feat!: Adds create and delete operations for Workforce OIDC IdP (#2310)

* chore: Upgrades SDK to latest version * add test for OIDC workforce * refactor: move update request to model file * feat: support create for OIDC workforce * feat: implement DELETE for OIDC and add schema for description and authorization_type * test: initial passing CRD * test: add update test OIDC * refactor: shorten method names * docs: add changelog entry * test: fix broken test * test: add full attr checks * fix: delete is supported also for SAML * skip SAML test in CI to avoid deleting it * sinngular data source with new attributes * plural data source * move datasource test of OIDC in the resource test * fix sdk version * chore: minor fixes * add all breaking changes and enhancements in changelog entry * PR comments * remove v20231115008 * Update .changelog/2310.txt Co-authored-by: Leo Antoli <[email protected]> * add upgrade guide * Update .changelog/2310.txt Co-authored-by: Leo Antoli <[email protected]> * Update .changelog/2310.txt Co-authored-by: Leo Antoli <[email protected]> * add guide on what to do with already imported OIDC workforce resources * Update internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider.go Co-authored-by: Marco Suma <[email protected]> --------- Co-authored-by: Oriol Arbusi <[email protected]> Co-authored-by: Leo Antoli <[email protected]> Co-authored-by: Marco Suma <[email protected]>
mongodb · May 31, 2024 · ed0fbab · ed0fbab
1 parent 94caf6d
commit ed0fbab
Show file tree

Hide file tree

Showing 15 changed files with 429 additions and 191 deletions.
diff --git a/.changelog/2310.txt b/.changelog/2310.txt
@@ -0,0 +1,27 @@
+```release-note:enhancement
+resource/mongodbatlas_federated_settings_identity_provider: Adds create and delete operations for Workforce OIDC IdP
+```
+
+```release-note:enhancement
+resource/mongodbatlas_federated_settings_identity_provider: Adds `description` and `authorization_type` fields
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_federated_settings_identity_provider: Adds `description` and `authorization_type` fields
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_federated_settings_identity_providers: Adds `description` and `authorization_type` fields
+```
+
+```release-note:breaking-change
+resource/mongodbatlas_federated_settings_identity_provider: Replaces `audience_claim` field with `audience`
+```
+
+```release-note:breaking-change
+data-source/mongodbatlas_federated_settings_identity_provider: Replaces `audience_claim` field with `audience`
+```
+
+```release-note:breaking-change
+data-source/mongodbatlas_federated_settings_identity_providers: Replaces `audience_claim` field with `audience`
+```
diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml
@@ -61,9 +61,6 @@ on:
       mongodb_atlas_federated_idp_id:
         type: string
         required: true
-      mongodb_atlas_federated_oidc_idp_id:
-        type: string
-        required: true
       mongodb_atlas_federated_sso_url:
         type: string
         required: true
@@ -546,7 +543,6 @@ jobs:
           MONGODB_ATLAS_FEDERATION_SETTINGS_ID: ${{ inputs.mongodb_atlas_federation_settings_id }}
           MONGODB_ATLAS_FEDERATED_OKTA_IDP_ID: ${{ inputs.mongodb_atlas_federated_okta_idp_id }}
           MONGODB_ATLAS_FEDERATED_IDP_ID: ${{ inputs.mongodb_atlas_federated_idp_id }}
-          MONGODB_ATLAS_FEDERATED_OIDC_IDP_ID: ${{ inputs.mongodb_atlas_federated_oidc_idp_id }}
           MONGODB_ATLAS_FEDERATED_SSO_URL: ${{ inputs.mongodb_atlas_federated_sso_url }}
           MONGODB_ATLAS_FEDERATED_ISSUER_URI: ${{ inputs.mongodb_atlas_federated_issuer_uri }}
           MONGODB_ATLAS_FEDERATED_ORG_ID: ${{ inputs.mongodb_atlas_federated_org_id }}

diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml
@@ -90,7 +90,6 @@ jobs:
       mongodb_atlas_federation_settings_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATION_SETTINGS_ID_QA || vars.MONGODB_ATLAS_FEDERATION_SETTINGS_ID }}
       mongodb_atlas_federated_okta_idp_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATED_OKTA_IDP_ID_QA || vars.MONGODB_ATLAS_FEDERATED_OKTA_IDP_ID }}
       mongodb_atlas_federated_idp_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATED_IDP_ID_QA || vars.MONGODB_ATLAS_FEDERATED_IDP_ID }}
-      mongodb_atlas_federated_oidc_idp_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATED_OIDC_IDP_ID_QA || vars.MONGODB_ATLAS_FEDERATED_OIDC_IDP_ID }}
       mongodb_atlas_federated_sso_url: ${{  vars.MONGODB_ATLAS_FEDERATED_SSO_URL }}
       mongodb_atlas_federated_issuer_uri: ${{ vars.MONGODB_ATLAS_FEDERATED_ISSUER_URI }}
       mongodb_atlas_federated_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_FEDERATED_ORG_ID_QA || vars.MONGODB_ATLAS_FEDERATED_ORG_ID }}

diff --git a/go.mod b/go.mod
@@ -24,7 +24,6 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/zclconf/go-cty v1.14.4
 	go.mongodb.org/atlas v0.36.0
-	go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0
 	go.mongodb.org/atlas-sdk/v20231115014 v20231115014.0.0
 	go.mongodb.org/realm v0.1.0
 )

diff --git a/go.sum b/go.sum
@@ -779,8 +779,6 @@ github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgK
 go.mongodb.org/atlas v0.12.0/go.mod h1:wVCnHcm/7/IfTjEB6K8K35PLG70yGz8BdkRwX0oK9/M=
 go.mongodb.org/atlas v0.36.0 h1:m05S3AO7zkl+bcG1qaNsEKBnAqnKx2FDwLooHpIG3j4=
 go.mongodb.org/atlas v0.36.0/go.mod h1:nfPldE9dSama6G2IbIzmEza02Ly7yFZjMMVscaM0uEc=
-go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0 h1:OuV1HfIpZUZa4+BKvtrvDlNqnilkCkdHspuZok6KAbM=
-go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0/go.mod h1:0707RpWIrNFZ6Msy/dwRDCzC5JVDon61JoOqcbfCujg=
 go.mongodb.org/atlas-sdk/v20231115014 v20231115014.0.0 h1:hN7x3m6THf03q/tE48up1j0U/26lJmx+s1LXB/qvHHc=
 go.mongodb.org/atlas-sdk/v20231115014 v20231115014.0.0/go.mod h1:pCl46YnWOIde8lq27whXDwUseNeUvtAy3vy5ZDeTcBA=
 go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M=

diff --git a/internal/config/client.go b/internal/config/client.go
@@ -9,7 +9,6 @@ import (
 	"strings"
 	"time"
 
-	admin20231115008 "go.mongodb.org/atlas-sdk/v20231115008/admin"
 	"go.mongodb.org/atlas-sdk/v20231115014/admin"
 	matlasClient "go.mongodb.org/atlas/mongodbatlas"
 	realmAuth "go.mongodb.org/realm/auth"
@@ -29,10 +28,9 @@ const (
 
 // MongoDBClient contains the mongodbatlas clients and configurations
 type MongoDBClient struct {
-	Atlas            *matlasClient.Client
-	AtlasV2          *admin.APIClient
-	Atlas20231115008 *admin20231115008.APIClient // Needed to avoid breaking changes in federated_settings_identity_provider resource.
-	Config           *Config
+	Atlas   *matlasClient.Client
+	AtlasV2 *admin.APIClient
+	Config  *Config
 }
 
 // Config contains the configurations needed to use SDKs
@@ -104,16 +102,11 @@ func (c *Config) NewClient(ctx context.Context) (any, error) {
 	if err != nil {
 		return nil, err
 	}
-	sdk20231115008Client, err := c.newSDK20231115008Client(client)
-	if err != nil {
-		return nil, err
-	}
 
 	clients := &MongoDBClient{
-		Atlas:            atlasClient,
-		AtlasV2:          sdkV2Client,
-		Atlas20231115008: sdk20231115008Client,
-		Config:           c,
+		Atlas:   atlasClient,
+		AtlasV2: sdkV2Client,
+		Config:  c,
 	}
 
 	return clients, nil
@@ -135,22 +128,6 @@ func (c *Config) newSDKV2Client(client *http.Client) (*admin.APIClient, error) {
 	return sdkv2, nil
 }
 
-func (c *Config) newSDK20231115008Client(client *http.Client) (*admin20231115008.APIClient, error) {
-	opts := []admin20231115008.ClientModifier{
-		admin20231115008.UseHTTPClient(client),
-		admin20231115008.UseUserAgent(userAgent(c)),
-		admin20231115008.UseBaseURL(c.BaseURL),
-		admin20231115008.UseDebug(false)}
-
-	// Initialize the MongoDB Versioned Atlas Client.
-	sdkv2, err := admin20231115008.NewClient(opts...)
-	if err != nil {
-		return nil, err
-	}
-
-	return sdkv2, nil
-}
-
 func (c *MongoDBClient) GetRealmClient(ctx context.Context) (*realm.Client, error) {
 	// Realm
 	if c.Config.PublicKey == "" && c.Config.PrivateKey == "" {

diff --git a/...ice/federatedsettingsidentityprovider/data_source_federated_settings_identity_provider.go b/...ice/federatedsettingsidentityprovider/data_source_federated_settings_identity_provider.go
@@ -13,7 +13,7 @@ import (
 
 func DataSource() *schema.Resource {
 	return &schema.Resource{
-		ReadContext: dataSourceMongoDBAtlasFederatedSettingsIdentityProviderRead,
+		ReadContext: dataSourceRead,
 		Schema: map[string]*schema.Schema{
 			"federation_settings_id": {
 				Type:     schema.TypeString,
@@ -205,12 +205,9 @@ func DataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"audience_claim": {
-				Type:     schema.TypeList,
+			"audience": {
+				Type:     schema.TypeString,
 				Computed: true,
-				Elem: &schema.Schema{
-					Type: schema.TypeString,
-				},
 			},
 			"client_id": {
 				Type:     schema.TypeString,
@@ -231,12 +228,19 @@ func DataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"authorization_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
-func dataSourceMongoDBAtlasFederatedSettingsIdentityProviderRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
-	// Get client connection.
-	connV2 := meta.(*config.MongoDBClient).Atlas20231115008
+func dataSourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	connV2 := meta.(*config.MongoDBClient).AtlasV2
 
 	federationSettingsID, federationSettingsIDOk := d.GetOk("federation_settings_id")
 
@@ -286,7 +290,7 @@ func dataSourceMongoDBAtlasFederatedSettingsIdentityProviderRead(ctx context.Con
 	}
 
 	if federatedSettingsIdentityProvider.GetProtocol() == OIDC {
-		if err := d.Set("audience_claim", federatedSettingsIdentityProvider.AudienceClaim); err != nil {
+		if err := d.Set("audience", federatedSettingsIdentityProvider.Audience); err != nil {
 			return diag.FromErr(fmt.Errorf("error setting `audience_claim` for federatedSettings IdentityProviders: %s", err))
 		}
 
@@ -305,6 +309,14 @@ func dataSourceMongoDBAtlasFederatedSettingsIdentityProviderRead(ctx context.Con
 		if err := d.Set("user_claim", federatedSettingsIdentityProvider.UserClaim); err != nil {
 			return diag.FromErr(fmt.Errorf("error setting `user_claim` for federatedSettings IdentityProviders: %s", err))
 		}
+
+		if err := d.Set("authorization_type", federatedSettingsIdentityProvider.AuthorizationType); err != nil {
+			return diag.FromErr(fmt.Errorf("error setting `authorization_type` for federatedSettings IdentityProviders: %s", err))
+		}
+	}
+
+	if err := d.Set("description", federatedSettingsIdentityProvider.Description); err != nil {
+		return diag.FromErr(fmt.Errorf("error setting `description` for federatedSettings IdentityProviders: %s", err))
 	}
 
 	if err := d.Set("associated_domains", federatedSettingsIdentityProvider.AssociatedDomains); err != nil {

diff --git a/...ederatedsettingsidentityprovider/data_source_federated_settings_identity_provider_test.go b/...ederatedsettingsidentityprovider/data_source_federated_settings_identity_provider_test.go
@@ -36,35 +36,6 @@ func TestAccFederatedSettingsIdentityProviderDS_samlBasic(t *testing.T) {
 	})
 }
 
-func TestAccFederatedSettingsIdentityProviderDS_oidcBasic(t *testing.T) {
-	var (
-		resourceName        = "data.mongodbatlas_federated_settings_identity_provider.test"
-		federatedSettingsID = os.Getenv("MONGODB_ATLAS_FEDERATION_SETTINGS_ID")
-		idpID               = os.Getenv("MONGODB_ATLAS_FEDERATED_OIDC_IDP_ID")
-	)
-	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { acc.PreCheckFederatedSettings(t) },
-		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
-		Steps: []resource.TestStep{
-			{
-				Config: configBasicDS(federatedSettingsID, idpID),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttrSet(resourceName, "associated_orgs.#"),
-					resource.TestCheckResourceAttrSet(resourceName, "audience_claim.#"),
-					resource.TestCheckResourceAttrSet(resourceName, "client_id"),
-					resource.TestCheckResourceAttrSet(resourceName, "groups_claim"),
-					resource.TestCheckResourceAttrSet(resourceName, "requested_scopes.#"),
-					resource.TestCheckResourceAttrSet(resourceName, "user_claim"),
-					resource.TestCheckResourceAttr(resourceName, "protocol", "OIDC"),
-					resource.TestCheckResourceAttr(resourceName, "okta_idp_id", ""),
-					resource.TestCheckResourceAttr(resourceName, "idp_id", idpID),
-					resource.TestCheckResourceAttr(resourceName, "federation_settings_id", federatedSettingsID),
-				),
-			},
-		},
-	})
-}
-
 func configBasicDS(federatedSettingsID, idpID string) string {
 	return fmt.Sprintf(`
 		data "mongodbatlas_federated_settings_identity_provider" "test" {

diff --git a/...ce/federatedsettingsidentityprovider/data_source_federated_settings_identity_providers.go b/...ce/federatedsettingsidentityprovider/data_source_federated_settings_identity_providers.go
@@ -5,7 +5,7 @@ import (
 	"errors"
 	"fmt"
 
-	admin20231115008 "go.mongodb.org/atlas-sdk/v20231115008/admin"
+	"go.mongodb.org/atlas-sdk/v20231115014/admin"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -16,7 +16,7 @@ import (
 
 func PluralDataSource() *schema.Resource {
 	return &schema.Resource{
-		ReadContext: dataSourceMongoDBAtlasFederatedSettingsIdentityProvidersRead,
+		ReadContext: dataSourcePluralRead,
 		Schema: map[string]*schema.Schema{
 			"federation_settings_id": {
 				Type:     schema.TypeString,
@@ -218,12 +218,9 @@ func PluralDataSource() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
-						"audience_claim": {
-							Type:     schema.TypeList,
+						"audience": {
+							Type:     schema.TypeString,
 							Computed: true,
-							Elem: &schema.Schema{
-								Type: schema.TypeString,
-							},
 						},
 						"client_id": {
 							Type:     schema.TypeString,
@@ -244,27 +241,32 @@ func PluralDataSource() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"description": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"authorization_type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 					},
 				},
 			},
 		},
 	}
 }
-func dataSourceMongoDBAtlasFederatedSettingsIdentityProvidersRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
-	// Get client connection.
-	connV2 := meta.(*config.MongoDBClient).Atlas20231115008
-
+func dataSourcePluralRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	connV2 := meta.(*config.MongoDBClient).AtlasV2
 	federationSettingsID, federationSettingsIDOk := d.GetOk("federation_settings_id")
 
 	if !federationSettingsIDOk {
 		return diag.FromErr(errors.New("federation_settings_id must be configured"))
 	}
 
-	// once the SDK is upgraded above version "go.mongodb.org/atlas-sdk/v20231115012/mockadmin" we can use pagination parameters to iterate over all results (and adjust documentation)
-	// pagination attributes are deprecated and can be removed as we move towards not exposing these pagination options to the user
-	params := &admin20231115008.ListIdentityProvidersApiParams{
+	params := &admin.ListIdentityProvidersApiParams{
 		FederationSettingsId: federationSettingsID.(string),
 		Protocol:             &[]string{OIDC, SAML},
+		IdpType:              &[]string{WORKFORCE},
 	}
 
 	providers, _, err := connV2.FederatedAuthenticationApi.ListIdentityProvidersWithParams(ctx, params).Execute()