Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MongoDB Atlas API Plugin #5962

Closed
ahartma1 opened this issue Dec 15, 2018 · 13 comments
Closed

MongoDB Atlas API Plugin #5962

ahartma1 opened this issue Dec 15, 2018 · 13 comments
Labels
enhancement secret/database

Comments

@ahartma1
Copy link

Is your feature request related to a problem? Please describe.
Atlas is the cloud-based enterprise DaaS solution. If you have an enterprise subscription, you are most likely using the Atlas product. The problem is, all DB users are managed via the web GUI or via the HTTP API. Thus, any user created by the MongoDB driver will be immediately erased by Atlas, invalidating the usefulness of the mongodb driver for anything but a community edition of the database. This is insufficient for any organization that intends on seriously leveraging Vault and MongoDB together

Describe the solution you'd like
Please create a MongoDB Atlas Database Secrets plugin. The plugin would interact not with the database directly, but rather with the HTTP API.

Describe alternatives you've considered
I suspect other coming DaaS solutions may benefit from a generic HTTP API Secrets Engine. This would also fit our needs potentially

Explain any additional use-cases
Any use case related to Enterprise MongoDB falls within the purview of this request

Additional context
A Go library for interacting with Atlas does already exist, so this might be pretty simple to implement at least as a Custom Database Secrets Engine.
https://github.com/akshaykarle/go-mongodbatlas
@erickufrin-okta
Copy link

We are also in critical-need of this as a native secret plugin. Thank you!

@ahartma1
Copy link
Author

I got a tentative yes-ish from Nicolas on mIRC who works at hashicorp.

@ahartma1
Copy link
Author

but that was awhile ago

@brianjo1
Copy link

really need this dynamic secret functionality!!

@tmackness
Copy link

I agree this would be good to see

@gordonbondon
Copy link

gordonbondon commented Mar 28, 2019
edited
Loading

Third party plugin is available https://github.com/mealal/vault-atlas-plugin . We've tested it at our environments and it works.

@JnMik
Copy link

JnMik commented Jul 19, 2019
edited
Loading

@gordonbondon I'm having trouble building the plugin. DId you have any issue resembling this ?

# github.com/mealal/vault-atlas-plugin/vendor/github.com/hashicorp/vault/sdk/helper/certutil
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:337:7: unknown field 'URIs' in struct literal of type x509.Certificate
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:394:94: in.URIs undefined (type *x509.Certificate has no field or method URIs)
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:517:7: unknown field 'URIs' in struct literal of type x509.Certificate
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:632:7: unknown field 'URIs' in struct literal of type x509.CertificateRequest
../vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go:737:15: certTemplate.URIs undefined (type *x509.Certificate has no field or method URIs)

edited

So I tried upgrading go on my AMZLInux2 box.
I had 1.9.4 now I have 1.11.9

Now the error message is :
./atlas.go:51:56: cannot use db (type *Atlas) as type dbplugin.Database in argument to dbplugin.NewDatabaseErrorSanitizerMiddleware:
*Atlas does not implement dbplugin.Database (missing SetCredentials method)

I'll continue here
mealal/vault-atlas-plugin#3

@ahartma1
Copy link
Author

I never saw that this was implemented, but thank you guys for all your work!

@JnMik

https://www.vaultproject.io/docs/plugin/

@JnMik
Copy link

JnMik commented Jul 19, 2019

Thanks @ahartma1, it will serve me well to install the plugin. Seems pretty straight forward.
I just need to manage to build it first -_-
lol

@gordonbondon
Copy link

Ther's now an official plugin https://github.com/mongodb/vault-plugin-secrets-mongodbatlas

@Throckmortra
Copy link

Hope this gets added to core plugins :)

@vishalnayak
Copy link
Member

Issues that are not reproducible and/or have not had any interaction for a long time are stale issues. Sometimes even the valid issues remain stale lacking traction either by the maintainers or the community. In order to provide faster responses and better engagement with the community, we strive to keep the issue tracker clean and the issue count low. In this regard, our current policy is to close stale issues after 30 days. If a feature request is being closed, it means that it is not on the product roadmap. Closed issues will still be indexed and available for future viewers. If users feel that the issue is still relevant but is wrongly closed, we encourage reopening them.

Please refer to our contributing guidelines for details on issue lifecycle.

@kalafut
Copy link
Contributor

kalafut commented Jun 25, 2021

Note: MongoDB Atlas support was added in Vault 1.4.0.

@kalafut kalafut added tmp/rt and removed tmp/rt labels Jun 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement secret/database
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@kalafut @tmackness @michelvocks @vishalnayak @JnMik @gordonbondon @Throckmortra @erickufrin-okta @brianjo1 @ahartma1