Docs Home
mongodbatlas.CustomDbRole
Explore with Pulumi AI
# Resource: mongodbatlas.CustomDbRole
mongodbatlas.CustomDbRole provides a Custom DB Role resource. The customDBRoles resource lets you retrieve, create and modify the custom MongoDB roles in your cluster. Use custom MongoDB roles to specify custom sets of actions which cannot be described by the built-in Atlas database user privileges.
IMPORTANT You define custom roles at the project level for all clusters in the project. The
mongodbatlas.CustomDbRoleresource supports a subset of MongoDB privilege actions. For a complete list of privilege actions available for this resource, see Custom Role actions. Custom roles must include actions that all project’s clusters support, and that are compatible with each MongoDB version used by your project’s clusters. For example, if your project has MongoDB 4.2 clusters, you can’t create custom roles that use actions introduced in MongoDB 4.4.
NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const testRole = new mongodbatlas.CustomDbRole("test_role", {
projectId: "<PROJECT-ID>",
roleName: "myCustomRole",
actions: [
{
action: "UPDATE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
{
action: "INSERT",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
{
action: "REMOVE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test_role = mongodbatlas.CustomDbRole("test_role",
project_id="<PROJECT-ID>",
role_name="myCustomRole",
actions=[
{
"action": "UPDATE",
"resources": [{
"collection_name": "",
"database_name": "anyDatabase",
}],
},
{
"action": "INSERT",
"resources": [{
"collection_name": "",
"database_name": "anyDatabase",
}],
},
{
"action": "REMOVE",
"resources": [{
"collection_name": "",
"database_name": "anyDatabase",
}],
},
])
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewCustomDbRole(ctx, "test_role", &mongodbatlas.CustomDbRoleArgs{
ProjectId: pulumi.String("<PROJECT-ID>"),
RoleName: pulumi.String("myCustomRole"),
Actions: mongodbatlas.CustomDbRoleActionArray{
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("UPDATE"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
CollectionName: pulumi.String(""),
DatabaseName: pulumi.String("anyDatabase"),
},
},
},
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("INSERT"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
CollectionName: pulumi.String(""),
DatabaseName: pulumi.String("anyDatabase"),
},
},
},
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("REMOVE"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
CollectionName: pulumi.String(""),
DatabaseName: pulumi.String("anyDatabase"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var testRole = new Mongodbatlas.CustomDbRole("test_role", new()
{
ProjectId = "<PROJECT-ID>",
RoleName = "myCustomRole",
Actions = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "UPDATE",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "INSERT",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "REMOVE",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CustomDbRole;
import com.pulumi.mongodbatlas.CustomDbRoleArgs;
import com.pulumi.mongodbatlas.inputs.CustomDbRoleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testRole = new CustomDbRole("testRole", CustomDbRoleArgs.builder()
.projectId("<PROJECT-ID>")
.roleName("myCustomRole")
.actions(
CustomDbRoleActionArgs.builder()
.action("UPDATE")
.resources(CustomDbRoleActionResourceArgs.builder()
.collectionName("")
.databaseName("anyDatabase")
.build())
.build(),
CustomDbRoleActionArgs.builder()
.action("INSERT")
.resources(CustomDbRoleActionResourceArgs.builder()
.collectionName("")
.databaseName("anyDatabase")
.build())
.build(),
CustomDbRoleActionArgs.builder()
.action("REMOVE")
.resources(CustomDbRoleActionResourceArgs.builder()
.collectionName("")
.databaseName("anyDatabase")
.build())
.build())
.build());
}
}
resources:
testRole:
type: mongodbatlas:CustomDbRole
name: test_role
properties:
projectId: <PROJECT-ID>
roleName: myCustomRole
actions:
- action: UPDATE
resources:
- collectionName:
databaseName: anyDatabase
- action: INSERT
resources:
- collectionName:
databaseName: anyDatabase
- action: REMOVE
resources:
- collectionName:
databaseName: anyDatabase
With Inherited Roles
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const inheritedRoleOne = new mongodbatlas.CustomDbRole("inherited_role_one", {
projectId: "<PROJECT-ID>",
roleName: "insertRole",
actions: [{
action: "INSERT",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
}],
});
const inheritedRoleTwo = new mongodbatlas.CustomDbRole("inherited_role_two", {
projectId: inheritedRoleOne.projectId,
