From 95294bd3135b87bbd8f5dbbfadcf458678e070d2 Mon Sep 17 00:00:00 2001
From: martinstibbe <33664051+martinstibbe@users.noreply.github.com>
Date: Tue, 13 Dec 2022 11:50:34 -0600
Subject: [PATCH 1/7] Delete mongodbatlas.erb (#962)
---
website/mongodbatlas.erb | 243 ---------------------------------------
1 file changed, 243 deletions(-)
delete mode 100644 website/mongodbatlas.erb
diff --git a/website/mongodbatlas.erb b/website/mongodbatlas.erb
deleted file mode 100644
index 2ca0c028e3..0000000000
--- a/website/mongodbatlas.erb
+++ /dev/null
@@ -1,243 +0,0 @@
-<% wrap_layout :inner do %>
- <% content_for :sidebar do %>
-
- <% end %>
-
- <%= yield %>
-<% end %>
From d8fd4f649ff01af414037f6a98aebf498fd8e7e7 Mon Sep 17 00:00:00 2001
From: Dosty Everts
Date: Thu, 22 Dec 2022 07:02:13 -0600
Subject: [PATCH 2/7] INTMDB-523: Rename exportJobID to exportID to match go
client (#976)
* Updated version of atlas api client used, renamed bucketID to exportJobID
* Reverted changes to bucketID and updated exportJobID to exportID
---
go.mod | 2 +-
go.sum | 2 ++
..._mongodbatlas_cloud_backup_snapshot_export_job.go | 4 ++--
..._mongodbatlas_cloud_backup_snapshot_export_job.go | 12 ++++++------
4 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/go.mod b/go.mod
index 3abb452b6c..f5b0c55861 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
github.com/mwielbut/pointy v1.1.0
github.com/spf13/cast v1.5.0
github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20210625132053-af2d5c0ad54f
- go.mongodb.org/atlas v0.18.1-0.20221109142841-f9f8ebe7b9b9
+ go.mongodb.org/atlas v0.19.0
go.mongodb.org/realm v0.1.0
)
diff --git a/go.sum b/go.sum
index b65fe9e9f7..a2a331cc1e 100644
--- a/go.sum
+++ b/go.sum
@@ -921,6 +921,8 @@ go.etcd.io/etcd v0.0.0-20200513171258-e048e166ab9c/go.mod h1:xCI7ZzBfRuGgBXyXO6y
go.mongodb.org/atlas v0.12.0/go.mod h1:wVCnHcm/7/IfTjEB6K8K35PLG70yGz8BdkRwX0oK9/M=
go.mongodb.org/atlas v0.18.1-0.20221109142841-f9f8ebe7b9b9 h1:9m35o4kyRYjwbsIb/lPrjxJ6afPpn9zwOF5i3SIY5Lg=
go.mongodb.org/atlas v0.18.1-0.20221109142841-f9f8ebe7b9b9/go.mod h1:PFk1IGhiGjFXHGVspOK7i1U2nnPjK8wAjYwQf6FoVf4=
+go.mongodb.org/atlas v0.19.0 h1:gvezG9d0KsSDaExEdTtcGqZHRvvVazzuEcBUpBXxmlg=
+go.mongodb.org/atlas v0.19.0/go.mod h1:PFk1IGhiGjFXHGVspOK7i1U2nnPjK8wAjYwQf6FoVf4=
go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M=
go.mongodb.org/realm v0.1.0/go.mod h1:4Vj6iy+Puo1TDERcoh4XZ+pjtwbOzPpzqy3Cwe8ZmDM=
go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o=
diff --git a/mongodbatlas/data_source_mongodbatlas_cloud_backup_snapshot_export_job.go b/mongodbatlas/data_source_mongodbatlas_cloud_backup_snapshot_export_job.go
index ea91930962..65f6473eae 100644
--- a/mongodbatlas/data_source_mongodbatlas_cloud_backup_snapshot_export_job.go
+++ b/mongodbatlas/data_source_mongodbatlas_cloud_backup_snapshot_export_job.go
@@ -104,9 +104,9 @@ func dataSourceMongoDBAtlasCloudBackupSnapshotsExportJobRead(ctx context.Context
ids := decodeStateID(d.Id())
projectID := ids["project_id"]
clusterName := ids["cluster_name"]
- exportJobID := ids["export_job_id"]
+ exportID := ids["export_job_id"]
- exportJob, _, err := conn.CloudProviderSnapshotExportJobs.Get(ctx, projectID, clusterName, exportJobID)
+ exportJob, _, err := conn.CloudProviderSnapshotExportJobs.Get(ctx, projectID, clusterName, exportID)
if err != nil {
return diag.Errorf("error getting snapshot export job information: %s", err)
}
diff --git a/mongodbatlas/resource_mongodbatlas_cloud_backup_snapshot_export_job.go b/mongodbatlas/resource_mongodbatlas_cloud_backup_snapshot_export_job.go
