DOCSP-24594-Compass-auth-examples

[ltran-mdb2]

DESCRIPTION

Adds examples of Compass authentication

STAGING

https://deploy-preview-708--docs-compass.netlify.app/connect/advanced-connection-options/general-connection/#example
https://deploy-preview-708--docs-compass.netlify.app/connect/advanced-connection-options/authentication-connection/#examples
https://deploy-preview-708--docs-compass.netlify.app/connect/advanced-connection-options/tls-ssl-connection/#example
https://deploy-preview-708--docs-compass.netlify.app/connect/advanced-connection-options/advanced-connection/#example

JIRA

https://jira.mongodb.org/browse/DOCSP-24594

Self-Review Checklist

• Is this free of any warnings or errors in the RST?
• Is this free of spelling errors?
• Is this free of grammatical errors?
• Is this free of staging / rendering issues?
• Are all the links working?

External Review Requirements

What's expected of an external reviewer?

[netlify]

✅ Deploy Preview for docs-compass ready!

Name	Link
🔨 Latest commit	4ae08c2
🔍 Latest deploy log	https://app.netlify.com/sites/docs-compass/deploys/6797f5c02b55690008c9be92
😎 Deploy Preview	https://deploy-preview-708--docs-compass.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[jeff-allen-mongo]

@ltran-mdb2 thanks for these updates. I think this is a good start and definitely in line with my initial suggestions. I left a few thoughts for your consideration. Feel free to reach out if you want to discuss anything.

Jeff

[jeff-allen-mongo]

I might consider moving these new examples under a dedicated "Example" heading after "Procedure". I feel like this might make them slightly easier to find, since they'd be clearly visible in the right-hand page ToC.

I was also thinking that another potential way to organize this content could be to create a new page under "Connect" called "Connection Examples" (or similar), and make these examples into distinct pages. As in the ToC would look something like:

| - Connect
| - | - Connection Examples
| - | - | - Connect to Atlas Deployment 
| - | - | - Connect to LDAP Deployment
| - | - | - etc

This would be more work content-wise, but I'm wondering if it's worth having these examples on dedicated pages so they can be more easily found by users searching for phrases like "compass connect to Atlas" or "compass connect with LDAP".

I think it could also be fine to keep the structure largely as we have it now with the examples added to the existing pages, and consider a broader restructure in a future effort. Curious what you think.

[ltran-mdb2]

I added an "Example" section for each page because I think it makes sense to keep the examples on the same pages as the procedures.

[jeff-allen-mongo]

I'm curious for product / engineering's take here, but I'm wondering if in the examples we should be using the SRV Connection format. My understanding is that the SRV strings have the advantage of having TLS enabled by default, which might promote more secure practices. Not 100% sure about this though.

[ltran-mdb2]

I changed the examples to use the srv connection format - @betsybutton what do you think?

[betsybutton]

Yes, +srv connection strings have TLS enabled by default, and we encourage users to use their connection strings when possible. Thanks for leaving this comment, Jeff!

[jeff-allen-mongo]

The example here feels slightly out of place to me. Since it immediately follows the AWS content, it seems like it should be showing an AWS example. Moving the examples to their own section (or page) as mentioned in my other comment might help.

[ltran-mdb2]

Done!

[jeff-allen-mongo]

This is a bit of a nit, but I'm wondering if we should change the "Name" field in these example screenshots to be slightly more descriptive, rather than reusing the hostname and port. My concern is that users might think that their connection "Name" has to match the username and port, but it can be anything that helps identify the cluster.

[ltran-mdb2]

Done!

[jeff-allen-mongo]

[Nit]

I don't think "Standard Connection String Format" needs to be title case here.

[ltran-mdb2]

Fixed!

[jeff-allen-mongo]

I think also including an LDAP example on this page would be helpful.

[ltran-mdb2]

Done!

[jeff-allen-mongo]

It might help to add a bit of context here explaining why a user might want to use "secondary preferred".

