Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

INTMDB-301: Feature add: Add support for managment of federated authentication configuration #742

Merged
merged 39 commits into from
Jun 30, 2022
Merged

INTMDB-301: Feature add: Add support for managment of federated authentication configuration #742

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
cb5e488
Add support for federated settings
martinstibbe May 24, 2022
ed0cb07
Refactor for service pattern change
martinstibbe May 26, 2022
8901841
Refactor options and plural singular names
martinstibbe May 26, 2022
2fcd9d0
Merge branch 'release-staging-v1.4.0' into INTMDB-301
martinstibbe May 27, 2022
21e3184
Update go SDK version
martinstibbe May 27, 2022
faee8a7
Add initial federated website docs
martinstibbe May 31, 2022
e704af6
Provide examples for Federated settings
martinstibbe May 31, 2022
0a8b927
Merge branch 'release-staging-v1.4.0' into INTMDB-301
martinstibbe May 31, 2022
7b36da5
Sync go.mod to contain breaking change SDK change
martinstibbe May 31, 2022
f870731
Fix examples for lint error sync SDK to master
martinstibbe May 31, 2022
1283954
Add menu items for federation settings and upgrade guides
martinstibbe Jun 1, 2022
d59cf63
Merge branch 'release-staging-v1.4.0' into INTMDB-301
martinstibbe Jun 3, 2022
1381e34
Remove Federated Docs from PR
martinstibbe Jun 4, 2022
b2a2d0e
Merge branch 'release-staging-v1.4.0' into INTMDB-301
martinstibbe Jun 4, 2022
98845a1
PR Review updates
martinstibbe Jun 6, 2022
4429140
Add support for datasource tests
martinstibbe Jun 20, 2022
9b6561d
Fix lint fmt
martinstibbe Jun 20, 2022
9f4d03d
Add identity_provider_id variable
martinstibbe Jun 20, 2022
52522f7
Move identity_provider_id
martinstibbe Jun 20, 2022
f4307e5
Add role mappings datasource test
martinstibbe Jun 20, 2022
c619c1b
Add additional tests for federated resources
martinstibbe Jun 21, 2022
9eb80e9
Lint check
martinstibbe Jun 21, 2022
5a7009e
Add additional datasources and tests
martinstibbe Jun 22, 2022
cb83995
Remove unused function
martinstibbe Jun 22, 2022
9dc408f
Add support for role mappings and update tests and examples
martinstibbe Jun 23, 2022
decb9d8
Fix role mapping import to fit new style of parameters
martinstibbe Jun 23, 2022
16b08c0
Remove commented code
martinstibbe Jun 23, 2022
02f6f63
go mod tidy
martinstibbe Jun 23, 2022
a5b9aa1
Remove extra parameter user_conflicts
martinstibbe Jun 23, 2022
2823618
Add missing parameters and refactor name of variables
martinstibbe Jun 24, 2022
9eb2955
Update example
martinstibbe Jun 24, 2022
e905604
Update mongodbatlas/resource_mongodbatlas_federated_settings_identity…
martinstibbe Jun 26, 2022
bde51ed
go fmt
martinstibbe Jun 27, 2022
929c5e2
Add support for import tests
martinstibbe Jun 28, 2022
6a0e047
Add federated settings env variables to README remove upgrade guide
martinstibbe Jun 28, 2022
3910144
Remove cloud prefix from federated examples and resources idp_id to o…
martinstibbe Jun 28, 2022
b3ae32e
Add new sort to role mapping
martinstibbe Jun 28, 2022
3a16e1d
Add README for federated example
martinstibbe Jun 28, 2022
a603714
Refactor alias mongodbatlas to matlas dead code removal import spaces
martinstibbe Jun 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,19 @@ $ export MONGODB_ATLAS_API_KEYS_IDS=<API_KEYS_IDS>
export SKIP_TEST_EXTERNAL_CREDENTIALS=TRUE
```

- For `Federated Settings` resource configuration:
```sh
$ export MONGODB_ATLAS_FEDERATION_SETTINGS_ID=<YOUR_FEDERATION_SETTINGS_ID>
$ export ONGODB_ATLAS_FEDERATED_ORG_ID=<YOUR_FEDERATED_ORG_ID>
$ export MONGODB_ATLAS_FEDERATED_PROJECT_ID=<YOUR_VPC_FEDERATED_PROJECT_ID>
$ export MONGODB_ATLAS_FEDERATED_GROUP_ID=<YOUR_FEDERATED_GROUP_ID>
$ export MONGODB_ATLAS_FEDERATED_ROLE_MAPPING_ID=<YOUR_FEDERATED_ROLE_MAPPING_ID>
$ export MONGODB_ATLAS_FEDERATED_OKTA_IDP_ID=<YOUR_FEDERATED_OKTA_IDP_ID>
$ export MONGODB_ATLAS_FEDERATED_SSO_URL=<YOUR_FEDERATED_SSO_URL>
$ export MONGODB_ATLAS_FEDERATED_ISSUER_URI=<YOUR_FEDERATED_ISSUER_URI>
```
~> **Notice:** For more information about the Federation configuration resource, see: https://www.mongodb.com/docs/atlas/reference/api/federation-configuration/

##### AWS env variables

- For `Network Peering` resource configuration:
Expand Down
59 changes: 59 additions & 0 deletions examples/Federated-Settings/Readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Example - Okta and MongoDB Atlas Federated Settings Configuration

This project aims to provide an example of using Okta and MongoDB Atlas together.


## Dependencies

* Terraform v0.13
* Okta account
* A MongoDB Atlas account

```
Terraform v0.13.0
+ provider registry.terraform.io/terraform-providers/mongodbatlas v1.4.0
```

## Usage

**1\. Ensure your Okta/Mongodb Atlas Federal settings configuration is set up to have a working set of organizations, verified domains, and identity providers.**

**2\. TFVARS**

Now create **terraform.tfvars** file with all the variable values and make sure **not to commit it**.

**3\. Review the Terraform plan. **

Execute the below command and ensure you are happy with the plan.

``` bash
$ terraform plan
```
This project currently does the below deployments:

- MongoDB Atlas Federated Settings Organizational Role Mapping
- MongoDB Atlas Federated Settings Organizational Identity Provider
- MongoDB Atlas Federated Settings Organizational configuration

**4\. Execute the Terraform import for 2 resources that do not support create.**
``` bash
$ terraform import mongodbatlas_federated_settings_identity_provider.identity_provider 6287a67f7f7f7f7f441c6c-0oad7f7f7f7fk1297
terraform import mongodbatlas_federated_settings_org_config.org_connections_import 6287a67f7f7f7f7f441c6c-627a96837f7f7f7f7e306f14

```

**5\. Execute the Terraform apply.**

Now execute the plan to provision the Federated settings resources.

``` bash
$ terraform apply
```

**6\. Destroy the resources.**

Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges.

