USER MANUALS

MongoDB Data Sources

To create a MongoDB data source, use the statement CREATE DATASOURCE MONGODB.

Syntax of the CREATE DATASOURCE MONGODB statement
 CREATE [ OR REPLACE ] DATASOURCE MONGODB <name:identifier>
     [ ID = <literal> ]
     [ FOLDER = <literal> ]
     CONNECTION (
     {   URI = <literal>
         | HOST = <literal> PORT = <integer>
     }
     [ <tls_options> ]
     [ PROPERTIES ( [ <literal> = <literal> [, <literal> = <literal> ]* ] ) ]
     )
     [ AUTHENTICATION (
         { NONE
         | [ AUTH_DATABASE ]
         [ WITH PASS-THROUGH SESSION CREDENTIALS [ ( USE_KERBEROS ) ] ]
         <authentication> }
     )
     ]
     [ POOL (
         MAXACTIVE = <integer>
         MINACTIVE = <integer>
         CONNECTTIMEOUT = <integer>
         SOCKETTIMEOUT = <integer>
         WAITQUEUETIMEOUT = <integer>
     )
     ]
     [ <data_infrastructure> ]
     [ DESCRIPTION = <literal> ]
     [ SOURCECONFIGURATION ( [ <source configuration property>
                             [, <source configuration property> ]* ] ) ]


 <tls_options> ::=
 {
     TLS
   | TLS TWO_WAY_SSL (
       CERTIFICATE <literal> [ ENCRYPTED ]
       CERTIFICATE_PASSWORD <literal> [ ENCRYPTED ]
     )
 }

 <authentication> ::=
 {
     <credentials>
   | USE_KERBEROS <kerberos_credentials>
 }

 <credentials> ::=
 {
   [ VAULT_SECRET = <literal> ]
   USERNAME = { <literal> | <vault_credentials> }
   USERPASSWORD = { <literal> [ ENCRYPTED ] | <vault_credentials> }
   [ <vault_conf> ]
 }

 <kerberos_credentials> ::=
 {
     [ VAULT_SECRET = <literal> ]
     KRB_USERNAME = { <literal> | <vault_credentials> }
     KRB_USERPASSWORD = { <literal> [ ENCRYPTED ] | <vault_credentials> }
     [ <vault_conf> ]
   | KRB_USERNAME = <literal> KRB_KEYTAB = <literal>
 }

 <vault_credentials> ::=
 {
     FROM_VAULT
   | FROM_VAULT (VAULT_SECRET = <literal>, FIELD_AT_SECRET = DEFAULT)
 }

 <vault_conf> ::=
 CREDENTIALS_VAULT (
     STATUS { ON | DEFAULT }
     [ PROVIDER
     {  CYBERARK (
         APPLICATION_ID = <literal>
         { AGENT
         | AGENT_LESS (
             CLIENT_KEY = <literal> [ ENCRYPTED ]
             [ CLIENT_KEY_PASSWORD = <literal> [ ENCRYPTED ] ]
             )
         }
         )
     }
     ]
 )

 <data_infrastructure> ::=
     DATA_INFRASTRUCTURE (
         [ PROVIDER = <literal> ]
         [ REGION  = <literal>  ]
     )

To modify an existing MongoDB data source, use the ALTER DATASOURCE MONGODB statement.

Syntax of the ALTER DATASOURCE MONGODB statement
 ALTER DATASOURCE MONGODB <name:identifier>
     [ CONNECTION (
         {   URI = <literal>
         | HOST = <literal> PORT = <integer>
         }
         [ <tls_options> ]
         [ PROPERTIES ( [ <literal> = <literal> [, <literal> = <literal> ]* ] ) ]
     )
     ]
     [ AUTHENTICATION (
         { NONE
         | [ AUTH_DATABASE ]
         [ WITH PASS-THROUGH SESSION CREDENTIALS [ ( USE_KERBEROS ) ] ]
         <authentication> }
     )
     ]
     [ POOL (
         MAXACTIVE = <integer>
         MINACTIVE = <integer>
         CONNECTTIMEOUT = <integer>
         SOCKETTIMEOUT = <integer>
         WAITQUEUETIMEOUT = <integer>
     )
     ]
     [ <data_infrastructure> ]
     [ DESCRIPTION = <literal> ]
     [ SOURCECONFIGURATION ( [ <source configuration property>
                             [, <source configuration property> ]* ] ) ]

