = inheritedRoleOne.ProjectId,
            RoleName = "statusServerRole",
            Actions = new[]
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "SERVER_STATUS",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            Cluster = true,
                        },
                    },
                },
            },
        });
    
        var testRole = new Mongodbatlas.CustomDbRole("test_role", new()
        {
            ProjectId = inheritedRoleOne.ProjectId,
            RoleName = "myCustomRole",
            Actions = new[]
            {
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "UPDATE",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
                new Mongodbatlas.Inputs.CustomDbRoleActionArgs
                {
                    Action = "REMOVE",
                    Resources = new[]
                    {
                        new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                        {
                            CollectionName = "",
                            DatabaseName = "anyDatabase",
                        },
                    },
                },
            },
            InheritedRoles = new[]
            {
                new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
                {
                    RoleName = inheritedRoleOne.RoleName,
                    DatabaseName = "admin",
                },
                new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
                {
                    RoleName = inheritedRoleTwo.RoleName,
                    DatabaseName = "admin",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.CustomDbRole;
    import com.pulumi.mongodbatlas.CustomDbRoleArgs;
    import com.pulumi.mongodbatlas.inputs.CustomDbRoleActionArgs;
    import com.pulumi.mongodbatlas.inputs.CustomDbRoleInheritedRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var inheritedRoleOne = new CustomDbRole("inheritedRoleOne", CustomDbRoleArgs.builder()
                .projectId("<PROJECT-ID>")
                .roleName("insertRole")
                .actions(CustomDbRoleActionArgs.builder()
                    .action("INSERT")
                    .resources(CustomDbRoleActionResourceArgs.builder()
                        .collectionName("")
                        .databaseName("anyDatabase")
                        .build())
                    .build())
                .build());
    
            var inheritedRoleTwo = new CustomDbRole("inheritedRoleTwo", CustomDbRoleArgs.builder()
                .projectId(inheritedRoleOne.projectId())
                .roleName("statusServerRole")
                .actions(CustomDbRoleActionArgs.builder()
                    .action("SERVER_STATUS")
                    .resources(CustomDbRoleActionResourceArgs.builder()
                        .cluster(true)
                        .build())
                    .build())
                .build());
    
            var testRole = new CustomDbRole("testRole", CustomDbRoleArgs.builder()
                .projectId(inheritedRoleOne.projectId())
                .roleName("myCustomRole")
                .actions(            
                    CustomDbRoleActionArgs.builder()
                        .action("UPDATE")
                        .resources(CustomDbRoleActionResourceArgs.builder()
                            .collectionName("")
                            .databaseName("anyDatabase")
                            .build())
                        .build(),
                    CustomDbRoleActionArgs.builder()
                        .action("REMOVE")
                        .resources(CustomDbRoleActionResourceArgs.builder()
                            .collectionName("")
                            .databaseName("anyDatabase")
                            .build())
                        .build())
                .inheritedRoles(            
                    CustomDbRoleInheritedRoleArgs.builder()
                        .roleName(inheritedRoleOne.roleName())
                        .databaseName("admin")
                        .build(),
                    CustomDbRoleInheritedRoleArgs.builder()
                        .roleName(inheritedRoleTwo.roleName())
                        .databaseName("admin")
                        .build())
                .build());
    
        }
    }
    
    resources:
      inheritedRoleOne:
        type: mongodbatlas:CustomDbRole
        name: inherited_role_one
        properties:
          projectId: <PROJECT-ID>
          roleName: insertRole
          actions:
            - action: INSERT
              resources:
                - collectionName:
                  databaseName: anyDatabase
      inheritedRoleTwo:
        type: mongodbatlas:CustomDbRole
        name: inherited_role_two
        properties:
          projectId: ${inheritedRoleOne.projectId}
          roleName: statusServerRole
          actions:
            - action: SERVER_STATUS
              resources:
                - cluster: true
      testRole:
        type: mongodbatlas:CustomDbRole
        name: test_role
        properties:
          projectId: ${inheritedRoleOne.projectId}
          roleName: myCustomRole
          actions:
            - action: UPDATE
              resources:
                - collectionName:
                  databaseName: anyDatabase
            - action: REMOVE
              resources:
                - collectionName:
                  databaseName: anyDatabase
          inheritedRoles:
            - roleName: ${inheritedRoleOne.roleName}
              databaseName: admin
            - roleName: ${inheritedRoleTwo.roleName}
              databaseName: admin
    

