Create a MongoDB container with a designated user.
Create a single MongoDB Docker container with application_user username, application_pass password to application_database (administrative privileges).
Docker Compose
docker-compose.yml file.
version: "3.3"
services:
mongodb_server:
image: mongo:4.4
command: mongod --serviceExecutor adaptive
ports:
- 27017:27017
environment:
- MONGO_INITDB_ROOT_USERNAME=admin_user
- MONGO_INITDB_ROOT_PASSWORD=admin_pass
- MONGO_INITDB_DATABASE=application_database
volumes:
- mongodb_server_data:/data/db
- ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js
volumes:
mongodb_server_data:
mongo-init.js file.
db.createUser({
user: 'application_user',
pwd: 'application_pass',
roles: [
{
role: 'dbOwner',
db: 'application_database',
},
],
});
Sample operations
Check connection to the MongoDB database.
$ docker run -it mongo:4.4 mongo --username application_user --password application_pass --host mongodb.example.org --authenticationDatabase application_database application_database --eval "db.adminCommand({ listDatabases: 1 })"
MongoDB shell version v4.4.0
connecting to: mongodb://mongodb.example.org:27017/application_database?authSource=application_database&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("39dfa164-9afc-49e1-8133-372571f3966b") }
MongoDB server version: 4.4.0
{ "databases" : [ ], "totalSize" : 0, "ok" : 1 }
It does not list
application_database as it does not contain any collections.Create a document inside sample collection.
$ docker run -it mongo:4.4 mongo --username application_user --password application_pass --host mongodb.example.org --authenticationDatabase application_database application_database --eval "db.sample.insertOne({document: 'test', tags:['test'], content:'test content'})"
MongoDB shell version v4.4.0
connecting to: mongodb://mongodb.example.org:27017/application_database?authSource=application_database&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("5957365f-eb17-4e7e-abe0-7ddbc407d145") }
MongoDB server version: 4.4.0
{
"acknowledged" : true,
"insertedId" : ObjectId("5f4a6e51d464216c2c88dc46")
}
Retrieve the created document.
$ docker run -it mongo:4.4 mongo --username application_user --password application_pass --host mongodb.example.org --authenticationDatabase application_database application_database --eval "db.sample.find({document: 'test'})"
MongoDB shell version v4.4.0
connecting to: mongodb://mongodb.example.org:27017/application_database?authSource=application_database&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("85bb2d8a-ea56-4c71-a351-e77e38b42f13") }
MongoDB server version: 4.4.0
{ "_id" : ObjectId("5f4a6e51d464216c2c88dc46"), "document" : "test", "tags" : [ "test" ], "content" : "test content" }
Use
admin_user, admin_pass to gain database-wide administrative privileges.Display users that have rights for the application_database database.
$ docker run -it mongo:4.4 mongo --username admin_user --password admin_pass --host mongodb.example.org --authenticationDatabase admin admin --eval "db.system.users.find({db: 'application_database'}).pretty()"
MongoDB shell version v4.4.0
connecting to: mongodb://mongodb.example.org:27017/admin?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("66796769-d47b-4fcb-af45-e56953ab050d") }
MongoDB server version: 4.4.0
{
"_id" : "application_database.application_user",
"userId" : UUID("f606bbf3-5b3a-4720-b238-a4f6df7ee5e2"),
"user" : "application_user",
"db" : "application_database",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "52k0G14Th4arR8n9abEnRg==",
"storedKey" : "m6DJgWvKPUXX+VGE3A1jQXFaqxM=",
"serverKey" : "hysYpmeFgBQuD8wtrJ3MapsJAf4="
},
"SCRAM-SHA-256" : {
"iterationCount" : 15000,
"salt" : "YUfFyv3XYJRsyOdvrOaSK553g4Se7HH0HxIaOQ==",
"storedKey" : "GxGZfR6DdUu3tL5bU2PHE61ICTE0wskTn+vLKaNZr9A=",
"serverKey" : "wikvSFPeIwq97y/flCE11nG1mAufjDpW+LJnzdE9epo="
}
},
"roles" : [
{
"role" : "dbOwner",
"db" : "application_database"
}
]
}
Display databases from the application_user point of view.
$ docker run -it mongo:4.4 mongo --username application_user --password application_pass --host mongodb.example.org --authenticationDatabase application_database application_database --eval "db.adminCommand({listDatabases: 1})"
MongoDB shell version v4.4.0
connecting to: mongodb://mongodb.example.org:27017/application_database?authSource=application_database&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("bf9d0c00-9472-48e4-8207-19f633edc1b5") }
MongoDB server version: 4.4.0
{
"databases" : [
{
"name" : "application_database",
"sizeOnDisk" : 40960,
"empty" : false
}
],
"totalSize" : 40960,
"ok" : 1
}
Display databases from the admin_user point of view.
$ docker run -it mongo:4.4 mongo --username admin_user --password admin_pass --host mongodb.example.org --authenticationDatabase admin admin --eval "db.adminCommand({listDatabases: 1})"
MongoDB shell version v4.4.0
connecting to: mongodb://mongodb.example.org:27017/admin?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("eb45bcdc-a1e4-41a8-b540-5435ff2a8b79") }
MongoDB server version: 4.4.0
{
"databases" : [
{
"name" : "admin",
"sizeOnDisk" : 102400,
"empty" : false
},
{
"name" : "application_database",
"sizeOnDisk" : 40960,
"empty" : false
},
{
"name" : "config",
"sizeOnDisk" : 12288,
"empty" : false
},
{
"name" : "local",
"sizeOnDisk" : 73728,
"empty" : false
}
],
"totalSize" : 229376,
"ok" : 1
}
Additional notes
Commnad “show dbs” does not list all the database [SERVER-18313]