<tls_options> ::= (see CREATE DATASOURCE MONGODB)

<authentication> ::= (see CREATE DATASOURCE MONGODB)

<data_infrastructure> ::= (see CREATE DATASOURCE MONGODB)

Explanation of some of the parameters of these statements:

  • OR REPLACE: if present and a data source with the same name exists, the current definition is substituted with the new one.

  • FOLDER: name of the folder where the data source will be stored.

  • CONNECTION: clause to indicate the connection parameters to the source.

    • URI: the connection URL to the database (e.g: “mongodb://localhost:27017/”).

    • HOST and PORT: the connection host and port.

    • TLS: parameter to indicate that TLS should be used on the connection.

    • TLS TWO_WAY_SSL: parameter to indicate that Mutual (two-way SSL) should be used on the connection.

      • CERTIFICATE: Base64 representation of the client certificate file.

      • CERTIFICATE_PASSWORD: certificate paraphrase if it is encrypted.

    • PROPERTIES: properties to configure the connection (e.g. authSource, connectionTimeoutMS, replicaSet, ssl, etc.)

  • AUTHENTICATION: clause to indicate the authentication to be used in the connection to the source.

    • AUTH_DATABASE: the source of the authentication credentials (option “authSource” in MongoDB), this is typically the database that the credentials have been created. The default value is “admin”. This parameter can only be used with HOST and PORT connection.

    • The authentication methods available to connect to a database are the following:

      • NONE: no authentication.

      • <credentials>: provide the USERNAME and PASSWORD to connect to the database to execute queries and for the introspection process (i.e. to display the databases/collections of the database in the “Create base view” dialog of the data source).

      • USE_KERBEROS <kerberos_credentials>: provide the KRB_USERNAME with KRB_USERPASSWORD or KRB_KEYTAB (base64 representation of the keytab file) to use Kerberos to connect to the database to execute queries and for the introspection process (i.e. to display the databases/collections of the database in the “Create base view” dialog of the data source).

      • WITH PASS-THROUGH SESSION CREDENTIALS [ ( USE_KERBEROS ) ]: use login and password for the introspection process and the credentials of the client that connected to the Virtual DataPort server to execute queries. The credentials used to run queries can be Kerberos or login/password depending on the authentication the client used to connect to the Virtual DataPort server. If USE_KERBEROS is specified, the Server will use the login/password to create the Kerberos ticket.

    • CREDENTIALS_VAULT: customize the Credentials Vault configuration at the Data Source level, which is particularly useful when you need to manage credentials for multiple databases with varying configurations. By allowing different configurations for different data sources, you can achieve a more secure and efficient credential management process.

  • POOL: clause to configure the connection pool. If this clause is not provided, default values are assigned to each parameter.

    • MAXACTIVE: Maximum number of active connections (default: 100).

    • MINACTIVE: minimum number of active connections (default: 0).

    • CONNECTTIMEOUT: connection timeout in milliseconds (default: 10000).

    • SOCKETTIMEOUT: socket timeout in milliseconds (default: 0).

    • WAITQUEUETIMEOUT: wait queue timeout in milliseconds (default: 120000).

  • DATA_INFRASTRUCTURE: clause to set the infrastructure information where the data source is deployed.

    • PROVIDER: name of the infrastructure provider (e.g. on-premise, Amazon Web Services, Microsoft Azure, Google Cloud Platform, etc.)

    • REGION: region name.

Add feedback