From 4a9edb4381736eecc02b10229ccb4342a234520d Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 12:00:46 +0200 Subject: [PATCH 1/9] chore: Upgrades cloud_provider_access_setup and _authorization to the latest SDK. --- ...data_source_cloud_provider_access_setup.go | 4 +- ...rce_cloud_provider_access_authorization.go | 65 ++++++++--------- ...loud_provider_access_authorization_test.go | 8 +- .../resource_cloud_provider_access_setup.go | 73 ++++++++----------- ...source_cloud_provider_access_setup_test.go | 13 +--- 5 files changed, 71 insertions(+), 92 deletions(-) diff --git a/internal/service/cloudprovideraccess/data_source_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/data_source_cloud_provider_access_setup.go index 777dae8c67..12ff15af53 100644 --- a/internal/service/cloudprovideraccess/data_source_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/data_source_cloud_provider_access_setup.go @@ -84,11 +84,11 @@ func DataSourceSetup() *schema.Resource { } func dataSourceMongoDBAtlasCloudProviderAccessSetupRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 projectID := d.Get("project_id").(string) roleID := d.Get("role_id").(string) - role, _, err := conn.CloudProviderAccess.GetRole(ctx, projectID, roleID) + role, _, err := conn.CloudProviderAccessApi.GetCloudProviderAccessRole(ctx, projectID, roleID).Execute() if err != nil { return diag.FromErr(fmt.Errorf(ErrorCloudProviderGetRead, err)) } diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index c9a31745d8..5b16813c9c 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -12,7 +12,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - matlas "go.mongodb.org/atlas/mongodbatlas" + "go.mongodb.org/atlas-sdk/v20231115012/admin" ) /* @@ -92,7 +92,7 @@ func ResourceAuthorization() *schema.Resource { func resourceMongoDBAtlasCloudProviderAccessAuthorizationRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { // sadly there is no just get API - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) roleID := ids["id"] // atlas ID @@ -121,7 +121,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationRead(ctx context.Contex } // If not authorize , then request the authorization - if targetRole.ProviderName == constant.AWS && targetRole.AuthorizedDate == "" && !d.IsNewResource() { + if targetRole.ProviderName == constant.AWS && conversion.TimeToString(targetRole.GetAuthorizedDate()) == "" && !d.IsNewResource() { d.SetId("") return nil } @@ -130,7 +130,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationRead(ctx context.Contex } func resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 projectID := d.Get("project_id").(string) roleID := d.Get("role_id").(string) @@ -150,7 +150,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate(ctx context.Cont } func resourceMongoDBAtlasCloudProviderAccessAuthorizationUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) roleID := ids["id"] @@ -178,29 +178,29 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationPlaceHolder(ctx context return nil } -func roleToSchemaAuthorization(role *matlas.CloudProviderAccessRole) map[string]any { +func roleToSchemaAuthorization(role *admin.CloudProviderAccessRole) map[string]any { out := map[string]any{ - "role_id": role.RoleID, + "role_id": role.GetRoleId(), "aws": []any{map[string]any{ - "iam_assumed_role_arn": role.IAMAssumedRoleARN, + "iam_assumed_role_arn": role.GetIamAssumedRoleArn(), }}, - "authorized_date": role.AuthorizedDate, + "authorized_date": role.GetAuthorizedDate(), } if role.ProviderName == "AZURE" { out = map[string]any{ - "role_id": role.AzureID, + "role_id": role.GetRoleId(), "azure": []any{map[string]any{ - "atlas_azure_app_id": role.AtlasAzureAppID, - "service_principal_id": role.AzureServicePrincipalID, - "tenant_id": role.AzureTenantID, + "atlas_azure_app_id": role.GetAtlasAzureAppId(), + "service_principal_id": role.GetServicePrincipalId(), + "tenant_id": role.GetTenantId(), }}, "authorized_date": role.AuthorizedDate, } } - features := make([]map[string]any, 0, len(role.FeatureUsages)) - for _, featureUsage := range role.FeatureUsages { + features := make([]map[string]any, 0, len(role.GetFeatureUsages())) + for _, featureUsage := range role.GetFeatureUsages() { features = append(features, featureToSchema(featureUsage)) } @@ -208,8 +208,8 @@ func roleToSchemaAuthorization(role *matlas.CloudProviderAccessRole) map[string] return out } -func FindRole(ctx context.Context, conn *matlas.Client, projectID, roleID string) (*matlas.CloudProviderAccessRole, error) { - role, _, err := conn.CloudProviderAccess.GetRole(ctx, projectID, roleID) +func FindRole(ctx context.Context, conn *admin.APIClient, projectID, roleID string) (*admin.CloudProviderAccessRole, error) { + role, _, err := conn.CloudProviderAccessApi.GetCloudProviderAccessRole(ctx, projectID, roleID).Execute() if err != nil { return nil, fmt.Errorf(ErrorCloudProviderGetRead, err) } @@ -259,33 +259,33 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationStateUpgradeV0(ctx cont return rawState, nil } -func authorizeRole(ctx context.Context, client *matlas.Client, d *schema.ResourceData, projectID string, targetRole *matlas.CloudProviderAccessRole) diag.Diagnostics { - req := &matlas.CloudProviderAccessRoleRequest{ +func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.ResourceData, projectID string, targetRole *admin.CloudProviderAccessRole) diag.Diagnostics { + req := &admin.CloudProviderAccessRole{ ProviderName: targetRole.ProviderName, } - roleID := targetRole.RoleID + roleID := targetRole.GetRoleId() if targetRole.ProviderName == constant.AWS { roleAWS, ok := d.GetOk("aws") if !ok { return diag.FromErr(fmt.Errorf("error CloudProviderAccessAuthorization missing iam_assumed_role_arn")) } - req.IAMAssumedRoleARN = conversion.Pointer(roleAWS.([]any)[0].(map[string]any)["iam_assumed_role_arn"].(string)) + req.SetIamAssumedRoleArn(roleAWS.([]any)[0].(map[string]any)["iam_assumed_role_arn"].(string)) } if targetRole.ProviderName == constant.AZURE { - req.AtlasAzureAppID = targetRole.AtlasAzureAppID - req.AzureTenantID = targetRole.AzureTenantID - req.AzureServicePrincipalID = targetRole.AzureServicePrincipalID - roleID = *targetRole.AzureID + req.SetAtlasAzureAppId(targetRole.GetAtlasAzureAppId()) + req.SetTenantId(targetRole.GetTenantId()) + req.SetServicePrincipalId(targetRole.GetServicePrincipalId()) + roleID = targetRole.GetRoleId() } - var role *matlas.CloudProviderAccessRole + var role *admin.CloudProviderAccessRole var err error for i := 0; i < 3; i++ { - role, _, err = client.CloudProviderAccess.AuthorizeRole(ctx, projectID, roleID, req) + role, _, err = client.CloudProviderAccessApi.AuthorizeCloudProviderAccessRole(ctx, projectID, roleID, req).Execute() if err != nil && strings.Contains(err.Error(), "CANNOT_ASSUME_ROLE") { // aws takes time to update , in case of single path log.Printf("warning issue performing authorize: %s \n", err.Error()) log.Println("retrying") @@ -304,10 +304,7 @@ func authorizeRole(ctx context.Context, client *matlas.Client, d *schema.Resourc authSchema := roleToSchemaAuthorization(role) - resourceID := role.RoleID - if role.ProviderName == constant.AZURE { - resourceID = *role.AzureID - } + resourceID := role.GetRoleId() d.SetId(conversion.EncodeStateID(map[string]string{ "id": resourceID, "project_id": projectID, @@ -337,9 +334,9 @@ func featureUsagesSchema() *schema.Resource { } } -func featureToSchema(feature *matlas.FeatureUsage) map[string]any { +func featureToSchema(feature admin.CloudProviderAccessFeatureUsage) map[string]any { return map[string]any{ - "feature_type": feature.FeatureType, - "feature_id": feature.FeatureID, + "feature_type": feature.GetFeatureType(), + "feature_id": feature.GetFeatureId(), } } diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go index c1be438cd5..a9cf70cda5 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go @@ -155,15 +155,15 @@ func checkDestroy(s *terraform.State) error { continue } ids := conversion.DecodeStateID(rs.Primary.ID) - roles, _, err := acc.Conn().CloudProviderAccess.ListRoles(context.Background(), ids["project_id"]) + roles, _, err := acc.ConnV2().CloudProviderAccessApi.ListCloudProviderAccessRoles(context.Background(), ids["project_id"]).Execute() if err != nil { return fmt.Errorf(cloudprovideraccess.ErrorCloudProviderGetRead, err) } // searching in roles - for i := range roles.AWSIAMRoles { - role := &(roles.AWSIAMRoles[i]) - if role.RoleID == ids["id"] && role.ProviderName == ids["provider_name"] { + for i := range roles.GetAwsIamRoles() { + role := &(roles.GetAwsIamRoles()[i]) + if role.GetRoleId() == ids["id"] && role.ProviderName == ids["provider_name"] { return fmt.Errorf("error cloud Provider Access Role (%s) still exists", ids["id"]) } } diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index 1f831a7589..b561b01252 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -6,13 +6,14 @@ import ( "net/http" "regexp" + "go.mongodb.org/atlas-sdk/v20231115012/admin" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - matlas "go.mongodb.org/atlas/mongodbatlas" ) /* @@ -103,12 +104,12 @@ func ResourceSetup() *schema.Resource { } func resourceMongoDBAtlasCloudProviderAccessSetupRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) projectID := ids["project_id"] roleID := ids["id"] - role, resp, err := conn.CloudProviderAccess.GetRole(context.Background(), projectID, roleID) + role, resp, err := conn.CloudProviderAccessApi.GetCloudProviderAccessRole(context.Background(), projectID, roleID).Execute() if err != nil { if resp != nil && resp.StatusCode == http.StatusNotFound { d.SetId("") @@ -131,37 +132,25 @@ func resourceMongoDBAtlasCloudProviderAccessSetupRead(ctx context.Context, d *sc func resourceMongoDBAtlasCloudProviderAccessSetupCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { projectID := d.Get("project_id").(string) - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 - requestParameters := &matlas.CloudProviderAccessRoleRequest{ + requestParameters := &admin.CloudProviderAccessRole{ ProviderName: d.Get("provider_name").(string), } if value, ok := d.GetOk("azure_config.0.atlas_azure_app_id"); ok { - requestParameters.AtlasAzureAppID = conversion.Pointer(value.(string)) + requestParameters.SetAtlasAzureAppId(value.(string)) } if value, ok := d.GetOk("azure_config.0.service_principal_id"); ok { - requestParameters.AzureServicePrincipalID = conversion.Pointer(value.(string)) + requestParameters.SetServicePrincipalId(value.(string)) } if value, ok := d.GetOk("azure_config.0.tenant_id"); ok { - requestParameters.AzureTenantID = conversion.Pointer(value.(string)) - } - - if value, ok := d.GetOk("azure_config.0.atlas_azure_app_id"); ok { - requestParameters.AtlasAzureAppID = conversion.Pointer(value.(string)) + requestParameters.SetTenantId(value.(string)) } - if value, ok := d.GetOk("azure_config.0.service_principal_id"); ok { - requestParameters.AzureServicePrincipalID = conversion.Pointer(value.(string)) - } - - if value, ok := d.GetOk("azure_config.0.tenant_id"); ok { - requestParameters.AzureTenantID = conversion.Pointer(value.(string)) - } - - role, _, err := conn.CloudProviderAccess.CreateRole(ctx, projectID, requestParameters) + role, _, err := conn.CloudProviderAccessApi.CreateCloudProviderAccessRole(ctx, projectID, requestParameters).Execute() if err != nil { return diag.FromErr(fmt.Errorf(errorCloudProviderAccessCreate, err)) } @@ -169,15 +158,15 @@ func resourceMongoDBAtlasCloudProviderAccessSetupCreate(ctx context.Context, d * // once multiple providers enable here do a switch, select for provider type roleSchema := roleToSchemaSetup(role) - resourceID := role.RoleID + resourceID := role.GetRoleId() if role.ProviderName == constant.AZURE { - resourceID = *role.AzureID + resourceID = role.GetId() } d.SetId(conversion.EncodeStateID(map[string]string{ "id": resourceID, "project_id": projectID, - "provider_name": role.ProviderName, + "provider_name": role.GetProviderName(), })) for key, val := range roleSchema { @@ -190,20 +179,20 @@ func resourceMongoDBAtlasCloudProviderAccessSetupCreate(ctx context.Context, d * } func resourceMongoDBAtlasCloudProviderAccessSetupDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { - conn := meta.