CustomDbRole
mongodbatlas..CustomDbRole provides a Custom DB Role resource. The customDBRoles resource lets you retrieve, create and modify the custom MongoDB roles in your cluster. Use custom MongoDB roles to specify custom sets of actions which cannot be described by the built-in Atlas database user privileges.
IMPORTANT Custom roles cannot use actions unavailable to any cluster version in your project. Custom roles are defined at the project level, and must be compatible with each MongoDB version used by your project’s clusters. If you have a cluster in your project with MongoDB 3.4, you cannot create a custom role that uses actions introduced in MongoDB 3.6, such as useUUID.
NOTE: Groups and projects are synonymous terms. You may find group_id in the official documentation.
Example Usage with inherited roles
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const inheritedRoleOne = new mongodbatlas.CustomDbRole("inherited_role_one", {
actions: [{
action: "INSERT",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
}],
projectId: "<PROJECT-ID>",
roleName: "insertRole",
});
const inheritedRoleTwo = new mongodbatlas.CustomDbRole("inherited_role_two", {
actions: [{
action: "SERVER_STATUS",
resources: [{
cluster: true,
}],
}],
projectId: inheritedRoleOne.projectId,
roleName: "statusServerRole",
});
const testRole = new mongodbatlas.CustomDbRole("test_role", {
actions: [
{
action: "UPDATE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
{
action: "REMOVE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
],
inheritedRoles: [
{
databaseName: "admin",
roleName: inheritedRoleOne.roleName,
},
{
databaseName: "admin",
roleName: inheritedRoleTwo.roleName,
},
],
projectId: inheritedRoleOne.projectId,
roleName: "myCustomRole",
});import pulumi
import pulumi_mongodbatlas as mongodbatlas
inherited_role_one = mongodbatlas.CustomDbRole("inheritedRoleOne",
actions=[{
"action": "INSERT",
"resources": [{
"collectionName": "",
"database_name": "anyDatabase",
}],
}],
project_id="<PROJECT-ID>",
role_name="insertRole")
inherited_role_two = mongodbatlas.CustomDbRole("inheritedRoleTwo",
actions=[{
"action": "SERVER_STATUS",
"resources": [{
"cluster": True,
}],
}],
project_id=inherited_role_one.project_id,
role_name="statusServerRole")
test_role = mongodbatlas.CustomDbRole("testRole",
actions=[
{
"action": "UPDATE",
"resources": [{
"collectionName": "",
"database_name": "anyDatabase",
}],
},
{
"action": "REMOVE",
"resources": [{
"collectionName": "",
"database_name": "anyDatabase",
}],
},
],
inherited_roles=[
{
"database_name": "admin",
"role_name": inherited_role_one.role_name,
},
{
"database_name": "admin",
"role_name": inherited_role_two.role_name,
},
],
project_id=inherited_role_one.project_id,
role_name="myCustomRole")using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
class MyStack : Stack
{
public MyStack()
{
var inheritedRoleOne = new Mongodbatlas.CustomDbRole("inheritedRoleOne", new Mongodbatlas.CustomDbRoleArgs
{
Actions =
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "INSERT",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
},
ProjectId = "<PROJECT-ID>",
RoleName = "insertRole",
});
var inheritedRoleTwo = new Mongodbatlas.CustomDbRole("inheritedRoleTwo", new Mongodbatlas.CustomDbRoleArgs
{
Actions =
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "SERVER_STATUS",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
Cluster = true,
},
},
},
},
ProjectId = inheritedRoleOne.ProjectId,
RoleName = "statusServerRole",
});
var testRole = new Mongodbatlas.CustomDbRole("testRole", new Mongodbatlas.CustomDbRoleArgs
{
Actions =
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "UPDATE",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "REMOVE",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
},
InheritedRoles =
{
new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
{
DatabaseName = "admin",
RoleName = inheritedRoleOne.RoleName,
},
new Mongodbatlas.Inputs.CustomDbRoleInheritedRoleArgs
{
DatabaseName = "admin",
RoleName = inheritedRoleTwo.RoleName,
},
},
ProjectId = inheritedRoleOne.ProjectId,
RoleName = "myCustomRole",
});
}
}
Example Usage
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
class MyStack : Stack
{
public MyStack()
{
var testRole = new Mongodbatlas.CustomDbRole("testRole", new Mongodbatlas.CustomDbRoleArgs
{
Actions =
{
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "UPDATE",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "INSERT",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
new Mongodbatlas.Inputs.CustomDbRoleActionArgs
{
Action = "REMOVE",
Resources =
{
new Mongodbatlas.Inputs.CustomDbRoleActionResourceArgs
{
CollectionName = "",
DatabaseName = "anyDatabase",
},
},
},
},
ProjectId = "<PROJECT-ID>",
RoleName = "myCustomRole",
});
}
}
Coming soon!
