Docs
PackagesMongoDB Atlas v3.14.3 published on Monday, Apr 1, 2024 by Pulumi
mongodbatlas.X509AuthenticationDatabaseUser
Explore with Pulumi AI
mongodbatlas.X509AuthenticationDatabaseUser provides a X509 Authentication Database User resource. The mongodbatlas.X509AuthenticationDatabaseUser resource lets you manage MongoDB users who authenticate using X.509 certificates. You can manage these X.509 certificates or let Atlas do it for you.
| Management | Description |
|---|---|
| Atlas | Atlas manages your Certificate Authority and can generate certificates for your MongoDB users. No additional X.509 configuration is required. |
| Customer | You must provide a Certificate Authority and generate certificates for your MongoDB users. |
NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.
NOTE: Before provider version 1.14.0, Self-managed X.509 Authentication was disabled for the project when this resource was deleted. Starting from that version onward, it will not be disabled, allowing other users to continue using X.509 within the same project.
Example Usage
S
Example Usage: Generate an Atlas-managed X.509 certificate for a MongoDB user
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUser;
import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var user = new DatabaseUser("user", DatabaseUserArgs.builder()
.projectId("64b926dd56206839b1c8bae9")
.username("myUsername")
.x509Type("MANAGED")
.databaseName("$external")
.roles(DatabaseUserRoleArgs.builder()
.roleName("atlasAdmin")
.databaseName("admin")
.build())
.labels(DatabaseUserLabelArgs.builder()
.key("My Key")
.value("My Value")
.build())
.build());
var test = new X509AuthenticationDatabaseUser("test", X509AuthenticationDatabaseUserArgs.builder()
.projectId(user.projectId())
.username(user.username())
.monthsUntilExpiration(2)
.build());
}
}
resources:
user:
type: mongodbatlas:DatabaseUser
properties:
projectId: 64b926dd56206839b1c8bae9
username: myUsername
x509Type: MANAGED
databaseName: $external
roles:
- roleName: atlasAdmin
databaseName: admin
labels:
- key: My Key
value: My Value
test:
type: mongodbatlas:X509AuthenticationDatabaseUser
properties:
projectId: ${user.projectId}
username: ${user.username}
monthsUntilExpiration: 2
Example Usage: Save a self-managed X.509 certificate for an Atlas project and use it with a dababase user
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUser;
import com.pulumi.mongodbatlas.X509AuthenticationDatabaseUserArgs;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new X509AuthenticationDatabaseUser("test", X509AuthenticationDatabaseUserArgs.builder()
.customerX509Cas("""
-----BEGIN CERTIFICATE-----
MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
-----END CERTIFICATE-----"
""")
.projectId("<PROJECT-ID>")
.build());
var user = new DatabaseUser("user", DatabaseUserArgs.builder()
.databaseName("$external")
.labels(DatabaseUserLabelArgs.builder()
.key("My Key")
.value("My Value")
.build())
.projectId("64b926dd56206839b1c8bae9")
.roles(DatabaseUserRoleArgs.builder()
.databaseName("admin")
.roleName("atlasAdmin")
.build())
.username("myUsername")
.x509Type("CUSTOMER")
.build());
// Make sure to set x509_type = "CUSTOMER"
}
}
resources:
test:
type: mongodbatlas:X509AuthenticationDatabaseUser
properties:
customerX509Cas: |2+
-----BEGIN CERTIFICATE-----
MIICmTCCAgICCQDZnHzklxsT9TANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
VVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xETAPBgNVBAoMCHRl
c3QuY29tMQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAh0ZXN0LmNvbTErMCkGCSqG
SIb3DQEJARYcbWVsaXNzYS5wbHVua2V0dEBtb25nb2RiLmNvbTAeFw0yMDAyMDQy
MDQ2MDFaFw0yMTAyMDMyMDQ2MDFaMIGQMQswCQYDVQQGEwJVUzEOMAwGA1UECAwF
VGV4YXMxDzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIdGVzdC5jb20xDTALBgNV
BAsMBFRlc3QxETAPBgNVBAMMCHRlc3QuY29tMSswKQYJKoZIhvcNAQkBFhxtZWxp
c3NhLnBsdW5rZXR0QG1vbmdvZGIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCf1LRqr1zftzdYx2Aj9G76tb0noMPtj6faGLlPji1+m6Rn7RWD9L0ntWAr
cURxvypa9jZ9MXFzDtLevvd3tHEmfrUT3ukNDX6+Jtc4kWm+Dh2A70Pd+deKZ2/O
Fh8audEKAESGXnTbeJCeQa1XKlIkjqQHBNwES5h1b9vJtFoLJwIDAQABMA0GCSqG
SIb3DQEBCwUAA4GBADMUncjEPV/MiZUcVNGmktP6BPmEqMXQWUDpdGW2+Tg2JtUA
7MMILtepBkFzLO+GlpZxeAlXO0wxiNgEmCRONgh4+t2w3e7a8GFijYQ99FHrAC5A
iul59bdl18gVqXia1Yeq/iK7Ohfy/Jwd7Hsm530elwkM/ZEkYDjBlZSXYdyz
-----END CERTIFICATE-----"
projectId: <PROJECT-ID>
user:
type: mongodbatlas:DatabaseUser
properties:
databaseName: $external
labels:
- key: My Key
value: My Value
projectId: 64b926dd56206839b1c8bae9
roles:
- databaseName: admin
roleName: atlasAdmin
username: myUsername
x509Type: CUSTOMER
Create X509AuthenticationDatabaseUser Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new X509AuthenticationDatabaseUser(name: string, args: X509AuthenticationDatabaseUserArgs, opts?: CustomResourceOptions);@overload
def X509AuthenticationDatabaseUser(resource_name: str,
args: X509AuthenticationDatabaseUserArgs,
opts: Optional[ResourceOptions] = None)
@overload
def X509AuthenticationDatabaseUser(resource_name: str,
opts: Optional[ResourceOptions] = None,
project_id: Optional[str] = None,
customer_x509_cas: Optional[str] = None,
months_until_expiration: Optional[int] = None,
username: Optional[str] = None)func NewX509AuthenticationDatabaseUser(ctx *Context, name string, args X509AuthenticationDatabaseUserArgs, opts ...ResourceOption) (*X509AuthenticationDatabaseUser, error)public X509AuthenticationDatabaseUser(string name, X509AuthenticationDatabaseUserArgs args, CustomResourceOptions? opts = null)
public X509AuthenticationDatabaseUser(String name, X509AuthenticationDatabaseUserArgs args)
public X509AuthenticationDatabaseUser(String name, X509AuthenticationDatabaseUserArgs args, CustomResourceOptions options)
type: mongodbatlas:X509AuthenticationDatabaseUser
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args X509AuthenticationDatabaseUserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args X509AuthenticationDatabaseUserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args X509AuthenticationDatabaseUserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args X509AuthenticationDatabaseUserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args X509AuthenticationDatabaseUserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var x509authenticationDatabaseUserResource = new Mongodbatlas.X509AuthenticationDatabaseUser("x509authenticationDatabaseUserResource", new()
{
ProjectId = "string",
CustomerX509Cas = "string",
MonthsUntilExpiration = 0,
Username = "string",
});
example, err := mongodbatlas.NewX509AuthenticationDatabaseUser(ctx, "x509authenticationDatabaseUserResource", &mongodbatlas.X509AuthenticationDatabaseUserArgs{
ProjectId: pulumi.String("string"),
CustomerX509Cas: pulumi.String("string"),
MonthsUntilExpiration: pulumi.Int(0),
Username: pulumi.String("string"),
})
var x509authenticationDatabaseUserResource = new X509AuthenticationDatabaseUser("x509authenticationDatabaseUserResource", X509AuthenticationDatabaseUserArgs.builder()
.projectId("string")
.customerX509Cas("string")
.monthsUntilExpiration(0)
.username("string")
.build());
x509authentication_database_user_resource = mongodbatlas.X509AuthenticationDatabaseUser("x509authenticationDatabaseUserResource",
project_id="string",
customer_x509_cas="string",
months_until_expiration=0,
username="string")
const x509authenticationDatabaseUserResource = new mongodbatlas.X509AuthenticationDatabaseUser("x509authenticationDatabaseUserResource", {
projectId: "string",
customerX509Cas: "string",
monthsUntilExpiration: 0,
username: "string",
});
type: mongodbatlas:X509AuthenticationDatabaseUser
properties:
customerX509Cas: string
monthsUntilExpiration: 0
projectId: string
username: string
X509AuthenticationDatabaseUser Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The X509AuthenticationDatabaseUser resource accepts the following input properties:
- Project
Id string - Identifier for the Atlas project associated with the X.509 configuration.
