(DOCSP-11326)(DOCSP-11330)(DOCSP-11334): atlas security customerCerts… (#177)

jwilliams-mongo · web-flow · commit c52b1a3c70d1 · 2020-08-07T11:39:18.000-04:00
* (DOCSP-11326)(DOCSP-11330)(DOCSP-11334): atlas security customerCerts create | describe | disable * (DOCSP-11326)(DOCSP-11330)(DOCSP-11334): typo * (DOCSP-11334): tech review feedback
diff --git a/source/includes/security-customercerts-describe-output.rst b/source/includes/security-customercerts-describe-output.rst
@@ -0,0 +1,12 @@
+.. list-table::
+   :widths: 20 10 80
+   :header-rows: 1
+
+   * - Name
+     - Type
+     - Description
+
+   * - ``cas``
+     - string
+     - PEM-encoded string containing one or more customer-managed CA
+       certificates for database user authentication.
diff --git a/source/reference/atlas.txt b/source/reference/atlas.txt
@@ -39,6 +39,9 @@ Atlas ``mongocli`` Commands
   Retrieve information about MongoDB processes running on a specified
   |service| project.
 
+:ref:`security <mcli-reference-atlas-security>`
+  Manage |service| security features.
+
 :ref:`whitelist <mcli-reference-atlas-whitelist>`
   Manage :atlas:`whitelist </security-whitelist/>` entries.
 
