-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mongo Atlas cli - dbuser update doesn't support external DB (X509 certs users) #2338
Comments
I have tested with the Mongo Atlas API, and It can be done with this curl command:
{
"awsIAMType": "NONE",
"databaseName": "$external",
"groupId": "******",
"ldapAuthType": "NONE",
"links": [
{
"href": "https://cloud.mongodb.com/api/atlas/v2/groups/******/databaseUsers/$external/myUser-test",
"rel": "self"
}
],
"oidcAuthType": "NONE",
"roles": [
{
"databaseName": "admin",
"roleName": "readWriteAnyDatabase"
}
],
"username": "myUser-test",
"x509Type": "MANAGED"
}
|
Looking at the update.go file I saw this line in update method:
It should detect if dbuser is external or not using the user type but it does not work.
And request the parameter , |
We are going to look into this issue |
Hello team.
|
Hi @MartinPerru
I see Could you try moving the username input before the args and let me know if that solves the problem?
|
Hi Matt , It doesn't work.
It's like you said. The username is not being recognized and that is why an attempt is made to change it. |
But this is weird.
If the user exists then Params is empty, but is not the same if the user doesn't exist. |
Ah I understand - the x509Type isn't inferred from the context so it also needs to be provided as a parameter, raising a fix now. |
Describe the bug
We want to update roles to a X509 cert managed dbuser, which is using $external database.
It seems to be supported only for users using admin database (SCRAM) , but not for users using $external database.
To Reproduce
Steps to reproduce the behavior:
atlas dbusers update myUser-test --role backup
Expected behavior
When we are updating another user that uses admin database we get the expected behavior (user's role updated)
Example with a SCRAM user called "prueba"
atlas dbuser update prueba --role backup
Json output of the atlas dbuser list command with myUser-test that uses external database:
Desktop (please complete the following information):
Additional context
We can see in the error that the url of the api always uses the admin database.
Comparing files updates.go with delete.go or describe.go in the repo https://github.com/mongodb/mongodb-atlas-cli/tree/master/internal/cli/atlas/dbusers, we are seeing that the first one haven't a parameter ,
--authDB
, to specify the database name for the user.The text was updated successfully, but these errors were encountered: