Adding an optional custom user for Mongo Atlas (#249)

ManagedKube · Feb 10, 2022 · ed82849 · ed82849
1 parent 2621694
commit ed82849
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 1 deletion.
diff --git a/terraform-modules/aws/mongodb-atlas-users/main.tf b/terraform-modules/aws/mongodb-atlas-users/main.tf
@@ -20,7 +20,12 @@ resource "mongodbatlas_database_user" "admin" {
   }
 }
 
-resource "mongodbatlas_database_user" "test" {
+# This user is created from an AWS IAM Role, which is also provisioned by this module
+# (see the "AWS Role" section at the end of this file)
+# Due to limitations of current MongoDB drivers (see https://jira.mongodb.org/browse/DRIVERS-2011)
+# this setup doesn't work as intended as of 2022-02-09, but it is expected to work once
+# the MongoDB drivers are updated.
+resource "mongodbatlas_database_user" "app_user" {
   username           = aws_iam_role.this.arn
   project_id         = var.mongodbatlas_projectid
   auth_database_name = "$external"
@@ -42,6 +47,40 @@ resource "mongodbatlas_database_user" "test" {
   }
 }
 
+# This additional user can be customized with any given AWS IAM Role
+# This can be useful when there is the need to use a Role that was created elsewhere
+resource "mongodbatlas_database_user" "custom_user" {
+  count              = var.create_custom_user ? 1 : 0
+  username           = var.custom_user_iam_role
+  project_id         = var.mongodbatlas_projectid
+  auth_database_name = "$external"
+  aws_iam_type       = "ROLE"
+
+  dynamic "roles" {
+    for_each = var.custom_user_roles
+    content {
+      role_name     = roles.value["role_name"]
+      database_name = roles.value["database_name"]
+    }
+  }
+
+  dynamic "labels" {
+    for_each = var.custom_user_labels
+    content {
+      key   = labels.value["key"]
+      value = labels.value["value"]
+    }
+  }
+
+  dynamic "scopes" {
+    for_each = var.custom_user_scopes
+    content {
+      name = scopes.value["name"]
+      type = scopes.value["type"]
+    }
+  }
+}
+
 ################################################
 # AWS Secret
 #

diff --git a/terraform-modules/aws/mongodb-atlas-users/variables.tf b/terraform-modules/aws/mongodb-atlas-users/variables.tf
@@ -48,3 +48,48 @@ variable "database_username" {
   type        = string
   default     = "admin"
 }
+
+variable "create_custom_user" {
+  type        = bool
+  description = "To create a custom user or not"
+  default     = false
+}
+
+variable "custom_user_iam_role" {
+  type        = string
+  description = "The AWS IAM Role of the custom user"
+  default     = null
+}
+
+variable "custom_user_roles" {
+  type        = list(any)
+  description = "A list mapping roles to databases for the custom user"
+  default = [
+    {
+      role_name     = "readWriteAnyDatabase"
+      database_name = "admin"
+    }
+  ]
+}
+
+variable "custom_user_labels" {
+  type        = list(any)
+  description = "A list of key-value pairs for tagging the custom user"
+  default = [
+    {
+      key   = "%s"
+      value = "%s"
+    }
+  ]
+}
+
+variable "custom_user_scopes" {
+  type        = list(any)
+  description = "A list of clusters and data lakes the custom user"
+  default = [
+    {
+      name = "my_cluster"
+      type = "CLUSTER"
+    }
+  ]
+}