1. Packages
  2. MongoDB Atlas
  3. API Docs
  4. DatabaseUser
MongoDB Atlas v3.16.2 published on Friday, Jun 21, 2024 by Pulumi

mongodbatlas.DatabaseUser

Explore with Pulumi AI

mongodbatlas logo
MongoDB Atlas v3.16.2 published on Friday, Jun 21, 2024 by Pulumi

    mongodbatlas.DatabaseUser provides a Database User resource. This represents a database user which will be applied to all clusters within the project.

    Each user has a set of roles that provide access to the project’s databases. User’s roles apply to all the clusters in the project: if two clusters have a products database and a user has a role granting read access on the products database, the user has that access on both clusters.

    NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.

    WARNING: The password argument is required for creation but should be removed after creation if it will be managed externally. More details can be found in the password argument documentation.

    IMPORTANT: All arguments including the password will be stored in the raw state as plain-text. Read more about sensitive data in state.

    Example Usage

    S

    import * as pulumi from "@pulumi/pulumi";
    import * as mongodbatlas from "@pulumi/mongodbatlas";
    
    const test = new mongodbatlas.DatabaseUser("test", {
        username: "test-acc-username",
        password: "test-acc-password",
        projectId: "<PROJECT-ID>",
        authDatabaseName: "admin",
        roles: [
            {
                roleName: "readWrite",
                databaseName: "dbforApp",
            },
            {
                roleName: "readAnyDatabase",
                databaseName: "admin",
            },
        ],
        labels: [{
            key: "My Key",
            value: "My Value",
        }],
        scopes: [
            {
                name: "My cluster name",
                type: "CLUSTER",
            },
            {
                name: "My second cluster name",
                type: "CLUSTER",
            },
        ],
    });
    