index e0652ac408..1d3f3bda8e 100644
--- a/mongodbatlas/resource_mongodbatlas_cloud_backup_snapshot_export_job.go
+++ b/mongodbatlas/resource_mongodbatlas_cloud_backup_snapshot_export_job.go
@@ -124,9 +124,9 @@ func resourceMongoDBAtlasCloudBackupSnapshotExportJobRead(ctx context.Context, d
ids := decodeStateID(d.Id())
projectID := ids["project_id"]
clusterName := ids["cluster_name"]
- exportJobID := ids["export_job_id"]
+ exportID := ids["export_job_id"]
- exportJob, _, err := conn.CloudProviderSnapshotExportJobs.Get(ctx, projectID, clusterName, exportJobID)
+ exportJob, _, err := conn.CloudProviderSnapshotExportJobs.Get(ctx, projectID, clusterName, exportID)
if err != nil {
// case 404
// deleted in the backend case
@@ -278,17 +278,17 @@ func resourceMongoDBAtlasCloudBackupSnapshotExportJobImportState(ctx context.Con
projectID := parts[0]
clusterName := parts[1]
- exportJobID := parts[2]
+ exportID := parts[2]
- _, _, err := conn.CloudProviderSnapshotExportJobs.Get(ctx, projectID, clusterName, exportJobID)
+ _, _, err := conn.CloudProviderSnapshotExportJobs.Get(ctx, projectID, clusterName, exportID)
if err != nil {
- return nil, fmt.Errorf("couldn't import snapshot export job %s in project %s and cluster %s, error: %s", exportJobID, projectID, clusterName, err)
+ return nil, fmt.Errorf("couldn't import snapshot export job %s in project %s and cluster %s, error: %s", exportID, projectID, clusterName, err)
}
d.SetId(encodeStateID(map[string]string{
"project_id": projectID,
"cluster_name": clusterName,
- "export_job_id": exportJobID,
+ "export_job_id": exportID,
}))
return []*schema.ResourceData{d}, nil
From ad115600f132a21cc6617e17d01e069073683cc0 Mon Sep 17 00:00:00 2001
From: martinstibbe <33664051+martinstibbe@users.noreply.github.com>
Date: Thu, 22 Dec 2022 12:42:43 -0600
Subject: [PATCH 3/7] INTMDB-521: AWS Secrets Manager to Auth into Terraform
Atlas Provider (#975)
* Add support for assume_role
* Add documentation for assume_role feature
* Add AWS parameters Env vars
* Update index.html.markdown
* Doc clean up
* typo
* Add regional behavior to endpoint sts client
* Add sts_endpoint parameter
* Update website/docs/index.html.markdown
* formatting
* formatting2
* Removed commented code
Co-authored-by: Zuhair Ahmed
---
mongodbatlas/config.go | 1 +
mongodbatlas/provider.go | 297 ++++++++++++++++++++++++++++++-
website/docs/index.html.markdown | 31 +++-
3 files changed, 327 insertions(+), 2 deletions(-)
diff --git a/mongodbatlas/config.go b/mongodbatlas/config.go
index dcf7ad0900..97327963bb 100644
--- a/mongodbatlas/config.go
+++ b/mongodbatlas/config.go
@@ -20,6 +20,7 @@ type Config struct {
PrivateKey string
BaseURL string
RealmBaseURL string
+ AssumeRole *AssumeRole
}
// MongoDBClient client
diff --git a/mongodbatlas/provider.go b/mongodbatlas/provider.go
index 2d144e20f7..0ea70465c3 100644
--- a/mongodbatlas/provider.go
+++ b/mongodbatlas/provider.go
@@ -3,17 +3,28 @@ package mongodbatlas
import (
"context"
"encoding/base64"
+ "encoding/json"
"fmt"
"hash/crc32"
"log"
"os"
"reflect"
+ "regexp"
"sort"
"strconv"
"strings"
-
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
+ "github.com/aws/aws-sdk-go/aws/session"
+ "github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/mwielbut/pointy"
"github.com/spf13/cast"
matlas "go.mongodb.org/atlas/mongodbatlas"
@@ -24,6 +35,11 @@ var (
baseURL = ""
)
+type SecretData struct {
+ PublicKey string `json:"public_key"`
+ PrivateKey string `json:"private_key"`
+}
+
// Provider returns the provider to be use by the code.