    Create CustomDbRole Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CustomDbRole(name: string, args: CustomDbRoleArgs, opts?: CustomResourceOptions);
    @overload
    def CustomDbRole(resource_name: str,
                     args: CustomDbRoleArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def CustomDbRole(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     project_id: Optional[str] = None,
                     role_name: Optional[str] = None,
                     actions: Optional[Sequence[CustomDbRoleActionArgs]] = None,
                     inherited_roles: Optional[Sequence[CustomDbRoleInheritedRoleArgs]] = None)
    func NewCustomDbRole(ctx *Context, name string, args CustomDbRoleArgs, opts ...ResourceOption) (*CustomDbRole, error)
    public CustomDbRole(string name, CustomDbRoleArgs args, CustomResourceOptions? opts = null)
    public CustomDbRole(String name, CustomDbRoleArgs args)
    public CustomDbRole(String name, CustomDbRoleArgs args, CustomResourceOptions options)
    
    type: mongodbatlas:CustomDbRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CustomDbRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CustomDbRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CustomDbRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CustomDbRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CustomDbRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var customDbRoleResource = new Mongodbatlas.CustomDbRole("customDbRoleResource", new()
    {
        ProjectId = "string",
        RoleName = "string",
        Actions = new[]
        {
            new Mongodbatlas.Inputs.CustomDbRoleActionArgs
            {
                Action = "string",
                Resources = new[]
                {
                    new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
                    {
                        Cluster = false,
                        CollectionName = "string",
                        DatabaseName = "string",
                    },
                },
            },
        },
        InheritedRoles = new[]
        {
            new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
            {
                DatabaseName = "string",
                RoleName = "string",
            },
        },
    });
    
    example, err := mongodbatlas.NewCustomDbRole(ctx, "customDbRoleResource", &mongodbatlas.CustomDbRoleArgs{
    	ProjectId: pulumi.String("string"),
    	RoleName:  pulumi.String("string"),
    	Actions: mongodbatlas.CustomDbRoleActionArray{
    		&mongodbatlas.CustomDbRoleActionArgs{
    			Action: pulumi.String("string"),
    			Resources: mongodbatlas.CustomDbRoleActionResourceArray{
    				&mongodbatlas.CustomDbRoleActionResourceArgs{
    					Cluster:        pulumi.Bool(false),
    					CollectionName: pulumi.String("string"),
    					DatabaseName:   pulumi.String("string"),
    				},
    			},
    		},
    	},
    	InheritedRoles: mongodbatlas.CustomDbRoleInheritedRoleArray{
    		&mongodbatlas.CustomDbRoleInheritedRoleArgs{
    			DatabaseName: pulumi.String("string"),
    			RoleName:     pulumi.String("string"),
    		},
    	},
    })
    
    var customDbRoleResource = new CustomDbRole("customDbRoleResource", CustomDbRoleArgs.builder()
        .projectId("string")
        .roleName("string")
        .actions(CustomDbRoleActionArgs.builder()
            .action("string")
            .resources(CustomDbRoleActionResourceArgs.builder()
                .cluster(false)
                .collectionName("string")
                .databaseName("string")
                .build())
            .build())
        .inheritedRoles(CustomDbRoleInheritedRoleArgs.builder()
            .databaseName("string")
            .roleName("string")
            .build())
        .build());
    