(*config.MongoDBClient).Atlas + conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) projectID := ids["project_id"] roleID := ids["id"] providerName := ids["provider_name"] - req := &matlas.CloudProviderDeauthorizationRequest{ - ProviderName: providerName, - RoleID: roleID, - GroupID: projectID, + req := &admin.DeauthorizeCloudProviderAccessRoleApiParams{ + CloudProvider: providerName, + RoleId: roleID, + GroupId: projectID, } - _, err := conn.CloudProviderAccess.DeauthorizeRole(ctx, req) + _, err := conn.CloudProviderAccessApi.DeauthorizeCloudProviderAccessRoleWithParams(ctx, req).Execute() if err != nil { return diag.FromErr(fmt.Errorf(errorCloudProviderAccessDelete, err)) } @@ -213,16 +202,16 @@ func resourceMongoDBAtlasCloudProviderAccessSetupDelete(ctx context.Context, d * return nil } -func roleToSchemaSetup(role *matlas.CloudProviderAccessRole) map[string]any { +func roleToSchemaSetup(role *admin.CloudProviderAccessRole) map[string]any { if role.ProviderName == "AWS" { out := map[string]any{ - "provider_name": role.ProviderName, + "provider_name": role.GetProviderName(), "aws_config": []any{map[string]any{ - "atlas_aws_account_arn": role.AtlasAWSAccountARN, - "atlas_assumed_role_external_id": role.AtlasAssumedRoleExternalID, + "atlas_aws_account_arn": role.GetAtlasAWSAccountArn(), + "atlas_assumed_role_external_id": role.GetAtlasAssumedRoleExternalId(), }}, - "created_date": role.CreatedDate, - "role_id": role.RoleID, + "created_date": role.GetCreatedDate(), + "role_id": role.GetRoleId(), } return out } @@ -230,14 +219,14 @@ func roleToSchemaSetup(role *matlas.CloudProviderAccessRole) map[string]any { out := map[string]any{ "provider_name": role.ProviderName, "azure_config": []any{map[string]any{ - "atlas_azure_app_id": role.AtlasAzureAppID, - "service_principal_id": role.AzureServicePrincipalID, - "tenant_id": role.AzureTenantID, + "atlas_azure_app_id": role.GetAtlasAzureAppId(), + "service_principal_id": role.GetServicePrincipalId(), + "tenant_id": role.GetTenantId(), }}, "aws_config": []any{map[string]any{}}, - "created_date": role.CreatedDate, - "last_updated_date": role.LastUpdatedDate, - "role_id": role.AzureID, + "created_date": role.GetCreatedDate(), + "last_updated_date": role.GetLastUpdatedDate(), + "role_id": role.GetRoleId(), } return out diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go index 7b25ca32af..93c277bd39 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go @@ -136,20 +136,13 @@ func checkExists(resourceName string) resource.TestCheckFunc { ids := conversion.DecodeStateID(rs.Primary.ID) providerName := ids["provider_name"] id := ids["id"] - roles, _, err := acc.Conn().CloudProviderAccess.ListRoles(context.Background(), ids["project_id"]) + roles, _, err := acc.ConnV2().CloudProviderAccessApi.ListCloudProviderAccessRoles(context.Background(), ids["project_id"]).Execute() if err != nil { return fmt.Errorf(cloudprovideraccess.ErrorCloudProviderGetRead, err) } if providerName == "AWS" { - for i := range roles.AWSIAMRoles { - if roles.AWSIAMRoles[i].RoleID == id && roles.AWSIAMRoles[i].ProviderName == providerName { - return nil - } - } - } - if providerName == "AZURE" { - for i := range roles.AzureServicePrincipals { - if *roles.AzureServicePrincipals[i].AzureID == id && roles.AzureServicePrincipals[i].ProviderName == providerName { + for i := range roles.GetAwsIamRoles() { + if roles.GetAwsIamRoles()[i].GetRoleId() == id && roles.GetAwsIamRoles()[i].GetProviderName() == providerName { return nil } } From 8e6a00994993ba1d65f1e80e00ccaa868a0dbe94 Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 12:23:31 +0200 Subject: [PATCH 2/9] fixes time to string format. --- .../resource_cloud_provider_access_setup.