func Provider() *schema.Provider {
provider := &schema.Provider{
@@ -67,6 +83,51 @@ func Provider() *schema.Provider {
Optional: true,
Description: "MongoDB Atlas Base URL default to gov",
},
+ "assume_role": assumeRoleSchema(),
+ "secret_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ },
+ "region": {
+ Type: schema.TypeString,
+ DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+ "AWS_REGION",
+ "TF_VAR_AWS_REGION",
+ }, ""),
+ Optional: true,
+ },
+ "sts_endpoint": {
+ Type: schema.TypeString,
+ DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+ "STS_ENDPOINT",
+ "TF_VAR_STS_ENDPOINT",
+ }, ""),
+ Optional: true,
+ },
+ "aws_access_key_id": {
+ Type: schema.TypeString,
+ DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+ "AWS_ACCESS_KEY_ID",
+ "TF_VAR_AWS_ACCESS_KEY_ID",
+ }, ""),
+ Optional: true,
+ },
+ "aws_secret_access_key": {
+ Type: schema.TypeString,
+ DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+ "AWS_SECRET_ACCESS_KEY",
+ "TF_VAR_AWS_SECRET_ACCESS_KEY",
+ }, ""),
+ Optional: true,
+ },
+ "aws_session_token": {
+ Type: schema.TypeString,
+ DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+ "AWS_SESSION_TOKEN",
+ "TF_VAR_AWS_SESSION_TOKEN",
+ }, ""),
+ Optional: true,
+ },
},
DataSourcesMap: getDataSourcesMap(),
ResourcesMap: getResourcesMap(),
@@ -226,9 +287,79 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
RealmBaseURL: d.Get("realm_base_url").(string),
}
+ if v, ok := d.GetOk("assume_role"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
+ config.AssumeRole = expandAssumeRole(v.([]interface{})[0].(map[string]interface{}))
+ secret := d.Get("secret_name").(string)
+ region := d.Get("region").(string)
+ awsAccessKeyID := d.Get("aws_access_key_id").(string)
+ awsSecretAccessKey := d.Get("aws_secret_access_key").(string)
+ awsSessionToken := d.Get("aws_session_token").(string)
+ endpoint := d.Get("sts_endpoint").(string)
+ config, _ = configureCredentialsSTS(&config, secret, region, awsAccessKeyID, awsSecretAccessKey, awsSessionToken, endpoint)
+ }
+
return config.NewClient(ctx)
}
+func configureCredentialsSTS(config *Config, secret, region, awsAccessKeyID, awsSecretAccessKey, awsSessionToken, endpoint string) (Config, error) {
+ ep, _ := endpoints.GetSTSRegionalEndpoint("regional")
+ sess := session.Must(session.NewSession(&aws.Config{
+ Region: aws.String(region),
+ Credentials: credentials.NewStaticCredentials(awsAccessKeyID, awsSecretAccessKey, awsSessionToken),
+ STSRegionalEndpoint: ep,
+ Endpoint: &endpoint,
+ }))
+
+ creds := stscreds.NewCredentials(sess, config.AssumeRole.RoleARN)
+
+ _, _ = sess.Config.Credentials.Get()
+ _, _ = creds.Get()
+ secretString := secretsManagerGetSecretValue(sess, &aws.Config{Credentials: creds, Region: aws.String(region)}, secret)
+
+ var secretData SecretData
+ err := json.Unmarshal([]byte(secretString), &secretData)
+ if err != nil {
+ return *config, nil
+ }
+ config.PublicKey = secretData.PublicKey
+ config.PrivateKey = secretData.PrivateKey
+ return *config, nil
+}
+
+func secretsManagerGetSecretValue(sess *session.Session, creds *aws.Config, secret string) string {
+ svc := secretsmanager.New(sess, creds)
+ input := &secretsmanager.GetSecretValueInput{
+ SecretId: aws.String(secret),
+ VersionStage: aws.String("AWSCURRENT"),
+ }
+
+ result, err := svc.GetSecretValue(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case secretsmanager.ErrCodeResourceNotFoundException:
+ fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
+ case secretsmanager.ErrCodeInvalidParameterException:
+ fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
