Proteja seus dados
Nesta página
- Visão geral
- Aplicativo de amostra
- Segurança da camada de transporte (TLS)
- Habilitar TLS
- Especifique um arquivo de autoridade de certificação (CA)
- Desativar verificações OCSP
- Especifique uma lista de revogação de certificados (CRL)
- Apresentar um Certificado de Cliente
- Forneça uma senha para o arquivo de chave de certificado
- Permitir TLS Inseguro
- Desativar validação do certificado
- Desativar verificação de nome de host
- SCRAM-SHA-256
- SCRAM-SHA-1
- MONGODB-X509
- MONGODB-AWS
MongoClientCredenciais- Variáveis de ambiente
- Arquivo de Credenciais Compartilhados
- Arquivo de configuração do Amazon Web Services
- Solicitação AssumeRole
- AssumeRoleWithWebIdentity
- Contêiner do ECS ou Instância do EC2
- Kerberos
- Unix
- Windows
- PLAIN SASL
- MONGODB-OIDC
- IMDS do Azure
- GCP IMDS
- Outros ambientes Azure
- GCP GKE
Visão geral
O MongoDB oferece suporte a vários mecanismos que você pode usar para autenticar seu aplicativo. Esta página contém exemplos de código que mostram cada um desses mecanismos.
Dica
Para saber mais sobre qualquer um dos mecanismos de autenticação desta página, consulte a página Mecanismos de autenticação.
Para usar um exemplo de autenticação desta página, copie o exemplo de código no aplicação de amostra ou em seu próprio aplicação. Certifique-se de substituir todos os espaços reservados nos exemplos de código, como <hostname>, pelos valores relevantes para sua implantação do MongoDB .
Aplicativo de amostra
Você pode usar o seguinte aplicativo de exemplo para testar os exemplos de código nesta página. Para usar o aplicativo de amostra, execute as seguintes etapas:
Verifique se o PyMongo está instalado.
Copie o seguinte código e cole-o em um novo arquivo
.py.Copie um exemplo de código desta página e cole-o nas linhas especificadas no arquivo.
Selecione a aba Synchronous ou Asynchronous para ver o código correspondente:
1 from pymongo import MongoClient 2 3 try: 4 # start example code here 5 6 # end example code here 7 8 client.admin.command("ping") 9 print("Connected successfully") 10 11 # other application code 12 13 client.close() 14 15 except Exception as e: 16 raise Exception( 17 "The following error occurred: ", e)
1 import asyncio 2 from pymongo import AsyncMongoClient 3 4 async def main(): 5 try: 6 # start example code here 7 8 # end example code here 9 10 await client.admin.command("ping") 11 print("Connected successfully") 12 13 # other application code 14 15 await client.close() 16 17 except Exception as e: 18 raise Exception( 19 "The following error occurred: ", e) 20 21 asyncio.run(main())
Segurança da camada de transporte (TLS)
Habilitar TLS
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True)
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>?tls=true")
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>?tls=true")
Para saber mais sobre como habilitar o TLS, consulte Habilitar TLS no guia de configuração do TLS.
Especifique um arquivo de autoridade de certificação (CA)
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCAFile="/path/to/ca.pem")
uri = "mongodb://<db_username>:<db_password>@<hostname>:<port>/?tls=true&tlsCAFile=/path/to/ca.pem" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCAFile="/path/to/ca.pem")
uri = "mongodb://<db_username>:<db_password@<hostname>:<port>/?tls=true&tlsCAFile=/path/to/ca.pem" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como especificar um arquivo CA, consulte Especificar um arquivo CA no guia de configuração TLS.
Desativar verificações OCSP
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsDisableOCSPEndpointCheck=True)
uri = "mongodb://example.com/?tls=true&tlsDisableOCSPEndpointCheck=true" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsDisableOCSPEndpointCheck=True)
uri = "mongodb://example.com/?tls=true&tlsDisableOCSPEndpointCheck=true" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como desativar as verificações OCSP, consulte OCSP no guia de configuração do TLS.
Especifique uma lista de revogação de certificados (CRL)
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCRLFile="/path/to/crl.pem")
uri = "mongodb://example.com/?tls=true&tlsCRLFile=/path/to/crl.pem" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCRLFile="/path/to/crl.pem")
uri = "mongodb://example.com/?tls=true&tlsCRLFile=/path/to/crl.pem" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como especificar uma CRL, consulte Lista de revogação de certificados no guia de configuração do TLS.