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test_role = mongodbatlas.CustomDbRole("testRole",
actions=[
{
"action": "UPDATE",
"resources": [{
"collectionName": "",
"database_name": "anyDatabase",
}],
},
{
"action": "INSERT",
"resources": [{
"collectionName": "",
"database_name": "anyDatabase",
}],
},
{
"action": "REMOVE",
"resources": [{
"collectionName": "",
"database_name": "anyDatabase",
}],
},
],
project_id="<PROJECT-ID>",
role_name="myCustomRole")import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const testRole = new mongodbatlas.CustomDbRole("test_role", {
actions: [
{
action: "UPDATE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
{
action: "INSERT",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
{
action: "REMOVE",
resources: [{
collectionName: "",
databaseName: "anyDatabase",
}],
},
],
projectId: "<PROJECT-ID>",
roleName: "myCustomRole",
});Create a CustomDbRole Resource
new CustomDbRole(name: string, args: CustomDbRoleArgs, opts?: CustomResourceOptions);def CustomDbRole(resource_name, opts=None, actions=None, inherited_roles=None, project_id=None, role_name=None, __props__=None);func NewCustomDbRole(ctx *Context, name string, args CustomDbRoleArgs, opts ...ResourceOption) (*CustomDbRole, error)public CustomDbRole(string name, CustomDbRoleArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomDbRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
CustomDbRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The CustomDbRole resource accepts the following input properties:
- Actions
List<Custom
Db Role Action Args> - Project
Id string The unique ID for the project to create the database user.
- Role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- Inherited
Roles List<CustomDb Role Inherited Role Args>
- Actions
[]Custom
Db Role Action - Project
Id string The unique ID for the project to create the database user.
- Role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- Inherited
Roles []CustomDb Role Inherited Role
- actions
Custom
Db Role Action[] - project
Id string The unique ID for the project to create the database user.
- role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- inherited
Roles CustomDb Role Inherited Role[]
- actions
List[Custom
Db Role Action] - project_
id str The unique ID for the project to create the database user.
- role_
name str Name of the inherited role. This can either be another custom role or a built-in role.
- inherited_
roles List[CustomDb Role Inherited Role]
Outputs
All input properties are implicitly available as output properties. Additionally, the CustomDbRole resource produces the following output properties:
Look up an Existing CustomDbRole Resource
Get an existing CustomDbRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CustomDbRoleState, opts?: CustomResourceOptions): CustomDbRolestatic get(resource_name, id, opts=None, actions=None, inherited_roles=None, project_id=None, role_name=None, __props__=None);func GetCustomDbRole(ctx *Context, name string, id IDInput, state *CustomDbRoleState, opts ...ResourceOption) (*CustomDbRole, error)public static CustomDbRole Get(string name, Input<string> id, CustomDbRoleState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Actions
List<Custom
Db Role Action Args> - Inherited
Roles List<CustomDb Role Inherited Role Args> - Project
Id string The unique ID for the project to create the database user.
- Role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- Actions
[]Custom
Db Role Action - Inherited
Roles []CustomDb Role Inherited Role - Project
Id string The unique ID for the project to create the database user.
- Role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- actions
Custom
Db Role Action[] - inherited
Roles CustomDb Role Inherited Role[] - project
Id string The unique ID for the project to create the database user.
- role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- actions
List[Custom
Db Role Action] - inherited_
roles List[CustomDb Role Inherited Role] - project_
id str The unique ID for the project to create the database user.
- role_
name str Name of the inherited role. This can either be another custom role or a built-in role.
Supporting Types
CustomDbRoleAction
- Action string
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- Resources
List<Custom
Db Role Action Resource Args> Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
- Action string
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- Resources
[]Custom
Db Role Action Resource Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
- action string
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- resources
Custom
Db Role Action Resource[] Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
- action str
Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions > Note: The privilege actions available to the Custom Roles API resource represent a subset of the privilege actions available in the Atlas Custom Roles UI.
- resources
List[Custom
Db Role Action Resource] Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
CustomDbRoleActionResource
- Cluster bool
- Collection
Name string - Database
Name string Database on which the inherited role is granted.
- Cluster bool
- Collection
Name string - Database
Name string Database on which the inherited role is granted.
- cluster boolean
- collection
Name string - database
Name string Database on which the inherited role is granted.
- cluster bool
- collection
Name str - database_
name str Database on which the inherited role is granted.
CustomDbRoleInheritedRole
- Database
Name string Database on which the inherited role is granted.
- Role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- Database
Name string Database on which the inherited role is granted.
- Role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- database
Name string Database on which the inherited role is granted.
- role
Name string Name of the inherited role. This can either be another custom role or a built-in role.
- database_
name str Database on which the inherited role is granted.
- role_
name str Name of the inherited role. This can either be another custom role or a built-in role.
Package Details
- Repository
- https://github.com/pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.