+ case secretsmanager.ErrCodeInvalidRequestException:
+ fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
+ case secretsmanager.ErrCodeDecryptionFailure:
+ fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
+ case secretsmanager.ErrCodeInternalServiceError:
+ fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ fmt.Println(err.Error())
+ }
+ return ""
+ }
+
+ fmt.Println(result)
+ return *result.SecretString
+}
+
func encodeStateID(values map[string]string) string {
encode := func(e string) string { return base64.StdEncoding.EncodeToString([]byte(e)) }
encodedValues := make([]string, 0)
@@ -391,3 +522,167 @@ func HashCodeString(s string) int {
// v == MinInt
return 0
}
+
+// assumeRoleSchema From aws provider.go
+func assumeRoleSchema() *schema.Schema {
+ return &schema.Schema{
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.",
+ ValidateFunc: validAssumeRoleDuration,
+ ConflictsWith: []string{"assume_role.0.duration_seconds"},
+ },
+ "duration_seconds": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Deprecated: "Use assume_role.duration instead",
+ Description: "The duration, in seconds, of the role session.",
+ ValidateFunc: validation.IntBetween(900, 43200),
+ ConflictsWith: []string{"assume_role.0.duration"},
+ },
+ "external_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "A unique identifier that might be required when you assume a role in another account.",
+ ValidateFunc: validation.All(
+ validation.StringLenBetween(2, 1224),
+ validation.StringMatch(regexp.MustCompile(`[\w+=,.@:/\-]*`), ""),
+ ),
+ },
+ "policy": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.",
+ ValidateFunc: validation.StringIsJSON,
+ },
+ "policy_arns": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "role_arn": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls.",
+ },
+ "session_name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "An identifier for the assumed role session.",
+ ValidateFunc: validAssumeRoleSessionName,
+ },
+ "source_identity": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Source identity specified by the principal assuming the role.",
+ ValidateFunc: validAssumeRoleSourceIdentity,
+ },
+ "tags": {
+ Type: schema.TypeMap,
+ Optional: true,
+ Description: "Assume role session tags.",
+ Elem: &schema.Schema{Type: schema.TypeString},
+ },
+ "transitive_tag_keys": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "Assume role session tag keys to pass to any subsequent sessions.",
+ Elem: &schema.Schema{Type: schema.TypeString},
+ },
+ },
+ },
+ }
+}
+
+var validAssumeRoleSessionName = validation.All(
+ validation.StringLenBetween(2, 64),
+ validation.StringMatch(regexp.MustCompile(`[\w+=,.@\-]*`), ""),
+)
+
+var validAssumeRoleSourceIdentity = validation.All(
+ validation.StringLenBetween(2, 64),
+ validation.StringMatch(regexp.MustCompile(`[\w+=,.@\-]*`), ""),
+)
+
+// validAssumeRoleDuration validates a string can be parsed as a valid time.Duration
+// and is within a minimum of 15 minutes and maximum of 12 hours
+func validAssumeRoleDuration(v interface{}, k string) (ws []string, errors []error) {
+ duration, err := time.ParseDuration(v.(string))
+
+ if err != nil {
+ errors = append(errors, fmt.Errorf("%q cannot be parsed as a duration: %w", k, err))
+ return
+ }
+
+ if duration.Minutes() < 15 || duration.Hours() > 12 {
+ errors = append(errors, fmt.Errorf("duration %q must be between 15 minutes (15m) and 12 hours (12h), inclusive", k))
+ }
+
+ return
+}
+
+type AssumeRole struct {
+ RoleARN string
+ Duration time.Duration
+ ExternalID string
+ Policy string
+ PolicyARNs []string
+ SessionName string
+ SourceIdentity string