Apresentar um Certificado de Cliente
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem')
uri = ("mongodb://<db_username>:<db_password>@<hostname:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem')
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como especificar um certificado de cliente, consulte Apresentar um certificado de cliente no guia de configuração do TLS.
Forneça uma senha para o arquivo de chave de certificado
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem', tlsCertificateKeyFilePassword=<passphrase>)
uri = ("mongodb://<db_username>:<db_password>@<hostname:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&tlsCertificateKeyFilePassword=<passphrase>") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem', tlsCertificateKeyFilePassword=<passphrase>)
uri = ("mongodb://<db_username>:<db_password" "@<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&tlsCertificateKeyFilePassword=<passphrase>") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como fornecer uma senha de arquivo de chave, consulte Fornecer uma senha de chave no guia de configuração do TLS.
Permitir TLS Inseguro
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True, tlsInsecure=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsInsecure=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsInsecure=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsInsecure=true") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como permitir TLS inseguro, consulte Permitir TLS Inseguro no guia de configuração do TLS.
Desativar validação do certificado
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidCertificates=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidCertificates=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidCertificates=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidCertificates=true") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como desativar a validação do certificado, consulte Permitir TLS inseguro no guia de configuração do TLS.
Desativar verificação de nome de host
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidHostnames=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidHostnames=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidHostnames=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidHostnames=true") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como desativar a verificação de nome de host, consulte Permitir TLS inseguro no guia de configuração de TLS.
SCRAM-SHA-256
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-256")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-256") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-256")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-256") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre256 a autenticação SCRAM-SHA-, consulte SCRAM no guia de autenticação.
SCRAM-SHA-1
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-1")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-1") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-1")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-1") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre1 a autenticação SCRAM-SHA-, consulte SCRAM no guia de autenticação.
MONGODB-X509
client = pymongo.MongoClient("mongodb://<hostname>:<port>", tls=True, tlsCertificateKeyFile="/path/to/client.pem", authMechanism="MONGODB-X509")
uri = ("mongodb://<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&authMechanism=MONGODB-X509") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", tls=True, tlsCertificateKeyFile="/path/to/client.pem", authMechanism="MONGODB-X509")
uri = ("mongodb://<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&authMechanism=MONGODB-X509") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre509 a autenticação MONGODB-X,consulte X.509 no Guia de autenticação.
MONGODB-AWS
MongoClient Credenciais
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "&authMechanism=MONGODB-AWS") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "&authMechanism=MONGODB-AWS") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como autenticar com as credenciais Amazon Web Services MongoClient, consulte Credenciais doMongoClient no guia Autenticação.
Variáveis de ambiente
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com variáveis de ambiente do Amazon Web Services, consulte Variáveis de ambiente no guia de Autenticação.
Arquivo de Credenciais Compartilhados
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com um arquivo de credenciais compartilhado Amazon Web Services , consulte Arquivo de credenciais compartilhadas no guia Autenticação.
Arquivo de configuração do Amazon Web Services
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre como autenticar com um arquivo de configuração do Amazon Web Services, consulte Arquivo de configuração do Amazon Web Services no guia de Autenticação.
Solicitação AssumeRole
client = pymongo.MongoClient("mongodb://@<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanismProperties="AWS_SESSION_TOKEN:<AWS session token>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "authMechanismProperties=AWS_SESSION_TOKEN:<AWS session token>" "&authMechanism=MONGODB-AWS") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://@<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanismProperties="AWS_SESSION_TOKEN:<AWS session token>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "authMechanismProperties=AWS_SESSION_TOKEN:<AWS session token>" "&authMechanism=MONGODB-AWS") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com uma solicitação AssumeRole , consulte Solicitação AssumeRole no guia Autenticação.
AssumeRoleWithWebIdentity
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com uma solicitação AssumeRoleWithWebIdentity , consulte AssumeRoleWithWebIdentity no guia Autenticação.
Contêiner do ECS ou Instância do EC2
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação a partir de um container do ECS, consulte Contêiner do ECS ou Instância do EC2 no guia de Autenticação.
Kerberos
Observação
Apenas MongoDB Enterprise
A autenticação Kerberos está disponível apenas no MongoDB Enterprise.
