Skip to content

Commit 104eb3a

Browse files
jason-price-mongodbjason-price-mongodb
jason-price-mongodb
and
jason-price-mongodb
authored
DOCSP-43265-OIDC-program (#419) (#435)
* DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program * DOCSP-43265-OIDC-program --------- Co-authored-by: jason-price-mongodb <[email protected]>
1 parent 79ee646 commit 104eb3a

File tree

7 files changed

+151
-10
lines changed

7 files changed

+151
-10
lines changed

source/connecting.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,11 @@ to the connection documentation that matches your environment:
2121
- :ref:`c2c-conn-oprem2onprem`
2222
- :ref:`c2c-conn-onprem2atlas`
2323

24+
For additional information, see :ref:`c2c-authentication`.
25+
2426
.. toctree::
2527
:titlesonly:
2628

2729
Atlas Clusters </connecting/atlas-to-atlas>
2830
Self-Managed Clusters </connecting/onprem-to-onprem>
2931
Self-Managed Cluster to Atlas </connecting/onprem-to-atlas>
30-

source/includes/fact-connect-intro.rst

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
The :ref:`mongosync <c2c-mongosync>` utility creates a connection
2-
between MongoDB clusters. ``mongosync`` can make a connection between:
3-
4-
- :ref:`self-managed clusters <server-replica-set-deploy-all>`,
5-
- :atlas:`MongoDB Atlas </>` hosted clusters, or
6-
- a self-managed cluster and an Atlas hosted cluster.
2+
between MongoDB clusters. ``mongosync`` can connect to
3+
any of the following clusters:
74

5+
- :ref:`self-managed clusters <server-replica-set-deploy-all>`
6+
- :atlas:`MongoDB Atlas </>` hosted clusters
7+
- a self-managed cluster and an Atlas hosted cluster

source/includes/mongosync-and-oidc.rst

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
Starting in 1.8.1, you can use ``mongosync`` with :atlas:`Atlas Workload
2+
Identity Federation </workload-oidc>` to authenticate connections to
3+
MongoDB clusters running on Microsoft Azure and Google Cloud Platform.

source/reference.txt

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,13 @@ Reference
1919
Inclusion and exclusion filters to specify which databases and
2020
collections to include in sync.
2121

22+
:ref:`c2c-authentication`
23+
Use Workload Identity Federation to authenticate with clusters.
24+
2225
:ref:`c2c-oplog-sizing`
2326
Increase the size of the oplog on the source cluster for large data
2427
sets.
25-
28+
2629
:ref:`c2c-limitations`
2730
Limitations of ``mongosync``.
2831

@@ -52,6 +55,7 @@ Reference
5255
mongosync API Endpoints </reference/api>
5356
mongosync States </reference/mongosync-states>
5457
Filtered Sync </reference/collection-level-filtering>
58+
Authentication Using Workload Identity Federation </reference/authentication>
5559
oplog Sizing </reference/oplog-sizing>
5660
Finalize Cutover Process </reference/cutover-process>
5761
Limitations </reference/limitations>

