mongodbatlas.DatabaseUser
Explore with Pulumi AI
# Resource: mongodbatlas.DatabaseUser
mongodbatlas.DatabaseUser
provides a Database User resource. This represents a database user which will be applied to all clusters within the project.
Each user has a set of roles that provide access to the project’s databases. User’s roles apply to all the clusters in the project: if two clusters have a products
database and a user has a role granting read
access on the products database, the user has that access on both clusters.
NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.
WARNING: The password argument is required for creation but should be removed after creation if it will be managed externally. More details can be found in the password argument documentation.
IMPORTANT: All arguments including the password will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage
S
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
username: "test-acc-username",
password: "test-acc-password",
projectId: "<PROJECT-ID>",
authDatabaseName: "admin",
roles: [
{
roleName: "readWrite",
databaseName: "dbforApp",
},
{
roleName: "readAnyDatabase",
databaseName: "admin",
},
],
labels: [{
key: "My Key",
value: "My Value",
}],
scopes: [
{
name: "My cluster name",
type: "CLUSTER",
},
{
name: "My second cluster name",
type: "CLUSTER",
},
],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
username="test-acc-username",
password="test-acc-password",
project_id="<PROJECT-ID>",
auth_database_name="admin",
roles=[
{
"role_name": "readWrite",
"database_name": "dbforApp",
},
{
"role_name": "readAnyDatabase",
"database_name": "admin",
},
],
labels=[{
"key": "My Key",
"value": "My Value",
}],
scopes=[
{
"name": "My cluster name",
"type": "CLUSTER",
},
{
"name": "My second cluster name",
"type": "CLUSTER",
},
])
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
Username: pulumi.String("test-acc-username"),
Password: pulumi.String("test-acc-password"),
ProjectId: pulumi.String("<PROJECT-ID>"),
AuthDatabaseName: pulumi.String("admin"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
RoleName: pulumi.String("readWrite"),
DatabaseName: pulumi.String("dbforApp"),
},
&mongodbatlas.DatabaseUserRoleArgs{
RoleName: pulumi.String("readAnyDatabase"),
DatabaseName: pulumi.String("admin"),
},
},
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("My Key"),
Value: pulumi.String("My Value"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My cluster name"),
Type: pulumi.String("CLUSTER"),
},
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My second cluster name"),
Type: pulumi.String("CLUSTER"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
Username = "test-acc-username",
Password = "test-acc-password",
ProjectId = "<PROJECT-ID>",
AuthDatabaseName = "admin",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
RoleName = "readWrite",
DatabaseName = "dbforApp",
},
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
RoleName = "readAnyDatabase",
DatabaseName = "admin",
},
},
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "My Key",
Value = "My Value",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My cluster name",
Type = "CLUSTER",
},
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My second cluster name",
Type = "CLUSTER",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.username("test-acc-username")
.password("test-acc-password")
.projectId("<PROJECT-ID>")
.authDatabaseName("admin")
.roles(
DatabaseUserRoleArgs.builder()
.roleName("readWrite")
.databaseName("dbforApp")
.build(),
DatabaseUserRoleArgs.builder()
.roleName("readAnyDatabase")
.databaseName("admin")
.build())
.labels(DatabaseUserLabelArgs.builder()
.key("My Key")
.value("My Value")
.build())
.scopes(
DatabaseUserScopeArgs.builder()
.name("My cluster name")
.type("CLUSTER")
.build(),
DatabaseUserScopeArgs.builder()
.name("My second cluster name")
.type("CLUSTER")
.build())
.build());
}
}
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
username: test-acc-username
password: test-acc-password
projectId: <PROJECT-ID>
authDatabaseName: admin
roles:
- roleName: readWrite
databaseName: dbforApp
- roleName: readAnyDatabase
databaseName: admin
labels:
- key: My Key
value: My Value
scopes:
- name: My cluster name
type: CLUSTER
- name: My second cluster name
type: CLUSTER
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
username: "test-acc-username",
x509Type: "MANAGED",
projectId: "<PROJECT-ID>",
authDatabaseName: "$external",
roles: [{
roleName: "readAnyDatabase",
databaseName: "admin",
}],
labels: [{
key: "%s",
value: "%s",
}],
scopes: [{
name: "My cluster name",
type: "CLUSTER",
}],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
username="test-acc-username",
x509_type="MANAGED",
project_id="<PROJECT-ID>",
auth_database_name="$external",
roles=[{
"role_name": "readAnyDatabase",
"database_name": "admin",
}],
labels=[{
"key": "%s",
"value": "%s",
}],
scopes=[{
"name": "My cluster name",
"type": "CLUSTER",
}])
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
Username: pulumi.String("test-acc-username"),
X509Type: pulumi.String("MANAGED"),
ProjectId: pulumi.String("<PROJECT-ID>"),
AuthDatabaseName: pulumi.String("$external"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
RoleName: pulumi.String("readAnyDatabase"),
DatabaseName: pulumi.String("admin"),
},
},
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("%s"),
Value: pulumi.String("%s"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My cluster name"),
Type: pulumi.String("CLUSTER"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
Username = "test-acc-username",
X509Type = "MANAGED",
ProjectId = "<PROJECT-ID>",
AuthDatabaseName = "$external",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
RoleName = "readAnyDatabase",
DatabaseName = "admin",
},
},
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "%s",
Value = "%s",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My cluster name",
Type = "CLUSTER",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.username("test-acc-username")
.x509Type("MANAGED")
.projectId("<PROJECT-ID>")
.authDatabaseName("$external")
.roles(DatabaseUserRoleArgs.builder()
.roleName("readAnyDatabase")
.databaseName("admin")
.build())
.labels(DatabaseUserLabelArgs.builder()
.key("%s")
.value("%s")
.build())
.scopes(DatabaseUserScopeArgs.builder()
.name("My cluster name")
.type("CLUSTER")
.build())
.build());
}
}
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
username: test-acc-username
x509Type: MANAGED
projectId: <PROJECT-ID>
authDatabaseName: $external
roles:
- roleName: readAnyDatabase
databaseName: admin
labels:
- key: '%s'
value: '%s'
scopes:
- name: My cluster name
type: CLUSTER
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
username: testAwsIamRole.arn,
projectId: "<PROJECT-ID>",
authDatabaseName: "$external",
awsIamType: "ROLE",
roles: [{
roleName: "readAnyDatabase",
databaseName: "admin",
}],
labels: [{
key: "%s",
value: "%s",
}],
scopes: [{
name: "My cluster name",
type: "CLUSTER",
}],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
username=test_aws_iam_role["arn"],
project_id="<PROJECT-ID>",
auth_database_name="$external",
aws_iam_type="ROLE",
roles=[{
"role_name": "readAnyDatabase",
"database_name": "admin",
}],
labels=[{
"key": "%s",
"value": "%s",
}],
scopes=[{
"name": "My cluster name",
"type": "CLUSTER",
}])
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
Username: pulumi.Any(testAwsIamRole.Arn),
ProjectId: pulumi.String("<PROJECT-ID>"),
AuthDatabaseName: pulumi.String("$external"),
AwsIamType: pulumi.String("ROLE"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
RoleName: pulumi.String("readAnyDatabase"),
DatabaseName: pulumi.String("admin"),
},
},
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("%s"),
