How do I get the full uri including username and password with the mongodbatlas provider in terraform

Asked 30/3, 2021 at 11:5 Answered 4/9, 2022 at 21:59

mongodb terraform continuous-deployment mongodb-atlas continuous-delivery

When I try to output the mongodb uri with Terraform and the mongodb atlas provider, I can't get the full uri with username and password. For example, when I do something like:

terraform {
  required_version = "~> 0.14.7"

  required_providers {
    mongodbatlas = {
      source  = "mongodb/mongodbatlas"
      version = "0.8.2"
    }
  }
}

provider "mongodbatlas" {
  public_key  = var.mongodbatlas_public_key
  private_key = var.mongodbatlas_private_key
}

data "mongodbatlas_cluster" "db" {
  project_id = var.mongodbatlas_project_id
  name       = format("some-db-name-%s", var.env)
}

output "db_url" {
  value = data.mongodbatlas_cluster.db.connection_strings[0].address_srv
}

I always get a uri of the form: mongodb+srv://some-db-name-staging.xjcol.mongodb.net Adding that as an environment variable to my web app in order to connect to db does not work as it needs to authenticate with a username and password. Manually adding the username and password to that string as in mongodb+srv://[username]:[password]@some-db-name-staging.xjcol.mongodb.net works and the app can connect to the db fine.

Volumeter answered 30/3, 2021 at 11:5 Comment(1)

any luck or did you end up using some form of string interpolation? My concern is getting xjcol out of srv_address in the first instance – Heterosexual 24/5, 2022 at 17:20

My solution was to use the string replace function with mongodbatlas_database_user resource:

replace(mongodbatlas_advanced_cluster.mongodb_cluster.connection_strings[0].standard_srv, "mongodb+srv://", "mongodb+srv://${mongodbatlas_database_user.userspace_db_user.username}:${coalesce(nonsensitive(mongodbatlas_database_user.userspace_db_user.password), "null")}@")

Millett answered 4/9, 2022 at 21:59 Comment(0)

While I get what you're trying to achieve, I suspect you're mixing things here. Let me explain:

MongoDB allows you to create database users that are able to authenticate using password. Those can be created using mongodbatlas_database_user resource.
You can create your cluster (or source cluster information) using both the resource or data source the way you're trying to achieve it.

However, cluster creation is independent of database and database user creation, meaning that what you're getting from Terraform is just a generic connection string from Mongo where not even Mongo knows which user/database you want to connect to.

I suggest you to compose your own connection string and pass it along to your application using a post-provisioning script, either using your Terraform outputs of cluster and database user, or simply composing it by yourself if you already know the info upfront.

In case you're using AWS, MongoDB Atlas supports connection strings using IAM Users and IAM Roles. This is a much better, safer approach than dealing with passwords and all the extra burden managing passwords implies. If this sounds like something you'd like to explore, do let me know.

Foredate answered 28/1, 2022 at 4:50 Comment(0)

Recommended topics

Hot tags