- Customer
X509Cas string - PEM string containing one or more customer CAs for database user authentication.
- Months
Until intExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- Username string
- Username of the database user to create a certificate for.
- Project
Id string - Identifier for the Atlas project associated with the X.509 configuration.
- Customer
X509Cas string - PEM string containing one or more customer CAs for database user authentication.
- Months
Until intExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- Username string
- Username of the database user to create a certificate for.
- project
Id String - Identifier for the Atlas project associated with the X.509 configuration.
- customer
X509Cas String - PEM string containing one or more customer CAs for database user authentication.
- months
Until IntegerExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- username String
- Username of the database user to create a certificate for.
- project
Id string - Identifier for the Atlas project associated with the X.509 configuration.
- customer
X509Cas string - PEM string containing one or more customer CAs for database user authentication.
- months
Until numberExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- username string
- Username of the database user to create a certificate for.
- project_
id str - Identifier for the Atlas project associated with the X.509 configuration.
- customer_
x509_ strcas - PEM string containing one or more customer CAs for database user authentication.
- months_
until_ intexpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- username str
- Username of the database user to create a certificate for.
- project
Id String - Identifier for the Atlas project associated with the X.509 configuration.
- customer
X509Cas String - PEM string containing one or more customer CAs for database user authentication.
- months
Until NumberExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- username String
- Username of the database user to create a certificate for.
Outputs
All input properties are implicitly available as output properties. Additionally, the X509AuthenticationDatabaseUser resource produces the following output properties:
- Certificates
List<X509Authentication
Database User Certificate> - Array of objects where each details one unexpired database user certificate.
- Current
Certificate string - Contains the last X.509 certificate and private key created for a database user.
- Id string
- The provider-assigned unique ID for this managed resource.
- Certificates
[]X509Authentication
Database User Certificate - Array of objects where each details one unexpired database user certificate.
- Current
Certificate string - Contains the last X.509 certificate and private key created for a database user.
- Id string
- The provider-assigned unique ID for this managed resource.
- certificates
List<X509Authentication
Database User Certificate> - Array of objects where each details one unexpired database user certificate.
- current
Certificate String - Contains the last X.509 certificate and private key created for a database user.
- id String
- The provider-assigned unique ID for this managed resource.
- certificates
X509Authentication
Database User Certificate[] - Array of objects where each details one unexpired database user certificate.
- current
Certificate string - Contains the last X.509 certificate and private key created for a database user.
- id string
- The provider-assigned unique ID for this managed resource.
- certificates
Sequence[X509Authentication
Database User Certificate] - Array of objects where each details one unexpired database user certificate.
- current_
certificate str - Contains the last X.509 certificate and private key created for a database user.
- id str
- The provider-assigned unique ID for this managed resource.
- certificates List<Property Map>
- Array of objects where each details one unexpired database user certificate.