roleName: "statusServerRole",
actions: [{
action: "SERVER_STATUS",
resources: [{
cluster: true,
}],
}],
});
const testRole = new mongodbatlas.CustomDbRole("test_role", {
projectId: inheritedRoleOne.projectId,
roleName: "myCustomRole",
actions: [
{
action: "UPDATE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
{
action: "REMOVE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
],
inheritedRoles: [
{
roleName: inheritedRoleOne.roleName,
databaseName: "admin",
},
{
roleName: inheritedRoleTwo.roleName,
databaseName: "admin",
},
],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
inherited_role_one = mongodbatlas.CustomDbRole("inherited_role_one",
project_id="<PROJECT-ID>",
role_name="insertRole",
actions=[{
"action": "INSERT",
"resources": [{
"collection_name": "",
"database_name": "anyDatabase",
}],
}])
inherited_role_two = mongodbatlas.CustomDbRole("inherited_role_two",
project_id=inherited_role_one.project_id,
role_name="statusServerRole",
actions=[{
"action": "SERVER_STATUS",
"resources": [{
"cluster": True,
}],
}])
test_role = mongodbatlas.CustomDbRole("test_role",
project_id=inherited_role_one.project_id,
role_name="myCustomRole",
actions=[
{
"action": "UPDATE",
"resources": [{
"collection_name": "",
"database_name": "anyDatabase",
}],
},
{
"action": "REMOVE",
"resources": [{
"collection_name": "",
"database_name": "anyDatabase",
}],
},
],
inherited_roles=[
{
"role_name": inherited_role_one.role_name,
"database_name": "admin",
},
{
"role_name": inherited_role_two.role_name,
"database_name": "admin",
},
])
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
inheritedRoleOne, err := mongodbatlas.NewCustomDbRole(ctx, "inherited_role_one", &mongodbatlas.CustomDbRoleArgs{
ProjectId: pulumi.String("<PROJECT-ID>"),
RoleName: pulumi.String("insertRole"),
Actions: mongodbatlas.CustomDbRoleActionArray{
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("INSERT"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
CollectionName: pulumi.String(""),
DatabaseName: pulumi.String("anyDatabase"),
},
},
},
},
})
if err != nil {
return err
}
inheritedRoleTwo, err := mongodbatlas.NewCustomDbRole(ctx, "inherited_role_two", &mongodbatlas.CustomDbRoleArgs{
ProjectId: inheritedRoleOne.ProjectId,
RoleName: pulumi.String("statusServerRole"),
Actions: mongodbatlas.CustomDbRoleActionArray{
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("SERVER_STATUS"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
Cluster: pulumi.Bool(true),
},
},
},
},
})
if err != nil {
return err
}
_, err = mongodbatlas.NewCustomDbRole(ctx, "test_role", &mongodbatlas.CustomDbRoleArgs{
ProjectId: inheritedRoleOne.ProjectId,
RoleName: pulumi.String("myCustomRole"),
Actions: mongodbatlas.CustomDbRoleActionArray{
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("UPDATE"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
CollectionName: pulumi.String(""),
DatabaseName: pulumi.String("anyDatabase"),
},
},
},
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("REMOVE"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
CollectionName: pulumi.String(""),
DatabaseName: pulumi.String("anyDatabase"),
},
},
},
},
InheritedRoles: mongodbatlas.CustomDbRoleInheritedRoleArray{
&mongodbatlas.CustomDbRoleInheritedRoleArgs{
RoleName: inheritedRoleOne.RoleName,
DatabaseName: pulumi.String("admin"),
},
&mongodbatlas.CustomDbRoleInheritedRoleArgs{
RoleName: inheritedRoleTwo.RoleName,
DatabaseName: pulumi.String("admin"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var inheritedRoleOne = new Mongodbatlas.CustomDbRole("inherited_role_one", new()
{
ProjectId = "<PROJECT-ID>",
RoleName = "insertRole",
Actions = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "INSERT",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
},
});
var inheritedRoleTwo = new Mongodbatlas.CustomDbRole("inherited_role_two", new()
{
ProjectId = inheritedRoleOne.ProjectId,
RoleName = "statusServerRole",
Actions = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "SERVER_STATUS",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
Cluster = true,
},
},
},
},
});
var testRole = new Mongodbatlas.CustomDbRole("test_role", new()
{
ProjectId = inheritedRoleOne.ProjectId,
RoleName = "myCustomRole",
Actions = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "UPDATE",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "REMOVE",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
},
InheritedRoles = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
{
RoleName = inheritedRoleOne.RoleName,
DatabaseName = "admin",
},
new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
{