+ Tags map[string]string
+ TransitiveTagKeys []string
+}
+
+func expandAssumeRole(tfMap map[string]interface{}) *AssumeRole {
+ if tfMap == nil {
+ return nil
+ }
+
+ assumeRole := AssumeRole{}
+
+ if v, ok := tfMap["duration"].(string); ok && v != "" {
+ duration, _ := time.ParseDuration(v)
+ assumeRole.Duration = duration
+ } else if v, ok := tfMap["duration_seconds"].(int); ok && v != 0 {
+ assumeRole.Duration = time.Duration(v) * time.Second
+ }
+
+ if v, ok := tfMap["external_id"].(string); ok && v != "" {
+ assumeRole.ExternalID = v
+ }
+
+ if v, ok := tfMap["policy"].(string); ok && v != "" {
+ assumeRole.Policy = v
+ }
+
+ if v, ok := tfMap["policy_arns"].(*schema.Set); ok && v.Len() > 0 {
+ assumeRole.PolicyARNs = expandStringList(v.List())
+ }
+
+ if v, ok := tfMap["role_arn"].(string); ok && v != "" {
+ assumeRole.RoleARN = v
+ }
+
+ if v, ok := tfMap["session_name"].(string); ok && v != "" {
+ assumeRole.SessionName = v
+ }
+
+ if v, ok := tfMap["source_identity"].(string); ok && v != "" {
+ assumeRole.SourceIdentity = v
+ }
+
+ if v, ok := tfMap["transitive_tag_keys"].(*schema.Set); ok && v.Len() > 0 {
+ assumeRole.TransitiveTagKeys = expandStringList(v.List())
+ }
+
+ return &assumeRole
+}
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
index 64ad25efe3..e27c6a0e7f 100644
--- a/website/docs/index.html.markdown
+++ b/website/docs/index.html.markdown
@@ -33,6 +33,8 @@ The [MongoDB Atlas documentation](https://docs.atlas.mongodb.com/tutorial/manage
**Role**: If unsure of which role level to grant your key, we suggest creating an organization API Key with an Organization Owner role. This ensures that you have sufficient access for all actions.
+**API Key Access List**: Some Atlas API resources such as Cloud Backup Restores, Cloud Backup Snapshots, and Cloud Backup Schedules **require** an Atlas API Key Access List to utilize these feature. Hence, if using Terraform, or any other programmatic control, to manage these resources you must have the IP address or CIDR block that the connection is coming from added to the Atlas API Key Access List of the Atlas API key you are using. See [Resources that require API Key List](https://www.mongodb.com/docs/atlas/configure-api-access/#use-api-resources-that-require-an-access-list)
+
## Configure MongoDB Atlas for Government
In order to enable the Terraform MongoDB Atlas Provider for use with MongoDB Atlas for Government add is_mongodbgov_cloud = true to your provider configuration:
@@ -47,7 +49,6 @@ provider "mongodbatlas" {
```
Also see [`Atlas for Government Considerations`](https://www.mongodb.com/docs/atlas/government/api/#atlas-for-government-considerations).
-**API Key Access List**: Some Atlas API resources such as Cloud Backup Restores, Cloud Backup Snapshots, and Cloud Backup Schedules **require** an Atlas API Key Access List to utilize these feature. Hence, if using Terraform, or any other programmatic control, to manage these resources you must have the IP address or CIDR block that the connection is coming from added to the Atlas API Key Access List of the Atlas API key you are using. See [Resources that require API Key List](https://www.mongodb.com/docs/atlas/configure-api-access/#use-api-resources-that-require-an-access-list)
## Authenticate the Provider
The MongoDB Atlas provider offers a flexible means of providing credentials for authentication.
@@ -75,6 +76,34 @@ As an alternative to `MONGODB_ATLAS_PUBLIC_KEY` and `MONGODB_ATLAS_PRIVATE_KEY`
if you are using [MongoDB CLI](https://docs.mongodb.com/mongocli/stable/)
then `MCLI_PUBLIC_API_KEY` and `MCLI_PRIVATE_API_KEY` are also supported.