Unix
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="mongodbuser@EXAMPLE.COM", authMechanism="GSSAPI", authMechanismProperties="SERVICE_NAME:<authentication service name>")
uri = ("mongodb://mongodbuser%40EXAMPLE.COM@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=SERVICE_NAME:<authentication service name>") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="mongodbuser@EXAMPLE.COM", authMechanism="GSSAPI", authMechanismProperties="SERVICE_NAME:<authentication service name>")
uri = ("mongodb://mongodbuser%40EXAMPLE.COM@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=SERVICE_NAME:<authentication service name>") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com Kerberos, consulte Kerberos (GSSAPI) no guia Autenticação empresarial.
Windows
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<username>", authMechanism="GSSAPI", password="<password>", authMechanismProperties="SERVICE_NAME:<authentication service name>, CANONICALIZE_HOST_NAME:true, SERVICE_REALM:<service realm>")
uri = ("mongodb://<percent-encoded username>:<percent-encoded user password>" "@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=" "SERVICE_NAME:<authentication service name>," "CANONICALIZE_HOST_NAME:true," "SERVICE_REALM:<service realm>") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<username>", authMechanism="GSSAPI", password="<password>", authMechanismProperties="SERVICE_NAME:<authentication service name>, CANONICALIZE_HOST_NAME:true, SERVICE_REALM:<service realm>")
uri = ("mongodb://<percent-encoded username>:<percent-encoded user password>" "@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=" "SERVICE_NAME:<authentication service name>," "CANONICALIZE_HOST_NAME:true," "SERVICE_REALM:<service realm>") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com Kerberos, consulte Kerberos (GSSAPI) no guia Autenticação empresarial.
PLAIN SASL
Observação
Apenas MongoDB Enterprise
A autenticação PLAIN SASL está disponível apenas no MongoDB Enterprise.
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<username>", password="<password>", authMechanism="PLAIN", tls=True)
uri = ("mongodb://<username>:<password>@<hostname>:<port>/?" "&authMechanism=PLAIN" "&tls=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<username>", password="<password>", authMechanism="PLAIN", tls=True)
uri = ("mongodb://<username>:<password>@<hostname>:<port>/?" "&authMechanism=PLAIN" "&tls=true") client = pymongo.AsyncMongoClient(uri)
Para saber mais sobre a autenticação com o PLAIN SASL, consulte LDAP (PLAIN SASL) no guia de autenticação empresarial.
MONGODB-OIDC
Observação
Apenas MongoDB Enterprise
A autenticação MONGODB-OIDC está disponível apenas no MongoDB Enterprise.
IMDS do Azure
from pymongo import MongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", username="<Azure ID>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import MongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "username=<username>" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:<percent-encoded audience>") client = MongoClient(uri)
from pymongo import AsyncMongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", username="<Azure ID>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "username=<username>" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:<percent-encoded audience>") client = AsyncMongoClient(uri)
Para saber mais sobre autenticação com OIDC, consulte Azure IMDS no guia Autenticação.
GCP IMDS
from pymongo import MongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "<audience>"} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import MongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<percent-encoded audience>") client = MongoClient(uri)
from pymongo import AsyncMongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "<audience>"} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<percent-encoded audience>") client = AsyncMongoClient(uri)
Para saber mais sobre a autenticação com o OIDC, consulte GCP IMDS no guia Autenticação.
Outros ambientes Azure
from pymongo import MongoClient from azure.identity import DefaultAzureCredential from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient audience = "<audience>" client_id = "<Azure ID>" class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: credential = DefaultAzureCredential(managed_identity_client_id=client_id) token = credential.get_token(f"{audience}/.default").token return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient from azure.identity import DefaultAzureCredential from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient audience = "<audience>" client_id = "<Azure ID>" class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: credential = DefaultAzureCredential(managed_identity_client_id=client_id) token = credential.get_token(f"{audience}/.default").token return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
Para saber mais sobre autenticação com OIDC, consulte Outros ambientes Azure no guia Autenticação.
GCP GKE
from pymongo import MongoClient from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as fid: token = fid.read() return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as fid: token = fid.read() return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
Para saber mais sobre a autenticação com o OIDC, consulte GCP GKE no guia de autenticação.