RoleName = inheritedRoleTwo.RoleName,
DatabaseName = "admin",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CustomDbRole;
import com.pulumi.mongodbatlas.CustomDbRoleArgs;
import com.pulumi.mongodbatlas.inputs.CustomDbRoleActionArgs;
import com.pulumi.mongodbatlas.inputs.CustomDbRoleInheritedRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var inheritedRoleOne = new CustomDbRole("inheritedRoleOne", CustomDbRoleArgs.builder()
.projectId("<PROJECT-ID>")
.roleName("insertRole")
.actions(CustomDbRoleActionArgs.builder()
.action("INSERT")
.resources(CustomDbRoleActionResourceArgs.builder()
.collectionName("")
.databaseName("anyDatabase")
.build())
.build())
.build());
var inheritedRoleTwo = new CustomDbRole("inheritedRoleTwo", CustomDbRoleArgs.builder()
.projectId(inheritedRoleOne.projectId())
.roleName("statusServerRole")
.actions(CustomDbRoleActionArgs.builder()
.action("SERVER_STATUS")
.resources(CustomDbRoleActionResourceArgs.builder()
.cluster(true)
.build())
.build())
.build());
var testRole = new CustomDbRole("testRole", CustomDbRoleArgs.builder()
.projectId(inheritedRoleOne.projectId())
.roleName("myCustomRole")
.actions(
CustomDbRoleActionArgs.builder()
.action("UPDATE")
.resources(CustomDbRoleActionResourceArgs.builder()
.collectionName("")
.databaseName("anyDatabase")
.build())
.build(),
CustomDbRoleActionArgs.builder()
.action("REMOVE")
.resources(CustomDbRoleActionResourceArgs.builder()
.collectionName("")
.databaseName("anyDatabase")
.build())
.build())
.inheritedRoles(
CustomDbRoleInheritedRoleArgs.builder()
.roleName(inheritedRoleOne.roleName())
.databaseName("admin")
.build(),
CustomDbRoleInheritedRoleArgs.builder()
.roleName(inheritedRoleTwo.roleName())
.databaseName("admin")
.build())
.build());
}
}
resources:
inheritedRoleOne:
type: mongodbatlas:CustomDbRole
name: inherited_role_one
properties:
projectId: <PROJECT-ID>
roleName: insertRole
actions:
- action: INSERT
resources:
- collectionName:
databaseName: anyDatabase
inheritedRoleTwo:
type: mongodbatlas:CustomDbRole
name: inherited_role_two
properties:
projectId: ${inheritedRoleOne.projectId}
roleName: statusServerRole
actions:
- action: SERVER_STATUS
resources:
- cluster: true
testRole:
type: mongodbatlas:CustomDbRole
name: test_role
properties:
projectId: ${inheritedRoleOne.projectId}
roleName: myCustomRole
actions:
- action: UPDATE
resources:
- collectionName:
databaseName: anyDatabase
- action: REMOVE
resources:
- collectionName:
databaseName: anyDatabase
inheritedRoles:
- roleName: ${inheritedRoleOne.roleName}
databaseName: admin
- roleName: ${inheritedRoleTwo.roleName}
databaseName: admin
Create CustomDbRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CustomDbRole(name: string, args: CustomDbRoleArgs, opts?: CustomResourceOptions);@overload
def CustomDbRole(resource_name: str,
args: CustomDbRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CustomDbRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
project_id: Optional[str] = None,
role_name: Optional[str] = None,
actions: Optional[Sequence[CustomDbRoleActionArgs]] = None,
inherited_roles: Optional[Sequence[CustomDbRoleInheritedRoleArgs]] = None)func NewCustomDbRole(ctx *Context, name string, args CustomDbRoleArgs, opts ...ResourceOption) (*CustomDbRole, error)public CustomDbRole(string name, CustomDbRoleArgs args, CustomResourceOptions? opts = null)
public CustomDbRole(String name, CustomDbRoleArgs args)
public CustomDbRole(String name, CustomDbRoleArgs args, CustomResourceOptions options)
type: mongodbatlas:CustomDbRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var customDbRoleResource = new Mongodbatlas.CustomDbRole("customDbRoleResource", new()
{
ProjectId = "string",
RoleName = "string",
Actions = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "string",
Resources = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
Cluster = false,
CollectionName = "string",
DatabaseName = "string",
},
},
},
},
InheritedRoles = new[]
{
new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
{
DatabaseName = "string",
RoleName = "string",
},
},
});
example, err := mongodbatlas.NewCustomDbRole(ctx, "customDbRoleResource", &mongodbatlas.CustomDbRoleArgs{
ProjectId: pulumi.String("string"),
RoleName: pulumi.String("string"),
Actions: mongodbatlas.CustomDbRoleActionArray{
&mongodbatlas.CustomDbRoleActionArgs{
Action: pulumi.String("string"),
Resources: mongodbatlas.CustomDbRoleActionResourceArray{
&mongodbatlas.CustomDbRoleActionResourceArgs{
Cluster: pulumi.Bool(false),
CollectionName: pulumi.String("string"),
DatabaseName: pulumi.String("string"),
},
},
},
},