    import pulumi
    import pulumi_mongodbatlas as mongodbatlas
    
    test = mongodbatlas.DatabaseUser("test",
        username="test-acc-username",
        password="test-acc-password",
        project_id="<PROJECT-ID>",
        auth_database_name="admin",
        roles=[
            mongodbatlas.DatabaseUserRoleArgs(
                role_name="readWrite",
                database_name="dbforApp",
            ),
            mongodbatlas.DatabaseUserRoleArgs(
                role_name="readAnyDatabase",
                database_name="admin",
            ),
        ],
        labels=[mongodbatlas.DatabaseUserLabelArgs(
            key="My Key",
            value="My Value",
        )],
        scopes=[
            mongodbatlas.DatabaseUserScopeArgs(
                name="My cluster name",
                type="CLUSTER",
            ),
            mongodbatlas.DatabaseUserScopeArgs(
                name="My second cluster name",
                type="CLUSTER",
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
    			Username:         pulumi.String("test-acc-username"),
    			Password:         pulumi.String("test-acc-password"),
    			ProjectId:        pulumi.String("<PROJECT-ID>"),
    			AuthDatabaseName: pulumi.String("admin"),
    			Roles: mongodbatlas.DatabaseUserRoleArray{
    				&mongodbatlas.DatabaseUserRoleArgs{
    					RoleName:     pulumi.String("readWrite"),
    					DatabaseName: pulumi.String("dbforApp"),
    				},
    				&mongodbatlas.DatabaseUserRoleArgs{
    					RoleName:     pulumi.String("readAnyDatabase"),
    					DatabaseName: pulumi.String("admin"),
    				},
    			},
    			Labels: mongodbatlas.DatabaseUserLabelArray{
    				&mongodbatlas.DatabaseUserLabelArgs{
    					Key:   pulumi.String("My Key"),
    					Value: pulumi.String("My Value"),
    				},
    			},
    			Scopes: mongodbatlas.DatabaseUserScopeArray{
    				&mongodbatlas.DatabaseUserScopeArgs{
    					Name: pulumi.String("My cluster name"),
    					Type: pulumi.String("CLUSTER"),
    				},
    				&mongodbatlas.DatabaseUserScopeArgs{
    					Name: pulumi.String("My second cluster name"),
    					Type: pulumi.String("CLUSTER"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Mongodbatlas = Pulumi.Mongodbatlas;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Mongodbatlas.DatabaseUser("test", new()
        {
            Username = "test-acc-username",
            Password = "test-acc-password",
            ProjectId = "<PROJECT-ID>",
            AuthDatabaseName = "admin",
            Roles = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserRoleArgs
                {
                    RoleName = "readWrite",
                    DatabaseName = "dbforApp",
                },
                new Mongodbatlas.Inputs.DatabaseUserRoleArgs
                {
                    RoleName = "readAnyDatabase",
                    DatabaseName = "admin",
                },
            },
            Labels = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserLabelArgs
                {
                    Key = "My Key",
                    Value = "My Value",
                },
            },
            Scopes = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserScopeArgs
                {
                    Name = "My cluster name",
                    Type = "CLUSTER",
                },
                new Mongodbatlas.Inputs.DatabaseUserScopeArgs
                {
                    Name = "My second cluster name",
                    Type = "CLUSTER",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.DatabaseUser;
    import com.pulumi.mongodbatlas.DatabaseUserArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new DatabaseUser("test", DatabaseUserArgs.builder()
                .username("test-acc-username")
                .password("test-acc-password")
                .projectId("<PROJECT-ID>")
                .authDatabaseName("admin")
                .roles(            
                    DatabaseUserRoleArgs.builder()
                        .roleName("readWrite")
                        .databaseName("dbforApp")
                        .build(),
                    DatabaseUserRoleArgs.builder()
                        .roleName("readAnyDatabase")
                        .databaseName("admin")
                        .build())
                .labels(DatabaseUserLabelArgs.builder()
                    .key("My Key")
                    .value("My Value")
                    .build())
                .scopes(            
                    DatabaseUserScopeArgs.builder()
                        .name("My cluster name")
                        .type("CLUSTER")
                        .build(),
                    DatabaseUserScopeArgs.builder()
                        .name("My second cluster name")
                        .type("CLUSTER")
                        .build())
                .build());
    
        }
    }
    
    resources:
      test:
        type: mongodbatlas:DatabaseUser
        properties:
          username: test-acc-username
          password: test-acc-password
          projectId: <PROJECT-ID>
          authDatabaseName: admin
          roles:
            - roleName: readWrite
              databaseName: dbforApp
            - roleName: readAnyDatabase
              databaseName: admin
          labels:
            - key: My Key
              value: My Value
          scopes:
            - name: My cluster name
              type: CLUSTER
            - name: My second cluster name
              type: CLUSTER
    
    import * as pulumi from "@pulumi/pulumi";
    import * as mongodbatlas from "@pulumi/mongodbatlas";
    
    const test = new mongodbatlas.DatabaseUser("test", {
        username: "test-acc-username",
        x509Type: "MANAGED",
        projectId: "<PROJECT-ID>",
        authDatabaseName: "$external",
        roles: [{
            roleName: "readAnyDatabase",
            databaseName: "admin",
        }],
        labels: [{
            key: "%s",
            value: "%s",
        }],
        scopes: [{
            name: "My cluster name",
            type: "CLUSTER",
        }],
    });
    
