MongoDB Atlas

Available when using an authoring Data Collector version 5.2.0 or later.

To create a MongoDB Atlas connection, the MongoDB Atlas stage library, streamsets-datacollector-mongodb_atlas-lib, must be installed on the selected authoring Data Collector.

For a description of the MongoDB Atlas connection properties, see MongoDB Atlas Connection Properties.

After you create a MongoDB Atlas connection, you can use the connection in the following stages:
Engine Stages
Data Collector 5.2.0 or later
  • MongoDB Atlas origin
  • MongoDB Atlas destination

Credentials

Based on the authentication used by MongoDB, configure the connection to use no authentication, username/password authentication, or LDAP authentication. By default, no authentication is used.

To use username/password or LDAP authentication, enter the required credentials in one of the following ways:
Authentication method
Specify the authentication to use with the Authentication Method property on the Credentials tab:
  • None
  • Username / Password
  • LDAP
Then, define the username and password for username/password or LDAP authentication.
When using username/password authentication, you also specify the authentication mechanism to use. You can also specify an authentication database.
Connection string
If you prefer, you can specify credentials in the connection string on the Connection tab. However, specifying credentials on the Credentials tab is the recommended method.
To enter credentials for username/password authentication, enter the username and password before the host name. Use the following format:
mongodb://username:password@host[:port][/[database][?options]]

Enabling SSL/TLS

By default, the connection does not use SSL/TLS. If the cluster is enabled to use SSL/TLS, then you can connect using one of the following methods:
  • Atlas/System CA - Connects to a MongoDB Atlas cluster. You can also use this when your certificates or keys have already been specified at the JVM level.
  • Server Validation (1 Way TLS) - Connects to an SSL/TLS-enabled MongoDB Enterprise Server cluster when the client needs to validate the server certificate and does not need to prove client identity.
  • Server and Client Validation (2 Way TLS) - Connects to an SSL/TLS-enabled MongoDB Enterprise Server cluster when the client needs to validate the server certificate and the server also validates the client key. This occurs when the cluster is set up to require client certificates.
Note: Server validation and server and client validation require configuring additional properties that provide the required information. Both options require obtaining the certificate file for the cluster in one of the valid formats. Server and client validation also requires generating or obtaining the public certificate and private key file for Data Collector.
You can specify certificates and keys in the following formats:
  • JKS (Java Keystore)
  • PEM (text-based)
  • DER (text-based)
  • PKCS #7 / P7B
  • PKCS #12 / P12 / PFX
  • Private keys inside PEM, DER, or PKCS #12 encoded as PKCS#1 or PKCS#8

If the files are in PEM or DER plain text format, you can provide the text in the stage properties. The certificate should begin and end with text such as: —BEGIN CERTIFICATE— or —END PRIVATE KEY—. Otherwise, you provide a path to the certificate file.

MongoDB Atlas Connection Properties

When creating a MongoDB Atlas connection, configure the following properties on the MongoDB tab:
MongoDB Property Description
Connection String
Connection string for MongoDB. To connect to MongoDB Atlas or Enterprise Server, you can use the following DNS seed list format:
mongodb+srv://server.example.com/

To connect to a MongoDB Enterprise Server cluster, use the following standard connection format:

mongodb://host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]

When connecting to a cluster, enter additional node information to ensure a connection.

For more information about MongoDB connection strings, see the MongoDB documentation.

SSL/TLS Mode Method used to implement SSL/TLS:
  • None - Connects to a MongoDB Enterprise Server cluster that is not enabled to use SSL/TLS.
  • Atlas/System CA - Connects to a MongoDB Atlas cluster. You can also use this when your certificates or keys have already been specified at the JVM level.
  • Server Validation (1 Way TLS) - Connects to an SSL/TLS-enabled MongoDB Enterprise Server cluster when the client needs to validate the server certificate and does not need to prove client identity.
  • Server and Client Validation (2 Way TLS) - Connects to an SSL/TLS-enabled MongoDB Enterprise Server cluster when the client needs to validate the server certificate and the server also validates the client key. This occurs when the cluster is set up to require client certificates.
SSL Invalid Host Name Allowed Specifies whether invalid host names are allowed in SSL/TLS certificates.

Available when using server validation or server and client validation.

Certificate Mode Mode to provide the SSL/TLS certificate:
  • File - Use when the certificate is in a file local to Data Collector.
  • Embedded - Use to provide the certificate text directly in stage properties.

Available when using server validation or server and client validation.

Certificate Authority MongoDB certificate to use. Define this property based on the configured certificate mode:
  • When using file certificate mode, specify a path to the certificate. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory:

    ${runtime:resourcesDirPath()}/keystore.jks

  • When using the embedded certificate mode, provide the full text of the certificate to use. The text should start with ---BEGIN CERTIFICATE---.

Available when using server validation or server and client validation.

Certificate Authority Password Password for the certificate. Specify if the certificate file is encrypted.

Available when using server validation or server and client validation, and when using file certificate mode.

Client Certificate Client certificate to use. Define this property based on the configured certificate mode:
  • When using file certificate mode, specify a path to the certificate. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory:

    ${runtime:resourcesDirPath()}/keystore.jks

  • When using the embedded certificate mode, provide the full text of the certificate to use. The text should start with ---BEGIN CERTIFICATE---.

Available when using server and client validation.

Client Private Key Path to the key file.

Available when using server and client validation and file certificate mode.

Private Key Password Password for the private key. Specify if the private key is encrypted.

Available when using server and client validation and file certificate mode.

Configure the following authentication properties on the Credentials tab:
Authentication Property Description
Authentication Method Authentication method to use:
  • None
  • Username / Password
  • LDAP
Username User name for the selected authentication method.
Password Password for the specified user name.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Authentication Database Database name associated with the specified user account.

Available when using username/password authentication.

Authentication Mechanism Authentication mechanism to use:
  • Default - Data Collector and MongoDB negotiate to choose the encryption mechanism.
  • SCRAM-SHA-1 - Data Collector sends SCRAM-SHA-1 credentials to MongoDB.
  • SCRAM-SHA-256 - Data Collector sends SCRAM-SHA-1 credentials to MongoDB.
On the Advanced tab, optionally configure the following property:
Advanced Property Description
Compression Algorithm Compression algorithm to use to communicate with MongoDB:
  • None
  • Snappy
  • ZLib
  • ZStandard

These compression algorithms are not supported by all MongoDB versions. See the MongoDB documentation for details.

Default is Snappy.