Value: pulumi.String("%s"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("My cluster name"),
Type: pulumi.String("CLUSTER"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
Username = testAwsIamRole.Arn,
ProjectId = "<PROJECT-ID>",
AuthDatabaseName = "$external",
AwsIamType = "ROLE",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
RoleName = "readAnyDatabase",
DatabaseName = "admin",
},
},
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "%s",
Value = "%s",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "My cluster name",
Type = "CLUSTER",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserLabelArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.username(testAwsIamRole.arn())
.projectId("<PROJECT-ID>")
.authDatabaseName("$external")
.awsIamType("ROLE")
.roles(DatabaseUserRoleArgs.builder()
.roleName("readAnyDatabase")
.databaseName("admin")
.build())
.labels(DatabaseUserLabelArgs.builder()
.key("%s")
.value("%s")
.build())
.scopes(DatabaseUserScopeArgs.builder()
.name("My cluster name")
.type("CLUSTER")
.build())
.build());
}
}
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
username: ${testAwsIamRole.arn}
projectId: <PROJECT-ID>
authDatabaseName: $external
awsIamType: ROLE
roles:
- roleName: readAnyDatabase
databaseName: admin
labels:
- key: '%s'
value: '%s'
scopes:
- name: My cluster name
type: CLUSTER
Example of how to create a OIDC federated authentication user
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const test = new mongodbatlas.DatabaseUser("test", {
username: "64d613677e1ad50839cce4db/testUserOr",
projectId: "6414908c207f4d22f4d8f232",
authDatabaseName: "admin",
oidcAuthType: "IDP_GROUP",
roles: [{
roleName: "readWriteAnyDatabase",
databaseName: "admin",
}],
});
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test = mongodbatlas.DatabaseUser("test",
username="64d613677e1ad50839cce4db/testUserOr",
project_id="6414908c207f4d22f4d8f232",
auth_database_name="admin",
oidc_auth_type="IDP_GROUP",
roles=[{
"role_name": "readWriteAnyDatabase",
"database_name": "admin",
}])
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := mongodbatlas.NewDatabaseUser(ctx, "test", &mongodbatlas.DatabaseUserArgs{
Username: pulumi.String("64d613677e1ad50839cce4db/testUserOr"),
ProjectId: pulumi.String("6414908c207f4d22f4d8f232"),
AuthDatabaseName: pulumi.String("admin"),
OidcAuthType: pulumi.String("IDP_GROUP"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
RoleName: pulumi.String("readWriteAnyDatabase"),
DatabaseName: pulumi.String("admin"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var test = new Mongodbatlas.DatabaseUser("test", new()
{
Username = "64d613677e1ad50839cce4db/testUserOr",
ProjectId = "6414908c207f4d22f4d8f232",
AuthDatabaseName = "admin",
OidcAuthType = "IDP_GROUP",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
RoleName = "readWriteAnyDatabase",
DatabaseName = "admin",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.DatabaseUser;
import com.pulumi.mongodbatlas.DatabaseUserArgs;
import com.pulumi.mongodbatlas.inputs.DatabaseUserRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new DatabaseUser("test", DatabaseUserArgs.builder()
.username("64d613677e1ad50839cce4db/testUserOr")
.projectId("6414908c207f4d22f4d8f232")
.authDatabaseName("admin")
.oidcAuthType("IDP_GROUP")
.roles(DatabaseUserRoleArgs.builder()
.roleName("readWriteAnyDatabase")
.databaseName("admin")
.build())
.build());
}
}
resources:
test:
type: mongodbatlas:DatabaseUser
properties:
username: 64d613677e1ad50839cce4db/testUserOr
projectId: 6414908c207f4d22f4d8f232
authDatabaseName: admin
oidcAuthType: IDP_GROUP
roles:
- roleName: readWriteAnyDatabase
databaseName: admin
username
format: Atlas OIDC IdP ID (found in federation settings), followed by a ‘/’, followed by the IdP group name
Note: OIDC support is only avalible starting in MongoDB 7.0 or later. To learn more, see the MongoDB Atlas documentation.
