Database user scopes

go.mod

@@ -11,5 +11,5 @@ require (
 	github.com/spf13/cast v1.3.1
 	github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200518153306-40099de47e37
 	github.com/terraform-providers/terraform-provider-google v1.20.1-0.20200518165017-1dd21651c496
-	go.mongodb.org/atlas v0.4.1-0.20200820152733-8dc4a7c19a2b
+	go.mongodb.org/atlas v0.4.1-0.20200903102338-049d0778b833
 )

go.sum

@@ -609,6 +609,8 @@ go.mongodb.org/atlas v0.4.1-0.20200819194203-09c49e85aa0d h1:5GrmSNMip4s758EBOch
 go.mongodb.org/atlas v0.4.1-0.20200819194203-09c49e85aa0d/go.mod h1:QlKvZKT43+R6lhHlaTy2E7Q/3AoAljMI6v5apfqslIs=
 go.mongodb.org/atlas v0.4.1-0.20200820152733-8dc4a7c19a2b h1:AuAQZDrQLesdmz9mIPaIn07OJRoG4Vfm+M3xd31HGgo=
 go.mongodb.org/atlas v0.4.1-0.20200820152733-8dc4a7c19a2b/go.mod h1:QlKvZKT43+R6lhHlaTy2E7Q/3AoAljMI6v5apfqslIs=
+go.mongodb.org/atlas v0.4.1-0.20200903102338-049d0778b833 h1:gH8Ih2OacuB6qVitO+wI5EBKdbtM/YdbhJstiMR2Vfw=
+go.mongodb.org/atlas v0.4.1-0.20200903102338-049d0778b833/go.mod h1:CIaBeO8GLHhtYLw7xSSXsw7N90Z4MFY87Oy9qcPyuEs=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=

mongodbatlas/data_source_mongodbatlas_database_user.go

@@ -77,6 +77,22 @@ func dataSourceMongoDBAtlasDatabaseUser() *schema.Resource {
 					},
 				},
 			},
+			"scopes": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -136,6 +152,10 @@ func dataSourceMongoDBAtlasDatabaseUserRead(d *schema.ResourceData, meta interfa
 		return fmt.Errorf("error setting `labels` for database user (%s): %s", d.Id(), err)
 	}
 
+	if err := d.Set("scopes", flattenScopes(dbUser.Scopes)); err != nil {
+		return fmt.Errorf("error setting `scopes` for database user (%s): %s", d.Id(), err)
+	}
+
 	d.SetId(encodeStateID(map[string]string{
 		"project_id":         projectID,
 		"username":           username,

mongodbatlas/data_source_mongodbatlas_database_users.go

@@ -81,6 +81,22 @@ func dataSourceMongoDBAtlasDatabaseUsers() *schema.Resource {
 								},
 							},
 						},
+						"scopes": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"type": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -123,6 +139,7 @@ func flattenDBUsers(dbUsers []matlas.DatabaseUser) []map[string]interface{} {
 				"x509_type":          dbUsers[i].X509Type,
 				"aws_iam_type":       dbUsers[i].AWSIAMType,
 				"labels":             flattenLabels(dbUsers[i].Labels),
+				"scopes":             flattenScopes(dbUsers[i].Scopes),
 			}
 		}
 	}

mongodbatlas/data_source_mongodbatlas_database_users_test.go

@@ -37,6 +37,7 @@ func TestAccDataSourceMongoDBAtlasDatabaseUsers_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(resourceName, "results.0.x509_type"),
 					resource.TestCheckResourceAttrSet(resourceName, "results.0.username"),
 					resource.TestCheckResourceAttrSet(resourceName, "results.0.roles.#"),
+					resource.TestCheckResourceAttrSet(resourceName, "results.0.scopes.#"),
 				),
 			},
 		},

mongodbatlas/data_source_mongodbatlas_project_test.go

@@ -65,6 +65,7 @@ func TestAccDataSourceMongoDBAtlasProject_byName(t *testing.T) {
 							RoleNames: []string{"GROUP_READ_ONLY", "GROUP_DATA_ACCESS_ADMIN"},
 						},
 						{
+
 							TeamID:    teamsIds[1],
 							RoleNames: []string{"GROUP_DATA_ACCESS_ADMIN", "GROUP_OWNER"},
 						},

mongodbatlas/resource_mongodbatlas_database_user.go

@@ -105,6 +105,25 @@ func resourceMongoDBAtlasDatabaseUser() *schema.Resource {
 					},
 				},
 			},
+			"scopes": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Computed: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -161,6 +180,10 @@ func resourceMongoDBAtlasDatabaseUserRead(d *schema.ResourceData, meta interface
 		return fmt.Errorf("error setting `labels` for database user (%s): %s", d.Id(), err)
 	}
 
+	if err := d.Set("scopes", flattenScopes(dbUser.Scopes)); err != nil {
+		return fmt.Errorf("error setting `scopes` for database user (%s): %s", d.Id(), err)
+	}
+
 	d.SetId(encodeStateID(map[string]string{
 		"project_id":         projectID,
 		"username":           username,
@@ -197,6 +220,7 @@ func resourceMongoDBAtlasDatabaseUserCreate(d *schema.ResourceData, meta interfa
 		AWSIAMType:   d.Get("aws_iam_type").(string),
 		DatabaseName: authDatabaseName,
 		Labels:       expandLabelSliceFromSetSchema(d),
+		Scopes:       expandScopes(d),
 	}
 
 	dbUserRes, _, err := conn.DatabaseUsers.Create(context.Background(), projectID, dbUserReq)
@@ -240,6 +264,10 @@ func resourceMongoDBAtlasDatabaseUserUpdate(d *schema.ResourceData, meta interfa
 		dbUser.Labels = expandLabelSliceFromSetSchema(d)
 	}
 
