search

akshaykarle / terraform-provider-mongodbatlas

Terraform provider for MongoDB Atlas
Mozilla Public License 2.0
122 stars 54 forks source link

Use programmatic api keys for auth #84

Open hpio opened 5 years ago

hpio commented 5 years ago

Hi, so I'm planning on using this provider. After looking at Atlas docs personal API keys are deprecated in favour of programmatic keys as per: https://docs.atlas.mongodb.com/reference/api/create-api-key/

Yet from what I can see provider requires both username and api key, am I right thinking that I need to create a personal key and at the moment its not possibel to use programmatic ones?

Thanks

xM8WVqaG commented 5 years ago

Received the following in an email yesterday:

In June, we will disable the ability to create new personal MongoDB Cloud user-associated API Keys. Pre-existing API Keys will continue to work for the time being.

Instead, going forward, Programmatic API Keys should be used.

Programmatic API keys have some important benefits: their creation, deletion, and API IP Whitelist history can be viewed by Org administrators allowing for better tracking of keys and easier policy management.

Programmatic API Keys can be granted the same set of roles as Cloud users, including both Project- and Org-level roles.

You can easily create Programmatic API keys in the UI or by API.

Regards,

The MongoDB Team

I switched out my user API tokens for programmatic ones in my provider and was able to use most of the resources except for creating new projects. As the documentation suggests here, you can't create new projects with the programmatic API keys.

_To create a project, you must authenticate as an Atlas user. If you attempt to create a project using API Key credentials instead of Atlas user credentials, Atlas returns the API_KEY_CANNOT_CREATE_GROUP error._

I opened a support request to find out how we're supposed to create projects using the new programmatic API and basically, you can't:

You are correct, after internally attempting the scenario using the API to create a Project as you would like to do, we have confirmed it is not possible as of now to create projects via the API.

As of now, you may only create a project using the Atlas UI.

I will open an internal request to confirm the intended pattern for creating project via the API and will be happy to update you once we have an update on this.

We will do our best to ensure this is ready before the depreciation takes place.

tl;dr, programmatic keys already mostly work and where they don't work with creating new projects is an upstream issue.

hpio commented 5 years ago

@xM8WVqaG how did you replace 

username
api_key

with programmatic api key in your terraform configuration?

xM8WVqaG commented 5 years ago

The public half of the key goes in the username field, the private half goes in the api_key field. For example:

  # Programmatic API Token
  username = "pukvvaaa"
  api_key  = "6eb0d95a-111-2222-3333-6a8b001d8dff"
xM8WVqaG commented 5 years ago

Update It's now possible to create projects using programmatic API tokens.

I spoke to tech support, and although the documentation is yet to be updated, they confirmed that this change is now live.

With this, as far as my incomplete testing can confirm, you are now able to use programmatic API tokens in place of personal tokens right now.