Skip to content

DOCSP-44256 Add Kubernetes Support for OIDC #950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Dec 16, 2024
Merged

DOCSP-44256 Add Kubernetes Support for OIDC #950

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f63841e
DOCSP-44256 Add Kubernetes Support for OIDC
lindseymoore Dec 13, 2024
8674488
edits and remove monospace from titles
lindseymoore Dec 13, 2024
721c5da
change depth to 2
lindseymoore Dec 13, 2024
3235c9e
tech review fix for import
lindseymoore Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 30 additions & 7 deletions source/fundamentals/authentication/enterprise-mechanisms.txt
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't add a comment on the line, but can you change :depth: to 2 at the top of the page? That way, the different OIDC options appear in the TOC on the right.

Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Enterprise Authentication Mechanisms
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:depth: 2
:class: singlecol

.. facet::
Expand All @@ -21,8 +21,8 @@ In this guide, you can find sample code for connection to MongoDB with each
authentication mechanism available in the MongoDB Enterprise Edition:
``Kerberos (GSSAPI/SSPI)``, ``LDAP (PLAIN)``, and ``MONGODB-OIDC``.

``Kerberos (GSSAPI/SSPI)``
--------------------------
Kerberos (GSSAPI/SSPI)
----------------------

.. note::
The Node.js driver supports Kerberos on UNIX using the MIT Kerberos library
Expand Down Expand Up @@ -102,8 +102,8 @@ The following code sample authenticates to Kerberos for UNIX using ``GSSAPI``.
`GSSAPI RFC-4652 <https://tools.ietf.org/html/rfc4752>`_, the SASL
mechanism.

``LDAP (PLAIN)``
----------------
LDAP (PLAIN)
------------

The ``PLAIN`` authentication mechanism uses your username and password to
authenticate to a Lightweight Directory Access Protocol (LDAP) server.
Expand Down Expand Up @@ -226,12 +226,35 @@ The following code example shows how to set the preceding connection options:
+ "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<audience>";
const client = new MongoClient(uri);

Kubernetes
~~~~~~~~~~

If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using
the {+driver-short+}'s built-in Kubernetes support.

To specify Kubernetes OIDC as the authentication mechanism, set the following
options in your connection string:

- ``authMechanism``: Set to ``MONGODB-OIDC``.
- ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``.

The following code example shows how to set the preceding connection options:

.. code-block:: js
:emphasize-lines: 3-4

import { MongoClient } from "mongodb";

const uri = "mongodb://<hostname>:<port>/?authMechanism=MONGODB-OIDC"
+ "&authMechanismProperties=ENVIRONMENT:k8s";
const client = new MongoClient(uri);

Custom Callback
~~~~~~~~~~~~~~~

The {+driver-short+} doesn't offer built-in support for all platforms, including
Azure Functions and Azure Kubernetes Service (AKS). Instead, you
must define a custom callback to use OIDC to authenticate from these platforms.
Azure Functions. Instead, you must define a custom callback to use OIDC to
authenticate from these platforms.

First, define a function that retrieves the access token to use for OIDC authentication.
This function must have the following signature:
Expand Down
Loading