MongoDB.live, free & fully virtual. Register Now MongoDB.live, free & fully virtual. Register Now

Disable IP security on database level

Hi!

I’m running CI on Github Actions. The integration tests include a connection to a test database within my Atlas cluster. Github Actions keep rotating through a large amount of IPs, so I can’t whitelist them very easily… As you understand, I don’t value the IP guard to my test database that much (it gets wiped after every test suite). Is there anyway to disable the IP check on this very database within my cluster, while keeping the IP check on all other dbs in the cluster?

If that’s not allowed I guess I can setup another cluster without the IP guard, in which I only keep my test db, but this approach seems a bit more cumbersome than the one described above.

Thanks in advance!

Hi @petas,

Atlas IP Access whitelist is done on a project level , so I would recommend having a separate project if you intend to whitelist 0.0.0.0 address.

Now I saw github actions have a list of ips updated weekly : https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners#ip-addresses-of-runners-on-github-hosted-machines

Perhaps you can use Atlas API and dynamically whitelist when changed.

Best
Pavel

1 Like

Thanks a lot, Pavel! :star2:

1 Like

Hey @Pavel_Duchovny, I just ran into problems again with this…

I have now created a separate project (2) with a test cluster and my test db in it. However, I don’t see how I will be able access data from that test project (2) from my original app (1). According to the docs (https://docs.mongodb.com/realm/mongodb/link-a-data-source/): " You can use MongoDB Realm to work with a data source – either a MongoDB Atlas cluster or Data Lake associated with the same Atlas project as your Realm app."

If you only look at Github Workflow, this approach should probably work. However, my integration tests run the deployed functions on my main app (1). Could they connect to a separate project’s (2) cluster in some way?

Cheers,

Hi @petas,

What I meant is that the cluster your github will communicate to will also need to move to that dedicated project.

Not sure how realm is used here? Do you wish to use Realm as your data access? For realm connections there is no need to whitelist origin and authentication is done with one of realms providers…

You can though specify github.com as a domain origin.

You can also use realm wire connection to perform standard crud:
https://docs.mongodb.com/realm/mongodb/enable-wire-protocol-connections/

Best
Pavel

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.