``` bash
$ terraform destroy
```
50 changes: 50 additions & 0 deletions examples/Federated-Settings/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
data "mongodbatlas_federated_settings" "federated_settings" {
org_id = var.org_id
}
data "mongodbatlas_federated_settings_identity_providers" "identity_provider" {
federation_settings_id = data.mongodbatlas_federated_settings.federated_settings.id
}

data "mongodbatlas_federated_settings_org_configs" "org_configs_ds" {
federation_settings_id = data.mongodbatlas_federated_settings.federated_settings.id
}

data "mongodbatlas_federated_settings_org_role_mappings" "org_role_mapping" {
federation_settings_id = data.mongodbatlas_federated_settings.federated_settings.id
org_id = var.org_id
}
resource "mongodbatlas_federated_settings_org_role_mapping" "org_role_mapping" {
federation_settings_id = data.mongodbatlas_federated_settings.federated_settings.id
org_id = var.org_id
external_group_name = "newgroup"

role_assignments {
group_id = var.group_id
roles = ["GROUP_OWNER", "GROUP_DATA_ACCESS_ADMIN", "GROUP_SEARCH_INDEX_EDITOR", "GROUP_DATA_ACCESS_READ_ONLY"]
}

role_assignments {
org_id = var.org_id
roles = ["ORG_OWNER", "ORG_MEMBER"]
}

}
resource "mongodbatlas_federated_settings_org_config" "org_connections_import" {
federation_settings_id = data.mongodbatlas_federated_settings.federated_settings.id
org_id = var.org_id
identity_provider_id = var.identity_provider_id
domain_restriction_enabled = false
domain_allow_list = ["yourdomain.com"]
}

resource "mongodbatlas_federated_settings_identity_provider" "identity_provider" {
federation_settings_id = data.mongodbatlas_federated_settings.federated_settings.id
name = var.name
associated_domains = ["yourdomain.com"]
sso_debug_enabled = true
status = "ACTIVE"
sso_url = "https://mysso.oktapreview.com/app/mysso_terrafssotesdev_1/exk1f7f7f7fk5wp50h8/sso/saml"
issuer_uri = "http://www.okta.com/exk1f716hf7f750h8"
themantissa marked this conversation as resolved.
Show resolved Hide resolved
request_binding = "HTTP-POST"
response_signature_algorithm = "SHA-256"
}
15 changes: 15 additions & 0 deletions examples/Federated-Settings/output.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
output "federated_settings_ds" {
value = data.mongodbatlas_federated_settings.federated_settings.id
}

output "identity_provider" {
value = data.mongodbatlas_federated_settings_identity_providers.identity_provider.id
}

output "org_configs_ds" {
value = data.mongodbatlas_federated_settings_org_configs.org_configs_ds.id
}

output "org_role_mapping" {
value = data.mongodbatlas_federated_settings_org_role_mappings.org_role_mapping.id
}
4 changes: 4 additions & 0 deletions examples/Federated-Settings/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
provider "mongodbatlas" {
public_key = var.public_key
private_key = var.private_key
}
28 changes: 28 additions & 0 deletions examples/Federated-Settings/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
variable "public_key" {
type = string
description = "Public Programmatic API key to authenticate to Atlas"
}
variable "private_key" {
type = string
description = "Private Programmatic API key to authenticate to Atlas"
}
variable "org_id" {
type = string
description = "MongoDB Organization ID"
}
variable "group_id" {
type = string
description = "MongoDB Group ID"
}

variable "name" {
type = string
description = "MongoDB Identity Provider Name"
default = "mongodb_federation_test"
}

variable "identity_provider_id" {
type = string
description = "MongoDB Identity Provider ID"
default = "5754gdhgd758"
}
11 changes: 11 additions & 0 deletions examples/Federated-Settings/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
mongodbatlas = {
source = "mongodb/mongodbatlas"
}
}
required_version = ">= 0.13"
}
4 changes: 0 additions & 4 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1230,10 +1230,6 @@ go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQc
go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
go.mongodb.org/atlas v0.12.0/go.mod h1:wVCnHcm/7/IfTjEB6K8K35PLG70yGz8BdkRwX0oK9/M=
go.mongodb.org/atlas v0.15.1-0.20220215171307-4b760c3c624f h1:IvKkFdSSBLC5kqB1X87vn8CRAI7eXoMSK7u2lG+WUg8=
go.mongodb.org/atlas v0.15.1-0.20220215171307-4b760c3c624f/go.mod h1:lQhRHIxc6jQHEK3/q9WLu/SdBkPj2fQYhjLGUF6Z3U8=
go.mongodb.org/atlas v0.16.1-0.20220527133640-ba676d378a30 h1:UVbPMJSXVDyvIA/JEHI2HAwc+B4R6xpnmSya/pbANpY=
go.mongodb.org/atlas v0.16.1-0.20220527133640-ba676d378a30/go.mod h1:lQhRHIxc6jQHEK3/q9WLu/SdBkPj2fQYhjLGUF6Z3U8=
go.mongodb.org/atlas v0.16.1-0.20220531163122-551edbfb2f27 h1:rGTb8CaE9ZKNjmdUJ58jFcHopLg6o6Kzfm9AIayq1Hw=
go.mongodb.org/atlas v0.16.1-0.20220531163122-551edbfb2f27/go.mod h1:lQhRHIxc6jQHEK3/q9WLu/SdBkPj2fQYhjLGUF6Z3U8=
go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M=
Expand Down
99 changes: 99 additions & 0 deletions mongodbatlas/data_source_mongodbatlas_federated_settings.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
package mongodbatlas

import (
"context"
"errors"

"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"

matlas "go.mongodb.org/atlas/mongodbatlas"
)

func dataSourceMongoDBAtlasFederatedSettings() *schema.Resource {
return &schema.Resource{
ReadContext: dataSourceMongoDBAtlasFederatedSettingsRead,
Schema: map[string]*schema.Schema{
"org_id": {
Type: schema.TypeString,
Required: true,
},
"federated_domains": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"has_role_mappings": {
Type: schema.TypeBool,
Computed: true,
},
"id": {
Type: schema.TypeString,
Computed: true,
},
"identity_provider_id": {
Type: schema.TypeString,
Computed: true,
},
"identity_provider_status": {
Type: schema.TypeString,
Computed: true,
},
},
}
}

func dataSourceMongoDBAtlasFederatedSettingsRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
// Get client connection.
conn := meta.(*MongoDBClient).Atlas

orgID, orgIDOk := d.GetOk("org_id")

if !orgIDOk {
return diag.FromErr(errors.New("org_id must be configured"))
}

var (
err error
org *matlas.Organization
)

if orgIDOk {
org, _, err = conn.Organizations.Get(ctx, orgID.(string))
}

if err != nil {
return diag.Errorf("Error reading Organization %s %s", orgID, err)
}

federationSettings, _, err := conn.FederatedSettings.Get(ctx, org.ID)
if err != nil {
return diag.Errorf("error getting Federated settings (%s): %s", orgID, err)
}

if err := d.Set("org_id", org.ID); err != nil {
return diag.Errorf("error getting Federated settings (%s): %s %s", `org_id`, org.ID, err)
}

if err := d.Set("federated_domains", federationSettings.FederatedDomains); err != nil {
return diag.Errorf("error getting Federated settings (%s): %s %s", `federated_domains`, federationSettings.FederatedDomains, err)
}

if err := d.Set("identity_provider_status", federationSettings.IdentityProviderStatus); err != nil {
return diag.Errorf("error getting Federated settings (%s): %s %s", `identityProviderStatus`, federationSettings.IdentityProviderStatus, err)
}

if err := d.Set("identity_provider_id", federationSettings.IdentityProviderID); err != nil {
return diag.Errorf("error getting Federated settings (%s): %s %s", `IdentityProviderID`, federationSettings.IdentityProviderID, err)
}

if err := d.Set("has_role_mappings", federationSettings.HasRoleMappings); err != nil {
return diag.Errorf("error getting Federated settings (%s): flag %s ", `HasRoleMappings`, err)
}

d.SetId(federationSettings.ID)

return nil
}
Loading