+	if d.HasChange("scopes") {
+		dbUser.Scopes = expandScopes(d)
+	}
+
 	_, _, err = conn.DatabaseUsers.Update(context.Background(), projectID, username, dbUser)
 	if err != nil {
 		return fmt.Errorf("error updating database user(%s): %s", username, err)
@@ -345,3 +373,30 @@ func flattenRoles(roles []matlas.Role) []interface{} {
 
 	return roleList
 }
+
+func flattenScopes(l []matlas.Scope) []map[string]interface{} {
+	scopes := make([]map[string]interface{}, len(l))
+	for i, v := range l {
+		scopes[i] = map[string]interface{}{
+			"name": v.Name,
+			"type": v.Type,
+		}
+	}
+
+	return scopes
+}
+
+func expandScopes(d *schema.ResourceData) []matlas.Scope {
+	list := d.Get("scopes").(*schema.Set)
+	res := make([]matlas.Scope, list.Len())
+
+	for i, val := range list.List() {
+		v := val.(map[string]interface{})
+		res[i] = matlas.Scope{
+			Type: v["type"].(string),
+			Name: v["name"].(string),
+		}
+	}
+
+	return res
+}

mongodbatlas/resource_mongodbatlas_database_user_test.go

@@ -291,6 +291,68 @@ func TestAccResourceMongoDBAtlasDatabaseUser_withRoles(t *testing.T) {
 	})
 }
 
+func TestAccResourceMongoDBAtlasDatabaseUser_withScopes(t *testing.T) {
+	var (
+		dbUser       matlas.DatabaseUser
+		resourceName = "mongodbatlas_database_user.test"
+		username     = acctest.RandomWithPrefix("test-acc-user-")
+		password     = acctest.RandomWithPrefix("test-acc-pass-")
+		orgID        = os.Getenv("MONGODB_ATLAS_ORG_ID")
+		projectName  = acctest.RandomWithPrefix("test-acc")
+		clusterName  = acctest.RandomWithPrefix("test-acc-cluster")
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckMongoDBAtlasDatabaseUserDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMongoDBAtlasDatabaseUserWithScopes(username, password, projectName, orgID, "atlasAdmin", clusterName,
+					[]*matlas.Scope{
+						{
+							Name: "test-acc-nurk4llu2z",
+							Type: "CLUSTER",
+						},
+						{
+							Name: "test-acc-nurk4llu2z",
+							Type: "DATA_LAKE",
+						},
+					},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasDatabaseUserExists(resourceName, &dbUser),
+					testAccCheckMongoDBAtlasDatabaseUserAttributes(&dbUser, username),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttr(resourceName, "username", username),
+					resource.TestCheckResourceAttr(resourceName, "password", password),
+					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
+					resource.TestCheckResourceAttr(resourceName, "scopes.#", "2"),
+				),
+			},
+			{
+				Config: testAccMongoDBAtlasDatabaseUserWithScopes(username, password, projectName, orgID, "atlasAdmin", clusterName,
+					[]*matlas.Scope{
+						{
+							Name: "test-acc-nurk4llu2z",
+							Type: "CLUSTER",
+						},
+					},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasDatabaseUserExists(resourceName, &dbUser),
+					testAccCheckMongoDBAtlasDatabaseUserAttributes(&dbUser, username),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttr(resourceName, "username", username),
+					resource.TestCheckResourceAttr(resourceName, "password", password),
+					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
+					resource.TestCheckResourceAttr(resourceName, "scopes.#", "1"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccResourceMongoDBAtlasDatabaseUser_importBasic(t *testing.T) {
 	var (
 		username     = fmt.Sprintf("test-username-%s", acctest.RandString(5))
@@ -589,3 +651,58 @@ func testAccMongoDBAtlasDatabaseUserWithAWSIAMTypeConfig(projectName, orgID, rol
 		}
 	`, projectName, orgID, roleName, username, keyLabel, valueLabel)
 }
+
+func testAccMongoDBAtlasDatabaseUserWithScopes(username, password, projectName, orgID, roleName, clusterName string, scopesArr []*matlas.Scope) string {
+	var scopes string
+
+	for _, scope := range scopesArr {
+		var scopeType string
+
+		if scope.Type != "" {
+			scopeType = fmt.Sprintf(`type = "%s"`, scope.Type)
+		}
+
+		scopes += fmt.Sprintf(`
+			scopes {
+				name = "${mongodbatlas_cluster.my_cluster.name}"
+				%s
+			}
+		`, scopeType)
+	}
+
+	return fmt.Sprintf(`
+		resource "mongodbatlas_project" "test" {
+			name   = "%s"
+			org_id = "%s"
+		}
+
+		resource "mongodbatlas_cluster" "my_cluster" {
+			project_id   = "${mongodbatlas_project.test.id}"
+			name         = "%s"
+			disk_size_gb = 5
+
+			// Provider Settings "block"
+			provider_name               = "AWS"
+			provider_region_name        = "US_EAST_2"
+			provider_instance_size_name = "M10"
+			provider_backup_enabled     = true //enable cloud provider snapshots
+			provider_disk_iops          = 100
+			provider_encrypt_ebs_volume = false
+		}
+
+		resource "mongodbatlas_database_user" "test" {
+			username           = "%s"
+			password           = "%s"
+			project_id         = "${mongodbatlas_project.test.id}"
+			auth_database_name = "admin"
+
+			roles {
+				role_name     = "%s"
+				database_name = "admin"
+			}
+
+			%s
+
+		}
+	`, projectName, orgID, clusterName, username, password, roleName, scopes)
+}