Create DatabaseUser Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DatabaseUser(name: string, args: DatabaseUserArgs, opts?: CustomResourceOptions);
@overload
def DatabaseUser(resource_name: str,
args: DatabaseUserArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DatabaseUser(resource_name: str,
opts: Optional[ResourceOptions] = None,
auth_database_name: Optional[str] = None,
project_id: Optional[str] = None,
username: Optional[str] = None,
aws_iam_type: Optional[str] = None,
labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
ldap_auth_type: Optional[str] = None,
oidc_auth_type: Optional[str] = None,
password: Optional[str] = None,
roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
x509_type: Optional[str] = None)
func NewDatabaseUser(ctx *Context, name string, args DatabaseUserArgs, opts ...ResourceOption) (*DatabaseUser, error)
public DatabaseUser(string name, DatabaseUserArgs args, CustomResourceOptions? opts = null)
public DatabaseUser(String name, DatabaseUserArgs args)
public DatabaseUser(String name, DatabaseUserArgs args, CustomResourceOptions options)
type: mongodbatlas:DatabaseUser
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DatabaseUserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var databaseUserResource = new Mongodbatlas.DatabaseUser("databaseUserResource", new()
{
AuthDatabaseName = "string",
ProjectId = "string",
Username = "string",
AwsIamType = "string",
Labels = new[]
{
new Mongodbatlas.Inputs.DatabaseUserLabelArgs
{
Key = "string",
Value = "string",
},
},
LdapAuthType = "string",
OidcAuthType = "string",
Password = "string",
Roles = new[]
{
new Mongodbatlas.Inputs.DatabaseUserRoleArgs
{
DatabaseName = "string",
RoleName = "string",
CollectionName = "string",
},
},
Scopes = new[]
{
new Mongodbatlas.Inputs.DatabaseUserScopeArgs
{
Name = "string",
Type = "string",
},
},
X509Type = "string",
});
example, err := mongodbatlas.NewDatabaseUser(ctx, "databaseUserResource", &mongodbatlas.DatabaseUserArgs{
AuthDatabaseName: pulumi.String("string"),
ProjectId: pulumi.String("string"),
Username: pulumi.String("string"),
AwsIamType: pulumi.String("string"),
Labels: mongodbatlas.DatabaseUserLabelArray{
&mongodbatlas.DatabaseUserLabelArgs{
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
LdapAuthType: pulumi.String("string"),
OidcAuthType: pulumi.String("string"),
Password: pulumi.String("string"),
Roles: mongodbatlas.DatabaseUserRoleArray{
&mongodbatlas.DatabaseUserRoleArgs{
DatabaseName: pulumi.String("string"),
RoleName: pulumi.String("string"),
CollectionName: pulumi.String("string"),
},
},
Scopes: mongodbatlas.DatabaseUserScopeArray{
&mongodbatlas.DatabaseUserScopeArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
X509Type: pulumi.String("string"),
})
var databaseUserResource = new DatabaseUser("databaseUserResource", DatabaseUserArgs.builder()
.authDatabaseName("string")
.projectId("string")
.username("string")
.awsIamType("string")
.labels(DatabaseUserLabelArgs.builder()
.key("string")
.value("string")
.build())
.ldapAuthType("string")
.oidcAuthType("string")
.password("string")
.roles(DatabaseUserRoleArgs.builder()
.databaseName("string")
.roleName("string")
.collectionName("string")
.build())
.scopes(DatabaseUserScopeArgs.builder()
.name("string")
.type("string")
.build())
.x509Type("string")
.build());
database_user_resource = mongodbatlas.DatabaseUser("databaseUserResource",
auth_database_name="string",
project_id="string",
username="string",
aws_iam_type="string",
labels=[{
"key": "string",
"value": "string",
}],
ldap_auth_type="string",
oidc_auth_type="string",
password="string",
roles=[{
"database_name": "string",
"role_name": "string",
"collection_name": "string",
}],
scopes=[{
"name": "string",
"type": "string",
}],
x509_type="string")
const databaseUserResource = new mongodbatlas.DatabaseUser("databaseUserResource", {
authDatabaseName: "string",
projectId: "string",
username: "string",
awsIamType: "string",
labels: [{
key: "string",
value: "string",
}],
ldapAuthType: "string",
oidcAuthType: "string",
password: "string",
roles: [{
databaseName: "string",
roleName: "string",
collectionName: "string",
}],
scopes: [{
name: "string",
type: "string",
}],
x509Type: "string",
});
type: mongodbatlas:DatabaseUser
properties:
authDatabaseName: string
awsIamType: string
labels:
- key: string
value: string
ldapAuthType: string
oidcAuthType: string
password: string
projectId: string
roles:
- collectionName: string
databaseName: string
roleName: string
scopes:
- name: string
type: string
username: string
x509Type: string
DatabaseUser Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DatabaseUser resource accepts the following input properties:
- Auth
Database stringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Project
Id string - The unique ID for the project to create the database user.
- Username string
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - Aws
Iam stringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- Labels
List<Database
User Label> - Ldap
Auth stringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- Oidc
Auth stringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- Password string
- Roles
List<Database
User Role> - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
List<Database
User Scope> - X509Type string
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- Auth
Database stringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Project
Id string - The unique ID for the project to create the database user.
- Username string
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - Aws
Iam stringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- Labels
[]Database
User Label Args - Ldap
Auth stringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- Oidc
Auth stringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- Password string
- Roles
[]Database
User Role Args - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
[]Database
User Scope Args - X509Type string
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth
Database StringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project
Id String - The unique ID for the project to create the database user.
- username String
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - aws
Iam StringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels
List<Database
User Label> - ldap
Auth StringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc
Auth StringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password String
- roles
List<Database
User Role> - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
List<Database
User Scope> - x509Type String
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth
Database stringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project
Id string - The unique ID for the project to create the database user.
- username string
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - aws
Iam stringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels
Database
User Label[] - ldap
Auth stringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc
Auth stringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password string
- roles
Database
User Role[] - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Database
User Scope[] - x509Type string
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth_
database_ strname - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project_
id str - The unique ID for the project to create the database user.
- username str
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - aws_
iam_ strtype - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels
Sequence[Database
User Label Args] - ldap_
auth_ strtype - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc_
auth_ strtype - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password str
- roles
Sequence[Database
User Role Args] - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Sequence[Database
User Scope Args] - x509_
type str - X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth
Database StringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- project
Id String - The unique ID for the project to create the database user.
- username String
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - aws
Iam StringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels List<Property Map>
- ldap
Auth StringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc
Auth StringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password String
- roles List<Property Map>
- List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes List<Property Map>
- x509Type String
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
Outputs
All input properties are implicitly available as output properties. Additionally, the DatabaseUser resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing DatabaseUser Resource
Get an existing DatabaseUser resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DatabaseUserState, opts?: CustomResourceOptions): DatabaseUser
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auth_database_name: Optional[str] = None,
aws_iam_type: Optional[str] = None,
labels: Optional[Sequence[DatabaseUserLabelArgs]] = None,
ldap_auth_type: Optional[str] = None,
oidc_auth_type: Optional[str] = None,
password: Optional[str] = None,
project_id: Optional[str] = None,
roles: Optional[Sequence[DatabaseUserRoleArgs]] = None,
scopes: Optional[Sequence[DatabaseUserScopeArgs]] = None,
username: Optional[str] = None,
x509_type: Optional[str] = None) -> DatabaseUser
func GetDatabaseUser(ctx *Context, name string, id IDInput, state *DatabaseUserState, opts ...ResourceOption) (*DatabaseUser, error)
public static DatabaseUser Get(string name, Input<string> id, DatabaseUserState? state, CustomResourceOptions? opts = null)
public static DatabaseUser get(String name, Output<String> id, DatabaseUserState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auth
Database stringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Aws
Iam stringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- Labels
List<Database
User Label> - Ldap
Auth stringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- Oidc
Auth stringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- Password string
- Project
Id string - The unique ID for the project to create the database user.
- Roles
List<Database
User Role> - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
List<Database
User Scope> - Username string
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - X509Type string
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- Auth
Database stringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- Aws
Iam stringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- Labels
[]Database
User Label Args - Ldap
Auth stringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- Oidc
Auth stringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- Password string
- Project
Id string - The unique ID for the project to create the database user.
- Roles
[]Database
User Role Args - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- Scopes
[]Database
User Scope Args - Username string
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - X509Type string
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth
Database StringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws
Iam StringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels
List<Database
User Label> - ldap
Auth StringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc
Auth StringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password String
- project
Id String - The unique ID for the project to create the database user.
- roles
List<Database
User Role> - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
List<Database
User Scope> - username String
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - x509Type String
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth
Database stringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws
Iam stringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels
Database
User Label[] - ldap
Auth stringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc
Auth stringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password string
- project
Id string - The unique ID for the project to create the database user.