    import pulumi
    import pulumi_mongodbatlas as mongodbatlas
    
    test = mongodbatlas.DatabaseUser("test",
        username="test-acc-username",
        x509_type="MANAGED",
        project_id="<PROJECT-ID>",
        auth_database_name="$external",
        roles=[mongodbatlas.DatabaseUserRoleArgs(
            role_name="readAnyDatabase",
            database_name="admin",
        )],
        labels=[mongodbatlas.DatabaseUserLabelArgs(
            key="%s",
            value="%s",
        )],
        scopes=[mongodbatlas.DatabaseUserScopeArgs(
            name="My cluster name",
            type="CLUSTER",
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
    			Username:         pulumi.String("test-acc-username"),
    			X509Type:         pulumi.String("MANAGED"),
    			ProjectId:        pulumi.String("<PROJECT-ID>"),
    			AuthDatabaseName: pulumi.String("$external"),
    			Roles: mongodbatlas.DatabaseUserRoleArray{
    				&mongodbatlas.DatabaseUserRoleArgs{
    					RoleName:     pulumi.String("readAnyDatabase"),
    					DatabaseName: pulumi.String("admin"),
    				},
    			},
    			Labels: mongodbatlas.DatabaseUserLabelArray{
    				&mongodbatlas.DatabaseUserLabelArgs{
    					Key:   pulumi.String("%s"),
    					Value: pulumi.String("%s"),
    				},
    			},
    			Scopes: mongodbatlas.DatabaseUserScopeArray{
    				&mongodbatlas.DatabaseUserScopeArgs{
    					Name: pulumi.String("My cluster name"),
    					Type: pulumi.String("CLUSTER"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Mongodbatlas = Pulumi.Mongodbatlas;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Mongodbatlas.DatabaseUser("test", new()
        {
            Username = "test-acc-username",
            X509Type = "MANAGED",
            ProjectId = "<PROJECT-ID>",
            AuthDatabaseName = "$external",
            Roles = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserRoleArgs
                {
                    RoleName = "readAnyDatabase",
                    DatabaseName = "admin",
                },
            },
            Labels = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserLabelArgs
                {
                    Key = "%s",
                    Value = "%s",
                },
            },
            Scopes = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserScopeArgs
                {
                    Name = "My cluster name",
                    Type = "CLUSTER",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.DatabaseUser;
    import com.pulumi.mongodbatlas.DatabaseUserArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new DatabaseUser("test", DatabaseUserArgs.builder()
                .username("test-acc-username")
                .x509Type("MANAGED")
                .projectId("<PROJECT-ID>")
                .authDatabaseName("$external")
                .roles(DatabaseUserRoleArgs.builder()
                    .roleName("readAnyDatabase")
                    .databaseName("admin")
                    .build())
                .labels(DatabaseUserLabelArgs.builder()
                    .key("%s")
                    .value("%s")
                    .build())
                .scopes(DatabaseUserScopeArgs.builder()
                    .name("My cluster name")
                    .type("CLUSTER")
                    .build())
                .build());
    
        }
    }
    
    resources:
      test:
        type: mongodbatlas:DatabaseUser
        properties:
          username: test-acc-username
          x509Type: MANAGED
          projectId: <PROJECT-ID>
          authDatabaseName: $external
          roles:
            - roleName: readAnyDatabase
              databaseName: admin
          labels:
            - key: '%s'
              value: '%s'
          scopes:
            - name: My cluster name
              type: CLUSTER
    
    import * as pulumi from "@pulumi/pulumi";
    import * as mongodbatlas from "@pulumi/mongodbatlas";
    
    const test = new mongodbatlas.DatabaseUser("test", {
        username: testAwsIamRole.arn,
        projectId: "<PROJECT-ID>",
        authDatabaseName: "$external",
        awsIamType: "ROLE",
        roles: [{
            roleName: "readAnyDatabase",
            databaseName: "admin",
        }],
        labels: [{
            key: "%s",
            value: "%s",
        }],
        scopes: [{
            name: "My cluster name",
            type: "CLUSTER",
        }],
    });
    