[ltran-mdb2]

Done!

[ltran-mdb2]

Thanks for your feedback @jeff-allen-mongo ! Could you take another look when you get a chance?

[jeff-allen-mongo]

LGTM! Just have a couple optional suggestions. Thanks @ltran-mdb2

[jeff-allen-mongo]

[Suggestion]

Maybe to tighten up the wording slightly:

The following example specifies a connection with a read preference of :guilabel:Secondary Preferred.

We could apply a similar wording to the other example lead-ins.

[ltran-mdb2]

Done!

[jeff-allen-mongo]

[Suggestion]

Maybe we can make this "Examples" and have subheadings for each example? As in:

Examples
------------

Username and Password Authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(example 1)

LDAP Authentication
~~~~~~~~~~~~~~~~~~~~

(example 2)

[ltran-mdb2]

Done!

[jeff-allen-mongo]

I noticed the other figures specified a figwidth of 662px. Should we add that here as well?

[ltran-mdb2]

Thanks for catching this! Done!

[jeff-allen-mongo]

Sorry, I realized after I suggested that we add this example that LDAP is actually deprecated. I wonder if we should remove this or replace with a different auth example? Happy to defer to product for their opinion here.

[ltran-mdb2]

@betsybutton Do you have thoughts here?

[betsybutton]

Even though LDAP is deprecated, this is an area that has caused a lot of pain in the past, so I think it's worth including here. Some larger customers take much longer to upgrade to the latest MongoDB version, and we might as well provide the assistance.

[betsybutton]

Thanks so much for taking this work on, Lauren! So far, these examples cover the following types of connections:

1. SCRAM-SHA-256
2. Secondary Preferred
3. Username & password
4. LDAP Authentication
5. TLS/SSL

What would you think of adding examples for the following, which are other areas users have struggled a lot with? If it would be better to handle some of these in a followup ticket, that's also fine.

1. Private endpoints
2. OIDC
3. x509
4. Analytics nodes

For private endpoint and OIDC, it might be helpful to link to other docs that could help users diagnose these types of problems. For example, https://www.mongodb.com/docs/atlas/troubleshoot-private-endpoints/#std-label-pl-troubleshooting and https://www.mongodb.com/docs/atlas/security-oidc/

[betsybutton]

Even though LDAP is deprecated, this is an area that has caused a lot of pain in the past, so I think it's worth including here. Some larger customers take much longer to upgrade to the latest MongoDB version, and we might as well provide the assistance.

[betsybutton]

[q] Is there a reason to list these examples all the way at the bottom, instead of including them in the sections pertinent to each connection method above? And if it's truly better to have these at the bottom, can we link to them from above? I'm worried they won't be very visible down here since they're hidden & not linked.

[ltran-mdb2]

I added a note in the username/password and ldap sections linking to the according examples. The reason they are at the bottom is to make a dedicated ToC item on this page with the examples (see this comment from Jeff)

[betsybutton]

Got it, thanks for adding the link!

[betsybutton]

There isn't really a reason to explicitly enable TLS/SSL when using an srv connection string, since it's enabled by default, especially when tlsCertificateKeyFile isn't specified. Maybe we could turn this into an x509 example, where we need to supply the client certificate and key?

[ltran-mdb2]

Done!

[ltran-mdb2]

Thanks for your feedback @betsybutton ! Could you take another look at this PR when you get a chance?

I also implemented some feedback from Felicia on the general connection example (changing it to use the mongodb scheme) as well as adding notes on when TLS/SSL is required.

I opened DOCSP-46801 to address the other examples you mentioned!

[betsybutton]

1 nit pick, otherwise LGTM!

[betsybutton]

The screenshot doesn't showcase selecting a .pem file right now - could we update it to mirror what a successful x509 setup would look like?

[ltran-mdb2]

Done!

[betsybutton]

LGTM, thank you Lauren!