Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

INTMDB 186 - Added authorization resource to split the cloud access provider config #420

Merged
merged 21 commits into from
Apr 14, 2021

Conversation

leofigy
Copy link
Contributor

@leofigy leofigy commented Mar 17, 2021

Description

Introducing the authorization resource for cloud provider access, the expected behavior is to have the original

  • cloud provider access resource - for the users that want to have a unique resource,
  • cloud provider access setup - just creates the mongodbatlas ids
  • cloud provider access authorization - based on the role_id it performs an auth for the given cloud provicer access

Link to any related issue(s):

Type of change:

  • [] Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • Documentation fix/enhancement

Required Checklist:

  • I have signed the MongoDB CLA
  • I have read the Terraform contribution guidelines
  • I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code

Further comments

@leofigy leofigy requested a review from pitakill March 17, 2021 14:28
@leofigy leofigy marked this pull request as draft March 17, 2021 14:28
@leofigy leofigy self-assigned this Mar 17, 2021
@leofigy leofigy requested a review from themantissa March 24, 2021 00:58
@leofigy
Copy link
Contributor Author

leofigy commented Mar 24, 2021

Hi @themantissa explaining a little bit about the behavior

the cloud_provider_access_setup performs the following operations, this means you can do the setup, is
create, delete, but not update it (perform PATCH)

	Read:   resourceMongoDBAtlasCloudProviderAccessSetupRead,
	Create: resourceMongoDBAtlasCloudProviderAccessSetupCreate,
	Update: resourceMongoDBAtlasCloudProviderAccessAuthorizationPlaceHolder,
	Delete: resourceMongoDBAtlasCloudProviderAccessSetupDelete,
	

The authorization resource, is tricky in terraform sense you can create, delete, and update, but mapping to the API.
The PATCH request is actually done in the CREATE and Update, and the delete is just removing in it from terraform, but not calling the API, the reason behind this, it's because if you do a DELETE here , the upper resource won't be aware of.

	Read:   resourceMongoDBAtlasCloudProviderAccessAuthorizationRead,
	Create: resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate,
	Update: resourceMongoDBAtlasCloudProviderAccessAuthorizationUpdate,
	Delete: resourceMongoDBAtlasCloudProviderAccessAuthorizationPlaceHolder,

		

@leofigy leofigy marked this pull request as ready for review March 24, 2021 15:37
@leofigy leofigy changed the title Preview INTMDB 186 - Added authorization resource to split the cloud access provider config INTMDB 186 - Added authorization resource to split the cloud access provider config Mar 24, 2021
)
}

func TestAccResourceMongoDBAtlasCloudProviderAccessSetup_importBasic(t *testing.T) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @pitakill just fyi

@themantissa themantissa requested a review from shum March 24, 2021 16:16
Copy link
Collaborator

@themantissa themantissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall it looks great. Sorry for the delay but had to check some things with others first. Mostly just a few questions/comments and doc edits. Thanks!

integration-testing/README.md Outdated Show resolved Hide resolved
integration-testing/README.md Outdated Show resolved Hide resolved
Type: schema.TypeString,
Required: true,
},
// Note: when new providers will be added, this will trigger a recreate
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By recreate do you mean that if someone had AWS already and submitted as is for Azure, for example, it would recreate, that is destroy the existing AWS? Or do you mean if a new cloud provider is added it would create a new one in the terraform state? I kinda get what you are saying I think - the way the API is written now it would only really allow one cloud provider at a time to be in use for the project.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, if the cloud provider is change from aws to azure, it will hit a force new, that means to delete the existing one (aws) and send a create for azure

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any good way to prepare for this to have more than one later? Or should we just punt that to when (if) it actually comes up?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Melissa, when it comes we can just add in the Update request, something like if d.HasChanges("provider_name"), get the old and new value (new accepted providers), in case we need extra logic in case it's needed in an update process.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense. Thanks for the clarification.

website/docs/r/cloud_provider_access.markdown Outdated Show resolved Hide resolved
website/docs/r/cloud_provider_access.markdown Outdated Show resolved Hide resolved
website/docs/r/cloud_provider_access.markdown Outdated Show resolved Hide resolved
website/docs/r/cloud_provider_access.markdown Outdated Show resolved Hide resolved
website/docs/r/cloud_provider_access.markdown Outdated Show resolved Hide resolved
]
}
EOF
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Appears a linter error about not newline at the end of file

access_key = var.access_key
secret_key = var.secret_key
region = var.aws_region
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as before about linter error

Copy link
Contributor

@coderGo93 coderGo93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just fix the linter code from github, if the tests has passed and the code LGTM

@leofigy leofigy requested a review from themantissa April 9, 2021 14:19
Copy link
Collaborator

@themantissa themantissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One very tiny nit and follow up question. Then I think it's ready!

website/docs/r/cloud_provider_access.markdown Outdated Show resolved Hide resolved
@leofigy leofigy requested a review from themantissa April 12, 2021 15:31
Copy link
Collaborator

@themantissa themantissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you! @shum you feel good where this is at? If you don't have the time to review just give it a quick once over and let us know if any questions.

@leofigy
Copy link
Contributor Author

leofigy commented Apr 13, 2021

Hi @shum , if you don't have any concern, I will merge this today EOD :)

Copy link
Collaborator

@shum shum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, minor typos but logic makes sense to me

MONGODB_ATLAS_PRIVATE_KEY
```

For especific aws related interactions
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For especific aws related interactions
For specific aws related interactions

AWS_SECRET_ACCESS_KEY
AWS_REGION

AWS_CUSTOMER_MASTER_KEY_ID (only cloud at rest)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
AWS_CUSTOMER_MASTER_KEY_ID (only cloud at rest)
AWS_CUSTOMER_MASTER_KEY_ID (only required for encryption at rest with customer managed keys)

} else {
// planning for the future multiple providers
return fmt.Errorf(errorGetRead,
fmt.Sprintf("unsopported provider type %s", providerName))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
fmt.Sprintf("unsopported provider type %s", providerName))
fmt.Sprintf("unsupported provider type %s", providerName))

@leofigy leofigy added the run-testacc To run acceptance tests label Apr 14, 2021
@leofigy leofigy merged commit 733570c into master Apr 14, 2021
@leofigy leofigy deleted the INTMDB-186 branch April 14, 2021 04:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement run-testacc To run acceptance tests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants