From 113ea65f06ac69922cf3b43707f8a9a9466a1630 Mon Sep 17 00:00:00 2001 From: norareidy Date: Tue, 24 Sep 2024 11:53:43 -0400 Subject: [PATCH 1/7] DOCSP-41989: Security landing page --- source/security.txt | 223 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 222 insertions(+), 1 deletion(-) diff --git a/source/security.txt b/source/security.txt index 2e581856..09ff23ab 100644 --- a/source/security.txt +++ b/source/security.txt @@ -4,8 +4,229 @@ Secure Your Data ================ +.. contents:: On this page + :local: + :backlinks: none + :depth: 2 + :class: singlecol + +.. facet:: + :name: genre + :values: reference + +.. meta:: + :keywords: ldap, authorize, ecs, aws, authenticate + :description: Learn how to use the PHP library to secure your data. + .. toctree:: :titlesonly: :maxdepth: 1 - /security/in-use-encryption \ No newline at end of file + /security/authentication + /security/in-use-encryption + +Overview +-------- + +MongoDB supports multiple mechanisms that you can use to authenticate your application. +This page contains code examples that demonstrate each of these mechanisms. + +.. tip:: + + To learn more about any of the mechanisms shown on this page, see the link + provided in each section. + +To use an authentication example from this page, copy the code example into the +:ref:`sample application ` or your own application. +Be sure to replace all placeholders in the code examples, such as ````, with +the relevant values for your MongoDB deployment. + +.. _php-auth-sample: + +.. include:: /includes/usage-examples/sample-app-intro.rst + +.. literalinclude:: /includes/usage-examples/connect-sample-app.php + :language: php + :copyable: true + :linenos: + :emphasize-lines: 16-18 + +SCRAM-SHA-256 +------------- + +The following code shows how to create a connection URI to authenticate by using +the ``SCRAM-SHA-256`` authentication mechanism: + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-scram-sha-256 + :end-before: // end-scram-sha-256 + +To learn more about SCRAM-SHA-256 authentication, see :ref:`php-scram-sha-256` in +the Authentication guide. + +SCRAM-SHA-1 +----------- + +The following code shows how to create a connection URI to authenticate by using +the ``SCRAM-SHA-1`` authentication mechanism: + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-scram-sha-1 + :end-before: // end-scram-sha-1 + +To learn more about SCRAM-SHA-1 authentication, see :ref:`php-scram-sha-1` in +the Authentication guide. + +MONGODB X.509 +------------- + +The following code shows how to create a connection URI to authenticate by using +the ``X.509`` authentication mechanism: + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-x509 + :end-before: // end-x509 + +To learn more about X.509 authentication, see :ref:`php-x509` in +the Authentication guide. + +MONGODB-AWS +----------- + +The following sections show how to connect to MongoDB by using the ``MONGODB-AWS`` +authentication mechanism. When you use the ``MONGODB-AWS`` mechanism, the {+driver-short+} attempts to +retrieve your AWS credentials from the following sources, in the order listed: + +1. Named parameters passed to the Connection URI +#. Environment variables +#. AWS EKS AssumeRoleWithWebIdentity request +#. ECS container metadata +#. EC2 instance metadata + +Each section shows how to create the connection URI to authenticate with +``MONGODB-AWS`` when retrieving your AWS credentials from the specified source. + +To learn more about authenticating with AWS, see +:ref:`php-mongo-aws` in the Authentication guide. + +Connection URI +~~~~~~~~~~~~~~ + +The following code shows how to create a connection URI that includes AWS credentials to +authenticate with ``MONGODB-AWS``: + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-aws-connection-uri + :end-before: // end-aws-connection-uri + +Environment Variables +~~~~~~~~~~~~~~~~~~~~~ + +The following code shows how to create a connection URI to +authenticate with ``MONGODB-AWS`` when obtaining credentials from environment +variables. Ensure you have your environment variables specified before running +this code. + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-aws-environment + :end-before: // end-aws-environment + +To learn more about authenticating with AWS by using environment +variables, see :ref:`php-mongo-aws-environment`. + +AssumeRoleWithWebIdentity Request +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following code shows how to create a connection URI to +authenticate with ``MONGODB-AWS`` when obtaining credentials from an +``AssumeRoleWithWebIdentity`` request. Ensure that an AWS config file exists in your +environment and is configured with the ``AWS_WEB_IDENTITY_TOKEN_FILE`` +and ``AWS_ROLE_ARN`` environment variables. + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-aws-environment + :end-before: // end-aws-environment + +To learn more about authenticating with AWS by using an +``AssumeRoleWithWebIdentity`` request, see :ref:`php-mongo-aws-assume-role`. + +ECS Metadata +~~~~~~~~~~~~ + +The following code shows how to create a connection URI to +authenticate with ``MONGODB-AWS`` when obtaining credentials from ECS metadata. +Ensure that you specify the URI of the ECS endpoint in an environment variable called +``AWS_CONTAINER_CREDENTIALS_RELATIVE_URI``. + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-aws-environment + :end-before: // end-aws-environment + +To learn more about authenticating with AWS by using ECS metadata, see :ref:`php-mongo-aws-ecs`. + +EC2 Instance Metadata +~~~~~~~~~~~~~~~~~~~~~ + +The following code shows how to create a connection URI to +authenticate with ``MONGODB-AWS`` when obtaining credentials from EC2 instance +metadata. Ensure that you configure your EC2 instance with your temporary credentials. + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-aws-environment + :end-before: // end-aws-environment + +To learn more about authenticating with AWS by using EC2 instance metadata, see :ref:`php-mongo-aws-ec2`. + +Kerberos +-------- + +.. note:: MongoDB Enterprise Only + + Kerberos authentication is available only in MongoDB Enterprise. + +The following code shows how to create a connection URI to +authenticate with Kerberos: + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-kerberos + :end-before: // end-kerberos + +To learn more about authenticating with Kerberos, see +:ref:`php-kerberos` in the Enterprise Authentication guide. + +PLAIN SASL +---------- + +.. note:: MongoDB Enterprise Only + + PLAIN SASL authentication is available only in MongoDB Enterprise. + +The following code shows how to create a connection URI to +authenticate with PLAIN SASL: + +.. literalinclude:: /includes/authentication.php + :language: php + :copyable: true + :start-after: // start-plain + :end-before: // end-plain + +To learn more about authenticating with PLAIN SASL, see +:ref:`php-plain` in the Enterprise Authentication guide. From 91ac79ca7a218e7ae5653dfc5f9a41fb3b1b695a Mon Sep 17 00:00:00 2001 From: norareidy Date: Tue, 24 Sep 2024 12:49:34 -0400 Subject: [PATCH 2/7] more info --- .../usage-examples/connect-sample-app.php | 16 ++++++++++++++++ source/security.txt | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 source/includes/usage-examples/connect-sample-app.php diff --git a/source/includes/usage-examples/connect-sample-app.php b/source/includes/usage-examples/connect-sample-app.php new file mode 100644 index 00000000..29d7fd6b --- /dev/null +++ b/source/includes/usage-examples/connect-sample-app.php @@ -0,0 +1,16 @@ +admin; +$result = $admin->command(['ping' => 1]); + +if ($result) { + echo 'Successfully pinged the MongoDB server.', PHP_EOL; +} else { + echo 'Ping to MongoDB server failed.', PHP_EOL; +} diff --git a/source/security.txt b/source/security.txt index 09ff23ab..724e826a 100644 --- a/source/security.txt +++ b/source/security.txt @@ -38,7 +38,7 @@ This page contains code examples that demonstrate each of these mechanisms. To use an authentication example from this page, copy the code example into the :ref:`sample application ` or your own application. -Be sure to replace all placeholders in the code examples, such as ````, with +Make sure to replace all placeholders in the code examples, such as ````, with the relevant values for your MongoDB deployment. .. _php-auth-sample: @@ -49,7 +49,7 @@ the relevant values for your MongoDB deployment. :language: php :copyable: true :linenos: - :emphasize-lines: 16-18 + :emphasize-lines: 5-7 SCRAM-SHA-256 ------------- From abdc95ef3e878bdc557444f7f653b3fd89fbaed5 Mon Sep 17 00:00:00 2001 From: norareidy Date: Tue, 24 Sep 2024 13:59:55 -0400 Subject: [PATCH 3/7] edits --- source/includes/authentication.php | 89 +++++++++++ source/security.txt | 242 ++++++++++++++--------------- 2 files changed, 204 insertions(+), 127 deletions(-) create mode 100644 source/includes/authentication.php diff --git a/source/includes/authentication.php b/source/includes/authentication.php new file mode 100644 index 00000000..827d4b64 --- /dev/null +++ b/source/includes/authentication.php @@ -0,0 +1,89 @@ + '', + 'password' => '', + 'authSource' => '', + 'authMechanism' => 'SCRAM-SHA-256', +]; + +$client = new MongoDB\Client( + 'mongodb://:', + $uriOptions, +); +// end-scram-sha-256-client + +// start-scram-sha-256-uri +$uri = 'mongodb://:@:/?authSource=admin&authMechanism=SCRAM-SHA-256'; +$client = new MongoDB\Client($uri); +// end-scram-sha-256-uri + +// start-scram-sha-1-client +$uriOptions = [ + 'username' => '', + 'password' => '', + 'authSource' => '', + 'authMechanism' => 'SCRAM-SHA-1', +]; + +$client = new MongoDB\Client( + 'mongodb://:', + $uriOptions, +); +// end-scram-sha-1-client + +// start-scram-sha-1-uri +$uri = 'mongodb://:@:/?authSource=admin&authMechanism=SCRAM-SHA-1'; +$client = new MongoDB\Client($uri); +// end-scram-sha-1-uri + +// start-mongodb-X509-client +$uriOptions = [ + 'tls' => true, + 'tlsCertificateKeyFile' => '', + 'authMechanism' => 'MONGODB-X509', +]; + +$client = new MongoDB\Client( + 'mongodb://:', + $uriOptions, +); +// end-mongodb-X509-client + +// start-mongodb-X509-uri +$uri = 'mongodb://:/?tls=true&tlsCertificateKeyFile=&authMechanism=MONGODB-X509'; +$client = new MongoDB\Client($uri); +// end-mongodb-X509-uri + +// start-mongodb-aws-client +$uriOptions = [ + 'username' => '', + 'password' => '', + 'authMechanism' => 'MONGODB-AWS', +]; + +$client = new MongoDB\Client( + 'mongodb://:', + $uriOptions, +); +// end-mongodb-aws-client + +// start-mongodb-aws-uri +$uri = 'mongodb://:@:/?authMechanism=MONGODB-AWS'; +$client = new MongoDB\Client($uri); +// end-mongodb-aws-uri + +// start-mongodb-aws-env-client +$client = new MongoDB\Client( + 'mongodb://:', + ['authMechanism' => 'MONGODB-AWS'] +); +// end-mongodb-aws-env-client + +// start-mongodb-aws-env-uri +$uri = 'mongodb://:/?authMechanism=MONGODB-AWS'; +$client = new MongoDB\Client($uri); +// end-mongodb-aws-env-uri \ No newline at end of file diff --git a/source/security.txt b/source/security.txt index 724e826a..068adb74 100644 --- a/source/security.txt +++ b/source/security.txt @@ -54,14 +54,28 @@ the relevant values for your MongoDB deployment. SCRAM-SHA-256 ------------- -The following code shows how to create a connection URI to authenticate by using -the ``SCRAM-SHA-256`` authentication mechanism: +The following code shows how to authenticate by using the ``SCRAM-SHA-256`` +authentication mechanism: + +.. tabs:: + + .. tab:: MongoDB\\Client + :tabid: Client + + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-scram-sha-256-client + :end-before: end-scram-sha-256-client -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-scram-sha-256 - :end-before: // end-scram-sha-256 + .. tab:: Connection URI + :tabid: connectionstring + + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-scram-sha-256-uri + :end-before: end-scram-sha-256-uri To learn more about SCRAM-SHA-256 authentication, see :ref:`php-scram-sha-256` in the Authentication guide. @@ -69,14 +83,28 @@ the Authentication guide. SCRAM-SHA-1 ----------- -The following code shows how to create a connection URI to authenticate by using -the ``SCRAM-SHA-1`` authentication mechanism: +The following code shows how to authenticate by using the ``SCRAM-SHA-1`` +authentication mechanism: + +.. tabs:: + + .. tab:: MongoDB\\Client + :tabid: Client -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-scram-sha-1 - :end-before: // end-scram-sha-1 + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-scram-sha-1-client + :end-before: end-scram-sha-1-client + + .. tab:: Connection URI + :tabid: connectionstring + + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-scram-sha-1-uri + :end-before: end-scram-sha-1-uri To learn more about SCRAM-SHA-1 authentication, see :ref:`php-scram-sha-1` in the Authentication guide. @@ -87,11 +115,25 @@ MONGODB X.509 The following code shows how to create a connection URI to authenticate by using the ``X.509`` authentication mechanism: -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-x509 - :end-before: // end-x509 +.. tabs:: + + .. tab:: MongoDB\\Client + :tabid: Client + + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-mongodb-X509-client + :end-before: end-mongodb-X509-client + + .. tab:: Connection URI + :tabid: connectionstring + + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-mongodb-X509-uri + :end-before: end-mongodb-X509-uri To learn more about X.509 authentication, see :ref:`php-x509` in the Authentication guide. @@ -100,133 +142,79 @@ MONGODB-AWS ----------- The following sections show how to connect to MongoDB by using the ``MONGODB-AWS`` -authentication mechanism. When you use the ``MONGODB-AWS`` mechanism, the {+driver-short+} attempts to -retrieve your AWS credentials from the following sources, in the order listed: +authentication mechanism. When you use the ``MONGODB-AWS`` mechanism, the {+php-library+} +attempts to retrieve your AWS credentials from the following sources, in the order listed: -1. Named parameters passed to the Connection URI +1. Options parameter passed to the ``MongoDB\Client`` constructor or parameters in the + connection URI #. Environment variables -#. AWS EKS AssumeRoleWithWebIdentity request +#. AWS EKS ``AssumeRoleWithWebIdentity`` request #. ECS container metadata #. EC2 instance metadata -Each section shows how to create the connection URI to authenticate with -``MONGODB-AWS`` when retrieving your AWS credentials from the specified source. - -To learn more about authenticating with AWS, see -:ref:`php-mongo-aws` in the Authentication guide. +Each section shows how to authenticate with ``MONGODB-AWS`` when retrieving your +AWS credentials from options passed to your client or the alternative external sources. -Connection URI -~~~~~~~~~~~~~~ +To learn more about authenticating with AWS, see :ref:`php-mongo-aws` in the +Authentication guide. -The following code shows how to create a connection URI that includes AWS credentials to -authenticate with ``MONGODB-AWS``: +MongoDB\Client Credentials +~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-aws-connection-uri - :end-before: // end-aws-connection-uri +The following code shows how to pass AWS credentials to the ``MongoDB\Client`` constructor +to authenticate with ``MONGODB-AWS``: -Environment Variables -~~~~~~~~~~~~~~~~~~~~~ +.. tabs:: -The following code shows how to create a connection URI to -authenticate with ``MONGODB-AWS`` when obtaining credentials from environment -variables. Ensure you have your environment variables specified before running -this code. + .. tab:: MongoDB\\Client + :tabid: Client -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-aws-environment - :end-before: // end-aws-environment - -To learn more about authenticating with AWS by using environment -variables, see :ref:`php-mongo-aws-environment`. - -AssumeRoleWithWebIdentity Request -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following code shows how to create a connection URI to -authenticate with ``MONGODB-AWS`` when obtaining credentials from an -``AssumeRoleWithWebIdentity`` request. Ensure that an AWS config file exists in your -environment and is configured with the ``AWS_WEB_IDENTITY_TOKEN_FILE`` -and ``AWS_ROLE_ARN`` environment variables. - -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-aws-environment - :end-before: // end-aws-environment - -To learn more about authenticating with AWS by using an -``AssumeRoleWithWebIdentity`` request, see :ref:`php-mongo-aws-assume-role`. - -ECS Metadata -~~~~~~~~~~~~ - -The following code shows how to create a connection URI to -authenticate with ``MONGODB-AWS`` when obtaining credentials from ECS metadata. -Ensure that you specify the URI of the ECS endpoint in an environment variable called -``AWS_CONTAINER_CREDENTIALS_RELATIVE_URI``. - -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-aws-environment - :end-before: // end-aws-environment - -To learn more about authenticating with AWS by using ECS metadata, see :ref:`php-mongo-aws-ecs`. - -EC2 Instance Metadata -~~~~~~~~~~~~~~~~~~~~~ - -The following code shows how to create a connection URI to -authenticate with ``MONGODB-AWS`` when obtaining credentials from EC2 instance -metadata. Ensure that you configure your EC2 instance with your temporary credentials. - -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-aws-environment - :end-before: // end-aws-environment - -To learn more about authenticating with AWS by using EC2 instance metadata, see :ref:`php-mongo-aws-ec2`. - -Kerberos --------- + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-mongodb-aws-client + :end-before: end-mongodb-aws-client -.. note:: MongoDB Enterprise Only + .. tab:: Connection URI + :tabid: connectionstring - Kerberos authentication is available only in MongoDB Enterprise. + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-mongodb-aws-uri + :end-before: end-mongodb-aws-uri -The following code shows how to create a connection URI to -authenticate with Kerberos: +External Credentials +~~~~~~~~~~~~~~~~~~~~ -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-kerberos - :end-before: // end-kerberos +The following code shows how to authenticate with ``MONGODB-AWS`` when +obtaining credentials from environment variables, an ``AssumeRoleWithWebIdentity`` +request, ECS metadata, or EC2 instance metadata: -To learn more about authenticating with Kerberos, see -:ref:`php-kerberos` in the Enterprise Authentication guide. +.. tabs:: -PLAIN SASL ----------- + .. tab:: MongoDB\\Client + :tabid: Client -.. note:: MongoDB Enterprise Only + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-mongodb-aws-env-client + :end-before: end-mongodb-aws-env-client - PLAIN SASL authentication is available only in MongoDB Enterprise. + .. tab:: Connection URI + :tabid: connectionstring -The following code shows how to create a connection URI to -authenticate with PLAIN SASL: + .. literalinclude:: /includes/authentication.php + :language: php + :dedent: + :start-after: start-mongodb-aws-env-uri + :end-before: end-mongodb-aws-env-uri -.. literalinclude:: /includes/authentication.php - :language: php - :copyable: true - :start-after: // start-plain - :end-before: // end-plain +To learn more about authenticating with AWS by obtaining external +credentials, see the following sections in the Authentication guide: -To learn more about authenticating with PLAIN SASL, see -:ref:`php-plain` in the Enterprise Authentication guide. +- :ref:`php-mongo-aws-environment` +- :ref:`php-mongo-aws-assume-role` +- :ref:`php-mongo-aws-ecs` +- :ref:`php-mongo-aws-ec2` From 63b03e1414febf98753f6897b6eab0cff7d56eac Mon Sep 17 00:00:00 2001 From: norareidy Date: Tue, 24 Sep 2024 14:02:28 -0400 Subject: [PATCH 4/7] snooty.toml --- snooty.