diff --git a/admin/api_database_users.go b/admin/api_database_users.go
index afb2b34e1..61a346e91 100644
--- a/admin/api_database_users.go
+++ b/admin/api_database_users.go
@@ -43,8 +43,8 @@ type DatabaseUsersApi interface {
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
- @param databaseName Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`.
- @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ @param databaseName The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
+ @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
@return DeleteDatabaseUserApiRequest
*/
DeleteDatabaseUser(ctx context.Context, groupId string, databaseName string, username string) DeleteDatabaseUserApiRequest
@@ -68,8 +68,8 @@ type DatabaseUsersApi interface {
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
- @param databaseName Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`.
- @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ @param databaseName The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
+ @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
@return GetDatabaseUserApiRequest
*/
GetDatabaseUser(ctx context.Context, groupId string, databaseName string, username string) GetDatabaseUserApiRequest
@@ -116,8 +116,8 @@ type DatabaseUsersApi interface {
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
- @param databaseName Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`.
- @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ @param databaseName The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
+ @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
@return UpdateDatabaseUserApiRequest
*/
UpdateDatabaseUser(ctx context.Context, groupId string, databaseName string, username string, cloudDatabaseUser *CloudDatabaseUser) UpdateDatabaseUserApiRequest
@@ -306,8 +306,8 @@ Removes one database user from the specified project. To use this resource, the
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
- @param databaseName Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`.
- @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ @param databaseName The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
+ @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
@return DeleteDatabaseUserApiRequest
*/
func (a *DatabaseUsersApiService) DeleteDatabaseUser(ctx context.Context, groupId string, databaseName string, username string) DeleteDatabaseUserApiRequest {
@@ -442,8 +442,8 @@ Returns one database user that belong to the specified project. To use this reso
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
- @param databaseName Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`.
- @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ @param databaseName The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
+ @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
@return GetDatabaseUserApiRequest
*/
func (a *DatabaseUsersApiService) GetDatabaseUser(ctx context.Context, groupId string, databaseName string, username string) GetDatabaseUserApiRequest {
@@ -753,8 +753,8 @@ Updates one database user that belongs to the specified project. To use this res
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
- @param databaseName Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`.
- @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ @param databaseName The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
+ @param username Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
@return UpdateDatabaseUserApiRequest
*/
func (a *DatabaseUsersApiService) UpdateDatabaseUser(ctx context.Context, groupId string, databaseName string, username string, cloudDatabaseUser *CloudDatabaseUser) UpdateDatabaseUserApiRequest {
diff --git a/admin/model_cloud_database_user.go b/admin/model_cloud_database_user.go
index 1cdeee191..fb8b483b6 100644
--- a/admin/model_cloud_database_user.go
+++ b/admin/model_cloud_database_user.go
@@ -11,7 +11,7 @@ import (
type CloudDatabaseUser struct {
// Human-readable label that indicates whether the new database user authenticates with the Amazon Web Services (AWS) Identity and Access Management (IAM) credentials associated with the user or the user's role.
AwsIAMType *string `json:"awsIAMType,omitempty"`
- // Database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB.
+ // The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`.
DatabaseName string `json:"databaseName"`
// Date and time when MongoDB Cloud deletes the user. This parameter expresses its value in the ISO 8601 timestamp format in UTC and can include the time zone designation. You must specify a future date that falls within one week of making the Application Programming Interface (API) request.
DeleteAfterDate *time.Time `json:"deleteAfterDate,omitempty"`
@@ -25,7 +25,7 @@ type CloudDatabaseUser struct {
// List of one or more Uniform Resource Locators (URLs) that point to API sub-resources, related API resources, or both. RFC 5988 outlines these relationships.
// Read only field.
Links *[]Link `json:"links,omitempty"`
- // Human-readable label that indicates whether the new database user authenticates with OIDC federated authentication. To create a federated authentication user, specify the value of IDP_GROUP for this field.
+ // Human-readable label that indicates whether the new database user or group authenticates with OIDC federated authentication. To create a federated authentication user, specify the value of USER in this field. To create a federated authentication group, specify the value of IDP_GROUP in this field.
