From da47cb7cb43e2ca304c8a5b12bb89c1125aa298c Mon Sep 17 00:00:00 2001 From: rustagir Date: Mon, 17 Mar 2025 13:08:46 -0400 Subject: [PATCH] DOCSP-47923: kubernetes oidc --- .../src/test/kotlin/EnterpriseAuthTest.kt | 26 ++++++++++++ ...Test.snippet.oidc-k8s-connection-string.kt | 5 +++ ...iseAuthTest.snippet.oidc-k8s-credential.kt | 11 +++++ source/fundamentals/enterprise-auth.txt | 41 ++++++++++++++++++- source/whats-new.txt | 5 +++ 5 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-connection-string.kt create mode 100644 source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-credential.kt diff --git a/examples/src/test/kotlin/EnterpriseAuthTest.kt b/examples/src/test/kotlin/EnterpriseAuthTest.kt index 3a955484..bde469a4 100644 --- a/examples/src/test/kotlin/EnterpriseAuthTest.kt +++ b/examples/src/test/kotlin/EnterpriseAuthTest.kt @@ -171,6 +171,32 @@ internal class EnterpriseAuthTest { // :snippet-end: } + fun oidcKubernetesConnectionString() = runBlocking { + // :snippet-start: oidc-k8s-connection-string + val connectionString = ConnectionString( + "mongodb://@:/?" + + "authMechanism=MONGODB-OIDC" + + "&authMechanismProperties=ENVIRONMENT:k8s,TOKEN_RESOURCE:") + val mongoClient = MongoClient.create(connectionString) + // :snippet-end: + } + + fun oidcKubernetesCredential() = runBlocking { + // :snippet-start: oidc-k8s-credential + val credential = MongoCredential.createOidcCredential("") + .withMechanismProperty("ENVIRONMENT", "k8s") + .withMechanismProperty("TOKEN_RESOURCE", "") + + val mongoClient = MongoClient.create( + MongoClientSettings.builder() + .applyToClusterSettings { builder -> + builder.hosts(listOf(ServerAddress("", PORT))) + } + .credential(credential) + .build()) + // :snippet-end: + } + fun oidcCallback() = runBlocking { // :snippet-start: oidc-callback val credential = MongoCredential.createOidcCredential(null) diff --git a/source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-connection-string.kt b/source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-connection-string.kt new file mode 100644 index 00000000..3618acfd --- /dev/null +++ b/source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-connection-string.kt @@ -0,0 +1,5 @@ +val connectionString = ConnectionString( + "mongodb://@:/?" + + "authMechanism=MONGODB-OIDC" + + "&authMechanismProperties=ENVIRONMENT:k8s,TOKEN_RESOURCE:") +val mongoClient = MongoClient.create(connectionString) diff --git a/source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-credential.kt b/source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-credential.kt new file mode 100644 index 00000000..527f906b --- /dev/null +++ b/source/examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-credential.kt @@ -0,0 +1,11 @@ +val credential = MongoCredential.createOidcCredential("") + .withMechanismProperty("ENVIRONMENT", "k8s") + .withMechanismProperty("TOKEN_RESOURCE", "") + +val mongoClient = MongoClient.create( + MongoClientSettings.builder() + .applyToClusterSettings { builder -> + builder.hosts(listOf(ServerAddress("", ))) + } + .credential(credential) + .build()) diff --git a/source/fundamentals/enterprise-auth.txt b/source/fundamentals/enterprise-auth.txt index defe7000..3cfcb14c 100644 --- a/source/fundamentals/enterprise-auth.txt +++ b/source/fundamentals/enterprise-auth.txt @@ -224,7 +224,6 @@ to improve performance. - `JDK-6722928 `__ - `SO 23427343 `__ - .. _plain-auth-mechanism: LDAP (PLAIN) @@ -396,6 +395,46 @@ see the corresponding syntax. .. literalinclude:: /examples/generated/EnterpriseAuthTest.snippet.oidc-gcp-credential.kt :language: kotlin +.. _kotlin-auth-kubernetes: + +Kubernetes +++++++++++ + +If your application runs on a Kubernetes cluster, you can authenticate +to MongoDB by using the {+driver-short+}'s built-in Kubernetes support. + +Select from the :guilabel:`Connection String` or +:guilabel:`MongoCredential` tabs to see the corresponding syntax. + +.. tabs:: + + .. tab:: Connection String + :tabid: mongodb-kubernetes-connection-string + + To specify Kubernetes OIDC as the authentication mechanism, set the following + options in your connection string: + + - ``authMechanism``: Set to ``MONGODB-OIDC``. + - ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``. + + Replace the ```` placeholder in the + following code with the percent-encoded value of the audience server + parameter configured on your MongoDB deployment. + + .. literalinclude:: /examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-connection-string.kt + :language: kotlin + + .. tab:: MongoCredential + :tabid: mongodb-kubernetes-mongo-credential + + Replace the ``hostname`` and ``port`` with the network address and port + number of your MongoDB deployment. Also, replace the + ```` placeholder with the value of the ``audience`` + server parameter configured on your MongoDB deployment. + + .. literalinclude:: /examples/generated/EnterpriseAuthTest.snippet.oidc-k8s-credential.kt + :language: kotlin + Custom Callback +++++++++++++++ diff --git a/source/whats-new.txt b/source/whats-new.txt index 3cac60d4..34cbb4ae 100644 --- a/source/whats-new.txt +++ b/source/whats-new.txt @@ -39,6 +39,11 @@ and features: :ref:`kotlin-client-bulk-write-replace` sections of the Bulk Operations guide + .. replacement:: k8s-link + + the :ref:`MONGODB-OIDC: Kubernetes ` + section of the Enterprise Authentication Mechanisms guide + .. _kotlin-coroutine-version-5.3: What's New in 5.3