source/reference/authentication.txt

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
.. _c2c-authentication:
2+
3+
=================================================
4+
Authentication Using Workload Identity Federation
5+
=================================================
6+
7+
.. default-domain:: mongodb
8+
9+
.. contents:: On this page
10+
:local:
11+
:backlinks: none
12+
:depth: 1
13+
:class: twocols
14+
15+
.. include:: /includes/mongosync-and-oidc.rst
16+
17+
.. COMMENT Add the following link later
18+
.. COMMENT - :ref:`Workforce external provider </workforce-external-provider>`
19+
20+
Examples
21+
--------
22+
23+
This section shows ``mongosync`` examples that use Workload Identity
24+
Federation.
25+
26+
In the :ref:`connection string <connections-connection-options>`, set
27+
:urioption:`authMechanism` to ``MONGODB-OIDC`` and set
28+
:urioption:`authMechanismProperties` as needed:
29+
30+
- For Microsoft Azure, set ``authMechanismProperties`` to
31+
``ENVIRONMENT:azure``
32+
- For Google Cloud Platform, set ``authMechanismProperties`` to
33+
``ENVIRONMENT:gcp``
34+
35+
For details about connection string options, see
36+
:ref:`connection-string-auth-options`.
37+
38+
Connect to MongoDB Clusters Using Microsoft Azure Instance Metadata Service
39+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
40+
41+
The following ``mongosync`` example connects to MongoDB clusters using
42+
Microsoft Azure Instance Metadata Service (IMDS):
43+
44+
.. code-block:: shell
45+
46+
./bin/mongosync \
47+
--logPath /var/log/mongosync \
48+
--cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure" \
49+
--cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure"
50+
51+
.. _c2c-authentication-azure-managed-identities-example:
52+
53+
Connect to MongoDB Clusters Using Microsoft Azure Managed Identities
54+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
55+
56+
To connect to MongoDB clusters using Microsoft Azure Managed Identities
57+
and federated authentication, define these environment variables:
58+
59+
.. list-table::
60+
:header-rows: 1
61+
:widths: 30 70
62+
63+
* - Environment Variable
64+
- Description
65+
66+
* - ``AZURE_TENANT_ID``
67+
- Azure tenant identifier.
68+
69+
* - ``AZURE_APP_CLIENT_ID``
70+
- Azure application client identifier.
71+
72+
* - ``AZURE_CLIENT_ID``
73+
- Azure client identifier.
74+
75+
* - ``AZURE_FEDERATED_TOKEN_FILE``
76+
- Azure federated token file path.
77+
78+
For details about Azure and the variables, see the Microsoft Azure
79+
documentation.
80+
81+
The following ``mongosync`` example defines the environment variables
82+
and connects to MongoDB clusters in Microsoft Azure:
83+
84+
.. code-block:: shell
85+
86+
AZURE_TENANT_ID=08206ab8-16a0-406d-85e4-2f15f5620fac \
87+
AZURE_APP_CLIENT_ID=b6c835da-e536-425b-9405-64bc471e245b \
88+
AZURE_CLIENT_ID=f176d4eb-7dcd-4f66-bccf-aaa316ee61fd \
89+
AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token \
90+
./bin/mongosync \
91+
--logPath /var/log/mongosync \
92+
--cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure" \
93+
--cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure"
94+
95+
Connect to MongoDB Clusters in Google Cloud Platform
96+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
97+
98+
The following ``mongosync`` example connects to MongoDB clusters in
99+
Google Cloud Platform:
100+
101+
.. code-block:: shell
102+
103+
./bin/mongosync \
104+
--logPath /var/log/mongosync \
105+
--cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp" \
106+
--cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp"
107+
108+
No environment variables are required for Google Cloud Platform.
109+
110+
Learn More
111+
----------
112+
113+
- :ref:`c2c-mongosync-behavior`
114+
- :ref:`c2c-connecting`
115+
- :ref:`c2c-states`
116+
- :ref:`c2c-api`
117+
- :ref:`c2c-cutover-process`

source/reference/mongosync.txt

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,6 @@ Global Options
176176

177177
Prints ``mongosync`` version information to stdout.
178178

179-
180179
Behavior
181180
--------
182181

source/release-notes/1.8.txt

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,28 @@ Release Notes for mongosync 1.8
1212
:depth: 2
1313
:class: singlecol
1414

15-
.. _1.8.0-c2c-release-notes:
16-
1715
This page describes changes and new features introduced in
1816
{+c2c-full-product-name+} {+version+} and the {+c2c-full-beta-program+}.
1917

18+
Patch Releases
19+
--------------
20+
21+
.. _1.8.1-c2c-release-notes:
22+
23+
1.8.1 Release
24+
-------------
25+
26+
**October 10, 2024**
27+
28+
mongosync Authentication with Atlas Workload Identity Federation
29+
----------------------------------------------------------------
30+
31+
.. include:: /includes/mongosync-and-oidc.rst
32+
33+
For details, see :ref:`c2c-authentication`.
34+
35+
.. _1.8.0-c2c-release-notes:
36+
2037
1.8.0 Release
2138
-------------
2239

0 commit comments

Comments
 (0)