community.mongodb.mongodb_atlas_user module – Manage database users in Atlas

Note

This module is part of the community.mongodb collection (version 1.7.8).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.mongodb.

To use it in a playbook, specify: community.mongodb.mongodb_atlas_user.

Synopsis

  • The mongodb_atlas_user module lets you create, modify and delete the database users in your cluster.

  • Each user has a set of roles that provide access to the project’s databases.

  • A user’s roles apply to all the clusters in the project

  • if two clusters have a products database and a user has a role granting read access on the products database,

  • the user has that access on both clusters.

  • API Documentation

Parameters

Parameter

Comments

api_password

aliases: apiPassword

string / required

The password for use in authentication with the Atlas API.

Can use API users and tokens (private key is password)

api_username

aliases: apiUsername

string / required

The username for use in authentication with the Atlas API.

Can use API users and tokens (public key is username)

database_name

aliases: databaseName

string

Database against which Atlas authenticates the user.

Choices:

  • "admin" ← (default)

  • "$external"

group_id

aliases: groupId

string / required

Unique identifier for the Atlas project.

password

string / required

User’s password.

roles

list / elements=dictionary / required

Array of this user’s roles and the databases / collections on which the roles apply.

A role must include following elements

database_name

aliases: databaseName

string / required

Database on which the user has the specified role.

A role on the admin database can include privileges that apply to the other databases.

role_name

aliases: roleName

string / required

Name of the role. This value can either be a built-in role or a custom role.

scopes

list / elements=dictionary

List of clusters and Atlas Data Lakes that this user can access.

Atlas grants database users access to all resources by default.

Default: []

name

string / required

Name of the cluster or Atlas Data Lake that the database user can access.

type

string

Type of resource that the database user can access.

Choices:

  • "CLUSTER" ← (default)

  • "DATA_LAKE"

state

string

State of the ressource.

Choices:

  • "present" ← (default)

  • "absent"

username

string / required

Username for authenticating to MongoDB.

Examples

- name: test user
  community.mongodb.mongodb_atlas_user:
    api_username: "API_user"
    api_password: "API_passwort_or_token"
    group_id: "GROUP_ID"
    username: my_app_user
    password: SuperSecret!
    roles:
      - database_name: private_info
        role_name: read
      - database_name: public_info
        role_name: readWrite

Authors

  • Martin Schurz (@schurzi)