OidcAuthType *string `json:"oidcAuthType,omitempty"`
// Alphanumeric string that authenticates this database user against the database specified in `databaseName`. To authenticate with SCRAM-SHA, you must specify this parameter. This parameter doesn't appear in this response.
// Write only field.
@@ -34,7 +34,7 @@ type CloudDatabaseUser struct {
Roles *[]DatabaseUserRole `json:"roles,omitempty"`
// List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project.
Scopes *[]UserScope `json:"scopes,omitempty"`
- // Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | ARN | | AWS IAM | awsType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ // Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | ARN | | AWS IAM | awsIAMType | USER | ARN | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
Username string `json:"username"`
// X.509 method that MongoDB Cloud uses to authenticate the database user. - For application-managed X.509, specify `MANAGED`. - For self-managed X.509, specify `CUSTOMER`. Users created with the `CUSTOMER` method require a Common Name (CN) in the **username** parameter. You must create externally authenticated users on the `$external` database.
X509Type *string `json:"x509Type,omitempty"`
diff --git a/docs/docs/CloudDatabaseUser.md b/docs/docs/CloudDatabaseUser.md
index da0c24793..0e419c797 100644
--- a/docs/docs/CloudDatabaseUser.md
+++ b/docs/docs/CloudDatabaseUser.md
@@ -5,17 +5,17 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**AwsIAMType** | Pointer to **string** | Human-readable label that indicates whether the new database user authenticates with the Amazon Web Services (AWS) Identity and Access Management (IAM) credentials associated with the user or the user's role. | [optional] [default to "NONE"]
-**DatabaseName** | **string** | Database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. | [default to "admin"]
+**DatabaseName** | **string** | The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`. | [default to "admin"]
**DeleteAfterDate** | Pointer to **time.Time** | Date and time when MongoDB Cloud deletes the user. This parameter expresses its value in the ISO 8601 timestamp format in UTC and can include the time zone designation. You must specify a future date that falls within one week of making the Application Programming Interface (API) request. | [optional]
**GroupId** | **string** | Unique 24-hexadecimal digit string that identifies the project. |
**Labels** | Pointer to [**[]ComponentLabel**](ComponentLabel.md) | List that contains the key-value pairs for tagging and categorizing the MongoDB database user. The labels that you define do not appear in the console. | [optional]
**LdapAuthType** | Pointer to **string** | Part of the Lightweight Directory Access Protocol (LDAP) record that the database uses to authenticate this database user on the LDAP host. | [optional] [default to "NONE"]
**Links** | Pointer to [**[]Link**](Link.md) | List of one or more Uniform Resource Locators (URLs) that point to API sub-resources, related API resources, or both. RFC 5988 outlines these relationships. | [optional] [readonly]
-**OidcAuthType** | Pointer to **string** | Human-readable label that indicates whether the new database user authenticates with OIDC federated authentication. To create a federated authentication user, specify the value of IDP_GROUP for this field. | [optional] [default to "NONE"]
+**OidcAuthType** | Pointer to **string** | Human-readable label that indicates whether the new database user or group authenticates with OIDC federated authentication. To create a federated authentication user, specify the value of USER in this field. To create a federated authentication group, specify the value of IDP_GROUP in this field. | [optional] [default to "NONE"]
**Password** | Pointer to **string** | Alphanumeric string that authenticates this database user against the database specified in `databaseName`. To authenticate with SCRAM-SHA, you must specify this parameter. This parameter doesn't appear in this response. | [optional]
**Roles** | Pointer to [**[]DatabaseUserRole**](DatabaseUserRole.md) | List that provides the pairings of one role with one applicable database. | [optional]
**Scopes** | Pointer to [**[]UserScope**](UserScope.md) | List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project. | [optional]
-**Username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
+**Username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsIAMType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
**X509Type** | Pointer to **string** | X.509 method that MongoDB Cloud uses to authenticate the database user. - For application-managed X.509, specify `MANAGED`. - For self-managed X.509, specify `CUSTOMER`. Users created with the `CUSTOMER` method require a Common Name (CN) in the **username** parameter. You must create externally authenticated users on the `$external` database. | [optional] [default to "NONE"]
## Methods
diff --git a/docs/docs/DatabaseUsersApi.md b/docs/docs/DatabaseUsersApi.md
index a2fc4a3aa..d1243d528 100644
--- a/docs/docs/DatabaseUsersApi.md
+++ b/docs/docs/DatabaseUsersApi.md
@@ -135,8 +135,8 @@ Name | Type | Description | Notes
------------- | ------------- | ------------- | -------------
**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
**groupId** | **string** | Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. |
-**databaseName** | **string** | Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`. |
-**username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
+**databaseName** | **string** | The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`. |
+**username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsIAMType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
### Other Parameters
@@ -214,8 +214,8 @@ Name | Type | Description | Notes
------------- | ------------- | ------------- | -------------
**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
**groupId** | **string** | Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. |
-**databaseName** | **string** | Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`. |
-**username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
+**databaseName** | **string** | The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`. |
+**username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsIAMType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
### Other Parameters
@@ -373,8 +373,8 @@ Name | Type | Description | Notes
------------- | ------------- | ------------- | -------------
**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc.
**groupId** | **string** | Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. |
-**databaseName** | **string** | Human-readable label that identifies the database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, or LDAP, this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC, this value should be `admin`. |
-**username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
+**databaseName** | **string** | The database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be `$external`. If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be `admin`. |
+**username** | **string** | Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: | Authentication Method | Parameter Needed | Parameter Value | username Format | |---|---|---|---| | AWS IAM | awsIAMType | ROLE | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | AWS IAM | awsIAMType | USER | <abbr title=\"Amazon Resource Name\">ARN</abbr> | | x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name | | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name | | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name | | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string | |
### Other Parameters
diff --git a/internal/core/version.go b/internal/core/version.go
index eb3de1ccd..f64e0420a 100644
--- a/internal/core/version.go
+++ b/internal/core/version.go
@@ -5,7 +5,7 @@ package core
// For more information please see: https://github.com/mongodb/atlas-sdk-go/blob/main/docs/doc_1_concepts.md
const (
// SDK release tag version.
- Version = "v20231115012.0.0"
+ Version = "v20231115012.1.0"
// Resource Version.
Resource = "20231115"
)
diff --git a/openapi/atlas-api-transformed.yaml b/openapi/atlas-api-transformed.yaml
index 0bb2c23d3..8720358bf 100644
--- a/openapi/atlas-api-transformed.yaml
+++ b/openapi/atlas-api-transformed.yaml
@@ -24,7 +24,7 @@ info:
termsOfService: https://www.mongodb.com/mongodb-management-service-terms-and-conditions
title: MongoDB Atlas Administration API
version: "2.0"
- x-xgen-sha: f37d3212e72e54807be6b0c0d1b6c2f47c7b8c83
+ x-xgen-sha: 81ae033a0e918a6c75ad4758f8f4d779816a2c26
servers:
- url: https://cloud.mongodb.com
tags:
@@ -7543,8 +7543,23 @@ paths:
- name: myCluster
type: CLUSTER
username: arn:aws:iam::358363220050:user/mongodb-aws-iam-auth-test-user
- Federated Authentication:
- description: Federated Authentication
+ LDAP Authentication:
+ description: LDAP Authentication
+ value:
+ databaseName: admin
+ groupId: 32b6e34b3d91647abb20e7b8
+ ldapAuthType: GROUP
+ roles:
+ - databaseName: sales
+ roleName: readWrite
+ - databaseName: marketing
+ roleName: read
+ scopes:
+ - name: myCluster
+ type: CLUSTER
+ username: CN=marketing,OU=groups,DC=example,DC=com
+ OIDC Workforce Federated Authentication:
+ description: OIDC Workforce Federated Authentication
value:
databaseName: admin
groupId: 32b6e34b3d91647abb20e7b8
@@ -7558,12 +7573,12 @@ paths:
- name: myCluster
type: CLUSTER
username: 5dd7496c7a3e5a648454341c/sales
- LDAP Authentication:
- description: LDAP Authentication
+ OIDC Workload Federated Authentication:
+ description: OIDC Workload Federated Authentication
value:
- databaseName: admin
+ databaseName: $external
groupId: 32b6e34b3d91647abb20e7b8
- ldapAuthType: GROUP
+ oidcAuthType: USER
roles:
- databaseName: sales
roleName: readWrite
@@ -7572,7 +7587,7 @@ paths:
scopes:
- name: myCluster
type: CLUSTER
- username: CN=marketing,OU=groups,DC=example,DC=com
+ username: 5dd7496c7a3e5a648454341c/sales
SCRAM-SHA Authentication:
description: SCRAM-SHA Authentication
value:
@@ -7639,12 +7654,12 @@ paths:
operationId: deleteDatabaseUser
parameters:
- $ref: "#/components/parameters/groupId"
- - description: Human-readable label that identifies the database against which the
- database user authenticates. Database users must provide both a
- username and authentication database to log into MongoDB. If the
- user authenticates with AWS IAM, x.509, or LDAP, this value should
- be `$external`. If the user authenticates with SCRAM-SHA or OIDC,
- this value should be `admin`.
+ - description: The database against which the database user authenticates.
+ Database users must provide both a username and authentication
+ database to log into MongoDB. If the user authenticates with AWS
+ IAM, x.509, LDAP, or OIDC Workload this value should be `$external`.
+ If the user authenticates with SCRAM-SHA or OIDC Workforce, this
+ value should be `admin`.
in: path
name: databaseName
required: true
@@ -7660,9 +7675,9 @@ paths:
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
@@ -7672,9 +7687,11 @@ paths:
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
+
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
in: path
name: username
required: true
@@ -7713,12 +7730,12 @@ paths:
operationId: getDatabaseUser
parameters:
- $ref: "#/components/parameters/groupId"
- - description: Human-readable label that identifies the database against which the
- database user authenticates. Database users must provide both a
- username and authentication database to log into MongoDB. If the
- user authenticates with AWS IAM, x.509, or LDAP, this value should
- be `$external`. If the user authenticates with SCRAM-SHA or OIDC,
- this value should be `admin`.
+ - description: The database against which the database user authenticates.
+ Database users must provide both a username and authentication
+ database to log into MongoDB. If the user authenticates with AWS
+ IAM, x.509, LDAP, or OIDC Workload this value should be `$external`.
+ If the user authenticates with SCRAM-SHA or OIDC Workforce, this
+ value should be `admin`.
in: path
name: databaseName
required: true
@@ -7734,9 +7751,9 @@ paths:
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
@@ -7746,9 +7763,11 @@ paths:
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
in: path
name: username
required: true
@@ -7785,12 +7804,12 @@ paths:
operationId: updateDatabaseUser
parameters:
- $ref: "#/components/parameters/groupId"
- - description: Human-readable label that identifies the database against which the
- database user authenticates. Database users must provide both a
- username and authentication database to log into MongoDB. If the
- user authenticates with AWS IAM, x.509, or LDAP, this value should
- be `$external`. If the user authenticates with SCRAM-SHA or OIDC,
- this value should be `admin`.
+ - description: The database against which the database user authenticates.
+ Database users must provide both a username and authentication
+ database to log into MongoDB. If the user authenticates with AWS
+ IAM, x.509, LDAP, or OIDC Workload this value should be `$external`.
+ If the user authenticates with SCRAM-SHA or OIDC Workforce, this
+ value should be `admin`.
in: path
name: databaseName
required: true
@@ -7806,9 +7825,9 @@ paths:
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
@@ -7818,9 +7837,11 @@ paths:
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
+
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
in: path
name: username
required: true
@@ -19148,9 +19169,12 @@ components:
databaseName:
type: string
default: admin
- description: Database against which the database user authenticates. Database
- users must provide both a username and authentication database to
- log into MongoDB.
+ description: The database against which the database user authenticates.
+ Database users must provide both a username and authentication
+ database to log into MongoDB. If the user authenticates with AWS
+ IAM, x.509, LDAP, or OIDC Workload this value should be `$external`.
+ If the user authenticates with SCRAM-SHA or OIDC Workforce, this
+ value should be `admin`.
deleteAfterDate:
type: string
format: date-time
@@ -19195,9 +19219,10 @@ components:
type: string
default: NONE
description: Human-readable label that indicates whether the new database user
- authenticates with OIDC federated authentication. To create a
- federated authentication user, specify the value of IDP_GROUP for
- this field.
