1. Packages
  2. MongoDB Atlas
  3. API Docs
  4. X509AuthenticationDatabaseUser
MongoDB Atlas v3.14.1 published on Thursday, Feb 8, 2024 by Pulumi

mongodbatlas.X509AuthenticationDatabaseUser

Explore with Pulumi AI

mongodbatlas logo
MongoDB Atlas v3.14.1 published on Thursday, Feb 8, 2024 by Pulumi

    mongodbatlas.X509AuthenticationDatabaseUser provides a X509 Authentication Database User resource. The mongodbatlas.X509AuthenticationDatabaseUser resource lets you manage MongoDB users who authenticate using X.509 certificates. You can manage these X.509 certificates or let Atlas do it for you.

    ManagementDescription
    AtlasAtlas manages your Certificate Authority and can generate certificates for your MongoDB users. No additional X.509 configuration is required.
    CustomerYou must provide a Certificate Authority and generate certificates for your MongoDB users.

    NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.

    NOTE: Before provider version 1.14.0, Self-managed X.509 Authentication was disabled for the project when this resource was deleted. Starting from that version onward, it will not be disabled, allowing other users to continue using X.509 within the same project.

    Example Usage

    Example Usage: Generate an Atlas-managed X.509 certificate for a MongoDB user

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.DatabaseUser;
    import com.pulumi.mongodbatlas.DatabaseUserArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
    import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUser;
    import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var user = new DatabaseUser("user", DatabaseUserArgs.builder()        
                .projectId("64b926dd56206839b1c8bae9")
                .username("myUsername")
                .x509Type("MANAGED")
                .databaseName("$external")
                .roles(DatabaseUserRoleArgs.builder()
                    .roleName("atlasAdmin")
                    .databaseName("admin")
                    .build())
                .labels(DatabaseUserLabelArgs.builder()
                    .key("My Key")
                    .value("My Value")
                    .build())
                .build());
    
            var test = new X509AuthenticationDatabaseUser("test", X509AuthenticationDatabaseUserArgs.builder()        
                .projectId(user.projectId())
                .username(user.username())
                .monthsUntilExpiration(2)
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      user:
        type: mongodbatlas:DatabaseUser
        properties:
          projectId: 64b926dd56206839b1c8bae9
          username: myUsername
          x509Type: MANAGED
          databaseName: $external
          roles:
            - roleName: atlasAdmin
              databaseName: admin
          labels:
            - key: My Key
              value: My Value
      test:
        type: mongodbatlas:X509AuthenticationDatabaseUser
        properties:
          projectId: ${user.projectId}
          username: ${user.username}
          monthsUntilExpiration: 2
    

    Example Usage: Save a self-managed X.509 certificate for an Atlas project and use it with a dababase user

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUser;
    import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUserArgs;
    import com.pulumi.mongodbatlas.DatabaseUser;
    import com.pulumi.mongodbatlas.DatabaseUserArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
    import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new X509AuthenticationDatabaseUser("test", X509AuthenticationDatabaseUserArgs.builder()        
                .customerX509Cas("""
      -----BEGIN CERTIFICATE-----
      MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
      VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
      c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
      SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
      MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
      VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
      BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
      c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
      iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
      cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
      Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
      SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
      7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
      iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
      -----END CERTIFICATE-----"
    
                """)
                .projectId("<PROJECT-ID>")
                .build());
    
            var user = new DatabaseUser("user", DatabaseUserArgs.builder()        
                .databaseName("$external")
                .labels(DatabaseUserLabelArgs.builder()
                    .key("My Key")
                    .value("My Value")
                    .build())
                .projectId("64b926dd56206839b1c8bae9")
                .roles(DatabaseUserRoleArgs.builder()
                    .databaseName("admin")
                    .roleName("atlasAdmin")
                    .build())
                .username("myUsername")
                .x509Type("CUSTOMER")
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      test:
        type: mongodbatlas:X509AuthenticationDatabaseUser
        properties:
          customerX509Cas: |2+
              -----BEGIN CERTIFICATE-----
              MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
              VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
              c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
              SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
              MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
              VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
              BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
              c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
              iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
              cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
              Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
              SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
              7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
              iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
              -----END CERTIFICATE-----"
    
          projectId: <PROJECT-ID>
      user:
        type: mongodbatlas:DatabaseUser
        properties:
          databaseName: $external
          labels:
            - key: My Key
              value: My Value
          projectId: 64b926dd56206839b1c8bae9
          roles:
            - databaseName: admin
              roleName: atlasAdmin
          username: myUsername
          x509Type: CUSTOMER
    

