diff --git a/mongodbatlas/cloud_provider_access.go b/mongodbatlas/cloud_provider_access.go index 17f1560d..7273d385 100644 --- a/mongodbatlas/cloud_provider_access.go +++ b/mongodbatlas/cloud_provider_access.go @@ -24,9 +24,10 @@ const cloudProviderAccessPath = "api/atlas/v1.0/groups/%s/cloudProviderAccess" // CloudProviderAccessService provides access to the cloud provider access functions in the Atlas API. // -// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access/ +// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access type CloudProviderAccessService interface { ListRoles(context.Context, string) (*CloudProviderAccessRoles, *Response, error) + GetRole(context.Context, string, string) (*CloudProviderAccessRoles, *Response, error) CreateRole(context.Context, string, *CloudProviderAccessRoleRequest) (*AWSIAMRole, *Response, error) AuthorizeRole(context.Context, string, string, *CloudProviderAuthorizationRequest) (*AWSIAMRole, *Response, error) DeauthorizeRole(context.Context, *CloudProviderDeauthorizationRequest) (*Response, error) @@ -78,9 +79,37 @@ type CloudProviderDeauthorizationRequest struct { RoleID string } -// ListRoles retrieve existing AWS IAM roles. +// GetRole Returns the Amazon Web Services (AWS) Identity and Access Management (IAM) role +// with the specified id and with access to the specified project. // -// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-get-roles/ +// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/getCloudProviderAccessRole +func (s *CloudProviderAccessServiceOp) GetRole(ctx context.Context, groupID, roleID string) (*CloudProviderAccessRoles, *Response, error) { + if groupID == "" { + return nil, nil, NewArgError("groupId", "must be set") + } + if roleID == "" { + return nil, nil, NewArgError("roleID", "must be set") + } + + basePath := fmt.Sprintf(cloudProviderAccessPath, groupID) + path := fmt.Sprintf("%s/%s", basePath, roleID) + req, err := s.Client.NewRequest(ctx, http.MethodGet, path, nil) + if err != nil { + return nil, nil, err + } + + root := new(CloudProviderAccessRoles) + resp, err := s.Client.Do(ctx, req, root) + if err != nil { + return nil, resp, err + } + + return root, resp, nil +} + +// ListRoles retrieves existing AWS IAM roles. +// +// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/listCloudProviderAccessRoles func (s *CloudProviderAccessServiceOp) ListRoles(ctx context.Context, groupID string) (*CloudProviderAccessRoles, *Response, error) { path := fmt.Sprintf(cloudProviderAccessPath, groupID) @@ -100,7 +129,7 @@ func (s *CloudProviderAccessServiceOp) ListRoles(ctx context.Context, groupID st // CreateRole creates an AWS IAM role. // -// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-create-one-role/ +// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/createCloudProviderAccessRole func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID string, request *CloudProviderAccessRoleRequest) (*AWSIAMRole, *Response, error) { if request == nil { return nil, nil, NewArgError("request", "must be set") @@ -124,7 +153,7 @@ func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID s // AuthorizeRole authorizes and configure an AWS Assumed IAM role. // -// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-authorize-one-role/ +// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/authorizeCloudProviderAccessRole func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAuthorizationRequest) (*AWSIAMRole, *Response, error) { if roleID == "" { return nil, nil, NewArgError("roleID", "must be set") @@ -153,7 +182,7 @@ func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupI // DeauthorizeRole deauthorizes an AWS Assumed IAM role. // -// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-deauthorize-one-role/ +// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/deauthorizeCloudProviderAccessRole func (s *CloudProviderAccessServiceOp) DeauthorizeRole(ctx context.Context, request *CloudProviderDeauthorizationRequest) (*Response, error) { if request.RoleID == "" { return nil, NewArgError("roleID", "must be set") diff --git a/mongodbatlas/cloud_provider_access_test.go b/mongodbatlas/cloud_provider_access_test.go index a1dfa5c6..2eec0d8e 100644 --- a/mongodbatlas/cloud_provider_access_test.go +++ b/mongodbatlas/cloud_provider_access_test.go @@ -67,6 +67,50 @@ func TestCloudProviderAccessServiceOp_ListRoles(t *testing.T) { } } +func TestCloudProviderAccessServiceOp_GetRole(t *testing.T) { + client, mux, teardown := setup() + defer teardown() + roleID := "1" + mux.HandleFunc(fmt.Sprintf("/api/atlas/v1.0/groups/1/cloudProviderAccess/%s", roleID), func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, http.MethodGet) + fmt.Fprint(w, `{ + "awsIamRoles": [{ + "atlasAWSAccountArn": "arn:aws:iam::123456789012:root", + "atlasAssumedRoleExternalId": "3192be49-6e76-4b7d-a7b8-b486a8fc4483", + "authorizedDate": "2020-08-03T20:42:49Z", + "createdDate": "2020-07-30T20:20:36Z", + "featureUsages": [], + "iamAssumedRoleArn": "arn:aws:iam::772401394250:role/my-test-aws-role", + "providerName": "AWS", + "roleId": "5f232b94af0a6b41747bcc2d" + }] + }`) + }) + + roles, _, err := client.CloudProviderAccess.GetRole(ctx, groupID, roleID) + if err != nil { + t.Fatalf("CloudProviderAccess.GetRole returned error: %v", err) + } + + expected := &CloudProviderAccessRoles{ + AWSIAMRoles: []AWSIAMRole{ + { + AtlasAWSAccountARN: "arn:aws:iam::123456789012:root", + AtlasAssumedRoleExternalID: "3192be49-6e76-4b7d-a7b8-b486a8fc4483", + AuthorizedDate: "2020-08-03T20:42:49Z", + CreatedDate: "2020-07-30T20:20:36Z", + FeatureUsages: []*FeatureUsage{}, + IAMAssumedRoleARN: "arn:aws:iam::772401394250:role/my-test-aws-role", + ProviderName: "AWS", + RoleID: "5f232b94af0a6b41747bcc2d", + }, + }, + } + if diff := deep.Equal(roles, expected); diff != nil { + t.Error(diff) + } +} + func TestCloudProviderAccessServiceOp_CreateRole(t *testing.T) { client, mux, teardown := setup() defer teardown()