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index b561b01252..2a409d9dea 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -210,7 +210,7 @@ func roleToSchemaSetup(role *admin.CloudProviderAccessRole) map[string]any { "atlas_aws_account_arn": role.GetAtlasAWSAccountArn(), "atlas_assumed_role_external_id": role.GetAtlasAssumedRoleExternalId(), }}, - "created_date": role.GetCreatedDate(), + "created_date": conversion.TimeToString(role.GetCreatedDate()), "role_id": role.GetRoleId(), } return out @@ -224,8 +224,8 @@ func roleToSchemaSetup(role *admin.CloudProviderAccessRole) map[string]any { "tenant_id": role.GetTenantId(), }}, "aws_config": []any{map[string]any{}}, - "created_date": role.GetCreatedDate(), - "last_updated_date": role.GetLastUpdatedDate(), + "created_date": conversion.TimeToString(role.GetCreatedDate()), + "last_updated_date": conversion.TimeToString(role.GetLastUpdatedDate()), "role_id": role.GetRoleId(), } From b183ad6cbb7158e9ca3d6414b766912f8cebfa7f Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 13:29:42 +0200 Subject: [PATCH 3/9] fixes errors. --- .../resource_cloud_provider_access_authorization.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index 5b16813c9c..6884d89db5 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -184,7 +184,7 @@ func roleToSchemaAuthorization(role *admin.CloudProviderAccessRole) map[string]a "aws": []any{map[string]any{ "iam_assumed_role_arn": role.GetIamAssumedRoleArn(), }}, - "authorized_date": role.GetAuthorizedDate(), + "authorized_date": conversion.TimeToString(role.GetAuthorizedDate()), } if role.ProviderName == "AZURE" { @@ -195,7 +195,7 @@ func roleToSchemaAuthorization(role *admin.CloudProviderAccessRole) map[string]a "service_principal_id": role.GetServicePrincipalId(), "tenant_id": role.GetTenantId(), }}, - "authorized_date": role.AuthorizedDate, + "authorized_date": conversion.TimeToString(role.GetAuthorizedDate()), } } @@ -278,7 +278,7 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou req.SetAtlasAzureAppId(targetRole.GetAtlasAzureAppId()) req.SetTenantId(targetRole.GetTenantId()) req.SetServicePrincipalId(targetRole.GetServicePrincipalId()) - roleID = targetRole.GetRoleId() + roleID = targetRole.GetId() } var role *admin.CloudProviderAccessRole @@ -293,7 +293,7 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou continue } if err != nil { - log.Printf("MISSED ERRROR %s", err.Error()) + log.Printf("MISSED ERROR %s", err.Error()) } break } From 19c1907cb36049ed2bebfc4a9e231500484e8889 Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 14:27:20 +0200 Subject: [PATCH 4/9] fixes errors. --- .../cloudprovideraccess/resource_cloud_provider_access_setup.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index 2a409d9dea..24619211ec 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -226,7 +226,7 @@ func roleToSchemaSetup(role *admin.CloudProviderAccessRole) map[string]any { "aws_config": []any{map[string]any{}}, "created_date": conversion.TimeToString(role.GetCreatedDate()), "last_updated_date": conversion.TimeToString(role.GetLastUpdatedDate()), - "role_id": role.GetRoleId(), + "role_id": role.GetId(), } return out From 76ee1e01084c3bbf1b62f3c7956c3cfab5505492 Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 15:29:17 +0200 Subject: [PATCH 5/9] fixes errors. --- .../resource_cloud_provider_access_authorization.go | 2 +- .../resource_cloud_provider_access_setup_test.go | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index 6884d89db5..fd23c39653 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -189,7 +189,7 @@ func roleToSchemaAuthorization(role *admin.CloudProviderAccessRole) map[string]a if role.ProviderName == "AZURE" { out = map[string]any{ - "role_id": role.GetRoleId(), + "role_id": role.GetId(), "azure": []any{map[string]any{ "atlas_azure_app_id": role.GetAtlasAzureAppId(), "service_principal_id": role.GetServicePrincipalId(), diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go index 93c277bd39..a90f68027e 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go @@ -134,18 +134,14 @@ func checkExists(resourceName string) resource.TestCheckFunc { return fmt.Errorf("no ID is set") } ids := conversion.DecodeStateID(rs.Primary.ID) - providerName := ids["provider_name"] id := ids["id"] - roles, _, err := acc.ConnV2().CloudProviderAccessApi.ListCloudProviderAccessRoles(context.Background(), ids["project_id"]).Execute() + + role, _, err := acc.ConnV2().CloudProviderAccessApi.GetCloudProviderAccessRole(context.Background(), ids["project_id"], id).Execute() if err != nil { return fmt.Errorf(cloudprovideraccess.ErrorCloudProviderGetRead, err) } - if providerName == "AWS" { - for i := range roles.GetAwsIamRoles() { - if roles.GetAwsIamRoles()[i].GetRoleId() == id && roles.GetAwsIamRoles()[i].GetProviderName() == providerName { - return nil - } - } + if role.GetId() == id { + return nil } return fmt.Errorf("error cloud Provider Access (%s) does not exist", ids["project_id"]) } From 3bcb30ef906406f42fc9a733bdce17a4dc7d1b45 Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 15:48:39 +0200 Subject: [PATCH 6/9] fixes errors. --- .../resource_cloud_provider_access_setup_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go index a90f68027e..04efe80e85 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup_test.go @@ -140,7 +140,7 @@ func checkExists(resourceName string) resource.TestCheckFunc { if err != nil { return fmt.Errorf(cloudprovideraccess.ErrorCloudProviderGetRead, err) } - if role.GetId() == id { + if role.GetId() == id || role.GetRoleId() == id { return nil } return fmt.Errorf("error cloud Provider Access (%s) does not exist", ids["project_id"]) From b291c2990b24a0b7b0b46cc7d0585c0009c5be81 Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Mon, 6 May 2024 16:12:45 +0200 Subject: [PATCH 7/9] fixes errors. --- .../resource_cloud_provider_access_authorization.go | 3 +++ .../resource_cloud_provider_access_authorization_test.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index fd23c39653..3f03520c1c 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -305,6 +305,9 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou authSchema := roleToSchemaAuthorization(role) resourceID := role.GetRoleId() + if role.ProviderName == constant.AZURE { + resourceID = role.GetId() + } d.SetId(conversion.EncodeStateID(map[string]string{ "id": resourceID, "project_id": projectID, diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go index a9cf70cda5..d175679615 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go @@ -139,7 +139,7 @@ func configAuthorizationAzure(projectID, atlasAzureAppID, servicePrincipalID, te resource "mongodbatlas_cloud_provider_access_authorization" "test" { project_id = %[1]q - role_id = mongodbatlas_cloud_provider_access_setup.test.role_id + role_id = mongodbatlas_cloud_provider_access_setup.test.role_id azure { atlas_azure_app_id = %[2]q service_principal_id = %[3]q From 60aa83e844ae54a5bf0ac12fffb6425876dfa2ec Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Tue, 7 May 2024 12:03:38 +0200 Subject: [PATCH 8/9] updates to latest version. --- .../resource_cloud_provider_access_authorization.go | 2 +- .../cloudprovideraccess/resource_cloud_provider_access_setup.