# MongoDB Atlas API

### Registering an account for MongoDB Atlas in MechCloud OIDC Proxy

Once you have deployed MechCloud OIDC proxy (see parent section for instructions), you will need to add an account for MongoDB Atlas api before using the REST Agent for managing your resources (e.g. clusters) in your MongoDB Atlas account. Here is the curl command to create a MongoDB Atlas account in MechCloud OIDC proxy -

```
curl --location 'https://<oidc_proxy_custom_domain>/api/accounts' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <mechcloud_jwt_token>' \
--data '{
    "id": "mongodb_account1",
    "auth": {
        "type": "oauth2-mongo",
        "tokenEndpoint": "https://cloud.mongodb.com/api/oauth/token",
        "clientId": "<mongo_service_account_client_id>",
        "clientSecret": "<mongo_service_account_client_secret>"
    },
    "headers": {
        "Accept": "application/vnd.atlas.2024-10-23+json"
    }
}'
```

Above command require a MechCloud jwt token which can be generated by logging into MechCloud [console](https://portal.mechcloud.io) and then opening <https://portal.mechcloud.io/oauth2/auth1> link in the same or a different tab.

Before executing above command, you will need to create a service account in MongoDB Atlas UI and update client id / secret in the above command with the generated client id and client secret. Here are the steps for same -

* Login to MongoDB Atlas [console](https://cloud.mongodb.com).
* Navigate to **Access Manager -> Organization Access**.
* Click and **Add New** button and select **Service Account** from the dropdown.
* Enter the required details for the service account and choose a role (e.g. **Organization Read Only**) under **Organization Permissions** dropdown.
* Click on **Projects** in the left menu for the organization and then click on a project name.
* Navigate to **Access Manager -> Project Access** using the top menu.
* Click on **Invite to Project** button.
* Click in the search field and it will automatically display all the service accounts.
* Select a service account from the dropdown and choose an appropriate project role (e.g. **Project Read Only**).

### Prompts for Supported Operations

#### <mark style="color:purple;">Projects</mark>

<mark style="color:orange;">**Listing all the projects**</mark>

```
list all the projects
```

<mark style="color:orange;">**Listing items in a project IP access list**</mark>

```
list all the ips under '<project_id>' project ip access list 
```

You can get `project_id` from one of the above prompts.

<mark style="color:orange;">**Adding items in a project IP access list**</mark>

```
add following ips to '<project_id>' project ip access list. each line below contains an ip address and associated comment separated by | -

@CURRENT_IP | Office
some_other_ip | system1
```

You can get `project_id` from one of the above prompts. `@CURRENT_IP` is a special placeholder which will be replaced with the ip of the machine where this prompt will be executed from.