(DOCSP-11364)(DOCSP-11343): atlas dbuser certs create | list (#175)

* (DOCSP-11364)(DOCSP-11343): atlas dbuser certs create | list

* (DOCSP-11364)(DOCSP-11343): tech review feedback

Author: jwilliams-mongo

source/includes/atlas-dbuser-certs-create-output-fields.rst

@@ -0,0 +1,17 @@
+.. list-table::
+   :header-rows: 1
+   :widths: 30 70
+
+   * - Field
+     - Description
+
+   * - ``certificate``
+     - The PEM-encoded X.509 certificate that |service| created for the
+       user.
+
+   * - ``monthsUntilExpiration``
+     - Months until the X.509 certificate expires. Maximum value is
+       ``24``. Defaults to ``3``.
+
+   * - ``username``
+     - Username for whom |service| generated the x.509 certificate.

source/includes/atlas-dbuser-certs-list-output-fields.rst

@@ -0,0 +1,24 @@
+.. list-table::
+   :header-rows: 1
+   :widths: 30 70
+
+   * - Field
+     - Description
+
+   * - ``id``
+     - Serial number of the certificate.
+
+   * - ``createdAt``
+     - |iso8601-time| when |service| created this X.509 certificate.
+
+   * - ``groupId``
+     - Unique identifier of the |service| project to which this 
+       certificate belongs.
+
+   * - ``notAfter``
+     - |iso8601-time| when this certificate expires.
+
+   * - ``subject``
+     - Full distinguished name of the database user to which this 
+       certificate belongs. To learn more, see 
+       `RFC 2253 <https://tools.ietf.org/html/rfc2253>`_.

source/reference/atlas/dbuser-certs-create.txt

@@ -0,0 +1,123 @@
+.. _mcli-atlas-dbuser-certs-create-command:
+
+==================================
+mongocli atlas dbuser certs create
+==================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``dbuser certs create`` command creates an |service|\-managed X.509
+certificate for the specified MongoDB database user who authenticates
+using X.509 certificates. You can also create an |service|\-managed
+X.509 certificate for a MongoDB database user through the |service|
+:atlas:`UI </security-add-mongodb-users/>` or 
+:atlas:`API </reference/api/x509-configuration-create-certificate/>`.
+
+.. important::
+
+   You cannot use the ``dbuser certs create`` command to list certificates
+   for MongoDB database users if 
+
+   - You are managing your own Certificate Authority (CA) in
+     :atlas:`Self-Managed X.509 mode
+     </security-self-managed-x509/#self-managed-x509>`. You must
+     generate certificates for database users using your own CA.
+   - The user you specify does not authenticate using X.509
+     certificates.
+
+.. _dbuser-certs-create-syntax:
+
+Syntax
+------
+
+.. code-block:: text
+
+   mongocli atlas dbuser certs create
+        [ --monthsUntilExpiration <number of months until certificate expires> ]
+        [ --profile|-P <profile-name> ]
+        [ --projectId <project-ID> ]
+        --username <name-of-user>
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _dbuser-certs-create-options:
+
+Options
+-------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 29 8 55 7
+
+   * - Option 
+     - Type
+     - Description
+     - Required?
+
+   * - ``--monthsUntilExpiration``
+     - integer
+     - Months until the X.509 certificate expires. Maximum value is
+       ``24``. Defaults to ``3``.
+     - no
+
+   * - ``--profile``, ``-P``
+     - string
+     - Name of the profile where the public and private 
+       keys for the project are saved. If omitted, uses the 
+       {+default-profile+}. To learn more about creating a 
+       profile, see :ref:`mcli-configure`.
+     - no
+
+   * - ``--projectId``
+     - string
+     - Unique identifier of the project that contains the MongoDB
+       database user. If omitted, uses the project ID in the profile or 
+       :ref:`environment variable <mcli-env-var>`.
+     - no
+
+   * - ``--username``
+     - string
+     - Username for whom you want to create a X.509 certificate. 
+     - yes
+
+.. _dbuser-certs-create-command-output:
+
+Output 
+------
+.. include:: /includes/command-output-intro.rst
+
+.. include:: /includes/atlas-dbuser-certs-create-output-fields.rst
+
+.. _dbuser-certs-create-examples:
+
+Example
+--------
+
+The following example uses the ``mongocli atlas dbuser certs create``
+command to create an |service|\-managed X.509 certificate for a MongoDB
+database user ``dbuser``. It uses the {+default-profile+} to access
+|service| and generate the X.509 certificate.
+
+.. code-block:: sh
+   :copyable: false
+
+   mongocli atlas dbuser certs create --username dbuser --monthsUntilExpiration 3 --projectId 5e2211c17a3e5a48f5497de3
+
+The previous command prints the following fields
+to the terminal. To learn more about these fields, see 
+:ref:`Output <dbuser-certs-create-command-output>`.
+
+.. code-block:: json
+   :copyable: false
+
+   {
+     "username": "dbuser",
+     "monthsUntilExpiration": 3,
+     "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
+   }