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index 3f03520c1c..b5bc3f7f53 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -12,7 +12,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20231115012/admin" + "go.mongodb.org/atlas-sdk/v20231115013/admin" ) /* diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index 24619211ec..cdad0b258f 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -6,7 +6,7 @@ import ( "net/http" "regexp" - "go.mongodb.org/atlas-sdk/v20231115012/admin" + "go.mongodb.org/atlas-sdk/v20231115013/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" From ed66d1ef34c455ddd764b3225c22da1312f0f2e3 Mon Sep 17 00:00:00 2001 From: Marco Suma Date: Tue, 7 May 2024 14:13:40 +0200 Subject: [PATCH 9/9] address comments. --- ...rce_cloud_provider_access_authorization.go | 24 +++++++++---------- ...loud_provider_access_authorization_test.go | 13 ++++------ .../resource_cloud_provider_access_setup.go | 20 ++++++++-------- 3 files changed, 27 insertions(+), 30 deletions(-) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index b5bc3f7f53..49d16412ff 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -21,10 +21,10 @@ import ( func ResourceAuthorization() *schema.Resource { return &schema.Resource{ - ReadContext: resourceMongoDBAtlasCloudProviderAccessAuthorizationRead, - CreateContext: resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate, - UpdateContext: resourceMongoDBAtlasCloudProviderAccessAuthorizationUpdate, - DeleteContext: resourceMongoDBAtlasCloudProviderAccessAuthorizationPlaceHolder, + ReadContext: resourceCloudProviderAccessAuthorizationRead, + CreateContext: resourceCloudProviderAccessAuthorizationCreate, + UpdateContext: resourceCloudProviderAccessAuthorizationUpdate, + DeleteContext: resourceCloudProviderAccessAuthorizationPlaceHolder, Schema: map[string]*schema.Schema{ "project_id": { @@ -82,15 +82,15 @@ func ResourceAuthorization() *schema.Resource { SchemaVersion: 1, StateUpgraders: []schema.StateUpgrader{ { - Type: resourceMongoDBAtlasCloudProviderAccessAuthorizationResourceV0().CoreConfigSchema().ImpliedType(), - Upgrade: resourceMongoDBAtlasCloudProviderAccessAuthorizationStateUpgradeV0, + Type: resourceCloudProviderAccessAuthorizationResourceV0().CoreConfigSchema().ImpliedType(), + Upgrade: resourceCloudProviderAccessAuthorizationStateUpgradeV0, Version: 0, }, }, } } -func resourceMongoDBAtlasCloudProviderAccessAuthorizationRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessAuthorizationRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { // sadly there is no just get API conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) @@ -129,7 +129,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationRead(ctx context.Contex return nil } -func resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessAuthorizationCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { conn := meta.(*config.MongoDBClient).AtlasV2 projectID := d.Get("project_id").(string) @@ -149,7 +149,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate(ctx context.Cont return authorizeRole(ctx, conn, d, projectID, targetRole) } -func resourceMongoDBAtlasCloudProviderAccessAuthorizationUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessAuthorizationUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) @@ -173,7 +173,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationUpdate(ctx context.Cont return nil } -func resourceMongoDBAtlasCloudProviderAccessAuthorizationPlaceHolder(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessAuthorizationPlaceHolder(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { d.SetId("") return nil } @@ -217,7 +217,7 @@ func FindRole(ctx context.Context, conn *admin.APIClient, projectID, roleID stri return role, nil } -func resourceMongoDBAtlasCloudProviderAccessAuthorizationResourceV0() *schema.Resource { +func resourceCloudProviderAccessAuthorizationResourceV0() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ "project_id": { @@ -253,7 +253,7 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationResourceV0() *schema.Re } } -func resourceMongoDBAtlasCloudProviderAccessAuthorizationStateUpgradeV0(ctx context.Context, rawState map[string]any, meta any) (map[string]any, error) { +func resourceCloudProviderAccessAuthorizationStateUpgradeV0(ctx context.Context, rawState map[string]any, meta