+ or group authenticates with OIDC federated authentication. To create
+ a federated authentication user, specify the value of USER in this
+ field. To create a federated authentication group, specify the value
+ of IDP_GROUP in this field.
password:
type: string
description: Alphanumeric string that authenticates this database user against
@@ -19236,9 +19261,9 @@ components:
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
@@ -19248,9 +19273,11 @@ components:
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
maxLength: 1024
x509Type:
type: string
diff --git a/openapi/atlas-api.yaml b/openapi/atlas-api.yaml
index d8f187960..9b53b72ce 100644
--- a/openapi/atlas-api.yaml
+++ b/openapi/atlas-api.yaml
@@ -19,7 +19,7 @@ info:
termsOfService: https://www.mongodb.com/mongodb-management-service-terms-and-conditions
title: MongoDB Atlas Administration API
version: "2.0"
- x-xgen-sha: f37d3212e72e54807be6b0c0d1b6c2f47c7b8c83
+ x-xgen-sha: 81ae033a0e918a6c75ad4758f8f4d779816a2c26
servers:
- url: https://cloud.mongodb.com
tags:
@@ -7661,8 +7661,23 @@ paths:
- name: myCluster
type: CLUSTER
username: arn:aws:iam::358363220050:user/mongodb-aws-iam-auth-test-user
- Federated Authentication:
- description: Federated Authentication
+ LDAP Authentication:
+ description: LDAP Authentication
+ value:
+ databaseName: admin
+ groupId: 32b6e34b3d91647abb20e7b8
+ ldapAuthType: GROUP
+ roles:
+ - databaseName: sales
+ roleName: readWrite
+ - databaseName: marketing
+ roleName: read
+ scopes:
+ - name: myCluster
+ type: CLUSTER
+ username: "CN=marketing,OU=groups,DC=example,DC=com"
+ OIDC Workforce Federated Authentication:
+ description: OIDC Workforce Federated Authentication
value:
databaseName: admin
groupId: 32b6e34b3d91647abb20e7b8
@@ -7676,12 +7691,12 @@ paths:
- name: myCluster
type: CLUSTER
username: 5dd7496c7a3e5a648454341c/sales
- LDAP Authentication:
- description: LDAP Authentication
+ OIDC Workload Federated Authentication:
+ description: OIDC Workload Federated Authentication
value:
- databaseName: admin
+ databaseName: $external
groupId: 32b6e34b3d91647abb20e7b8
- ldapAuthType: GROUP
+ oidcAuthType: USER
roles:
- databaseName: sales
roleName: readWrite
@@ -7690,7 +7705,7 @@ paths:
scopes:
- name: myCluster
type: CLUSTER
- username: "CN=marketing,OU=groups,DC=example,DC=com"
+ username: 5dd7496c7a3e5a648454341c/sales
SCRAM-SHA Authentication:
description: SCRAM-SHA Authentication
value:
@@ -7759,11 +7774,11 @@ paths:
- $ref: '#/components/parameters/envelope'
- $ref: '#/components/parameters/groupId'
- $ref: '#/components/parameters/pretty'
- - description: "Human-readable label that identifies the database against which\
- \ the database user authenticates. Database users must provide both a username\
- \ and authentication database to log into MongoDB. If the user authenticates\
- \ with AWS IAM, x.509, or LDAP, this value should be `$external`. If the\
- \ user authenticates with SCRAM-SHA or OIDC, this value should be `admin`."
+ - description: "The database against which the database user authenticates.\
+ \ Database users must provide both a username and authentication database\
+ \ to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP,\
+ \ or OIDC Workload this value should be `$external`. If the user authenticates\
+ \ with SCRAM-SHA or OIDC Workforce, this value should be `admin`."
in: path
name: databaseName
required: true
@@ -7774,14 +7789,15 @@ paths:
| Authentication Method | Parameter Needed | Parameter Value | username Format |
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
in: path
name: username
required: true
@@ -7820,11 +7836,11 @@ paths:
- $ref: '#/components/parameters/envelope'
- $ref: '#/components/parameters/groupId'
- $ref: '#/components/parameters/pretty'
- - description: "Human-readable label that identifies the database against which\
- \ the database user authenticates. Database users must provide both a username\
- \ and authentication database to log into MongoDB. If the user authenticates\
- \ with AWS IAM, x.509, or LDAP, this value should be `$external`. If the\
- \ user authenticates with SCRAM-SHA or OIDC, this value should be `admin`."
+ - description: "The database against which the database user authenticates.\
+ \ Database users must provide both a username and authentication database\
+ \ to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP,\
+ \ or OIDC Workload this value should be `$external`. If the user authenticates\
+ \ with SCRAM-SHA or OIDC Workforce, this value should be `admin`."
in: path
name: databaseName
required: true
@@ -7835,14 +7851,15 @@ paths:
| Authentication Method | Parameter Needed | Parameter Value | username Format |
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
in: path
name: username
required: true
@@ -7879,11 +7896,11 @@ paths:
- $ref: '#/components/parameters/envelope'
- $ref: '#/components/parameters/groupId'
- $ref: '#/components/parameters/pretty'
- - description: "Human-readable label that identifies the database against which\
- \ the database user authenticates. Database users must provide both a username\
- \ and authentication database to log into MongoDB. If the user authenticates\
- \ with AWS IAM, x.509, or LDAP, this value should be `$external`. If the\
- \ user authenticates with SCRAM-SHA or OIDC, this value should be `admin`."
+ - description: "The database against which the database user authenticates.\
+ \ Database users must provide both a username and authentication database\
+ \ to log into MongoDB. If the user authenticates with AWS IAM, x.509, LDAP,\
+ \ or OIDC Workload this value should be `$external`. If the user authenticates\
+ \ with SCRAM-SHA or OIDC Workforce, this value should be `admin`."
in: path
name: databaseName
required: true
@@ -7894,14 +7911,15 @@ paths:
| Authentication Method | Parameter Needed | Parameter Value | username Format |
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
in: path
name: username
required: true
@@ -22836,9 +22854,12 @@ components:
databaseName:
type: string
default: admin
- description: Database against which the database user authenticates. Database
- users must provide both a username and authentication database to log
- into MongoDB.
+ description: "The database against which the database user authenticates.\
+ \ Database users must provide both a username and authentication database\
+ \ to log into MongoDB. If the user authenticates with AWS IAM, x.509,\
+ \ LDAP, or OIDC Workload this value should be `$external`. If the user\
+ \ authenticates with SCRAM-SHA or OIDC Workforce, this value should be\
+ \ `admin`."
enum:
- admin
- $external
@@ -22889,8 +22910,10 @@ components:
type: string
default: NONE
description: "Human-readable label that indicates whether the new database\
- \ user authenticates with OIDC federated authentication. To create a federated\
- \ authentication user, specify the value of IDP_GROUP for this field."
+ \ user or group authenticates with OIDC federated authentication. To create\
+ \ a federated authentication user, specify the value of USER in this field.\
+ \ To create a federated authentication group, specify the value of IDP_GROUP\
+ \ in this field."
enum:
- NONE
- IDP_GROUP
@@ -22928,14 +22951,15 @@ components:
| Authentication Method | Parameter Needed | Parameter Value | username Format |
|---|---|---|---|
- | AWS IAM | awsType | ROLE | ARN |
- | AWS IAM | awsType | USER | ARN |
+ | AWS IAM | awsIAMType | ROLE | ARN |
+ | AWS IAM | awsIAMType | USER | ARN |
| x.509 | x509Type | CUSTOMER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| x.509 | x509Type | MANAGED | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | USER | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
| LDAP | ldapAuthType | GROUP | [RFC 2253](https://tools.ietf.org/html/2253) Distinguished Name |
- | OIDC | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
- | SCRAM-SHA | awsType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
+ | OIDC Workforce | oidcAuthType | IDP_GROUP | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP group name |
+ | OIDC Workload | oidcAuthType | USER | Atlas OIDC IdP ID (found in federation settings), followed by a '/', followed by the IdP user name |
+ | SCRAM-SHA | awsIAMType, x509Type, ldapAuthType, oidcAuthType | NONE | Alphanumeric string |
maxLength: 1024
x509Type:
type: string