- roles
Database
User Role[] - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Database
User Scope[] - username string
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - x509Type string
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth_
database_ strname - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws_
iam_ strtype - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels
Sequence[Database
User Label Args] - ldap_
auth_ strtype - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc_
auth_ strtype - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password str
- project_
id str - The unique ID for the project to create the database user.
- roles
Sequence[Database
User Role Args] - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes
Sequence[Database
User Scope Args] - username str
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - x509_
type str - X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
- auth
Database StringName - Database against which Atlas authenticates the user. A user must provide both a username and authentication database to log into MongoDB. Accepted values include:
- aws
Iam StringType - If this value is set, the new database user authenticates with AWS IAM credentials. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use AWS IAM credentials.USER
- New database user has AWS IAM user credentials.ROLE
- New database user has credentials associated with an AWS IAM role.
- labels List<Property Map>
- ldap
Auth StringType - Method by which the provided
username
is authenticated. If no value is given, Atlas uses the default value ofNONE
.NONE
- Atlas authenticates this user through SCRAM-SHA, not LDAP.USER
- LDAP server authenticates this user through the user's LDAP user.username
must also be a fully qualified distinguished name, as defined in RFC-2253.GROUP
- LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.username
must also be a fully qualified distinguished name, as defined in RFC-2253.
- oidc
Auth StringType - Human-readable label that indicates whether the new database user authenticates with OIDC (OpenID Connect) federated authentication. If no value is given, Atlas uses the default value of
NONE
. The accepted types are:NONE
- The user does not use OIDC federated authentication.IDP_GROUP
- OIDC Workforce federated authentication group. To learn more about OIDC federated authentication, see Set up Workforce Identity Federation with OIDC.USER
- OIDC Workload federated authentication user. To learn more about OIDC federated authentication, see Set up Workload Identity Federation with OIDC.
- password String
- project
Id String - The unique ID for the project to create the database user.
- roles List<Property Map>
- List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See Roles below for more details.
- scopes List<Property Map>
- username String
- Username for authenticating to MongoDB. USER_ARN or ROLE_ARN if
aws_iam_type
is USER or ROLE. - x509Type String
- X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
NONE
- The user does not use X.509 authentication.MANAGED
- The user is being created for use with Atlas-managed X.509.Externally authenticated users can only be created on the$external
database.CUSTOMER
- The user is being created for use with Self-Managed X.509. Users created with this x509Type require a Common Name (CN) in the username field. Externally authenticated users can only be created on the$external
database.
Supporting Types
DatabaseUserLabel, DatabaseUserLabelArgs
DatabaseUserRole, DatabaseUserRoleArgs
- Database
Name string - Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases. This field should be set toadmin
for a custom MongoDB role. - Role
Name string - Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions. - Collection
Name string - Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- Database
Name string - Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases. This field should be set toadmin
for a custom MongoDB role. - Role
Name string - Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions. - Collection
Name string - Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database
Name String - Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases. This field should be set toadmin
for a custom MongoDB role. - role
Name String - Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions. - collection
Name String - Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database
Name string - Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases. This field should be set toadmin
for a custom MongoDB role. - role
Name string - Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions. - collection
Name string - Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database_
name str - Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases. This field should be set toadmin
for a custom MongoDB role. - role_
name str - Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions. - collection_
name str - Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
- database
Name String - Database on which the user has the specified role. A role on the
admin
database can include privileges that apply to the other databases. This field should be set toadmin
for a custom MongoDB role. - role
Name String - Name of the role to grant. See Create a Database User
roles.roleName
for valid values and restrictions. - collection
Name String - Collection for which the role applies. You can specify a collection for the
read
andreadWrite
roles. If you do not specify a collection forread
andreadWrite
, the role applies to all collections in the database (excluding some collections in thesystem
. database).
DatabaseUserScope, DatabaseUserScopeArgs
Import
Database users can be imported using project ID and username, in the format project_id
-username
-auth_database_name
, e.g.
$ pulumi import mongodbatlas:index/databaseUser:DatabaseUser my_user 1112222b3bf99403840e8934-my_user-admin
~> NOTE: Terraform will want to change the password after importing the user if a password
argument is specified.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlas
Terraform Provider.