any) (map[string]any, error) { rawState["aws"] = []any{} return rawState, nil diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go index d175679615..cd9f503045 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization_test.go @@ -155,17 +155,14 @@ func checkDestroy(s *terraform.State) error { continue } ids := conversion.DecodeStateID(rs.Primary.ID) - roles, _, err := acc.ConnV2().CloudProviderAccessApi.ListCloudProviderAccessRoles(context.Background(), ids["project_id"]).Execute() + + id := ids["id"] + role, _, err := acc.ConnV2().CloudProviderAccessApi.GetCloudProviderAccessRole(context.Background(), ids["project_id"], id).Execute() if err != nil { return fmt.Errorf(cloudprovideraccess.ErrorCloudProviderGetRead, err) } - - // searching in roles - for i := range roles.GetAwsIamRoles() { - role := &(roles.GetAwsIamRoles()[i]) - if role.GetRoleId() == ids["id"] && role.ProviderName == ids["provider_name"] { - return fmt.Errorf("error cloud Provider Access Role (%s) still exists", ids["id"]) - } + if role.GetId() == id || role.GetRoleId() == id { + return nil } } return nil diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index cdad0b258f..89eaa26e29 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -32,12 +32,12 @@ const ( func ResourceSetup() *schema.Resource { return &schema.Resource{ - ReadContext: resourceMongoDBAtlasCloudProviderAccessSetupRead, - CreateContext: resourceMongoDBAtlasCloudProviderAccessSetupCreate, - UpdateContext: resourceMongoDBAtlasCloudProviderAccessAuthorizationPlaceHolder, - DeleteContext: resourceMongoDBAtlasCloudProviderAccessSetupDelete, + ReadContext: resourceCloudProviderAccessSetupRead, + CreateContext: resourceCloudProviderAccessSetupCreate, + UpdateContext: resourceCloudProviderAccessAuthorizationPlaceHolder, + DeleteContext: resourceCloudProviderAccessSetupDelete, Importer: &schema.ResourceImporter{ - StateContext: resourceMongoDBAtlasCloudProviderAccessSetupImportState, + StateContext: resourceCloudProviderAccessSetupImportState, }, Schema: map[string]*schema.Schema{ @@ -103,7 +103,7 @@ func ResourceSetup() *schema.Resource { } } -func resourceMongoDBAtlasCloudProviderAccessSetupRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessSetupRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) projectID := ids["project_id"] @@ -129,7 +129,7 @@ func resourceMongoDBAtlasCloudProviderAccessSetupRead(ctx context.Context, d *sc return nil } -func resourceMongoDBAtlasCloudProviderAccessSetupCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessSetupCreate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { projectID := d.Get("project_id").(string) conn := meta.(*config.MongoDBClient).AtlasV2 @@ -178,7 +178,7 @@ func resourceMongoDBAtlasCloudProviderAccessSetupCreate(ctx context.Context, d * return nil } -func resourceMongoDBAtlasCloudProviderAccessSetupDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { +func resourceCloudProviderAccessSetupDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics { conn := meta.(*config.MongoDBClient).AtlasV2 ids := conversion.DecodeStateID(d.Id()) @@ -232,7 +232,7 @@ func roleToSchemaSetup(role *admin.CloudProviderAccessRole) map[string]any { return out } -func resourceMongoDBAtlasCloudProviderAccessSetupImportState(ctx context.Context, d *schema.ResourceData, meta any) ([]*schema.ResourceData, error) { +func resourceCloudProviderAccessSetupImportState(ctx context.Context, d *schema.ResourceData, meta any) ([]*schema.ResourceData, error) { projectID, providerName, roleID, err := splitCloudProviderAccessID(d.Id()) if err != nil { @@ -246,7 +246,7 @@ func resourceMongoDBAtlasCloudProviderAccessSetupImportState(ctx context.Context "provider_name": providerName, })) - err2 := resourceMongoDBAtlasCloudProviderAccessSetupRead(ctx, d, meta) + err2 := resourceCloudProviderAccessSetupRead(ctx, d, meta) if err2 != nil { return nil, fmt.Errorf(errorCloudProviderAccessImporter, err)