From a8af36a4893443cdd9f45358902ee76fb036bd87 Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Tue, 10 Dec 2024 14:48:13 -0600 Subject: [PATCH 1/2] oidc k8s --- source/fundamentals/authentication/oidc.txt | 46 ++++++++++++++++++--- source/includes/comma-auth-options.rst | 7 ++-- 2 files changed, 44 insertions(+), 9 deletions(-) diff --git a/source/fundamentals/authentication/oidc.txt b/source/fundamentals/authentication/oidc.txt index dae82f66..c14d4ebd 100644 --- a/source/fundamentals/authentication/oidc.txt +++ b/source/fundamentals/authentication/oidc.txt @@ -79,8 +79,6 @@ using a ``MongoCredential`` object or as part of the connection string. Select t :guilabel:`Connection String` or :guilabel:`MongoCredential` tab to see the corresponding syntax. -.. include:: /includes/comma-auth-options.rst - .. tabs:: .. tab:: Connection String @@ -127,8 +125,6 @@ using a ``MongoCredential`` object or as part of the connection string. Select t :guilabel:`Connection String` or :guilabel:`MongoCredential` tab to see the corresponding syntax. -.. include:: /includes/comma-auth-options.rst - .. tabs:: .. tab:: Connection String @@ -159,11 +155,51 @@ see the corresponding syntax. .WithMechanismProperty("TOKEN_RESOURCE", ""); var client = new MongoClient(mongoClientSettings); +Kubernetes +~~~~~~~~~~ + +If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using +the {+driver-short+}'s built-in Kubernetes support. + +You can specify Kubernetes OIDC authentication on a ``MongoClientSettings`` object either by +using a ``MongoCredential`` object or as part of the connection string. Select the +:guilabel:`Connection String` or :guilabel:`MongoCredential` tab to +see the corresponding syntax. + +.. tabs:: + + .. tab:: Connection String + :tabid: oidc-kubernetes-connection-string + + The following code example shows how to specify Kubernetes OIDC authentication as + part of the authentication string: + + .. code-block:: csharp + + var connectionString = "mongodb://[:]/?authMechanism=MONGODB-OIDC" + + "&authMechanismProperties=ENVIRONMENT:k8s"; + var mongoClientSettings = MongoClientSettings.FromConnectionString(connectionString); + var client = new MongoClient(mongoClientSettings); + + .. tab:: MongoCredential + :tabid: oidc-kubernetes-mongo-credential + + The following code example shows how to specify Kubernetes OIDC authentication by using + a ``MongoCredential`` object: + + .. code-block:: csharp + + var mongoClientSettings = MongoClientSettings.FromConnectionString( + "mongodb://[:]"); + mongoClientSettings.Credential = MongoCredential + .CreateOidcCredential("k8s") + var client = new MongoClient(mongoClientSettings); + Custom Callback ~~~~~~~~~~~~~~~ The {+driver-short+} doesn't offer built-in support for all platforms, including -Azure Functions and Azure Kubernetes Service (AKS). Instead, you +Azure Functions. Instead, you must define a custom callback to use OIDC to authenticate from these platforms. First, define a class that implements the ``IOidcCallback`` interface. This interface diff --git a/source/includes/comma-auth-options.rst b/source/includes/comma-auth-options.rst index a5ac6ac4..4e7a9042 100644 --- a/source/includes/comma-auth-options.rst +++ b/source/includes/comma-auth-options.rst @@ -1,6 +1,5 @@ .. note:: - You cannot pass values containing the comma (``,``) character to the - ``authMechanismProperties`` connection string parameter. - You must specify values that contain commas in a ``MongoCredential`` object, - as demonstrated in the :guilabel:`MongoCredential` tab. \ No newline at end of file + If you pass a value containing the comma (``,``) character to the + ``authMechanismProperties`` connection string parameter, you must + percent-encode the comma character as ``%2C``. \ No newline at end of file From 831aca12ba9e7afce9e23750f49c57c67a156c83 Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:06:33 -0600 Subject: [PATCH 2/2] Update source/fundamentals/authentication/oidc.txt Co-authored-by: Nora Reidy --- source/fundamentals/authentication/oidc.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/fundamentals/authentication/oidc.txt b/source/fundamentals/authentication/oidc.txt index c14d4ebd..66ebb19d 100644 --- a/source/fundamentals/authentication/oidc.txt +++ b/source/fundamentals/authentication/oidc.txt @@ -172,7 +172,7 @@ see the corresponding syntax. :tabid: oidc-kubernetes-connection-string The following code example shows how to specify Kubernetes OIDC authentication as - part of the authentication string: + part of the connection string: .. code-block:: csharp