DatabaseUser Custom Resource

object

SENSITIVE FIELD Reference to a secret containing the credentials to setup the connection to Atlas.

false

object

The spec of the databaseuser resource for version v20250312. Validations:

• (has(self.``groupId``) && !has(self.``groupRef``)) || (!has(self.``groupId``) && has(self.``groupRef``)): groupId and groupRef are mutually exclusive; only one of them can be set

false

string

Name of the secret containing the Atlas credentials.

false

object

The entry fields of the databaseuser resource spec. These fields can be set for creating and updating databaseusers.

false

string

Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.

Validations:

• self == oldSelf: groupId cannot be modified after creation

false

object

A reference to a "Group" resource. The value of "$.status.v20250312.id" will be used to set "groupId". Mutually exclusive with the "groupId" property.

false

string

The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be $external. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be admin.

true

[]object

List that provides the pairings of one role with one applicable database.

true

string

Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication:

true

string

Human-readable label that indicates whether the new database user authenticates with the Amazon Web Services (AWS) Identity and Access Management (IAM) credentials associated with the user or the user's role.

false

string

Date and time when MongoDB Cloud deletes the user. This parameter expresses its value in the ISO 8601 timestamp format in UTC and can include the time zone designation. You must specify a future date that falls within one week of making the Application Programming Interface (API) request.

false

string

Description of this database user.

false

[]object

List that contains the key-value pairs for tagging and categorizing the MongoDB database user. The labels that you define do not appear in the console.

false

string

Part of the Lightweight Directory Access Protocol (LDAP) record that the database uses to authenticate this database user on the LDAP host.

false

string

Human-readable label that indicates whether the new database user or group authenticates with OIDC federated authentication. To create a federated authentication user, specify the value of USER in this field. To create a federated authentication group, specify the value of IDP_GROUP in this field.

false

object

SENSITIVE FIELD Reference to a secret containing data for the "password" field: Alphanumeric string that authenticates this database user against the database specified in databaseName. To authenticate with SCRAM-SHA, you must specify this parameter. This parameter doesn't appear in this response.

false

[]object

List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Workspaces that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Workspaces in the project.

false

string

X.509 method that MongoDB Cloud uses to authenticate the database user.

• For application-managed X.509, specify MANAGED.

• For self-managed X.509, specify CUSTOMER.

Users created with the CUSTOMER method require a Common Name (CN) in the username parameter. You must create externally authenticated users on the $external database.

false

string

Database to which the user is granted access privileges.

true

string

Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.

true

string

Collection on which this role applies.

false

string

Key applied to tag and categorize this component.

false

string

Value set to the Key applied to tag and categorize this component.

false

string

Name of the secret containing the sensitive field value.

true

string

Key of the secret data containing the sensitive field value, defaults to "password". Default: password

false

string

Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.

true

string

Category of resource that this database user can access.

true

string

Name of the "Group" resource.

false

[]object

Represents the latest available observations of a resource's current state.

false

object

The last observed Atlas state of the databaseuser resource for version v20250312.

false

string

The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be $external. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be admin.

true

string

Unique 24-hexadecimal digit string that identifies the project.

true

string

Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication:

true