Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

INTMDB-545: Update CloudProviderAccessService to support azure #508

Merged
merged 9 commits into from
Jul 28, 2023
15 changes: 5 additions & 10 deletions mongodbatlas/cloud_provider_access.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ type CloudProviderAccessService interface {
ListRoles(context.Context, string) (*CloudProviderAccessRoles, *Response, error)
GetRole(context.Context, string, string) (*CloudProviderAccessRole, *Response, error)
CreateRole(context.Context, string, *CloudProviderAccessRoleRequest) (*CloudProviderAccessRole, *Response, error)
AuthorizeRole(context.Context, string, string, *CloudProviderAuthorizationRequest) (*CloudProviderAccessRole, *Response, error)
AuthorizeRole(context.Context, string, string, *CloudProviderAccessRoleRequest) (*CloudProviderAccessRole, *Response, error)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

breaking change

DeauthorizeRole(context.Context, *CloudProviderDeauthorizationRequest) (*Response, error)
}

Expand All @@ -40,7 +40,8 @@ var _ CloudProviderAccessService = &CloudProviderAccessServiceOp{}

// CloudProviderAccessRoles an array of awsIamRoles objects.
type CloudProviderAccessRoles struct {
AWSIAMRoles []CloudProviderAccessRole `json:"awsIamRoles,omitempty"` // Unique identifier of AWS security group in this access list entry.
AWSIAMRoles []CloudProviderAccessRole `json:"awsIamRoles,omitempty"` // Unique identifier of AWS security group in this access list entry.
AzureServicePrincipals []CloudProviderAccessRole `json:"azureServicePrincipals,omitempty"` // Unique identifier of Azure security group in this access list entry.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Example of a response from the get

{
    "awsIamRoles": [
        {
            "atlasAWSAccountArn": "arn:aws:iam::299602853325:root",
            "atlasAssumedRoleExternalId": "8924b876-7ed6-44bd-bb34-707263a27a6f",
            "authorizedDate": "2023-03-24T17:12:15Z",
            "createdDate": "2023-03-24T17:05:37Z",
            "featureUsages": [],
            "iamAssumedRoleArn": "arn:aws:iam::358363220050:role/mongodb-test-cloud-backup-export-bucket-role-EU_WEST_1_test",
            "providerName": "AWS",
            "roleId": "641dd86151ed5c67923984f1"
        }
    ],
    "azureServicePrincipals": [
        {
            "_id": "64bf8b5d199f4e4af9106580",
            "atlasAzureAppId": "6f2deb0d-be72-4524-a403-df531868bac0",
            "createdDate": "2023-07-25T08:44:13Z",
            "featureUsages": [],
            "lastUpdatedDate": "2023-07-25T08:44:13Z",
            "providerName": "AZURE",
            "servicePrincipalId": "48f1d2a6-d0e9-482a-83a4-b8dd7dddc5c1",
            "tenantId": "91405384-d71e-47f5-92dd-759e272cdc1c"
        }
    ]
}

}

// CloudProviderAccessRole is the response from the CloudProviderAccessService.ListRoles.
Expand Down Expand Up @@ -69,19 +70,13 @@ type FeatureUsage struct {
// CloudProviderAccessRoleRequest represent a new role creation.
type CloudProviderAccessRoleRequest struct {
ProviderName string `json:"providerName"` // Human-readable label that identifies the cloud provider of the role.
IamAssumedRoleArn *string `json:"iamAssumedRoleArn,omitempty"` // Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account.
IAMAssumedRoleARN *string `json:"iamAssumedRoleArn,omitempty"` // Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account.
AtlasAzureAppID *string `json:"atlasAzureAppId,omitempty"` // Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
AzureServicePrincipalID *string `json:"servicePrincipalId,omitempty"` // Unique AzureID of this role.
AzureTenantID *string `json:"tenantId,omitempty"` // UUID String that identifies the Azure Active Directory Tenant AzureID.

}

// CloudProviderAuthorizationRequest represents an authorization request.
type CloudProviderAuthorizationRequest struct {
ProviderName string `json:"providerName"`
IAMAssumedRoleARN string `json:"iamAssumedRoleArn"`
}

// CloudProviderDeauthorizationRequest represents a request to remove authorization.
type CloudProviderDeauthorizationRequest struct {
ProviderName string
Expand Down Expand Up @@ -164,7 +159,7 @@ func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID s
// AuthorizeRole authorizes and configure an AWS Assumed IAM role.
//
// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/authorizeCloudProviderAccessRole
func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAuthorizationRequest) (*CloudProviderAccessRole, *Response, error) {
func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAccessRoleRequest) (*CloudProviderAccessRole, *Response, error) {
if roleID == "" {
return nil, nil, NewArgError("roleID", "must be set")
}
Expand Down
6 changes: 3 additions & 3 deletions mongodbatlas/cloud_provider_access_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ func TestCloudProviderAccessServiceOp_CreateRoleAWS(t *testing.T) {

createRequest := &CloudProviderAccessRoleRequest{
ProviderName: "AWS",
IamAssumedRoleArn: pointer("test"),
IAMAssumedRoleARN: pointer("test"),
}

mux.HandleFunc("/api/atlas/v1.0/groups/1/cloudProviderAccess", func(w http.ResponseWriter, r *http.Request) {
Expand Down Expand Up @@ -278,9 +278,9 @@ func TestCloudProviderAccessServiceOp_AuthorizeRole(t *testing.T) {

roleID := "5f232b94af0a6b41747bcc2d"

request := &CloudProviderAuthorizationRequest{
request := &CloudProviderAccessRoleRequest{
ProviderName: "AWS",
IAMAssumedRoleARN: "arn:aws:iam::772401394250:role/test-user-role",
IAMAssumedRoleARN: pointer("arn:aws:iam::772401394250:role/test-user-role"),
}

mux.HandleFunc(fmt.Sprintf("/api/atlas/v1.0/groups/1/cloudProviderAccess/%s", roleID), func(w http.ResponseWriter, r *http.Request) {
Expand Down