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/snooty.toml b/snooty.toml index 938cdc0d..4d29bb1e 100644 --- a/snooty.toml +++ b/snooty.toml @@ -23,7 +23,8 @@ toc_landing_pages = [ "/reference/class/MongoDBModelIndexInfo", "/get-started", "/write", - "/indexes" + "/indexes", + "/security" ] sharedinclude_root = "https://raw.githubusercontent.com/10gen/docs-shared/main/" From 518b1f853748676c8f7e8eed168e3e945a059801 Mon Sep 17 00:00:00 2001 From: norareidy Date: Tue, 24 Sep 2024 14:07:58 -0400 Subject: [PATCH 5/7] edits --- source/includes/authentication.php | 2 +- source/security.txt | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/source/includes/authentication.php b/source/includes/authentication.php index 827d4b64..30d57465 100644 --- a/source/includes/authentication.php +++ b/source/includes/authentication.php @@ -86,4 +86,4 @@ // start-mongodb-aws-env-uri $uri = 'mongodb://:/?authMechanism=MONGODB-AWS'; $client = new MongoDB\Client($uri); -// end-mongodb-aws-env-uri \ No newline at end of file +// end-mongodb-aws-env-uri diff --git a/source/security.txt b/source/security.txt index 068adb74..a6abcf54 100644 --- a/source/security.txt +++ b/source/security.txt @@ -22,8 +22,9 @@ Secure Your Data :titlesonly: :maxdepth: 1 - /security/authentication /security/in-use-encryption +.. TODO: + /security/authentication Overview -------- From e030a77aeb8710bfa5339ee7f2886a83685da2ee Mon Sep 17 00:00:00 2001 From: norareidy Date: Tue, 24 Sep 2024 15:42:11 -0400 Subject: [PATCH 6/7] RR feedback --- source/security.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source/security.txt b/source/security.txt index a6abcf54..178a31f9 100644 --- a/source/security.txt +++ b/source/security.txt @@ -47,10 +47,10 @@ the relevant values for your MongoDB deployment. .. include:: /includes/usage-examples/sample-app-intro.rst .. literalinclude:: /includes/usage-examples/connect-sample-app.php - :language: php - :copyable: true - :linenos: - :emphasize-lines: 5-7 + :language: php + :copyable: true + :linenos: + :emphasize-lines: 5-7 SCRAM-SHA-256 ------------- @@ -159,8 +159,8 @@ AWS credentials from options passed to your client or the alternative external s To learn more about authenticating with AWS, see :ref:`php-mongo-aws` in the Authentication guide. -MongoDB\Client Credentials -~~~~~~~~~~~~~~~~~~~~~~~~~~ +MongoDB\\Client Credentials +~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following code shows how to pass AWS credentials to the ``MongoDB\Client`` constructor to authenticate with ``MONGODB-AWS``: From 6101f20a4e37ea08551c5d53ece63d9540d9f254 Mon Sep 17 00:00:00 2001 From: norareidy Date: Wed, 25 Sep 2024 11:06:07 -0400 Subject: [PATCH 7/7] JM feedback --- source/includes/usage-examples/connect-sample-app.php | 10 ++++------ source/security.txt | 4 ++-- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/source/includes/usage-examples/connect-sample-app.php b/source/includes/usage-examples/connect-sample-app.php index 29d7fd6b..d89319ff 100644 --- a/source/includes/usage-examples/connect-sample-app.php +++ b/source/includes/usage-examples/connect-sample-app.php @@ -6,11 +6,9 @@ // End example code here -$admin = $client->admin; -$result = $admin->command(['ping' => 1]); - -if ($result) { +try { + $client->test->command(['ping' => 1]); echo 'Successfully pinged the MongoDB server.', PHP_EOL; -} else { - echo 'Ping to MongoDB server failed.', PHP_EOL; +} catch (MongoDB\Driver\Exception\RuntimeException $e) { + printf("Failed to ping the MongoDB server: %s\n", $e->getMessage()); } diff --git a/source/security.txt b/source/security.txt index 178a31f9..e90b097d 100644 --- a/source/security.txt +++ b/source/security.txt @@ -146,8 +146,8 @@ The following sections show how to connect to MongoDB by using the ``MONGODB-AWS authentication mechanism. When you use the ``MONGODB-AWS`` mechanism, the {+php-library+} attempts to retrieve your AWS credentials from the following sources, in the order listed: -1. Options parameter passed to the ``MongoDB\Client`` constructor or parameters in the - connection URI +1. Options passed to the ``MongoDB\Client`` constructor, either as part of the connection + string or the ``$uriOptions`` array parameter #. Environment variables #. AWS EKS ``AssumeRoleWithWebIdentity`` request #. ECS container metadata