source/reference/atlas/dbuser-certs-list.txt

@@ -0,0 +1,134 @@
+.. _mcli-atlas-dbuser-certs-list-command:
+
+================================
+mongocli atlas dbuser certs list
+================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``dbuser certs list`` command retrieves the list of unexpired
+|service|\-managed X.509 certificates for the specified MongoDB database
+user who authenticates using X.509 certificates. You can also list the
+|service|\-managed X.509 certificates for a MongoDB database user
+through the |service| :atlas:`UI </security-add-mongodb-users/>` or 
+:atlas:`API </reference/api/x509-configuration-get-certificates/>`.
+
+.. important::
+
+   You cannot use the ``dbuser certs list`` command to list certificates
+   for MongoDB database users if: 
+
+   - You are managing your own Certificate Authority (CA) in
+     :atlas:`Self-Managed X.509 mode
+     </security-self-managed-x509/#self-managed-x509>`, or
+   - The user you specify does not authenticate using X.509
+     certificates. 
+
+.. _dbuser-certs-list-syntax:
+
+Syntax
+------
+
+.. code-block:: text
+
+   mongocli atlas dbuser certs list|ls <username>
+        [ --profile|-P <profile-name> ]
+        [ --projectId <project-ID> ]
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _dbuser-certs-list-options:
+
+Options
+-------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 20 10 60 10
+
+   * - Option 
+     - Type
+     - Description
+     - Required?
+
+   * - ``--profile``, ``-P``
+     - string
+     - Name of the profile where the public and private 
+       keys for the project are saved. If omitted, uses the 
+       {+default-profile+}. To learn more about creating a 
+       profile, see :ref:`mcli-configure`.
+     - no
+
+   * - ``--projectId``
+     - string
+     - Unique identifier of the project that contains the MongoDB
+       database user. If omitted, uses the project ID in the profile or 
+       :ref:`environment variable <mcli-env-var>`.
+     - no
+
+   * - ``<username>``
+     - string
+     - Username for whom you want to list |service|\-managed X.509
+       certificates.
+     - yes
+
+.. _dbuser-certs-list-command-output:
+
+Output 
+------
+.. include:: /includes/command-output-intro.rst
+
+.. include:: /includes/atlas-dbuser-certs-list-output-fields.rst
+
+.. _dbuser-certs-list-examples:
+
+Example
+--------
+
+The following example uses the ``mongocli atlas dbuser certs list``
+command to retrieve the list of unexpired |service|\-managed X.509
+certificates for the MongoDB database user ``dbuser``. It uses the
+{+default-profile+} to access |service| and retrieve the list of X.509
+certificates.
+
+.. code-block:: sh
+   :copyable: false
+
+   mongocli atlas dbuser certs list dbuser --projectId 5e2211c17a3e5a48f5497de3
+
+The previous command prints the following fields
+to the terminal. To learn more about these fields, see 
+:ref:`Output <dbuser-certs-list-command-output>`.
+
+.. code-block:: json
+   :copyable: false
+
+   [
+     {
+       "_id": 7410558049103803930,
+       "createdAt": "2020-08-04T14:52:31Z",
+       "groupId": "5e2211c17a3e5a48f5497de3",
+       "notAfter": "2020-11-04T15:52:31Z",
+       "subject": "CN=dbuser"
+     },
+     {
+       "_id": 3226318451840077148,
+       "createdAt": "2020-08-04T14:53:35Z",
+       "groupId": "5e2211c17a3e5a48f5497de3",
+       "notAfter": "2020-11-04T15:53:35Z",
+       "subject": "CN=dbuser"
+     },
+     {
+       "_id": 8138860319637071322,
+       "createdAt": "2020-08-04T16:55:06Z",
+       "groupId": "5e2211c17a3e5a48f5497de3",
+       "notAfter": "2020-11-04T17:55:06Z",
+       "subject": "CN=dbuser"
+     }
+   ]

source/reference/atlas/dbuser-commands.txt

@@ -14,3 +14,5 @@ Atlas ``dbuser`` Commands
    Create a Database User </reference/atlas/dbuser-create>
    Modify a Database User </reference/atlas/dbuser-update>
    Delete a Database User </reference/atlas/dbuser-delete>
+   List |service|\-Managed X.509 Certificates Created for a Database User </reference/atlas/dbuser-certs-list>
+   Create an |service|\-Managed X.509 Certificate for a Database User </reference/atlas/dbuser-certs-create>