+### AWS Secrets Manager
+AWS Secrets Manager (AWS SM) helps to manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. See [product page](https://aws.amazon.com/secrets-manager/) and [documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) for more details.
+
+In order to enable the Terraform MongoDB Atlas Provider to use AWS SM, first create Atlas API Keys and add them as a secret to AWS SM with a basic key with a raw value. See below example:
+```
+ {
+ "public_key": "iepubky",
+ "private_key":"prvkey"
+ }
+```
+
+Next, add assume_role block with `role_arn`, `secret_name`, and AWS `region` to match the AWS region where secret is stored with AWS SM. See below example:
+```terraform
+# Configure the MongoDB Atlas Provider to Authenticate with AWS Secrets Manager
+provider "mongodbatlas" {
+ assume_role {
+ role_arn = "arn:aws:iam::476xxx451:role/mdbsts"
+ }
+ secret_name = "mongodbsecret"
+ aws_access_key_id = "ASIXXBNEK"
+ aws_secret_access_key = "ZUZgVb8XYZWEXXEDURGFHFc5Au"
+ aws_session_token = "IQoXX3+Q="
+ region = "us-east-2"
+ sts_endpoint = "https://sts.us-east-2.amazonaws.com/"
+}
+```
+Note: `aws_access_key_id`, `aws_secret_access_key`, `aws_session_token`, `region` can also be passed in using environment variables i.e. aws_access_key_id will accept AWS_ACCESS_KEY_ID and TF_VAR_AWS_ACCESS_KEY_ID as a default value in place of value in a terraform file variable.
+
### Static Credentials
Static credentials can be provided by adding the following attributes in-line in the MongoDB Atlas provider block,
From aa82ecba9d16cb5cda12b209994c2eae4ef5c877 Mon Sep 17 00:00:00 2001
From: admin <33664051+martinstibbe@users.noreply.github.com>
Date: Thu, 22 Dec 2022 12:49:49 -0600
Subject: [PATCH 4/7] Update .github_changelog_generator
---
.github_changelog_generator | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github_changelog_generator b/.github_changelog_generator
index 0492113c4c..29056cc9e7 100644
--- a/.github_changelog_generator
+++ b/.github_changelog_generator
@@ -1,4 +1,4 @@
-future-release=v1.6.1
-since-tag=v1.6.0
+future-release=v1.7.0
+since-tag=v1.6.1
date-format=%B %d, %Y
base=CHANGELOG.md
From 42e97b35a88b9c3a3193583e6052745bfd580328 Mon Sep 17 00:00:00 2001
From: admin <33664051+martinstibbe@users.noreply.github.com>
Date: Thu, 22 Dec 2022 13:35:24 -0600
Subject: [PATCH 5/7] Update CHANGELOG.md
---
CHANGELOG.md | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2b96b10a4a..1dae4a6490 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,25 @@
# Changelog
+## [v1.7.0](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.7.0) (December 22, 2022)
+
+[Full Changelog](https://github.com/mongodb/terraform-provider-mongodbatlas/compare/v1.6.1...v1.7.0)
+
+**Closed issues:**
+
+- Terraform plan fail: Asymmetric hardware is not supported by the v1.0 API [\#958](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/958)
+- Error importing ressource mongodbatlas\_network\_peering.mongo\_peer [\#906](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/906)
+- \[Bug\] `container_id` is unconfigurable attribute at `mongodbatlas_advanced_cluster` resource [\#890](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/890)
+- mongodbatlas\_alert\_configuration - api\_token keeps wanting to change [\#863](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/863)
+- Docs - Example - Return a Connection String - Azure Private Endpoint [\#713](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/713)
+
+**Merged pull requests:**
+
+- Chore\(deps\): Bump github.com/gruntwork-io/terratest from 0.41.6 to 0.41.7 [\#978](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/978) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Chore\(deps\): Bump actions/stale from 6 to 7 [\#977](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/977) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Chore\(deps\): Bump github.com/gruntwork-io/terratest from 0.41.4 to 0.41.6 [\#967](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/967) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Chore\(deps\): Bump github.com/go-test/deep from 1.0.8 to 1.1.0 [\#966](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/966) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Chore\(deps\): Bump goreleaser/goreleaser-action from 3 to 4 [\#965](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/965) ([dependabot[bot]](https://github.com/apps/dependabot))
+
## [v1.6.1](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.6.1) (2022-12-6)
[Full Changelog](https://github.com/mongodb/terraform-provider-mongodbatlas/compare/v1.6.0...v1.6.1)
From cfcb67ee7ef6435824fa826728680778ce0e4c17 Mon Sep 17 00:00:00 2001
From: Zuhair Ahmed
Date: Thu, 22 Dec 2022 21:58:14 -0500
Subject: [PATCH 6/7] Changelog Cleanup
