diff --git a/source/includes/security/enterprise-auth.kt b/source/includes/security/enterprise-auth.kt index 698ce9ab..9e8ee11e 100644 --- a/source/includes/security/enterprise-auth.kt +++ b/source/includes/security/enterprise-auth.kt @@ -121,6 +121,28 @@ val mongoClient = MongoClient.create( .build()) // end-oidc-gcp-mongo-cred +// start-oidc-k8s-connect-str +val connectionString = ConnectionString( + "mongodb://@:/?" + + "authMechanism=MONGODB-OIDC" + + "&authMechanismProperties=ENVIRONMENT:k8s,TOKEN_RESOURCE:") +val mongoClient = MongoClient.create(connectionString) +// end-oidc-k8s-connect-str + +// start-oidc-k8s-mongo-cred +val credential = MongoCredential.createOidcCredential("") + .withMechanismProperty("ENVIRONMENT", "k8s") + .withMechanismProperty("TOKEN_RESOURCE", "") + +val mongoClient = MongoClient.create( + MongoClientSettings.builder() + .applyToClusterSettings { builder -> + builder.hosts(listOf(ServerAddress("", ))) + } + .credential(credential) + .build()) +// end-oidc-k8s-mongo-cred + // start-oidc-custom-callback val credential = MongoCredential.createOidcCredential(null) .withMechanismProperty("OIDC_CALLBACK") { context: Context -> diff --git a/source/security/enterprise-auth.txt b/source/security/enterprise-auth.txt index 512e4293..b47fb495 100644 --- a/source/security/enterprise-auth.txt +++ b/source/security/enterprise-auth.txt @@ -419,6 +419,52 @@ see the corresponding syntax. :start-after: start-oidc-gcp-mongo-cred :end-before: end-oidc-gcp-mongo-cred +.. _kotlin-sync-auth-kubernetes: + +Kubernetes +~~~~~~~~~~ + +If your application runs on a Kubernetes cluster, you can authenticate +to MongoDB by using the {+driver-short+}'s built-in Kubernetes support. + +Select from the :guilabel:`Connection String` or +:guilabel:`MongoCredential` tabs to see the corresponding syntax. + +.. tabs:: + + .. tab:: Connection String + :tabid: mongodb-kubernetes-connection-string + + To specify Kubernetes OIDC as the authentication mechanism, set the following + options in your connection string: + + - ``authMechanism``: Set to ``MONGODB-OIDC``. + - ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``. + + Replace the ```` placeholder in the + following code with the percent-encoded value of the audience server + parameter configured on your MongoDB deployment. + + .. literalinclude:: /includes/security/enterprise-auth.kt + :language: kotlin + :dedent: + :start-after: start-oidc-k8s-connect-str + :end-before: end-oidc-k8s-connect-str + + .. tab:: MongoCredential + :tabid: mongodb-kubernetes-mongo-credential + + Replace the ``hostname`` and ``port`` with the network address and port + number of your MongoDB deployment. Also, replace the + ```` placeholder with the value of the ``audience`` + server parameter configured on your MongoDB deployment. + + .. literalinclude:: /includes/security/enterprise-auth.kt + :language: kotlin + :dedent: + :start-after: start-oidc-k8s-mongo-cred + :end-before: end-oidc-k8s-mongo-cred + Custom Callback ~~~~~~~~~~~~~~~ diff --git a/source/whats-new.txt b/source/whats-new.txt index eaab4c79..a2f4d56d 100644 --- a/source/whats-new.txt +++ b/source/whats-new.txt @@ -37,6 +37,11 @@ and features: :ref:`kotlin-sync-client-bulk-write-replace` sections of the Bulk Write Operations guide + .. replacement:: k8s-link + + the :ref:`MONGODB-OIDC: Kubernetes ` + section of the Enterprise Authentication Mechanisms guide + .. _kotlin-sync-version-5.3: What's New in 5.3