From bc75c9cd4a548d856895377f00b7096d1ac7e6c3 Mon Sep 17 00:00:00 2001 From: Zuhair Ahmed Date: Mon, 2 Jan 2023 19:03:33 -0500 Subject: [PATCH 1/5] example fix --- website/docs/index.html.markdown | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index c7b8289d11..ba878d8697 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -99,10 +99,12 @@ In order to enable the Terraform MongoDB Atlas Provider with AWS SM, please foll "Principal": { "AWS": "*" }, - "Action": "sts:AssumeRole" + "Action": [ + "sts:AssumeRole" + ] } ] -} +} ``` Note: this policy may be overly broad for many use cases, feel free to adjust accordingly to your organization's needs. From 875c58cf3725a667c0f3ed1dca247ca07f261069 Mon Sep 17 00:00:00 2001 From: Zuhair Ahmed Date: Mon, 2 Jan 2023 19:13:48 -0500 Subject: [PATCH 2/5] log to file add --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 61d96729c6..e6e18910b2 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,7 @@ export TF_CLI_CONFIG_FILE=/mnt/c/Users/ZuhairAhmed/Desktop/Tenant_Upgrade/tf_cac #### Logs To help with dubbing issues, you can turn on Logs with `export TF_LOG=TRACE`. Note: this is very noisy. +To export logs to file, you can use `export TF_LOG_PATH=terraform.log` ### Running the acceptance test From 0ef145d8e21af2d15db45d19b93d6dad28cd7c5e Mon Sep 17 00:00:00 2001 From: Zuhair Ahmed Date: Mon, 2 Jan 2023 19:14:14 -0500 Subject: [PATCH 3/5] formating --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e6e18910b2..3d14f8b799 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,7 @@ export TF_CLI_CONFIG_FILE=/mnt/c/Users/ZuhairAhmed/Desktop/Tenant_Upgrade/tf_cac #### Logs To help with dubbing issues, you can turn on Logs with `export TF_LOG=TRACE`. Note: this is very noisy. + To export logs to file, you can use `export TF_LOG_PATH=terraform.log` ### Running the acceptance test From ac8cc4f1e127722d7a109d5a791facfc2051e584 Mon Sep 17 00:00:00 2001 From: Zuhair Ahmed Date: Mon, 2 Jan 2023 19:37:49 -0500 Subject: [PATCH 4/5] formatting updates --- website/docs/index.html.markdown | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index ba878d8697..1e0810b1e1 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -88,7 +88,7 @@ In order to enable the Terraform MongoDB Atlas Provider with AWS SM, please foll "private_key":"secret2" } ``` -2. Create an AWS IAM Role to attach to the AWS STS (Security Token Service) generated short lived API keys. This is required since STS generated API Keys by default have restricted permissions and need to have their permissions elevated in order to authenticate with Terraform. Take note of Role ARN and ensure IAM Role has permission for “sts:AssumeRole” . For example: +2. Create an AWS IAM Role to attach to the AWS STS (Security Token Service) generated short lived API keys. This is required since STS generated API Keys by default have restricted permissions and need to have their permissions elevated in order to authenticate with Terraform. Take note of Role ARN and ensure IAM Role has permission for “sts:AssumeRole”. For example: ``` { "Version": "2012-10-17", @@ -99,13 +99,13 @@ In order to enable the Terraform MongoDB Atlas Provider with AWS SM, please foll "Principal": { "AWS": "*" }, - "Action": [ - "sts:AssumeRole" - ] + "Action": "sts:AssumeRole" } ] } ``` +In addition, you are required to also attach the AWS Managed policy of `SecretsManagerReadWrite` to this IAM role. + Note: this policy may be overly broad for many use cases, feel free to adjust accordingly to your organization's needs. 3. In terminal, store as environmental variables AWS API Keys (while you can also hardcode in config files these will then be stored as plain text in .tfstate file and should be avoided if possible). For example: From 65bcffc7f6bca6aadcf1a9ddea322363a39267ec Mon Sep 17 00:00:00 2001 From: admin <33664051+martinstibbe@users.noreply.github.com> Date: Wed, 4 Jan 2023 13:49:24 -0600 Subject: [PATCH 5/5] Add mutex to prevent concurrent API calls datasource simplify count as it picks up other tests --- .../data_source_mongodbatlas_custom_db_roles_test.go | 2 +- mongodbatlas/resource_mongodbatlas_custom_db_role.go | 9 +++++++++ .../resource_mongodbatlas_custom_db_role_test.go | 1 - 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/mongodbatlas/data_source_mongodbatlas_custom_db_roles_test.go b/mongodbatlas/data_source_mongodbatlas_custom_db_roles_test.go index bc8770dfc1..5003e0f75a 100644 --- a/mongodbatlas/data_source_mongodbatlas_custom_db_roles_test.go +++ b/mongodbatlas/data_source_mongodbatlas_custom_db_roles_test.go @@ -37,7 +37,7 @@ func TestAccConfigDSCustomDBRoles_basic(t *testing.T) { // Test for Data source resource.TestCheckResourceAttrSet(dataSourceName, "project_id"), - resource.TestCheckResourceAttr(dataSourceName, "results.#", "1"), + resource.TestCheckResourceAttrSet(dataSourceName, "results.#"), ), }, }, diff --git a/mongodbatlas/resource_mongodbatlas_custom_db_role.go b/mongodbatlas/resource_mongodbatlas_custom_db_role.go index cb73e7ed79..53cb65bdb0 100644 --- a/mongodbatlas/resource_mongodbatlas_custom_db_role.go +++ b/mongodbatlas/resource_mongodbatlas_custom_db_role.go @@ -8,6 +8,7 @@ import ( "net/http" "regexp" "strings" + "sync" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -101,7 +102,13 @@ func resourceMongoDBAtlasCustomDBRole() *schema.Resource { } } +var ( + customRoleLock sync.Mutex +) + func resourceMongoDBAtlasCustomDBRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + customRoleLock.Lock() + defer customRoleLock.Unlock() conn := meta.(*MongoDBClient).Atlas projectID := d.Get("project_id").(string) @@ -180,6 +187,8 @@ func resourceMongoDBAtlasCustomDBRoleRead(ctx context.Context, d *schema.Resourc } func resourceMongoDBAtlasCustomDBRoleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + customRoleLock.Lock() + defer customRoleLock.Unlock() conn := meta.(*MongoDBClient).Atlas ids := decodeStateID(d.Id()) projectID := ids["project_id"] diff --git a/mongodbatlas/resource_mongodbatlas_custom_db_role_test.go b/mongodbatlas/resource_mongodbatlas_custom_db_role_test.go index 223807ec9e..be3fee27ce 100644 --- a/mongodbatlas/resource_mongodbatlas_custom_db_role_test.go +++ b/mongodbatlas/resource_mongodbatlas_custom_db_role_test.go @@ -412,7 +412,6 @@ func TestAccConfigRSCustomDBRoles_MultipleCustomRoles(t *testing.T) { } func TestAccConfigRSCustomDBRoles_MultipleResources(t *testing.T) { - t.Skip() // The error seems appear to be similar to whitelist behavior, skip it temporally var ( resourceName = "mongodbatlas_custom_db_role.test" projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID")