Support for Cosmosdb mongo RBAC

[brahmiam]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In the same manner as azurerm_cosmosdb_sql_role_definition for sql provisionned account, it would be great to do the same for mongo-provisionned accounts.

New or Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_account

Potential Terraform Configuration

azurerm_cosmosdb_mongo_role_definition and azurerm_cosmosdb_mongo_role_assignment

similar to the sql equivalent

References

No response

[restfulhead]

@brahmiam I believe this has been added by now. The following works for me:

resource "azurerm_cosmosdb_mongo_role_definition" "app" {
  cosmos_mongo_database_id = "..."
  role_name                = "my-custom-role"

  privilege {
    actions = ["find", "insert", "remove", "update"]
    resource = {
      db_name = "..."
      collection_name = "..."
    }
  }
}

resource "azurerm_cosmosdb_mongo_user_definition" "app" {
  depends_on               = [azurerm_cosmosdb_mongo_role_definition.app]
  cosmos_mongo_database_id = "..."
  username                 = "..."
  password                 = "..."
  inherited_role_names     = ["my-custom-role"]
}