InheritedRoles: mongodbatlas.CustomDbRoleInheritedRoleArray{
&mongodbatlas.CustomDbRoleInheritedRoleArgs{
DatabaseName: pulumi.String("string"),
RoleName: pulumi.String("string"),
},
},
})
var customDbRoleResource = new CustomDbRole("customDbRoleResource", CustomDbRoleArgs.builder()
.projectId("string")
.roleName("string")
.actions(CustomDbRoleActionArgs.builder()
.action("string")
.resources(CustomDbRoleActionResourceArgs.builder()
.cluster(false)
.collectionName("string")
.databaseName("string")
.build())
.build())
.inheritedRoles(CustomDbRoleInheritedRoleArgs.builder()
.databaseName("string")
.roleName("string")
.build())
.build());
custom_db_role_resource = mongodbatlas.CustomDbRole("customDbRoleResource",
project_id="string",
role_name="string",
actions=[{
"action": "string",
"resources": [{
"cluster": False,
"collection_name": "string",
"database_name": "string",
}],
}],
inherited_roles=[{
"database_name": "string",
"role_name": "string",
}])
const customDbRoleResource = new mongodbatlas.CustomDbRole("customDbRoleResource", {
projectId: "string",
roleName: "string",
actions: [{
action: "string",
resources: [{
cluster: false,
collectionName: "string",
databaseName: "string",
}],
}],
inheritedRoles: [{
databaseName: "string",
roleName: "string",
}],
});
type: mongodbatlas:CustomDbRole
properties:
actions:
- action: string
resources:
- cluster: false
collectionName: string
databaseName: string
inheritedRoles:
- databaseName: string
roleName: string
projectId: string
roleName: string
CustomDbRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CustomDbRole resource accepts the following input properties:
- Project
Id string - The unique ID for the project to create the database user.
- Role
Name string Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- Actions
List<Custom
Db Role Action> - Inherited
Roles List<CustomDb Role Inherited Role>
- Project
Id string - The unique ID for the project to create the database user.
- Role
Name string Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- Actions
[]Custom
Db Role Action Args - Inherited
Roles []CustomDb Role Inherited Role Args
- project
Id String - The unique ID for the project to create the database user.
- role
Name String Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions
List<Custom
Db Role Action> - inherited
Roles List<CustomDb Role Inherited Role>
- project
Id string - The unique ID for the project to create the database user.
- role
Name string Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions
Custom
Db Role Action[] - inherited
Roles CustomDb Role Inherited Role[]
- project_
id str - The unique ID for the project to create the database user.
- role_
name str Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions
Sequence[Custom
Db Role Action Args] - inherited_
roles Sequence[CustomDb Role Inherited Role Args]
- project
Id String - The unique ID for the project to create the database user.
- role
Name String Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions List<Property Map>
- inherited
Roles List<Property Map>
Outputs
All input properties are implicitly available as output properties. Additionally, the CustomDbRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CustomDbRole Resource
Get an existing CustomDbRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CustomDbRoleState, opts?: CustomResourceOptions): CustomDbRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[CustomDbRoleActionArgs]] = None,
inherited_roles: Optional[Sequence[CustomDbRoleInheritedRoleArgs]] = None,
project_id: Optional[str] = None,
role_name: Optional[str] = None) -> CustomDbRolefunc GetCustomDbRole(ctx *Context, name string, id IDInput, state *CustomDbRoleState, opts ...ResourceOption) (*CustomDbRole, error)public static CustomDbRole Get(string name, Input<string> id, CustomDbRoleState? state, CustomResourceOptions? opts = null)public static CustomDbRole get(String name, Output<String> id, CustomDbRoleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Custom
Db Role Action> - Inherited
Roles List<CustomDb Role Inherited Role> - Project
Id string - The unique ID for the project to create the database user.
- Role
Name string Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- Actions
[]Custom
Db Role Action Args - Inherited
Roles []CustomDb Role Inherited Role Args - Project
Id string - The unique ID for the project to create the database user.
- Role
Name string Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions
List<Custom
Db Role Action> - inherited
Roles List<CustomDb Role Inherited Role> - project
Id String - The unique ID for the project to create the database user.
