The ClusterMongoDBRole custom resource lets you configure the
role
required for a user to access a MongoDB database.
Example
The following example shows a resource specification for a ClusterMongoDBRole
custom resource:
1 2 apiVersion: mongodb.com/v1 3 kind: ClusterMongoDBRole 4 metadata: 5 name: ldap-user-1 6 spec: 7 role: "customRole" 8 db: admin 9 privileges: 10 - actions: 11 - insert 12 resource: 13 collection: cats 14 db: pets 15 - actions: 16 - insert 17 - find 18 resource: 19 collection: dogs 20 db: pets 21 ...
Required ClusterMongoDBRole Resource Settings
spec.authenticationRestrictionsType: array
Array that defines the IP address from which and to which users assigned this
spec.security.roles.rolecan connect.
spec.dbType: string
Database for which the privilege
spec.privileges.actionsapply.If you provide a value for this setting, you must also provide a value for
spec.privileges.resource.
spec.privileges.actionsType: array
List of actions that users granted this role can perform. For a list of accepted values, see Privilege Actions in the MongoDB Server documentation for the MongoDB versions you deploy with the Kubernetes Operator.
spec.privileges.resourceType: collection
Resources for which the privilege
spec.privileges.actionsapply.This collection must include either:
The
spec.security.roles.privileges.resource.databaseandspec.security.roles.privileges.resource.collectionsettings, orThe
spec.security.roles.privileges.resource.clustersetting with a value oftrue.
spec.privileges.resource.dbType: string
Database for which the privilege
spec.privileges.actionsapply.If you provide a value for this setting, you must also provide a value for
spec.privileges.resource.collection.
spec.privileges.resource.collectionType: string
Collection in the
spec.privileges.resource.dbfor which the privilegespec.privileges.actionsapply.If you provide a value for this setting, you must also provide a value for
spec.privileges.resource.db.