---
CHANGELOG.md | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dae4a6490..bedb1c465c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,19 @@
# Changelog
-## [v1.7.0](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.7.0) (December 22, 2022)
+## [v1.7.0](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.7.0) (2022-12-23)
[Full Changelog](https://github.com/mongodb/terraform-provider-mongodbatlas/compare/v1.6.1...v1.7.0)
-**Closed issues:**
+**Enhancements:**
+
+- AWS Secrets Manager (AWS SM) Authetication for Terraform Atlas Provider [\#975](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/975) - INTMDB-521
+
+**Bug Fixes:**
+
+- Resource cloud_backup_snapshot_export_job variable name change [#976](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/976) - INTMDB-523
+- Deprecate legacy mongodbatlas.erb given Terraform Registry autogeneration [#962](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/962) - INTMDB-477
+
+**Closed Issues:**
- Terraform plan fail: Asymmetric hardware is not supported by the v1.0 API [\#958](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/958)
- Error importing ressource mongodbatlas\_network\_peering.mongo\_peer [\#906](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/906)
@@ -12,7 +21,7 @@
- mongodbatlas\_alert\_configuration - api\_token keeps wanting to change [\#863](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/863)
- Docs - Example - Return a Connection String - Azure Private Endpoint [\#713](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/713)
-**Merged pull requests:**
+**Merged Pull Requests:**
- Chore\(deps\): Bump github.com/gruntwork-io/terratest from 0.41.6 to 0.41.7 [\#978](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/978) ([dependabot[bot]](https://github.com/apps/dependabot))
- Chore\(deps\): Bump actions/stale from 6 to 7 [\#977](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/977) ([dependabot[bot]](https://github.com/apps/dependabot))
@@ -44,7 +53,7 @@
- Shorten test names that are too long to allow for targeting specific tests [\#932](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/932) - INTMDB-368
- Remove container_id from configurable attribute in advanced_cluster [\#931](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/931) - INTMDB-463
-**Closed issues:**
+**Closed Issues:**
- No documented way to get config out of third party integration [\#939](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/939)
- Double checking Terraform Plan before I destroy Production [\#938](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/938)
@@ -141,11 +150,11 @@
- INTMDB-358 - Upgrade to go1.18 [\#835](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/835)
- INTMDB-391 - Doc Fix for teams.html.markdown [\#838](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/838)
-**Closed issues:**
+**Closed Issues:**
- importing existing cluster does not populate backup status #768 [\#768](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/768)
-**Merged pull requests:**
+**Merged Pull Requests:**
- Chore(deps): Bump github.com/gruntwork-io/terratest from 0.40.21 to 0.40.22 [\#842](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/842) ([dependabot[bot]](https://github.com/apps/dependabot))
- Rename team.html.markdown into teams.html.markdown [\#838](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/838) ([leo-ferlin-sutton](https://github.com/leo-ferlin-sutton))
@@ -180,13 +189,13 @@
[Full Changelog](https://github.com/mongodb/terraform-provider-mongodbatlas/compare/v1.4.3...v1.4.4-pre.1)
-**Closed issues:**
+**Closed Issues:**
- Unable to update members in an existing "mongodbatlas\_teams" as the provider attempts to remove all users first [\#790](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/790)
- Please elaborate how to acquire PROJECTID and PEERINGID and PROVIDERNAME for import of network peering [\#789](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/789)
- error: error reading cloud provider access cloud provider access role not found in mongodbatlas, please create it first [\#781](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/781)
-**Merged pull requests:**
+**Merged Pull Requests:**
- Update CONTRIBUTING.md [\#798](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/798) ([themantissa](https://github.com/themantissa))
- Fix federated\_settings\_identity\_provider attribute name [\#791](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/791) ([florenp](https://github.com/florenp))
@@ -227,7 +236,7 @@
[Full Changelog](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.3.1...v1.4.0)
-**Closed issues:**
+**Closed Issues:**
Note: the binary executable for windows/arm64 is not available for this release. Next release will include.