- role
Name String Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions
Custom
Db Role Action[] - inherited
Roles CustomDb Role Inherited Role[] - project
Id string - The unique ID for the project to create the database user.
- role
Name string Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions
Sequence[Custom
Db Role Action Args] - inherited_
roles Sequence[CustomDb Role Inherited Role Args] - project_
id str - The unique ID for the project to create the database user.
- role_
name str Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
- actions List<Property Map>
- inherited
Roles List<Property Map> - project
Id String - The unique ID for the project to create the database user.
- role
Name String Name of the custom role.
IMPORTANT The specified role name can only contain letters, digits, underscores, and dashes. Additionally, you cannot specify a role name which meets any of the following criteria:
- Is a name already used by an existing custom role in the project
- Is a name of any of the built-in roles
- Is
atlasAdmin - Starts with
xgen-
Supporting Types
CustomDbRoleAction, CustomDbRoleActionArgs
- Action string
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions
Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- Resources
List<Custom
Db Role Action Resource> Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
resources.#.collection_name- (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.database_nameDatabase on which the action is granted.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.cluster(Optional) Set to true to indicate that the action is granted on the cluster resource.
NOTE This field is mutually exclusive with the
actions.resources.collectionandactions.resources.db fields.
- Action string
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions
Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- Resources
[]Custom
Db Role Action Resource Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
resources.#.collection_name- (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.database_nameDatabase on which the action is granted.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.cluster(Optional) Set to true to indicate that the action is granted on the cluster resource.
NOTE This field is mutually exclusive with the
actions.resources.collectionandactions.resources.db fields.
- action String
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions
Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- resources
List<Custom
Db Role Action Resource> Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
resources.#.collection_name- (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.database_nameDatabase on which the action is granted.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.cluster(Optional) Set to true to indicate that the action is granted on the cluster resource.
NOTE This field is mutually exclusive with the
actions.resources.collectionandactions.resources.db fields.
- action string
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions
Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- resources
Custom
Db Role Action Resource[] Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
resources.#.collection_name- (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.database_nameDatabase on which the action is granted.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.cluster(Optional) Set to true to indicate that the action is granted on the cluster resource.
NOTE This field is mutually exclusive with the
actions.resources.collectionandactions.resources.db fields.
- action str
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions
Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- resources
Sequence[Custom
Db Role Action Resource] Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
resources.#.collection_name- (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.database_nameDatabase on which the action is granted.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.cluster(Optional) Set to true to indicate that the action is granted on the cluster resource.
NOTE This field is mutually exclusive with the
actions.resources.collectionandactions.resources.db fields.
- action String
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions
Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- resources List<Property Map>
Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
resources.#.collection_name- (Optional) Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.database_nameDatabase on which the action is granted.
NOTE This field is mutually exclusive with the
actions.resources.clusterfield.resources.#.cluster(Optional) Set to true to indicate that the action is granted on the cluster resource.
NOTE This field is mutually exclusive with the
actions.resources.collectionandactions.resources.db fields.
CustomDbRoleActionResource, CustomDbRoleActionResourceArgs
- Cluster bool
- Collection
Name string - Database
Name string Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- Cluster bool
- Collection
Name string - Database
Name string Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- cluster Boolean
- collection
Name String - database
Name String Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- cluster boolean
- collection
Name string - database
Name string Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- cluster bool
- collection_
name str - database_
name str Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- cluster Boolean
- collection
Name String - database
Name String Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
CustomDbRoleInheritedRole, CustomDbRoleInheritedRoleArgs
- Database
Name string Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- Role
Name string - Name of the inherited role. This can either be another custom role or a built-in role.
- Database
Name string Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- Role
Name string - Name of the inherited role. This can either be another custom role or a built-in role.
- database
Name String Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- role
Name String - Name of the inherited role. This can either be another custom role or a built-in role.
- database
Name string Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- role
Name string - Name of the inherited role. This can either be another custom role or a built-in role.
- database_
name str Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- role_
name str - Name of the inherited role. This can either be another custom role or a built-in role.
- database
Name String Database on which the inherited role is granted.
NOTE This value should be admin for all roles except read and readWrite.
- role
Name String - Name of the inherited role. This can either be another custom role or a built-in role.
Import
Database users can be imported using project ID and username, in the format PROJECTID-ROLENAME, e.g.
$ pulumi import mongodbatlas:index/customDbRole:CustomDbRole my_role 1112222b3bf99403840e8934-MyCustomRole
For more information see: MongoDB Atlas API Reference.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.