    import pulumi
    import pulumi_mongodbatlas as mongodbatlas
    
    test = mongodbatlas.DatabaseUser("test",
        username=test_aws_iam_role["arn"],
        project_id="<PROJECT-ID>",
        auth_database_name="$external",
        aws_iam_type="ROLE",
        roles=[mongodbatlas.DatabaseUserRoleArgs(
            role_name="readAnyDatabase",
            database_name="admin",
        )],
        labels=[mongodbatlas.DatabaseUserLabelArgs(
            key="%s",
            value="%s",
        )],
        scopes=[mongodbatlas.DatabaseUserScopeArgs(
            name="My cluster name",
            type="CLUSTER",
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
    			Username:         pulumi.Any(testAwsIamRole.Arn),
    			ProjectId:        pulumi.String("<PROJECT-ID>"),
    			AuthDatabaseName: pulumi.String("$external"),
    			AwsIamType:       pulumi.String("ROLE"),
    			Roles: mongodbatlas.DatabaseUserRoleArray{
    				&mongodbatlas.DatabaseUserRoleArgs{
    					RoleName:     pulumi.String("readAnyDatabase"),
    					DatabaseName: pulumi.String("admin"),
    				},
    			},
    			Labels: mongodbatlas.DatabaseUserLabelArray{
    				&mongodbatlas.DatabaseUserLabelArgs{
    					Key:   pulumi.String("%s"),
    					Value: pulumi.String("%s"),
    				},
    			},
    			Scopes: mongodbatlas.DatabaseUserScopeArray{
    				&mongodbatlas.DatabaseUserScopeArgs{
    					Name: pulumi.String("My cluster name"),
    					Type: pulumi.String("CLUSTER"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Mongodbatlas = Pulumi.Mongodbatlas;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Mongodbatlas.DatabaseUser("test", new()
        {
            Username = testAwsIamRole.Arn,
            ProjectId = "<PROJECT-ID>",
            AuthDatabaseName = "$external",
            AwsIamType = "ROLE",
            Roles = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserRoleArgs
                {
                    RoleName = "readAnyDatabase",
                    DatabaseName = "admin",
                },
            },
            Labels = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserLabelArgs
                {
                    Key = "%s",
                    Value = "%s",
                },
            },
            Scopes = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserScopeArgs
                {
                    Name = "My cluster name",
                    Type = "CLUSTER",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.DatabaseUser;
    import com.pulumi.mongodbatlas.DatabaseUserArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new DatabaseUser("test", DatabaseUserArgs.builder()
                .username(testAwsIamRole.arn())
                .projectId("<PROJECT-ID>")
                .authDatabaseName("$external")
                .awsIamType("ROLE")
                .roles(DatabaseUserRoleArgs.builder()
                    .roleName("readAnyDatabase")
                    .databaseName("admin")
                    .build())
                .labels(DatabaseUserLabelArgs.builder()
                    .key("%s")
                    .value("%s")
                    .build())
                .scopes(DatabaseUserScopeArgs.builder()
                    .name("My cluster name")
                    .type("CLUSTER")
                    .build())
                .build());
    
        }
    }
    
    resources:
      test:
        type: mongodbatlas:DatabaseUser
        properties:
          username: ${testAwsIamRole.arn}
          projectId: <PROJECT-ID>
          authDatabaseName: $external
          awsIamType: ROLE
          roles:
            - roleName: readAnyDatabase
              databaseName: admin
          labels:
            - key: '%s'
              value: '%s'
          scopes:
            - name: My cluster name
              type: CLUSTER
    

    Example of how to create a OIDC federated authentication user

    import * as pulumi from "@pulumi/pulumi";
    import * as mongodbatlas from "@pulumi/mongodbatlas";
    
    const test = new mongodbatlas.DatabaseUser("test", {
        username: "64d613677e1ad50839cce4db/testUserOr",
        projectId: "6414908c207f4d22f4d8f232",
        authDatabaseName: "admin",
        oidcAuthType: "IDP_GROUP",
        roles: [{
            roleName: "readWriteAnyDatabase",
            databaseName: "admin",
        }],
    });
    
