How do I get the full uri including username and password with the mongodbatlas provider in terraform

Question

When I try to output the mongodb uri with Terraform and the mongodb atlas provider, I can't get the full uri with username and password. For example, when I do something like:

terraform {
  required_version = "~> 0.14.7"

  required_providers {
    mongodbatlas = {
      source  = "mongodb/mongodbatlas"
      version = "0.8.2"
    }
  }
}

provider "mongodbatlas" {
  public_key  = var.mongodbatlas_public_key
  private_key = var.mongodbatlas_private_key
}

data "mongodbatlas_cluster" "db" {
  project_id = var.mongodbatlas_project_id
  name       = format("some-db-name-%s", var.env)
}

output "db_url" {
  value = data.mongodbatlas_cluster.db.connection_strings[0].address_srv
}

I always get a uri of the form: mongodb+srv://some-db-name-staging.xjcol.mongodb.net Adding that as an environment variable to my web app in order to connect to db does not work as it needs to authenticate with a username and password. Manually adding the username and password to that string as in mongodb+srv://[username]:[password]@some-db-name-staging.xjcol.mongodb.net works and the app can connect to the db fine.

Answer 1

My solution was to use the string replace function with mongodbatlas_database_user resource:

replace(mongodbatlas_advanced_cluster.mongodb_cluster.connection_strings[0].standard_srv, "mongodb+srv://", "mongodb+srv://${mongodbatlas_database_user.userspace_db_user.username}:${coalesce(nonsensitive(mongodbatlas_database_user.userspace_db_user.password), "null")}@")

Answer 2

While I get what you're trying to achieve, I suspect you're mixing things here. Let me explain:

• MongoDB allows you to create database users that are able to authenticate using password. Those can be created using mongodbatlas_database_user resource.
• You can create your cluster (or source cluster information) using both the resource or data source the way you're trying to achieve it.

However, cluster creation is independent of database and database user creation, meaning that what you're getting from Terraform is just a generic connection string from Mongo where not even Mongo knows which user/database you want to connect to.

I suggest you to compose your own connection string and pass it along to your application using a post-provisioning script, either using your Terraform outputs of cluster and database user, or simply composing it by yourself if you already know the info upfront.

In case you're using AWS, MongoDB Atlas supports connection strings using IAM Users and IAM Roles. This is a much better, safer approach than dealing with passwords and all the extra burden managing passwords implies. If this sounds like something you'd like to explore, do let me know.