    Create X509AuthenticationDatabaseUser Resource

    new X509AuthenticationDatabaseUser(name: string, args: X509AuthenticationDatabaseUserArgs, opts?: CustomResourceOptions);
    @overload
    def X509AuthenticationDatabaseUser(resource_name: str,
                                       opts: Optional[ResourceOptions] = None,
                                       customer_x509_cas: Optional[str] = None,
                                       months_until_expiration: Optional[int] = None,
                                       project_id: Optional[str] = None,
                                       username: Optional[str] = None)
    @overload
    def X509AuthenticationDatabaseUser(resource_name: str,
                                       args: X509AuthenticationDatabaseUserArgs,
                                       opts: Optional[ResourceOptions] = None)
    func NewX509AuthenticationDatabaseUser(ctx *Context, name string, args X509AuthenticationDatabaseUserArgs, opts ...ResourceOption) (*X509AuthenticationDatabaseUser, error)
    public X509AuthenticationDatabaseUser(string name, X509AuthenticationDatabaseUserArgs args, CustomResourceOptions? opts = null)
    public X509AuthenticationDatabaseUser(String name, X509AuthenticationDatabaseUserArgs args)
    public X509AuthenticationDatabaseUser(String name, X509AuthenticationDatabaseUserArgs args, CustomResourceOptions options)
    
    type: mongodbatlas:X509AuthenticationDatabaseUser
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args X509AuthenticationDatabaseUserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args X509AuthenticationDatabaseUserArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args X509AuthenticationDatabaseUserArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args X509AuthenticationDatabaseUserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args X509AuthenticationDatabaseUserArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    X509AuthenticationDatabaseUser Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The X509AuthenticationDatabaseUser resource accepts the following input properties:

    ProjectId string
    Identifier for the Atlas project associated with the X.509 configuration.
    CustomerX509Cas string
    PEM string containing one or more customer CAs for database user authentication.
    MonthsUntilExpiration int
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    Username string
    Username of the database user to create a certificate for.
    ProjectId string
    Identifier for the Atlas project associated with the X.509 configuration.
    CustomerX509Cas string
    PEM string containing one or more customer CAs for database user authentication.
    MonthsUntilExpiration int
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    Username string
    Username of the database user to create a certificate for.
    projectId String
    Identifier for the Atlas project associated with the X.509 configuration.
    customerX509Cas String
    PEM string containing one or more customer CAs for database user authentication.
    monthsUntilExpiration Integer
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    username String
    Username of the database user to create a certificate for.
    projectId string
    Identifier for the Atlas project associated with the X.509 configuration.
    customerX509Cas string
    PEM string containing one or more customer CAs for database user authentication.
    monthsUntilExpiration number
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    username string
    Username of the database user to create a certificate for.
    project_id str
    Identifier for the Atlas project associated with the X.509 configuration.
    customer_x509_cas str
    PEM string containing one or more customer CAs for database user authentication.
    months_until_expiration int
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    username str
    Username of the database user to create a certificate for.
    projectId String
    Identifier for the Atlas project associated with the X.509 configuration.
    customerX509Cas String
    PEM string containing one or more customer CAs for database user authentication.
    monthsUntilExpiration Number
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    username String
    Username of the database user to create a certificate for.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the X509AuthenticationDatabaseUser resource produces the following output properties:

    Certificates List<X509AuthenticationDatabaseUserCertificate>
    Array of objects where each details one unexpired database user certificate.
    CurrentCertificate string
    Contains the last X.509 certificate and private key created for a database user.
    Id string
    The provider-assigned unique ID for this managed resource.
    Certificates []X509AuthenticationDatabaseUserCertificate
    Array of objects where each details one unexpired database user certificate.
    CurrentCertificate string
    Contains the last X.509 certificate and private key created for a database user.
    Id string
    The provider-assigned unique ID for this managed resource.
    certificates List<X509AuthenticationDatabaseUserCertificate>
    Array of objects where each details one unexpired database user certificate.
    currentCertificate String
    Contains the last X.509 certificate and private key created for a database user.
    id String
    The provider-assigned unique ID for this managed resource.
    certificates X509AuthenticationDatabaseUserCertificate[]
    Array of objects where each details one unexpired database user certificate.
    currentCertificate string
    Contains the last X.509 certificate and private key created for a database user.
    id string
    The provider-assigned unique ID for this managed resource.
    certificates Sequence[X509AuthenticationDatabaseUserCertificate]
    Array of objects where each details one unexpired database user certificate.
    current_certificate str
    Contains the last X.509 certificate and private key created for a database user.
    id str
    The provider-assigned unique ID for this managed resource.
    certificates List<Property Map>
    Array of objects where each details one unexpired database user certificate.
    currentCertificate String
    Contains the last X.509 certificate and private key created for a database user.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing X509AuthenticationDatabaseUser Resource

    Get an existing X509AuthenticationDatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: X509AuthenticationDatabaseUserState, opts?: CustomResourceOptions): X509AuthenticationDatabaseUser
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            certificates: Optional[Sequence[X509AuthenticationDatabaseUserCertificateArgs]] = None,
            current_certificate: Optional[str] = None,
            customer_x509_cas: Optional[str] = None,
            months_until_expiration: Optional[int] = None,
            project_id: Optional[str] = None,
            username: Optional[str] = None) -> X509AuthenticationDatabaseUser
    func GetX509AuthenticationDatabaseUser(ctx *Context, name string, id IDInput, state *X509AuthenticationDatabaseUserState, opts ...ResourceOption) (*X509AuthenticationDatabaseUser, error)
    public static X509AuthenticationDatabaseUser Get(string name, Input<string> id, X509AuthenticationDatabaseUserState? state, CustomResourceOptions? opts = null)
    public static X509AuthenticationDatabaseUser get(String name, Output<String> id, X509AuthenticationDatabaseUserState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Certificates List<X509AuthenticationDatabaseUserCertificate>
    Array of objects where each details one unexpired database user certificate.
    CurrentCertificate string
    Contains the last X.509 certificate and private key created for a database user.
    CustomerX509Cas string
    PEM string containing one or more customer CAs for database user authentication.
    MonthsUntilExpiration int
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    ProjectId string
    Identifier for the Atlas project associated with the X.509 configuration.
    Username string
    Username of the database user to create a certificate for.
    Certificates []X509AuthenticationDatabaseUserCertificateArgs
    Array of objects where each details one unexpired database user certificate.
    CurrentCertificate string
    Contains the last X.509 certificate and private key created for a database user.
    CustomerX509Cas string
    PEM string containing one or more customer CAs for database user authentication.
    MonthsUntilExpiration int
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    ProjectId string
    Identifier for the Atlas project associated with the X.509 configuration.
    Username string
    Username of the database user to create a certificate for.
    certificates List<X509AuthenticationDatabaseUserCertificate>
    Array of objects where each details one unexpired database user certificate.
    currentCertificate String
    Contains the last X.509 certificate and private key created for a database user.
    customerX509Cas String
    PEM string containing one or more customer CAs for database user authentication.
    monthsUntilExpiration Integer
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    projectId String
    Identifier for the Atlas project associated with the X.509 configuration.
    username String
    Username of the database user to create a certificate for.
    certificates X509AuthenticationDatabaseUserCertificate[]
    Array of objects where each details one unexpired database user certificate.
    currentCertificate string
    Contains the last X.509 certificate and private key created for a database user.
    customerX509Cas string
    PEM string containing one or more customer CAs for database user authentication.
    monthsUntilExpiration number
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    projectId string
    Identifier for the Atlas project associated with the X.509 configuration.
    username string
    Username of the database user to create a certificate for.
    certificates Sequence[X509AuthenticationDatabaseUserCertificateArgs]
    Array of objects where each details one unexpired database user certificate.
    current_certificate str
    Contains the last X.509 certificate and private key created for a database user.
    customer_x509_cas str
    PEM string containing one or more customer CAs for database user authentication.
    months_until_expiration int
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    project_id str
    Identifier for the Atlas project associated with the X.509 configuration.
    username str
    Username of the database user to create a certificate for.
    certificates List<Property Map>
    Array of objects where each details one unexpired database user certificate.
    currentCertificate String
    Contains the last X.509 certificate and private key created for a database user.
    customerX509Cas String
    PEM string containing one or more customer CAs for database user authentication.
    monthsUntilExpiration Number
    A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
    projectId String
    Identifier for the Atlas project associated with the X.509 configuration.
    username String
    Username of the database user to create a certificate for.

    Supporting Types

    X509AuthenticationDatabaseUserCertificate, X509AuthenticationDatabaseUserCertificateArgs

    CreatedAt string
    GroupId string
    Id int
    NotAfter string
    Subject string
    CreatedAt string
    GroupId string
    Id int
    NotAfter string
    Subject string
    createdAt String
    groupId String
    id Integer
    notAfter String
    subject String
    createdAt string
    groupId string
    id number
    notAfter string
    subject string
    createdAt String
    groupId String
    id Number
    notAfter String
    subject String

    Import

    X.509 Certificates for a User can be imported using project ID and username, in the format project_id-username, e.g.

     $ pulumi import mongodbatlas:index/x509AuthenticationDatabaseUser:X509AuthenticationDatabaseUser test 1112222b3bf99403840e8934-myUsername
    

    For more information seeMongoDB Atlas API Reference.

    Current X.509 Configuration can be imported using project ID, in the format project_id, e.g.

     $ pulumi import mongodbatlas:index/x509AuthenticationDatabaseUser:X509AuthenticationDatabaseUser test 1112222b3bf99403840e8934
    

    For more information seeMongoDB Atlas API Reference.

    Package Details

    Repository
    MongoDB Atlas pulumi/pulumi-mongodbatlas
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mongodbatlas Terraform Provider.
    mongodbatlas logo
    MongoDB Atlas v3.14.1 published on Thursday, Feb 8, 2024 by Pulumi