    import pulumi
    import pulumi_mongodbatlas as mongodbatlas
    
    test = mongodbatlas.DatabaseUser("test",
        username="64d613677e1ad50839cce4db/testUserOr",
        project_id="6414908c207f4d22f4d8f232",
        auth_database_name="admin",
        oidc_auth_type="IDP_GROUP",
        roles=[mongodbatlas.DatabaseUserRoleArgs(
            role_name="readWriteAnyDatabase",
            database_name="admin",
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
    			Username:         pulumi.String("64d613677e1ad50839cce4db/testUserOr"),
    			ProjectId:        pulumi.String("6414908c207f4d22f4d8f232"),
    			AuthDatabaseName: pulumi.String("admin"),
    			OidcAuthType:     pulumi.String("IDP_GROUP"),
    			Roles: mongodbatlas.DatabaseUserRoleArray{
    				&mongodbatlas.DatabaseUserRoleArgs{
    					RoleName:     pulumi.String("readWriteAnyDatabase"),
    					DatabaseName: pulumi.String("admin"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Mongodbatlas = Pulumi.Mongodbatlas;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Mongodbatlas.DatabaseUser("test", new()
        {
            Username = "64d613677e1ad50839cce4db/testUserOr",
            ProjectId = "6414908c207f4d22f4d8f232",
            AuthDatabaseName = "admin",
            OidcAuthType = "IDP_GROUP",
            Roles = new[]
            {
                new Mongodbatlas.Inputs.DatabaseUserRoleArgs
                {
                    RoleName = "readWriteAnyDatabase",
                    DatabaseName = "admin",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.DatabaseUser;
    import com.pulumi.mongodbatlas.DatabaseUserArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new DatabaseUser("test", DatabaseUserArgs.builder()
                .username("64d613677e1ad50839cce4db/testUserOr")
                .projectId("6414908c207f4d22f4d8f232")
                .authDatabaseName("admin")
                .oidcAuthType("IDP_GROUP")
                .roles(DatabaseUserRoleArgs.builder()
                    .roleName("readWriteAnyDatabase")
                    .databaseName("admin")
                    .build())
                .build());
    
        }
    }
    
    resources:
      test:
        type: mongodbatlas:DatabaseUser
        properties:
          username: 64d613677e1ad50839cce4db/testUserOr
          projectId: 6414908c207f4d22f4d8f232
          authDatabaseName: admin
          oidcAuthType: IDP_GROUP
          roles:
            - roleName: readWriteAnyDatabase
              databaseName: admin
    

    username format: Atlas OIDC IdP ID (found in federation settings), followed by a ‘/’, followed by the IdP group name

    Note: OIDC support is only avalible starting in MongoDB 7.0 or later. To learn more, see the MongoDB Atlas documentation.

    Create DatabaseUser Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DatabaseUser(name: string, args: DatabaseUserArgs, opts?: CustomResourceOptions);
    @overload
    def DatabaseUser(resource_name: str,
                     args: DatabaseUserArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def DatabaseUser(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     auth_database_name: Optional[str] = None,
                     project_id: Optional[str] = None,
                     username: Optional[str] = None,
                     aws_iam_type: Optional[str] = None,
                     labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
                     ldap_auth_type: Optional[str] = None,
                     oidc_auth_type: Optional[str] = None,
                     password: Optional[str] = None,
                     roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
                     scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
                     x509_type: Optional[str] = None)
    func NewDatabaseUser(ctx *Context, name string, args DatabaseUserArgs, opts ...ResourceOption) (*DatabaseUser, error)
    public DatabaseUser(string name, DatabaseUserArgs args, CustomResourceOptions? opts = null)
    public DatabaseUser(String name, DatabaseUserArgs args)
    public DatabaseUser(String name, DatabaseUserArgs args, CustomResourceOptions options)
    