@@ -51,9 +54,10 @@ Atlas ``mongocli`` Commands
       Backups </reference/atlas/backup-commands>
       Clusters </reference/atlas/cluster-commands>
       Database Users </reference/atlas/dbuser-commands>
+      Data Lakes </reference/atlas/datalake-commands>
       Events </reference/atlas/event-commands>
       Logs </reference/atlas/log-commands>
       Metrics </reference/atlas/metric-commands>
       Processes </reference/atlas/process-commands>
+      Security </reference/atlas/security-commands>
       Whitelists </reference/atlas/whitelist-commands>
-      Data Lakes </reference/atlas/datalake-commands>
diff --git a/source/reference/atlas/security-commands.txt b/source/reference/atlas/security-commands.txt
@@ -0,0 +1,14 @@
+.. _mcli-reference-atlas-security:
+
+===========================
+Atlas ``security`` Commands
+===========================
+
+.. default-domain:: mongodb
+
+.. toctree::
+   :titlesonly:
+
+   Save a Customer-Managed X.509 Configuration </reference/atlas/security-customercerts-create>
+   Describe a Customer-Managed X.509 Configuration </reference/atlas/security-customercerts-describe>
+   Disable a Customer-Managed X.509 Configuration </reference/atlas/security-customercerts-disable>
diff --git a/source/reference/atlas/security-customercerts-create.txt b/source/reference/atlas/security-customercerts-create.txt
@@ -0,0 +1,108 @@
+.. _mcli-atlas-security-customercerts-create-command:
+
+============================================
+mongocli atlas security customerCerts create
+============================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``security customerCerts describe`` command saves a customer-managed
+X.509 configuration for a project. You can also save a customer-managed
+X.509 configuration for a project through the |service| :atlas:`UI
+</security-self-managed-x509/>` or 
+:atlas:`API </reference/api/x509-configuration-save/>`.
+
+.. important::
+
+   Saving a customer-managed X.509 configuration triggers a rolling
+   restart.
+
+.. _security-customercerts-create-syntax:
+
+Syntax
+------
+
+.. code-block:: text
+
+   mongocli atlas security customerCerts|certs create
+          --casFile <path/to/file.pem>
+        [ --profile|-P <profile-name> ]
+        [ --projectId <project-ID> ]
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _security-customercerts-create-options:
+
+Options
+-------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 29 8 55 7
+
+   * - Option 
+     - Type
+     - Description
+     - Required?
+
+   * - ``--casFile``
+     - string
+     - The full path on your local system to the PEM-encoded
+       Certificate Authority (CA) certificate or certificates that you
+       want |service| to use to authenticate database users.
+     - yes
+
+   * - ``--profile``, ``-P``
+     - string
+     - Name of the profile where the public and private 
+       keys for the project are saved. If omitted, uses the 
+       {+default-profile+}. To learn more about creating a 
+       profile, see :ref:`mcli-configure`.
+     - no
+
+   * - ``--projectId``
+     - string
+     - Unique identifier of the project for which you want to save a
+       customer-managed X.509 configuration. If omitted, uses the
+       project ID in the profile or :ref:`environment variable
+       <mcli-env-var>`.
+     - no
+
+.. _security-customercerts-create-command-output:
+
+Output 
+------
+.. include:: /includes/command-output-intro.rst
+
+.. include:: /includes/security-customercerts-describe-output.rst
+
+.. _security-customercerts-create-examples:
+
+Example
+--------
+
+The following ``mongocli atlas security customerCerts create`` command
+saves a customer-managed X.509 configuration for a project. It uses the 
+{+default-profile+} to access the |service| cluster.
+
+.. code-block:: sh
+   :copyable: false
+
+   mongocli atlas security customerCerts create --casFile path/to/ca.pem --projectId 5e2211c17a3e5a48f5497de3
+
+The command prints the following to the terminal. To learn more about
+these fields, see :ref:`Output
+<security-customercerts-create-command-output>`. 
+
+.. code-block:: json
+   :copyable: false
+
+   {
+     "cas": "-----BEGIN CERTIFICATE-----\nMIIEljCCAn4CCQDIOFwZ41mcVDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJD...n9fAKZTI24VvEFW5dA21Ha3+JYli2JCqJV3s=\n-----END CERTIFICATE-----\n"
+   }
diff --git a/source/reference/atlas/security-customercerts-describe.txt b/source/reference/atlas/security-customercerts-describe.txt
@@ -0,0 +1,96 @@
+.. _mcli-atlas-security-customercerts-describe-command:
+
+==============================================
+mongocli atlas security customerCerts describe
+==============================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``security customerCerts describe`` command retrieves the
+customer-managed Certificate Authority (CA) certificates
+for a project. You can also retrieve your customer-managed CAs
+for a project through the |service| :atlas:`UI
+</security-self-managed-x509/>` or 
+:atlas:`API </reference/api/x509-configuration-get-current/>`.
+
+.. _security-customercerts-describe-syntax:
+
+Syntax
+------
+
+.. code-block:: text
+
+   mongocli atlas security customerCerts|certs describe
+        [ --profile|-P <profile-name> ]
+        [ --projectId <project-ID> ]
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _security-customercerts-describe-options:
+
+Options
+-------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 29 8 55 7
+
+   * - Option 
+     - Type
+     - Description
+     - Required?
+
+   * - ``--profile``, ``-P``
+     - string
+     - Name of the profile where the public and private 
+       keys for the project are saved. If omitted, uses the 
+       {+default-profile+}. To learn more about creating a 
+       profile, see :ref:`mcli-configure`.
+     - no
+
+   * - ``--projectId``
+     - string
+     - Unique identifier of the project for which you want to retrieve
+       customer-managed CA certificates. If omitted, uses the project ID
+       in the profile or :ref:`environment variable <mcli-env-var>`.
+     - no
+
+.. _security-customercerts-describe-command-output:
+
+Output 
+------
+.. include:: /includes/command-output-intro.rst
+
+.. include:: /includes/security-customercerts-describe-output.rst
+
+.. _security-customercerts-describe-examples:
+
+Example
+--------
+
+The following ``mongocli atlas security customerCerts describe`` command
+retrieves the customer-managed Certificate Authority (CA) certificates 
+for a project. It uses the {+default-profile+} to access the |service|
+cluster.
+
+.. code-block:: sh
+   :copyable: false
+
+   mongocli atlas security customerCerts describe --projectId 5e2211c17a3e5a48f5497de3
+
+The command prints the following to the terminal. To learn more about
+these fields, see :ref:`Output
+<security-customercerts-describe-command-output>`. 
+
+.. code-block:: json
+   :copyable: false
+
+   {
+     "cas": "-----BEGIN CERTIFICATE-----\nMIIEljCCAn4CCQDIOFwZ41mcVDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJD...n9fAKZTI24VvEFW5dA21Ha3+JYli2JCqJV3s=\n-----END CERTIFICATE-----\n"
+   }
diff --git a/source/reference/atlas/security-customercerts-disable.txt b/source/reference/atlas/security-customercerts-disable.txt
@@ -0,0 +1,101 @@
+.. _mcli-atlas-security-customercerts-disable-command:
+
+=============================================
+mongocli atlas security customerCerts disable
+=============================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``security customerCerts disable`` command disables customer-managed X.509
+for a project. You can also disable customer-managed X.509
+for a project through the |service| :atlas:`UI
+</security-self-managed-x509/>` or 
+:atlas:`API </reference/api/x509-configuration-disable-advanced/>`.
+
+.. important::
+
+   Disabling customer-managed X.509 triggers a rolling restart.
+
+.. _security-certs-disable-syntax:
+
+Syntax
+------
+
+.. code-block:: text
+
+   mongocli atlas security customerCerts|certs disable
+        [ --profile|-P <profile-name> ]
+        [ --projectId <project-ID> ]
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _security-certs-disable-options:
+
+Options
+-------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 29 8 55 7
+
+   * - Option 
+     - Type
+     - Description
+     - Required?
+
+   * - ``--profile``, ``-P``
+     - string
+     - Name of the profile where the public and private 
+       keys for the project are saved. If omitted, uses the 
+       {+default-profile+}. To learn more about creating a 
+       profile, see :ref:`mcli-configure`.
+     - no
+
+   * - ``--projectId``
+     - string
+     - Unique identifier of the project for which you want to disable
+       customer-managed X.509. If omitted, uses the project ID in the
+       profile or :ref:`environment variable <mcli-env-var>`.
+     - no
+
+.. _security-customercerts-disable-command-output:
+
+Output 
+------
+The command prints a confirmation message similar to the 
+following to the terminal if it succeeds. If the command 
+prints an error, see :ref:`Troubleshooting <troubleshooting>` 
+for recommended solutions.
+
+.. code-block:: text
+   :copyable: false
+
+   X.509 configuration for project 5e2211c17a3e5a48f5497de3 was deleted.
+
+.. _security-customercerts-disable-examples:
+
+Example
+--------
+
+The following ``mongocli atlas security customerCerts disable`` command disables
+customer-managed X.509 for a project after prompting for a confirmation.
+It uses the {+default-profile+} to access the |service| cluster. 
+
+.. code-block:: sh
+   :copyable: false
+
+   mongocli atlas security customerCerts disable --projectId 5e2211c17a3e5a48f5497de3
+   Are you sure you want to delete the X509 configuration for this project? Yes
+
+The command prints the following to the terminal:
+
+.. code-block:: text
+   :copyable: false
+
+   X.509 configuration for project 5e2211c17a3e5a48f5497de3 was deleted.
