[DOCS-15953] [Atlas CLI] missing apiKey information for roles at project level vs org level Created: 08/Mar/23  Updated: 08/Nov/23

Status: Backlog
Project: Documentation
Component/s: Atlas, mcli
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Thomas Luckenbach Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 47 weeks, 1 day ago
Story Points: 2

 Description   

 

tluck@M-C02ZJQ8GMD6M ~/my_src/atlas

$ atlas --profile=test-7 project apiKey create --role PROJ_OWNER --desc "test" --help

MongoDB returns the private API key only once. After you run this command, immediately copy, save, and secure both the public and private API keys.

 

Usage:

  atlas projects apiKeys create [flags]

 

Examples:

  # Create an organization API key with the ORG_OWNER role and assign it to the project with ID 5e2211c17a3e5a48f5497de3:

  atlas projects apiKeys create --desc "My API key" --projectId 5e1234c17a3e5a48f5497de3 --role ORG_OWNER --output json

 

Flags:

      --desc string        Description of the API key.

  -h, --help               help for create

  -o, --output string      Output format. Valid values are json, json-path, go-template, or go-template-file.

      --projectId string   Hexadecimal string that identifies the project to use. This option overrides the settings in the configuration file or environment variable.

      --role strings       Role or roles that you want to assign to the API key. To assign more than one role, you can specify each role with a separate role flag or specify all of the roles as a comma-separated list using one role flag. Valid values are ORG_OWNER, ORG_MEMBER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN, and ORG_READ_ONLY.

the roles for a project apiKey should be:

 

        "roleName": "GROUP_CLUSTER_MANAGER"

        "roleName": "GROUP_OWNER"

        "roleName": "ORG_MEMBER"

        "roleName": "GROUP_DATA_ACCESS_ADMIN"

        "roleName": "GROUP_DATA_ACCESS_READ_WRITE"

        "roleName": "GROUP_SEARCH_INDEX_EDITOR"

        "roleName": "GROUP_READ_ONLY"

        "roleName": "GROUP_DATA_ACCESS_READ_ONLY"

  for example:

 # atlas --profile=test-1 project apiKey create --role GROUP_OWNER --desc "cli 1"

 



 Comments   
Comment by Gustavo Bazan [ 14/Mar/23 ]

I have a feeling this is coming from https://github.com/10gen/mms/blob/ec7b5da4878a00ba764b5608aeaef21ce59f9cd9/server/src/main/com/xgen/svc/mms/api/view/ApiCreateApiKeyView.java#L36-L42

Seems like IAM is only documenting org level roles so I opened CLOUDP-166311 to confirm with IAM the behavior here

Generated at Thu Feb 08 08:14:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.