Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

INTMDB-137: Add Get Role to CloudProviderAccessService #498

Merged
merged 2 commits into from
Jun 16, 2023
Merged

INTMDB-137: Add Get Role to CloudProviderAccessService #498

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b3d970f
INTMDB-137: Add Get Role to CloudProviderAccessService
andreaangiolillo Jun 16, 2023
a25f3c5
Update cloud_provider_access_test.go
andreaangiolillo Jun 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 35 additions & 6 deletions mongodbatlas/cloud_provider_access.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,10 @@ const cloudProviderAccessPath = "api/atlas/v1.0/groups/%s/cloudProviderAccess"

// CloudProviderAccessService provides access to the cloud provider access functions in the Atlas API.
//
// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access/
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access
type CloudProviderAccessService interface {
ListRoles(context.Context, string) (*CloudProviderAccessRoles, *Response, error)
GetRole(context.Context, string, string) (*CloudProviderAccessRoles, *Response, error)
CreateRole(context.Context, string, *CloudProviderAccessRoleRequest) (*AWSIAMRole, *Response, error)
AuthorizeRole(context.Context, string, string, *CloudProviderAuthorizationRequest) (*AWSIAMRole, *Response, error)
DeauthorizeRole(context.Context, *CloudProviderDeauthorizationRequest) (*Response, error)
Expand Down Expand Up @@ -78,9 +79,37 @@ type CloudProviderDeauthorizationRequest struct {
RoleID string
}

// ListRoles retrieve existing AWS IAM roles.
// GetRole Returns the Amazon Web Services (AWS) Identity and Access Management (IAM) role
// with the specified id and with access to the specified project.
//
// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-get-roles/
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/getCloudProviderAccessRole
func (s *CloudProviderAccessServiceOp) GetRole(ctx context.Context, groupID, roleID string) (*CloudProviderAccessRoles, *Response, error) {
if groupID == "" {
return nil, nil, NewArgError("groupId", "must be set")
}
if roleID == "" {
return nil, nil, NewArgError("roleID", "must be set")
}

basePath := fmt.Sprintf(cloudProviderAccessPath, groupID)
path := fmt.Sprintf("%s/%s", basePath, roleID)
req, err := s.Client.NewRequest(ctx, http.MethodGet, path, nil)
if err != nil {
return nil, nil, err
}

root := new(CloudProviderAccessRoles)
resp, err := s.Client.Do(ctx, req, root)
if err != nil {
return nil, resp, err
}

return root, resp, nil
}

// ListRoles retrieves existing AWS IAM roles.
//
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/listCloudProviderAccessRoles
func (s *CloudProviderAccessServiceOp) ListRoles(ctx context.Context, groupID string) (*CloudProviderAccessRoles, *Response, error) {
path := fmt.Sprintf(cloudProviderAccessPath, groupID)

Expand All @@ -100,7 +129,7 @@ func (s *CloudProviderAccessServiceOp) ListRoles(ctx context.Context, groupID st

// CreateRole creates an AWS IAM role.
//
// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-create-one-role/
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/createCloudProviderAccessRole
func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID string, request *CloudProviderAccessRoleRequest) (*AWSIAMRole, *Response, error) {
if request == nil {
return nil, nil, NewArgError("request", "must be set")
Expand All @@ -124,7 +153,7 @@ func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID s

// AuthorizeRole authorizes and configure an AWS Assumed IAM role.
//
// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-authorize-one-role/
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/authorizeCloudProviderAccessRole
func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAuthorizationRequest) (*AWSIAMRole, *Response, error) {
if roleID == "" {
return nil, nil, NewArgError("roleID", "must be set")
Expand Down Expand Up @@ -153,7 +182,7 @@ func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupI

// DeauthorizeRole deauthorizes an AWS Assumed IAM role.
//
// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-deauthorize-one-role/
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/deauthorizeCloudProviderAccessRole
func (s *CloudProviderAccessServiceOp) DeauthorizeRole(ctx context.Context, request *CloudProviderDeauthorizationRequest) (*Response, error) {
if request.RoleID == "" {
return nil, NewArgError("roleID", "must be set")
Expand Down
44 changes: 44 additions & 0 deletions mongodbatlas/cloud_provider_access_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,50 @@ func TestCloudProviderAccessServiceOp_ListRoles(t *testing.T) {
}
}

func TestCloudProviderAccessServiceOp_GetRole(t *testing.T) {
client, mux, teardown := setup()
defer teardown()
roleID := "1"
mux.HandleFunc(fmt.Sprintf("/api/atlas/v1.0/groups/1/cloudProviderAccess/%s", roleID), func(w http.ResponseWriter, r *http.Request) {
testMethod(t, r, http.MethodGet)
fmt.Fprint(w, `{
"awsIamRoles": [{
"atlasAWSAccountArn": "arn:aws:iam::123456789012:root",
"atlasAssumedRoleExternalId": "3192be49-6e76-4b7d-a7b8-b486a8fc4483",
"authorizedDate": "2020-08-03T20:42:49Z",
"createdDate": "2020-07-30T20:20:36Z",
"featureUsages": [],
"iamAssumedRoleArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
"providerName": "AWS",
"roleId": "5f232b94af0a6b41747bcc2d"
}]
}`)
})

roles, _, err := client.CloudProviderAccess.GetRole(ctx, groupID, roleID)
if err != nil {
t.Fatalf("CloudProviderAccess.GetRole returned error: %v", err)
}

expected := &CloudProviderAccessRoles{
AWSIAMRoles: []AWSIAMRole{
{
AtlasAWSAccountARN: "arn:aws:iam::123456789012:root",
AtlasAssumedRoleExternalID: "3192be49-6e76-4b7d-a7b8-b486a8fc4483",
AuthorizedDate: "2020-08-03T20:42:49Z",
CreatedDate: "2020-07-30T20:20:36Z",
FeatureUsages: []*FeatureUsage{},
IAMAssumedRoleARN: "arn:aws:iam::772401394250:role/my-test-aws-role",
ProviderName: "AWS",
RoleID: "5f232b94af0a6b41747bcc2d",
},
},
}
if diff := deep.Equal(roles, expected); diff != nil {
t.Error(diff)
}
}

func TestCloudProviderAccessServiceOp_CreateRole(t *testing.T) {
client, mux, teardown := setup()
defer teardown()
Expand Down