    type: mongodbatlas:DatabaseUser
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DatabaseUserArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var databaseUserResource = new Mongodbatlas.DatabaseUser("databaseUserResource", new()
    {
        AuthDatabaseName = "string",
        ProjectId = "string",
        Username = "string",
        AwsIamType = "string",
        Labels = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserLabelArgs
            {
                Key = "string",
                Value = "string",
            },
        },
        LdapAuthType = "string",
        OidcAuthType = "string",
        Password = "string",
        Roles = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserRoleArgs
            {
                DatabaseName = "string",
                RoleName = "string",
                CollectionName = "string",
            },
        },
        Scopes = new[]
        {
            new Mongodbatlas.Inputs.DatabaseUserScopeArgs
            {
                Name = "string",
                Type = "string",
            },
        },
        X509Type = "string",
    });
    
    example, err := mongodbatlas.NewDatabaseUser(ctx, "databaseUserResource", &mongodbatlas.DatabaseUserArgs{
    	AuthDatabaseName: pulumi.String("string"),
    	ProjectId:        pulumi.String("string"),
    	Username:         pulumi.String("string"),
    	AwsIamType:       pulumi.String("string"),
    	Labels: mongodbatlas.DatabaseUserLabelArray{
    		&mongodbatlas.DatabaseUserLabelArgs{
    			Key:   pulumi.String("string"),
    			Value: pulumi.String("string"),
    		},
    	},
    	LdapAuthType: pulumi.String("string"),
    	OidcAuthType: pulumi.String("string"),
    	Password:     pulumi.String("string"),
    	Roles: mongodbatlas.DatabaseUserRoleArray{
    		&mongodbatlas.DatabaseUserRoleArgs{
    			DatabaseName:   pulumi.String("string"),
    			RoleName:       pulumi.String("string"),
    			CollectionName: pulumi.String("string"),
    		},
    	},
    	Scopes: mongodbatlas.DatabaseUserScopeArray{
    		&mongodbatlas.DatabaseUserScopeArgs{
    			Name: pulumi.String("string"),
    			Type: pulumi.String("string"),
    		},
    	},
    	X509Type: pulumi.String("string"),
    })
    
    var databaseUserResource = new DatabaseUser("databaseUserResource", DatabaseUserArgs.builder()
        .authDatabaseName("string")
        .projectId("string")
        .username("string")
        .awsIamType("string")
        .labels(DatabaseUserLabelArgs.builder()
            .key("string")
            .value("string")
            .build())
        .ldapAuthType("string")
        .oidcAuthType("string")
        .password("string")
        .roles(DatabaseUserRoleArgs.builder()
            .databaseName("string")
            .roleName("string")
            .collectionName("string")
            .build())
        .scopes(DatabaseUserScopeArgs.builder()
            .name("string")
            .type("string")
            .build())
        .x509Type("string")
        .build());
    
    database_user_resource = mongodbatlas.DatabaseUser("databaseUserResource",
        auth_database_name="string",
        project_id="string",
        username="string",
        aws_iam_type="string",
        labels=[mongodbatlas.DatabaseUserLabelArgs(
            key="string",
            value="string",
        )],
        ldap_auth_type="string",
        oidc_auth_type="string",
        password="string",
        roles=[mongodbatlas.DatabaseUserRoleArgs(
            database_name="string",
            role_name="string",
            collection_name="string",
        )],
        scopes=[mongodbatlas.DatabaseUserScopeArgs(
            name="string",
            type="string",
        )],
        x509_type="string")
    
    const databaseUserResource = new mongodbatlas.DatabaseUser("databaseUserResource", {
        authDatabaseName: "string",
        projectId: "string",
        username: "string",
        awsIamType: "string",
        labels: [{
            key: "string",
            value: "string",
        }],
        ldapAuthType: "string",
        oidcAuthType: "string",
        password: "string",
        roles: [{
            databaseName: "string",
            roleName: "string",
            collectionName: "string",
        }],
        scopes: [{
            name: "string",
            type: "string",
        }],
        x509Type: "string",
    });
    
    type: mongodbatlas:DatabaseUser
    properties:
        authDatabaseName: string
        awsIamType: string
        labels:
            - key: string
              value: string
        ldapAuthType: string
        oidcAuthType: string
        password: string
        projectId: string
        roles:
            - collectionName: string
              databaseName: string
              roleName: string
        scopes:
            - name: string
              type: string
        username: string
        x509Type: string
    

    DatabaseUser Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DatabaseUser resource accepts the following input properties:

    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    ProjectId string
    The unique ID for the project to create the database user.
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Labels List<DatabaseUserLabel>
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    Roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes List<DatabaseUserScope>
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    ProjectId string
    The unique ID for the project to create the database user.
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Labels []DatabaseUserLabelArgs
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    Roles []DatabaseUserRoleArgs
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes []DatabaseUserScopeArgs
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    projectId String
    The unique ID for the project to create the database user.
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels List<DatabaseUserLabel>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<DatabaseUserScope>
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    projectId string
    The unique ID for the project to create the database user.
    username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    awsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels DatabaseUserLabel[]
    ldapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password string
    roles DatabaseUserRole[]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes DatabaseUserScope[]
    x509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    auth_database_name str
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    project_id str
    The unique ID for the project to create the database user.
    username str
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    aws_iam_type str
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels Sequence[DatabaseUserLabelArgs]
    ldap_auth_type str
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidc_auth_type str
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password str
    roles Sequence[DatabaseUserRoleArgs]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes Sequence[DatabaseUserScopeArgs]
    x509_type str
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    projectId String
    The unique ID for the project to create the database user.
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels List<Property Map>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    roles List<Property Map>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<Property Map>
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DatabaseUser resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing DatabaseUser Resource

    Get an existing DatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DatabaseUserState, opts?: CustomResourceOptions): DatabaseUser
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auth_database_name: Optional[str] = None,
            aws_iam_type: Optional[str] = None,
            labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
            ldap_auth_type: Optional[str] = None,
            oidc_auth_type: Optional[str] = None,
            password: Optional[str] = None,
            project_id: Optional[str] = None,
            roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
            scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
            username: Optional[str] = None,
            x509_type: Optional[str] = None) -> DatabaseUser
    func GetDatabaseUser(ctx *Context, name string, id IDInput, state *DatabaseUserState, opts ...ResourceOption) (*DatabaseUser, error)
    public static DatabaseUser Get(string name, Input<string> id, DatabaseUserState? state, CustomResourceOptions? opts = null)
    public static DatabaseUser get(String name, Output<String> id, DatabaseUserState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Labels List<DatabaseUserLabel>
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    ProjectId string
    The unique ID for the project to create the database user.
    Roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes List<DatabaseUserScope>
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    AuthDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    AwsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    Labels []DatabaseUserLabelArgs
    LdapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    OidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    Password string
    ProjectId string
    The unique ID for the project to create the database user.
    Roles []DatabaseUserRoleArgs
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    Scopes []DatabaseUserScopeArgs
    Username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    X509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels List<DatabaseUserLabel>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    projectId String
    The unique ID for the project to create the database user.
    roles List<DatabaseUserRole>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<DatabaseUserScope>
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName string
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    awsIamType string
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels DatabaseUserLabel[]
    ldapAuthType string
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType string
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password string
    projectId string
    The unique ID for the project to create the database user.
    roles DatabaseUserRole[]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes DatabaseUserScope[]
    username string
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509Type string
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    auth_database_name str
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    aws_iam_type str
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels Sequence[DatabaseUserLabelArgs]
    ldap_auth_type str
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidc_auth_type str
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password str
    project_id str
    The unique ID for the project to create the database user.
    roles Sequence[DatabaseUserRoleArgs]
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes Sequence[DatabaseUserScopeArgs]
    username str
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509_type str
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.
    authDatabaseName String
    Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
    awsIamType String
    If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use AWS IAM credentials.
    • USER - New database user has AWS IAM user credentials.
    • ROLE - New database user has credentials associated with an AWS IAM role.
    labels List<Property Map>
    ldapAuthType String
    Method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE.

    • NONE - Atlas authenticates this user through SCRAM-SHA, not LDAP.
    • USER - LDAP server authenticates this user through the user's LDAP user. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    • GROUP - LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP. username must also be a fully qualified distinguished name, as defined in RFC-2253.
    oidcAuthType String
    Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    password String
    projectId String
    The unique ID for the project to create the database user.
    roles List<Property Map>
    List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
    scopes List<Property Map>
    username String
    Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if aws_iam_type is USER or ROLE.
    x509Type String
    X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:

    • NONE - The user does not use X.509 authentication.
    • MANAGED - The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the $external database.
    • CUSTOMER - The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the $external database.

    Supporting Types

    DatabaseUserLabel, DatabaseUserLabelArgs

    Key string
    The key that you want to write.
    Value string
    The value that you want to write.
    Key string
    The key that you want to write.
    Value string
    The value that you want to write.
    key String
    The key that you want to write.
    value String
    The value that you want to write.
    key string
    The key that you want to write.
    value string
    The value that you want to write.
    key str
    The key that you want to write.
    value str
    The value that you want to write.
    key String
    The key that you want to write.
    value String
    The value that you want to write.

    DatabaseUserRole, DatabaseUserRoleArgs

    DatabaseName string
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    RoleName string
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    CollectionName string
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    DatabaseName string
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    RoleName string
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    CollectionName string
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    databaseName String
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    roleName String
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collectionName String
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    databaseName string
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    roleName string
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collectionName string
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    database_name str
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    role_name str
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collection_name str
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).
    databaseName String
    Database on which the user has the specified role. A role on the admin database can include privileges that apply to the other databases. This field should be set to admin for a custom MongoDB role.
    roleName String
    Name of the role to grant. See Create a Database User roles.roleName for valid values and restrictions.
    collectionName String
    Collection for which the role applies. You can specify a collection for the read and readWrite roles. If you do not specify a collection for read and readWrite, the role applies to all collections in the database (excluding some collections in the system. database).

    DatabaseUserScope, DatabaseUserScopeArgs

    Name string
    Name of the cluster or Atlas Data Lake that the user has access to.
    Type string
    Type of resource that the user has access to. Valid values are: CLUSTER and DATA_LAKE
    Name string
    Name of the cluster or Atlas Data Lake that the user has access to.
    Type string
    Type of resource that the user has access to. Valid values are: CLUSTER and DATA_LAKE
    name String
    Name of the cluster or Atlas Data Lake that the user has access to.
    type String
    Type of resource that the user has access to. Valid values are: CLUSTER and DATA_LAKE
    name string
    Name of the cluster or Atlas Data Lake that the user has access to.
    type string
    Type of resource that the user has access to. Valid values are: CLUSTER and DATA_LAKE
    name str
    Name of the cluster or Atlas Data Lake that the user has access to.
    type str
    Type of resource that the user has access to. Valid values are: CLUSTER and DATA_LAKE
    name String
    Name of the cluster or Atlas Data Lake that the user has access to.
    type String
    Type of resource that the user has access to. Valid values are: CLUSTER and DATA_LAKE

    Import

    Database users can be imported using project ID and username, in the format project_id-username-auth_database_name, e.g.

    $ pulumi import mongodbatlas:index/databaseUser:DatabaseUser my_user 1112222b3bf99403840e8934-my_user-admin
    

    ~> NOTE: Terraform will want to change the password after importing the user if a password argument is specified.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    MongoDB Atlas pulumi/pulumi-mongodbatlas
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mongodbatlas Terraform Provider.
    mongodbatlas logo
    MongoDB Atlas v3.16.2 published on Friday, Jun 21, 2024 by Pulumi