    custom_db_role_resource = mongodbatlas.CustomDbRole("customDbRoleResource",
        project_id="string",
        role_name="string",
        actions=[mongodbatlas.CustomDbRoleActionArgs(
            action="string",
            resources=[mongodbatlas.CustomDbRoleActionResourceArgs(
                cluster=False,
                collection_name="string",
                database_name="string",
            )],
        )],
        inherited_roles=[mongodbatlas.CustomDbRoleInheritedRoleArgs(
            database_name="string",
            role_name="string",
        )])
    
    const customDbRoleResource = new mongodbatlas.CustomDbRole("customDbRoleResource", {
        projectId: "string",
        roleName: "string",
        actions: [{
            action: "string",
            resources: [{
                cluster: false,
                collectionName: "string",
                databaseName: "string",
            }],
        }],
        inheritedRoles: [{
            databaseName: "string",
            roleName: "string",
        }],
    });
    
    type: mongodbatlas:CustomDbRole
    properties:
        actions:
            - action: string
              resources:
                - cluster: false
                  collectionName: string
                  databaseName: string
        inheritedRoles:
            - databaseName: string
              roleName: string
        projectId: string
        roleName: string
    

    CustomDbRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CustomDbRole resource accepts the following input properties:

    ProjectId string
    The unique ID for the project to create the database user.
    RoleName string

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    Actions List<CustomDbRoleAction>
    InheritedRoles List<CustomDbRoleInheritedRole>
    ProjectId string
    The unique ID for the project to create the database user.
    RoleName string

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    Actions []CustomDbRoleActionArgs
    InheritedRoles []CustomDbRoleInheritedRoleArgs
    projectId String
    The unique ID for the project to create the database user.
    roleName String

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions List<CustomDbRoleAction>
    inheritedRoles List<CustomDbRoleInheritedRole>
    projectId string
    The unique ID for the project to create the database user.
    roleName string

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions CustomDbRoleAction[]
    inheritedRoles CustomDbRoleInheritedRole[]
    project_id str
    The unique ID for the project to create the database user.
    role_name str

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions Sequence[CustomDbRoleActionArgs]
    inherited_roles Sequence[CustomDbRoleInheritedRoleArgs]
    projectId String
    The unique ID for the project to create the database user.
    roleName String

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions List<Property Map>
    inheritedRoles List<Property Map>

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CustomDbRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing CustomDbRole Resource

    Get an existing CustomDbRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CustomDbRoleState, opts?: CustomResourceOptions): CustomDbRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            actions: Optional[Sequence[CustomDbRoleActionArgs]] = None,
            inherited_roles: Optional[Sequence[CustomDbRoleInheritedRoleArgs]] = None,
            project_id: Optional[str] = None,
            role_name: Optional[str] = None) -> CustomDbRole
    func GetCustomDbRole(ctx *Context, name string, id IDInput, state *CustomDbRoleState, opts ...ResourceOption) (*CustomDbRole, error)
    public static CustomDbRole Get(string name, Input<string> id, CustomDbRoleState? state, CustomResourceOptions? opts = null)
    public static CustomDbRole get(String name, Output<String> id, CustomDbRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Actions List<CustomDbRoleAction>
    InheritedRoles List<CustomDbRoleInheritedRole>
    ProjectId string
    The unique ID for the project to create the database user.
    RoleName string

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    Actions []CustomDbRoleActionArgs
    InheritedRoles []CustomDbRoleInheritedRoleArgs
    ProjectId string
    The unique ID for the project to create the database user.
    RoleName string

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions List<CustomDbRoleAction>
    inheritedRoles List<CustomDbRoleInheritedRole>
    projectId String
    The unique ID for the project to create the database user.
    roleName String

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions CustomDbRoleAction[]
    inheritedRoles CustomDbRoleInheritedRole[]
    projectId string
    The unique ID for the project to create the database user.
    roleName string

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions Sequence[CustomDbRoleActionArgs]
    inherited_roles Sequence[CustomDbRoleInheritedRoleArgs]
    project_id str
    The unique ID for the project to create the database user.
    role_name str

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-
    actions List<Property Map>
    inheritedRoles List<Property Map>
    projectId String
    The unique ID for the project to create the database user.
    roleName String

    Name of the custom role.

    IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:

    • Is a name already used by an existing custom role in the project
    • Is a name of any of the built-in roles
    • Is atlasAdmin
    • Starts with xgen-

    Supporting Types

    CustomDbRoleAction, CustomDbRoleActionArgs

    Action string

    Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions

    Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

    Resources List<CustomDbRoleActionResource>

    Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

    • resources.#.collection_name - (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.database_name Database on which the action is granted.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.cluster (Optional) Set to true to indicate that the action is granted on the cluster resource.

    NOTE This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

    Action string

    Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions

    Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

    Resources []CustomDbRoleActionResource

    Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

    • resources.#.collection_name - (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.database_name Database on which the action is granted.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.cluster (Optional) Set to true to indicate that the action is granted on the cluster resource.

    NOTE This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

    action String

    Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions

    Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

    resources List<CustomDbRoleActionResource>

    Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

    • resources.#.collection_name - (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.database_name Database on which the action is granted.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.cluster (Optional) Set to true to indicate that the action is granted on the cluster resource.

    NOTE This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

    action string

    Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions

    Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

    resources CustomDbRoleActionResource[]

    Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

    • resources.#.collection_name - (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.database_name Database on which the action is granted.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.cluster (Optional) Set to true to indicate that the action is granted on the cluster resource.

    NOTE This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

    action str

    Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions

    Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

    resources Sequence[CustomDbRoleActionResource]

    Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

    • resources.#.collection_name - (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.database_name Database on which the action is granted.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.cluster (Optional) Set to true to indicate that the action is granted on the cluster resource.

    NOTE This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

    action String

    Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions

    Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.

    resources List<Property Map>

    Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.

    • resources.#.collection_name - (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.database_name Database on which the action is granted.

    NOTE This field is mutually exclusive with the actions.resources.cluster field.

    • resources.#.cluster (Optional) Set to true to indicate that the action is granted on the cluster resource.

    NOTE This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

    CustomDbRoleActionResource, CustomDbRoleActionResourceArgs

    cluster Boolean
    collectionName String
    databaseName String
    cluster boolean
    collectionName string
    databaseName string
    cluster Boolean
    collectionName String
    databaseName String

    CustomDbRoleInheritedRole, CustomDbRoleInheritedRoleArgs

    DatabaseName string

    Database on which the inherited role is granted.

    NOTE This value should be admin for all roles except read and readWrite.

    RoleName string
    Name of the inherited role. This can either be another custom role or a built-in role.
    DatabaseName string

    Database on which the inherited role is granted.

    NOTE This value should be admin for all roles except read and readWrite.

    RoleName string
    Name of the inherited role. This can either be another custom role or a built-in role.
    databaseName String

    Database on which the inherited role is granted.

    NOTE This value should be admin for all roles except read and readWrite.

    roleName String
    Name of the inherited role. This can either be another custom role or a built-in role.
    databaseName string

    Database on which the inherited role is granted.

    NOTE This value should be admin for all roles except read and readWrite.

    roleName string
    Name of the inherited role. This can either be another custom role or a built-in role.
    database_name str

    Database on which the inherited role is granted.

    NOTE This value should be admin for all roles except read and readWrite.

    role_name str
    Name of the inherited role. This can either be another custom role or a built-in role.
    databaseName String

    Database on which the inherited role is granted.

    NOTE This value should be admin for all roles except read and readWrite.

    roleName String
    Name of the inherited role. This can either be another custom role or a built-in role.

    Import

    Database users can be imported using project ID and username, in the format PROJECTID-ROLENAME, e.g.

    $ pulumi import mongodbatlas:index/customDbRole:CustomDbRole my_role 1112222b3bf99403840e8934-MyCustomRole
    

    For more information see: MongoDB Atlas API Reference.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    MongoDB Atlas pulumi/pulumi-mongodbatlas
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mongodbatlas Terraform Provider.
    mongodbatlas logo
    MongoDB Atlas v3.16.0 published on Wednesday, Jun 12, 2024 by Pulumi