- Fix for Add support for cloud export backup to mongodbatlas_cloud_backup_schedule [\#740](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/740)
@@ -240,7 +249,7 @@ Note: the binary executable for windows/arm64 is not available for this release.
- Fix for Cannot import export bucket - bad state id encoding [\#708](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/708)
- Error missing expected { when updating the provider [\#697](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/697)
-**Merged pull requests:**
+**Merged Pull Requests:**
- INTMDB-321: Add support for cloud export backup to mongodbatlas_cloud_backup_schedule [\#740](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/740) ([martinstibbe](https://github.com/martinstibbe))
- INTMDB-313: Update the project resource with new settings [\#741](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/741) ([martinstibbe](https://github.com/martinstibbe))
@@ -255,7 +264,7 @@ Note: the binary executable for windows/arm64 is not available for this release.
[Full Changelog](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.3.1...v1.4.0-pre.1)
-**Closed issues:**
+**Closed Issues:**
Note: the binary executable for windows/arm64 is not available for this release. Next release will include.
- Fix for Add support for cloud export backup to mongodbatlas_cloud_backup_schedule [\#740](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/740)
@@ -268,7 +277,7 @@ Note: the binary executable for windows/arm64 is not available for this release.
- Fix for Cannot import export bucket - bad state id encoding [\#708](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/708)
- Error missing expected { when updating the provider [\#697](https://github.com/mongodb/terraform-provider-mongodbatlas/issues/697)
-**Merged pull requests:**
+**Merged Pull Requests:**
- INTMDB-321: Add support for cloud export backup to mongodbatlas_cloud_backup_schedule [\#740](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/740) ([martinstibbe](https://github.com/martinstibbe))
- INTMDB-313: Update the project resource with new settings [\#741](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/741) ([martinstibbe](https://github.com/martinstibbe)) ([martinstibbe](https://github.com/martinstibbe))
From c42b989ea2ba1fd9aa0fa9fa90e5a707080635c7 Mon Sep 17 00:00:00 2001
From: Zuhair Ahmed
Date: Thu, 22 Dec 2022 22:15:18 -0500
Subject: [PATCH 7/7] 1.7.0 Upgrade and Information Guide
---
.../guides/1.7.0-upgrade-guide.html.markdown | 26 +++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 website/docs/guides/1.7.0-upgrade-guide.html.markdown
diff --git a/website/docs/guides/1.7.0-upgrade-guide.html.markdown b/website/docs/guides/1.7.0-upgrade-guide.html.markdown
new file mode 100644
index 0000000000..1526910f07
--- /dev/null
+++ b/website/docs/guides/1.7.0-upgrade-guide.html.markdown
@@ -0,0 +1,26 @@
+---
+layout: "mongodbatlas"
+page_title: "MongoDB Atlas Provider 1.7.0: Upgrade and Information Guide"
+sidebar_current: "docs-mongodbatlas-guides-170-upgrade-guide"
+description: |-
+MongoDB Atlas Provider 1.7.0: Upgrade and Information Guide
+---
+
+# MongoDB Atlas Provider 1.7.0: Upgrade and Information Guide
+
+The Terraform MongoDB Atlas Provider version 1.7.0 has one main new and exciting feature.
+
+New Features:
+* You can now [`authenticate with AWS Secrets Manager (AWS SM)`](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/website/docs/index.html.markdown#aws-secrets-manager)
+
+
+See the [CHANGELOG](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/CHANGELOG.md) for more details.
+
+
+### Helpful Links
+
+* [Report bugs](https://github.com/mongodb/terraform-provider-mongodbatlas/issues)
+
+* [Request Features](https://feedback.mongodb.com/forums/924145-atlas?category_id=370723)
+
+* [Contact Support](https://docs.atlas.mongodb.com/support/) covered by MongoDB Atlas support plans, Developer and above.