Skip to content
/ terraform-mongo-atlas-db-user Public

This repo maintains Terraform module for creating a mongo user, and storing its credentials in vault

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ultimateai/terraform-mongo-atlas-db-user

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform-mongo-service-user

Terraform module for creating a mongo user and the associated secrets (user, password) in vault

Provider configuration

In your calling terraform code, add make sure to add the proper vault-provider and mongo-atlas configuration:

terraform {
  required_version = ">=1.2.0"

  required_providers {
    ...
    mongodbatlas = {
      source = "mongodb/mongodbatlas"
      version = "~> 1.8.0"
    }
    vault = {
      source = "hashicorp/vault"
      version = "3.13.0"
    }
  }
}

##There are several ways for auth vault-provider -- check https://registry.terraform.io/providers/hashicorp/vault/latest/docs#vault-authentication-configuration-options
provider "vault" {
  address = vault_http_address
  auth_login_userpass {
    username = "your_user"
    password = data.google_secret_manager_secret_version.vault_user.secret_data
  }
}

provider "mongodbatlas" {
  public_key  = data.google_secret_manager_secret_version.your_atlas_public_key.secret_data
  private_key = data.google_secret_manager_secret_version.your_atlas_private_key.secret_data
}

Plus the data.tf

data "google_secret_manager_secret_version" "atlas_private_key" {
  provider = google-beta
  project  = gcp_project
  secret   = private_key_secret_name
}

data "google_secret_manager_secret_version" "atlas_public_key" {
  provider = google-beta
  project  = gcp_project
  secret   = public_key_secret_name
}

data "google_secret_manager_secret_version" "vault_terraform_pass" {
  provider = google-beta
  project  = gcp_project
  secret   = vault_user_password
}

How to use

module "create_mongo_user_test" {
  source        = "git@github.com:ultimateai/terraform-mongo-service-user.git?ref=main"
  vault_path = "secret/${var.vault_chapter}/${var.vault_environment}/${var.vault_service_name}"
  user_name = var.vault_service_name
  mongo_project_id = var.mongo_project_id
  databases_roles = [
    {
      "database": "db_first",
      "role": "readWrite"
    },
    {
      "database": "admin",
      "role": "crmIntegrations"
      }
    ]
}

Vault_path: Were the secret will be stored. In order NOT to remove existing secrets, final path will be vault_path-mongo-credentials user_name: Mongo user name, which normally coincides with the service_name mongo_project_id = The id of the project to create the user databases_roles = List of the databases to which the user will have "role" access to

About

This repo maintains Terraform module for creating a mongo user, and storing its credentials in vault

Topics

mongo module terraform terraform-mongo-service-user

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

1.0.0 Latest
Mar 1, 2024
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages