INTMDB-448: custom_db_role error

README.md

@@ -149,6 +149,8 @@ export TF_CLI_CONFIG_FILE=/mnt/c/Users/ZuhairAhmed/Desktop/Tenant_Upgrade/tf_cac
 #### Logs
 To help with dubbing issues, you can turn on Logs with `export TF_LOG=TRACE`. Note: this is very noisy. 
 
+To export logs to file, you can use `export TF_LOG_PATH=terraform.log`
+
 ### Running the acceptance test
 
 #### Programmatic API key

mongodbatlas/data_source_mongodbatlas_custom_db_roles_test.go

@@ -37,7 +37,7 @@ func TestAccConfigDSCustomDBRoles_basic(t *testing.T) {
 
 					// Test for Data source
 					resource.TestCheckResourceAttrSet(dataSourceName, "project_id"),
-					resource.TestCheckResourceAttr(dataSourceName, "results.#", "1"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "results.#"),
 				),
 			},
 		},

mongodbatlas/resource_mongodbatlas_custom_db_role.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"regexp"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -101,7 +102,13 @@ func resourceMongoDBAtlasCustomDBRole() *schema.Resource {
 	}
 }
 
+var (
+	customRoleLock sync.Mutex
+)
+
 func resourceMongoDBAtlasCustomDBRoleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	customRoleLock.Lock()
+	defer customRoleLock.Unlock()
 	conn := meta.(*MongoDBClient).Atlas
 	projectID := d.Get("project_id").(string)
 
@@ -180,6 +187,8 @@ func resourceMongoDBAtlasCustomDBRoleRead(ctx context.Context, d *schema.Resourc
 }
 
 func resourceMongoDBAtlasCustomDBRoleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	customRoleLock.Lock()
+	defer customRoleLock.Unlock()
 	conn := meta.(*MongoDBClient).Atlas
 	ids := decodeStateID(d.Id())
 	projectID := ids["project_id"]

mongodbatlas/resource_mongodbatlas_custom_db_role_test.go

@@ -412,7 +412,6 @@ func TestAccConfigRSCustomDBRoles_MultipleCustomRoles(t *testing.T) {
 }
 
 func TestAccConfigRSCustomDBRoles_MultipleResources(t *testing.T) {
-	t.Skip() // The error seems appear to be similar to whitelist behavior, skip it temporally
 	var (
 		resourceName = "mongodbatlas_custom_db_role.test"
 		projectID    = os.Getenv("MONGODB_ATLAS_PROJECT_ID")

website/docs/index.html.markdown

@@ -88,7 +88,7 @@ In order to enable the Terraform MongoDB Atlas Provider with AWS SM, please foll
       "private_key":"secret2"
      }
 ```
-2. Create an AWS IAM Role to attach to the AWS STS (Security Token Service) generated short lived API keys. This is required since STS generated API Keys by default have restricted permissions and need to have their permissions elevated in order to authenticate with Terraform. Take note of Role ARN and ensure IAM Role has permission for “sts:AssumeRole” . For example: 
+2. Create an AWS IAM Role to attach to the AWS STS (Security Token Service) generated short lived API keys. This is required since STS generated API Keys by default have restricted permissions and need to have their permissions elevated in order to authenticate with Terraform. Take note of Role ARN and ensure IAM Role has permission for “sts:AssumeRole”. For example: 
 ```
 {
     "Version": "2012-10-17",
@@ -102,8 +102,10 @@ In order to enable the Terraform MongoDB Atlas Provider with AWS SM, please foll
             "Action": "sts:AssumeRole"
         }
     ]
-} 
+}
 ```
+In addition, you are required to also attach the AWS Managed policy of `SecretsManagerReadWrite` to this IAM role.
+
 Note: this policy may be overly broad for many use cases, feel free to adjust accordingly to your organization's needs.
 
 3. In terminal, store as environmental variables AWS API Keys (while you can also hardcode in config files these will then be stored as plain text in .tfstate file and should be avoided if possible). For example: