mongodbatlas.DatabaseUser
Explore with Pulumi AI
mongodbatlas.DatabaseUser
provides a Database User resource. This represents a database user which will be applied to all clusters within the project.
Each user has a set of roles that provide access to the project’s databases. User’s roles apply to all the clusters in the project: if two clusters have a products
database and a user has a role granting read
access on the products database, the user has that access on both clusters.
NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.
IMPORTANT: All arguments including the password will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example of how to create a OIDC federated authentication user
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
authDatabaseName: "admin",
oidcAuthType: "IDP_GROUP",
projectId: "6414908c207f4d22f4d8f232",
roles: [{
databaseName: "admin",
roleName: "readWriteAnyDatabase",
}],
username: "64d613677e1ad50839cce4db/testUserOr",
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
auth_database_name="admin",
oidc_auth_type="IDP_GROUP",
project_id="6414908c207f4d22f4d8f232",
roles=[mongodbatlas.DatabaseUserRoleArgs(
database_name="admin",
role_name="readWriteAnyDatabase",
)],
username="64d613677e1ad50839cce4db/testUserOr")
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
AuthDatabaseName = "admin",
OidcAuthType = "IDP_GROUP",
ProjectId = "6414908c207f4d22f4d8f232",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
DatabaseName = "admin",
RoleName = "readWriteAnyDatabase",
},
},
Username = "64d613677e1ad50839cce4db/testUserOr",
});
});
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
AuthDatabaseName: pulumi.String("admin"),
OidcAuthType: pulumi.String("IDP_GROUP"),
ProjectId: pulumi.String("6414908c207f4d22f4d8f232"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
DatabaseName: pulumi.String("admin"),
RoleName: pulumi.String("readWriteAnyDatabase"),
},
},
Username: pulumi.String("64d613677e1ad50839cce4db/testUserOr"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.authDatabaseName("admin")
.oidcAuthType("IDP_GROUP")
.projectId("6414908c207f4d22f4d8f232")
.roles(DatabaseUserRoleArgs.builder()
.databaseName("admin")
.roleName("readWriteAnyDatabase")
.build())
.username("64d613677e1ad50839cce4db/testUserOr")
.build());
}
}
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
authDatabaseName: admin
oidcAuthType: IDP_GROUP
projectId: 6414908c207f4d22f4d8f232
roles:
- databaseName: admin
roleName: readWriteAnyDatabase
username: 64d613677e1ad50839cce4db/testUserOr
username
format: Atlas OIDC IdP ID (found in federation settings), followed by a ‘/’, followed by the IdP group name
Note: OIDC support is only avalible starting in MongoDB 7.0 or later. To learn more, see the MongoDB Atlas documentation.
Example Usage
S
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
AuthDatabaseName = "admin",
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "My Key",
Value = "My Value",
},
},
Password = "test-acc-password",
ProjectId = "<PROJECT-ID>",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
DatabaseName = "dbforApp",
RoleName = "readWrite",
},
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
DatabaseName = "admin",
RoleName = "readAnyDatabase",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My cluster name",
Type = "CLUSTER",
},
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My second cluster name",
Type = "CLUSTER",
},
},
Username = "test-acc-username",
});
});
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
AuthDatabaseName: pulumi.String("admin"),
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("My Key"),
Value: pulumi.String("My Value"),
},
},
Password: pulumi.String("test-acc-password"),
ProjectId: pulumi.String("<PROJECT-ID>"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
DatabaseName: pulumi.String("dbforApp"),
RoleName: pulumi.String("readWrite"),
},
&mongodbatlas.DatabaseUserRoleArgs{
DatabaseName: pulumi.String("admin"),
RoleName: pulumi.String("readAnyDatabase"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My cluster name"),
Type: pulumi.String("CLUSTER"),
},
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My second cluster name"),
Type: pulumi.String("CLUSTER"),
},
},
Username: pulumi.String("test-acc-username"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.authDatabaseName("admin")
.labels(DatabaseUserLabelArgs.builder()
.key("My Key")
.value("My Value")
.build())
.password("test-acc-password")
.projectId("<PROJECT-ID>")
.roles(
DatabaseUserRoleArgs.builder()
.databaseName("dbforApp")
.roleName("readWrite")
.build(),
DatabaseUserRoleArgs.builder()
.databaseName("admin")
.roleName("readAnyDatabase")
.build())
.scopes(
DatabaseUserScopeArgs.builder()
.name("My cluster name")
.type("CLUSTER")
.build(),
DatabaseUserScopeArgs.builder()
.name("My second cluster name")
.type("CLUSTER")
.build())
.username("test-acc-username")
.build());
}
}
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
auth_database_name="admin",
labels=[mongodbatlas.DatabaseUserLabelArgs(
key="My Key",
value="My Value",
)],
password="test-acc-password",
project_id="<PROJECT-ID>",
roles=[
mongodbatlas.DatabaseUserRoleArgs(
database_name="dbforApp",
role_name="readWrite",
),
mongodbatlas.DatabaseUserRoleArgs(
database_name="admin",
role_name="readAnyDatabase",
),
],
scopes=[
mongodbatlas.DatabaseUserScopeArgs(
name="My cluster name",
type="CLUSTER",
),
mongodbatlas.DatabaseUserScopeArgs(
name="My second cluster name",
type="CLUSTER",
),
],
username="test-acc-username")
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
authDatabaseName: "admin",
labels: [{
key: "My Key",
value: "My Value",
}],
password: "test-acc-password",
projectId: "<PROJECT-ID>",
roles: [
{
databaseName: "dbforApp",
roleName: "readWrite",
},
{
databaseName: "admin",
roleName: "readAnyDatabase",
},
],
scopes: [
{
name: "My cluster name",
type: "CLUSTER",
},
{
name: "My second cluster name",
type: "CLUSTER",
},
],
username: "test-acc-username",
});
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
authDatabaseName: admin
labels:
- key: My Key
value: My Value
password: test-acc-password
projectId: <PROJECT-ID>
roles:
- databaseName: dbforApp
roleName: readWrite
- databaseName: admin
roleName: readAnyDatabase
scopes:
- name: My cluster name
type: CLUSTER
- name: My second cluster name
type: CLUSTER
username: test-acc-username
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
AuthDatabaseName = "$external",
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "%s",
Value = "%s",
},
},
ProjectId = "<PROJECT-ID>",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
DatabaseName = "admin",
RoleName = "readAnyDatabase",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My cluster name",
Type = "CLUSTER",
},
},
Username = "test-acc-username",
X509Type = "MANAGED",
});
});
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
AuthDatabaseName: pulumi.String("$external"),
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("%s"),
Value: pulumi.String("%s"),
},
},
ProjectId: pulumi.String("<PROJECT-ID>"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
DatabaseName: pulumi.String("admin"),
RoleName: pulumi.String("readAnyDatabase"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My cluster name"),
Type: pulumi.String("CLUSTER"),
},
},
Username: pulumi.String("test-acc-username"),
X509Type: pulumi.String("MANAGED"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.authDatabaseName("$external")
.labels(DatabaseUserLabelArgs.builder()
.key("%s")
.value("%s")
.build())
.projectId("<PROJECT-ID>")
.roles(DatabaseUserRoleArgs.builder()
.databaseName("admin")
.roleName("readAnyDatabase")
.build())
.scopes(DatabaseUserScopeArgs.builder()
.name("My cluster name")
.type("CLUSTER")
.build())
.username("test-acc-username")
.x509Type("MANAGED")
.build());
}
}
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
auth_database_name="$external",
labels=[mongodbatlas.DatabaseUserLabelArgs(
key="%s",
value="%s",
)],
project_id="<PROJECT-ID>",
roles=[mongodbatlas.DatabaseUserRoleArgs(
database_name="admin",
role_name="readAnyDatabase",
)],
scopes=[mongodbatlas.DatabaseUserScopeArgs(
name="My cluster name",
type="CLUSTER",
)],
username="test-acc-username",
x509_type="MANAGED")
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
authDatabaseName: "$external",
labels: [{
key: "%s",
value: "%s",
}],
projectId: "<PROJECT-ID>",
roles: [{
databaseName: "admin",
roleName: "readAnyDatabase",
}],
scopes: [{
name: "My cluster name",
type: "CLUSTER",
}],
username: "test-acc-username",
x509Type: "MANAGED",
});
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
authDatabaseName: $external
labels:
- key: '%s'
value: '%s'
projectId: <PROJECT-ID>
roles:
- databaseName: admin
roleName: readAnyDatabase
scopes:
- name: My cluster name
type: CLUSTER
username: test-acc-username
x509Type: MANAGED
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
Username = aws_iam_role.Test.Arn,
ProjectId = "<PROJECT-ID>",
AuthDatabaseName = "$external",
AwsIamType = "ROLE",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
RoleName = "readAnyDatabase",
DatabaseName = "admin",
},
},
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "%s",
Value = "%s",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My cluster name",
Type = "CLUSTER",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
Username: pulumi.Any(aws_iam_role.Test.Arn),
ProjectId: pulumi.String("<PROJECT-ID>"),
AuthDatabaseName: pulumi.String("$external"),
AwsIamType: pulumi.String("ROLE"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
RoleName: pulumi.String("readAnyDatabase"),
DatabaseName: pulumi.String("admin"),
},
},
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("%s"),
Value: pulumi.String("%s"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My cluster name"),
Type: pulumi.String("CLUSTER"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.username(aws_iam_role.test().arn())
.projectId("<PROJECT-ID>")
.authDatabaseName("$external")
.awsIamType("ROLE")
.roles(DatabaseUserRoleArgs.builder()
.roleName("readAnyDatabase")
.databaseName("admin")
.build())
.labels(DatabaseUserLabelArgs.builder()
.key("%s")
.value("%s")
.build())
.scopes(DatabaseUserScopeArgs.builder()
.name("My cluster name")
.type("CLUSTER")
.build())
.build());
}
}
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
username=aws_iam_role["test"]["arn"],
project_id="<PROJECT-ID>",
auth_database_name="$external",
aws_iam_type="ROLE",
roles=[mongodbatlas.DatabaseUserRoleArgs(
role_name="readAnyDatabase",
database_name="admin",
)],
labels=[mongodbatlas.DatabaseUserLabelArgs(
key="%s",
value="%s",
)],
scopes=[mongodbatlas.DatabaseUserScopeArgs(
name="My cluster name",
type="CLUSTER",
)])
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
username: aws_iam_role.test.arn,
projectId: "<PROJECT-ID>",
authDatabaseName: "$external",
awsIamType: "ROLE",
roles: [{
roleName: "readAnyDatabase",
databaseName: "admin",
}],
labels: [{
key: "%s",
value: "%s",
}],
scopes: [{
name: "My cluster name",
type: "CLUSTER",
}],
});
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
username: ${aws_iam_role.test.arn}
projectId: <PROJECT-ID>
authDatabaseName: $external
awsIamType: ROLE
roles:
- roleName: readAnyDatabase
databaseName: admin
labels:
- key: '%s'
value: '%s'
scopes:
- name: My cluster name
type: CLUSTER
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
AuthDatabaseName = "admin",
OidcAuthType = "IDP_GROUP",
ProjectId = "6414908c207f4d22f4d8f232",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
DatabaseName = "admin",
RoleName = "readWriteAnyDatabase",
},
},
Username = "64d613677e1ad50839cce4db/testUserOr",
});
});
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
AuthDatabaseName: pulumi.String("admin"),
OidcAuthType: pulumi.String("IDP_GROUP"),
ProjectId: pulumi.String("6414908c207f4d22f4d8f232"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
DatabaseName: pulumi.String("admin"),
RoleName: pulumi.String("readWriteAnyDatabase"),
},
},
Username: pulumi.String("64d613677e1ad50839cce4db/testUserOr"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.authDatabaseName("admin")
.oidcAuthType("IDP_GROUP")
.projectId("6414908c207f4d22f4d8f232")
.roles(DatabaseUserRoleArgs.builder()
.databaseName("admin")
.roleName("readWriteAnyDatabase")
.build())
.username("64d613677e1ad50839cce4db/testUserOr")
.build());
}
}
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
auth_database_name="admin",
oidc_auth_type="IDP_GROUP",
project_id="6414908c207f4d22f4d8f232",
roles=[mongodbatlas.DatabaseUserRoleArgs(
database_name="admin",
role_name="readWriteAnyDatabase",
)],
username="64d613677e1ad50839cce4db/testUserOr")
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
authDatabaseName: "admin",
oidcAuthType: "IDP_GROUP",
projectId: "6414908c207f4d22f4d8f232",
roles: [{
databaseName: "admin",
roleName: "readWriteAnyDatabase",
}],
username: "64d613677e1ad50839cce4db/testUserOr",
});
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
authDatabaseName: admin
oidcAuthType: IDP_GROUP
projectId: 6414908c207f4d22f4d8f232
roles:
- databaseName: admin
roleName: readWriteAnyDatabase
username: 64d613677e1ad50839cce4db/testUserOr
Create DatabaseUser Resource
new DatabaseUser(name: string, args: DatabaseUserArgs, opts?: CustomResourceOptions);
@overload
def DatabaseUser(resource_name: str,
opts: Optional[ResourceOptions] = None,
auth_database_name: Optional[str] = None,
aws_iam_type: Optional[str] = None,
labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
ldap_auth_type: Optional[str] = None,
oidc_auth_type: Optional[str] = None,
password: Optional[str] = None,
project_id: Optional[str] = None,
roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
username: Optional[str] = None,
x509_type: Optional[str] = None)
@overload
def DatabaseUser(resource_name: str,
args: DatabaseUserArgs,
opts: Optional[ResourceOptions] = None)
func NewDatabaseUser(ctx *Context, name string, args DatabaseUserArgs, opts ...ResourceOption) (*DatabaseUser, error)
public DatabaseUser(string name, DatabaseUserArgs args, CustomResourceOptions? opts = null)
public DatabaseUser(String name, DatabaseUserArgs args)
public DatabaseUser(String name, DatabaseUserArgs args, CustomResourceOptions options)
type: mongodbatlas:DatabaseUser
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
DatabaseUser Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DatabaseUser resource accepts the following input properties:
- Auth
Database stringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Project
Id string The unique ID for the project to create the database user.
- Username string
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- Aws
Iam stringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Labels
List<Database
User Label> - Ldap
Auth stringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- Oidc
Auth stringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Password string
- Roles
List<Database
User Role> List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
List<Database
User Scope> - X509Type string
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- Auth
Database stringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Project
Id string The unique ID for the project to create the database user.
- Username string
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- Aws
Iam stringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Labels
[]Database
User Label Args - Ldap
Auth stringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- Oidc
Auth stringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Password string
- Roles
[]Database
User Role Args List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
[]Database
User Scope Args - X509Type string
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth
Database StringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project
Id String The unique ID for the project to create the database user.
- username String
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- aws
Iam StringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels
List<Database
User Label> - ldap
Auth StringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc
Auth StringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password String
- roles
List<Database
User Role> List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
List<Database
User Scope> - x509Type String
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth
Database stringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project
Id string The unique ID for the project to create the database user.
- username string
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- aws
Iam stringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels
Database
User Label[] - ldap
Auth stringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc
Auth stringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password string
- roles
Database
User Role[] List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Database
User Scope[] - x509Type string
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth_
database_ strname Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project_
id str The unique ID for the project to create the database user.
- username str
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- aws_
iam_ strtype If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels
Sequence[Database
User Label Args] - ldap_
auth_ strtype Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc_
auth_ strtype Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password str
- roles
Sequence[Database
User Role Args] List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Sequence[Database
User Scope Args] - x509_
type str X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth
Database StringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project
Id String The unique ID for the project to create the database user.
