(DOCSP-11430)(DOCSP-11432): add --x509Type and --awsIAMType to atlas … (#193)

jwilliams-mongo · web-flow · commit fba679b4b40c · 2020-08-24T10:32:30.000-04:00
* (DOCSP-11430)(DOCSP-11432): add --x509Type and --awsIAMType to atlas dbuser create * (DOCSP-11430)(DOCSP-11432): fix example formatting * (DOCSP-11430)(DOCSP-11432): fix table formatting * (DOCSP-11430)(DOCSP-11432): note that you can't cerate user with both x509 and aws iam * (DOCSP-11430)(DOCSP-11432): small language tweak
diff --git a/source/reference/atlas/dbuser-commands.txt b/source/reference/atlas/dbuser-commands.txt
@@ -14,5 +14,5 @@ Atlas ``dbuser`` Commands
    Create a Database User </reference/atlas/dbuser-create>
    Modify a Database User </reference/atlas/dbuser-update>
    Delete a Database User </reference/atlas/dbuser-delete>
-   List |service|\-Managed X.509 Certificates Created for a Database User </reference/atlas/dbuser-certs-list>
-   Create an |service|\-Managed X.509 Certificate for a Database User </reference/atlas/dbuser-certs-create>
+   List Atlas-Managed X.509 Certificates Created for a Database User </reference/atlas/dbuser-certs-list>
+   Create an Atlas-Managed X.509 Certificate for a Database User </reference/atlas/dbuser-certs-create>
diff --git a/source/reference/atlas/dbuser-create.txt b/source/reference/atlas/dbuser-create.txt
@@ -28,12 +28,13 @@ Syntax
    mongocli atlas dbuser create 
         --username|-u <name-of-user>  
         [ --output|-o <output-format> ]
-        --password|-p <password-of-user>
+        [ --password|-p <password-of-user> ]
         [ --profile|-P <profile-name> ]
         [ --projectId <project-ID> ]
         --role <name-of-role>
-        [ --authDB <authentication-database> ]
         [ --deleteAfter <date-of-deletion> ]
+        [ --x509Type <NONE|MANAGED|CUSTOMER> ]
+        [ --awsIAMType <NONE|USER|ROLE> ]
 
 .. include:: /includes/fact-command-line-help.rst
 
@@ -58,12 +59,28 @@ Options
 
    * - ``--username``, ``-u``
      - string
-     - Username for authenticating the user to MongoDB.
+     - Username for authenticating the user to MongoDB. 
+
+       Must be a fully qualified distinguished name, as defined in `RFC
+       2253 <https://tools.ietf.org/html/rfc2253.html>`__, if:
+
+       - ``--x509Type`` is ``CUSTOMER``.
+
+       Must be an `Amazon Resource Name (ARN)
+       <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`__ if:
+       
+       - ``--awsIAMType`` is ``USER`` or ``ROLE``.
+
      - yes
 
    * - ``--password``, ``-p``
      - string
-     - Password for authenticating the user to MongoDB.
+     - Password for authenticating the user to MongoDB. Required if:
+
+       - ``--x509Type`` and ``--awsIAMType`` are omitted or ``NONE``,
+         meaning that the database user authenticates with
+         ``SCRAM-SHA``.
+
      - no
 
    * - ``--profile``, ``-P``
@@ -91,11 +108,6 @@ Options
        </security-add-mongodb-users/index.html#mongodb-database-user-privileges>`.
      - yes
 
-   * - ``--authDB``
-     - string
-     - Name of the authentication database. Defaults to ``admin``.
-     - no
-
    * - ``--deleteAfter``
      - date
      - |iso8601-time| after which |service| deletes the user. The 
@@ -118,6 +130,50 @@ Options
              --deleteAfter 2020-08-01T12:30-04:00
      - no
 
+   * - ``--x509Type``
+     - string
+     - X.509 method by which the provided username is authenticated.
+
+       Accepted values are:
+
+       - ``NONE``: User doesn't authenticate with X.509.
+       - ``MANAGED``: User authenticates with |service|-managed X.509.
+         You do not need to provide a ``--password`` for the user. 
+       - ``CUSTOMER``: User authenticates with :atlas:`self-managed
+         X.509 </security-self-managed-x509/#self-managed-x509>`. 
+         You do not need to provide a ``--password`` for the user. You
+         must include a fully qualified Distinguished Name (DN) as the
+         ``--username`` for users who authenticate with self-managed
+         X.509.
+
+       If no value is given, |service| uses the default value of
+       ``NONE``. You receive an error if the value is ``MANAGED`` or
+       ``CUSTOMER`` and ``--awsIAMType`` is ``USER`` or ``ROLE``.
+
+     - no
+
+   * - ``--awsIAMType``
+     - string
+     - If this value is set, the new database user authenticates with
+       |aws| IAM credentials.
+
+       Accepted values are:
+
+       - ``NONE``: User doesn't authenticate with AWS IAM credentials.
+       - ``USER``: User authenticates with :atlas:`AWS IAM user
+         credentials
+         </security-add-mongodb-users/#database-user-authentication>`.
+         You do not need to provide a ``--password`` for the user. 
+       - ``ROLE``: User authenticates with :atlas:`AWS IAM role
+         credentials
+         </security-add-mongodb-users/#database-user-authentication>`.
+         You do not need to provide a ``--password`` for the user.
+
+       If no value is given, |service| uses the default value of
+       ``NONE``. You receive an error if the value is ``USER`` or
+       ``ROLE`` and ``--x509Type`` is ``MANAGED`` or ``CUSTOMER``.
+     - no
+
 .. _dbuser-create-command-output:
 
 Output
@@ -165,15 +221,17 @@ to the terminal. To learn more about these fields, see
    :copyable: false
 
    {
-	    "roles": [{
-			   "roleName": "atlasAdmin",
-			   "databaseName": "admin"
-	  	}],
-	    "groupId": "5e2211c17a3e5a48f5497de3",
-	    "username": "user1",
-	    "databaseName": "admin",
-	    "ldapAuthType": "NONE"
-    }
+   	"roles": [{
+   		"roleName": "atlasAdmin",
+   		"databaseName": "admin"
+   	}],
+   	"groupId": "5e2211c17a3e5a48f5497de3",
+   	"username": "user1",
+   	"databaseName": "admin",
+   	"ldapAuthType": "NONE",
+   	"x509Type": "NONE",
+   	"awsIAMType": "NONE"
+   }
 
 .. _dbuser-create-eg-2:
 
@@ -209,19 +267,22 @@ To learn more about these fields, see :ref:`Output
    :copyable: false
 
    {
-	     "roles": [{
-			     "roleName": "readWriteAnyDatabase",
-			     "databaseName": "admin"
-		    },
-		    {
-		     	 "roleName": "clusterMonitor",
-			     "databaseName": "admin"
-		    }],
-	      "groupId": "5e2211c17a3e5a48f5497de3",
-	      "username": "egUser",
-	      "databaseName": "admin",
-	      "ldapAuthType": "NONE"
-    }
+   	"roles": [{
+   			"roleName": "readWriteAnyDatabase",
+   			"databaseName": "admin"
+   		},
+   		{
+   			"roleName": "clusterMonitor",
+   			"databaseName": "admin"
+   		}
+   	],
+   	"groupId": "5e2211c17a3e5a48f5497de3",
+   	"username": "egUser",
+   	"databaseName": "admin",
+   	"ldapAuthType": "NONE",
+   	"x509Type": "NONE",
+   	"awsIAMType": "NONE"
+   }
 
 .. _dbuser-create-eg-3:
 
@@ -252,15 +313,15 @@ to the terminal. To learn more about these fields, see
    :copyable: false
 
    {
-      "roles": [{
-         "roleName": "clusterMonitor",
-         "databaseName": "admin"
-      }],
-      "groupId": "5e2211c17a3e5a48f5497de3",
-      "username": "tempUser",
-      "databaseName": "admin",
-      "ldapAuthType": "NONE",
-      "x509Type": "NONE",
-      "awsIAMType": "NONE",
-      "deleteAfterDate": "2020-07-31T00:00:00Z"
+   	"roles": [{
+   		"roleName": "clusterMonitor",
+   		"databaseName": "admin"
+   	}],
+   	"groupId": "5e2211c17a3e5a48f5497de3",
+   	"username": "tempUser",
+   	"databaseName": "admin",
+   	"ldapAuthType": "NONE",
+   	"x509Type": "NONE",
+   	"awsIAMType": "NONE",
+   	"deleteAfterDate": "2020-07-31T00:00:00Z"
    }