- current
Certificate String - Contains the last X.509 certificate and private key created for a database user.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing X509AuthenticationDatabaseUser Resource
Get an existing X509AuthenticationDatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: X509AuthenticationDatabaseUserState, opts?: CustomResourceOptions): X509AuthenticationDatabaseUser@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificates: Optional[Sequence[X509AuthenticationDatabaseUserCertificateArgs]] = None,
current_certificate: Optional[str] = None,
customer_x509_cas: Optional[str] = None,
months_until_expiration: Optional[int] = None,
project_id: Optional[str] = None,
username: Optional[str] = None) -> X509AuthenticationDatabaseUserfunc GetX509AuthenticationDatabaseUser(ctx *Context, name string, id IDInput, state *X509AuthenticationDatabaseUserState, opts ...ResourceOption) (*X509AuthenticationDatabaseUser, error)public static X509AuthenticationDatabaseUser Get(string name, Input<string> id, X509AuthenticationDatabaseUserState? state, CustomResourceOptions? opts = null)public static X509AuthenticationDatabaseUser get(String name, Output<String> id, X509AuthenticationDatabaseUserState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificates
List<X509Authentication
Database User Certificate> - Array of objects where each details one unexpired database user certificate.
- Current
Certificate string - Contains the last X.509 certificate and private key created for a database user.
- Customer
X509Cas string - PEM string containing one or more customer CAs for database user authentication.
- Months
Until intExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- Project
Id string - Identifier for the Atlas project associated with the X.509 configuration.
- Username string
- Username of the database user to create a certificate for.
- Certificates
[]X509Authentication
Database User Certificate Args - Array of objects where each details one unexpired database user certificate.
- Current
Certificate string - Contains the last X.509 certificate and private key created for a database user.
- Customer
X509Cas string - PEM string containing one or more customer CAs for database user authentication.
- Months
Until intExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- Project
Id string - Identifier for the Atlas project associated with the X.509 configuration.
- Username string
- Username of the database user to create a certificate for.
- certificates
List<X509Authentication
Database User Certificate> - Array of objects where each details one unexpired database user certificate.
- current
Certificate String - Contains the last X.509 certificate and private key created for a database user.
- customer
X509Cas String - PEM string containing one or more customer CAs for database user authentication.
- months
Until IntegerExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- project
Id String - Identifier for the Atlas project associated with the X.509 configuration.
- username String
- Username of the database user to create a certificate for.
- certificates
X509Authentication
Database User Certificate[] - Array of objects where each details one unexpired database user certificate.
- current
Certificate string - Contains the last X.509 certificate and private key created for a database user.
- customer
X509Cas string - PEM string containing one or more customer CAs for database user authentication.
- months
Until numberExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- project
Id string - Identifier for the Atlas project associated with the X.509 configuration.
- username string
- Username of the database user to create a certificate for.
- certificates
Sequence[X509Authentication
Database User Certificate Args] - Array of objects where each details one unexpired database user certificate.
- current_
certificate str - Contains the last X.509 certificate and private key created for a database user.
- customer_
x509_ strcas - PEM string containing one or more customer CAs for database user authentication.
- months_
until_ intexpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- project_
id str - Identifier for the Atlas project associated with the X.509 configuration.
- username str
- Username of the database user to create a certificate for.
- certificates List<Property Map>
- Array of objects where each details one unexpired database user certificate.
- current
Certificate String - Contains the last X.509 certificate and private key created for a database user.
- customer
X509Cas String - PEM string containing one or more customer CAs for database user authentication.
- months
Until NumberExpiration - A number of months that the created certificate is valid for before expiry, up to 24 months. By default is 3.
- project
Id String - Identifier for the Atlas project associated with the X.509 configuration.
- username String
- Username of the database user to create a certificate for.
Supporting Types
X509AuthenticationDatabaseUserCertificate, X509AuthenticationDatabaseUserCertificateArgs
- created_
at str - group_
id str - id int
- not_
after str - subject str
Import
X.509 Certificates for a User can be imported using project ID and username, in the format project_id-username, e.g.
$ pulumi import mongodbatlas:index/x509AuthenticationDatabaseUser:X509AuthenticationDatabaseUser test 1112222b3bf99403840e8934-myUsername
For more information see: MongoDB Atlas API Reference.
Current X.509 Configuration can be imported using project ID, in the format project_id, e.g.
$ pulumi import mongodbatlas:index/x509AuthenticationDatabaseUser:X509AuthenticationDatabaseUser test 1112222b3bf99403840e8934
For more information see: MongoDB Atlas API Reference.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.