- username String
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- aws
Iam StringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels List<Property Map>
- ldap
Auth StringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc
Auth StringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password String
- roles List<Property Map>
List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes List<Property Map>
- x509Type String
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
Outputs
All input properties are implicitly available as output properties. Additionally, the DatabaseUser resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing DatabaseUser Resource
Get an existing DatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DatabaseUserState, opts?: CustomResourceOptions): DatabaseUser
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auth_database_name: Optional[str] = None,
aws_iam_type: Optional[str] = None,
labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
ldap_auth_type: Optional[str] = None,
oidc_auth_type: Optional[str] = None,
password: Optional[str] = None,
project_id: Optional[str] = None,
roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
username: Optional[str] = None,
x509_type: Optional[str] = None) -> DatabaseUser
func GetDatabaseUser(ctx *Context, name string, id IDInput, state *DatabaseUserState, opts ...ResourceOption) (*DatabaseUser, error)
public static DatabaseUser Get(string name, Input<string> id, DatabaseUserState? state, CustomResourceOptions? opts = null)
public static DatabaseUser get(String name, Output<String> id, DatabaseUserState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auth
Database stringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Aws
Iam stringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Labels
List<Database
User Label> - Ldap
Auth stringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- Oidc
Auth stringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Password string
- Project
Id string The unique ID for the project to create the database user.
- Roles
List<Database
User Role> List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
List<Database
User Scope> - Username string
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- X509Type string
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- Auth
Database stringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Aws
Iam stringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Labels
[]Database
User Label Args - Ldap
Auth stringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- Oidc
Auth stringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- Password string
- Project
Id string The unique ID for the project to create the database user.
- Roles
[]Database
User Role Args List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
[]Database
User Scope Args - Username string
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- X509Type string
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth
Database StringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws
Iam StringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels
List<Database
User Label> - ldap
Auth StringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc
Auth StringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password String
- project
Id String The unique ID for the project to create the database user.
- roles
List<Database
User Role> List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
List<Database
User Scope> - username String
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- x509Type String
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth
Database stringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws
Iam stringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels
Database
User Label[] - ldap
Auth stringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc
Auth stringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password string
- project
Id string The unique ID for the project to create the database user.
- roles
Database
User Role[] List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Database
User Scope[] - username string
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- x509Type string
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth_
database_ strname Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws_
iam_ strtype If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels
Sequence[Database
User Label Args] - ldap_
auth_ strtype Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc_
auth_ strtype Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password str
- project_
id str The unique ID for the project to create the database user.
- roles
Sequence[Database
User Role Args] List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Sequence[Database
User Scope Args] - username str
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- x509_
type str X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
- auth
Database StringName Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws
Iam StringType If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- labels List<Property Map>
- ldap
Auth StringType Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.- oidc
Auth StringType Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:- password String
- project
Id String The unique ID for the project to create the database user.
- roles List<Property Map>
List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes List<Property Map>
- username String
Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE.- x509Type String
X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
Supporting Types
DatabaseUserLabel, DatabaseUserLabelArgs
DatabaseUserRole, DatabaseUserRoleArgs
- Database
Name string Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases.- Role
Name string Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions.- Collection
Name string Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- Database
Name string Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases.- Role
Name string Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions.- Collection
Name string Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database
Name String Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases.- role
Name String Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions.- collection
Name String Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database
Name string Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases.- role
Name string Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions.- collection
Name string Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database_
name str Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases.- role_
name str Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions.- collection_
name str Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database
Name String Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases.- role
Name String Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions.- collection
Name String Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
DatabaseUserScope, DatabaseUserScopeArgs
Import
Database users can be imported using project ID and username, in the format project_id
-username
-auth_database_name
, e.g.
$ pulumi import mongodbatlas:index/databaseUser:DatabaseUser my_user 1112222b3bf99403840e8934-my_user-admin
~> NOTE: Terraform will want to change the password after importing the user if a password
argument is specified.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
mongodbatlas
Terraform Provider.