Skip to content

feat: Parameter Add: OIDC Database Users #1382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Aug 16, 2023
Merged

feat: Parameter Add: OIDC Database Users #1382

merged 8 commits into from
Aug 16, 2023

Conversation

andreaangiolillo
Copy link
Collaborator

@andreaangiolillo andreaangiolillo commented Aug 11, 2023
edited
Loading

Description

This PR adds support for OIDC federated authentication user
Link to any related issue(s):

Type of change:

  • Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
  • New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR.
  • Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR.
  • This change requires a documentation update
  • Documentation fix/enhancement

Required Checklist:

  • I have signed the MongoDB CLA
  • I have read the contribution guidelines
  • I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code

Further comments

FYI: We cannot define an acceptance test because we need to set a federation authentication sets in the Org

Testing

I tested my changes locally by building the provider binary with my changes.

TF Configuration

resource "mongodbatlas_database_user" "test" {
  username           = "64d613677e1ad50839cce4db/testAndrea22"
  project_id         = "6414908c207f4d22f4d8f232"
  auth_database_name = "admin"
  oidc_auth_type     = "IDP_GROUP"

  roles {
    role_name     = "readWriteAnyDatabase"
    database_name = "admin"
  }
}

data "mongodbatlas_database_user" "test" {
  username           = mongodbatlas_database_user.test.username
  project_id         = "6414908c207f4d22f4d8f232"
  auth_database_name = "admin"
}

data "mongodbatlas_database_users" "test" {
  project_id = "6414908c207f4d22f4d8f232"
}

terraform plan|apply|destroy

Terraform will perform the following actions:

  # mongodbatlas_database_user.test will be created
  + resource "mongodbatlas_database_user" "test" {
      + auth_database_name = "admin"
      + aws_iam_type       = "NONE"
      + id                 = (known after apply)
      + ldap_auth_type     = "NONE"
      + oidc_auth_type     = "IDP_GROUP"
      + project_id         = "6414908c207f4d22f4d8f232"
      + username           = "64d613677e1ad50839cce4db/testAndrea22"
      + x509_type          = "NONE"

      + roles {
          + collection_name = (known after apply)
          + database_name   = "admin"
          + role_name       = "readWriteAnyDatabase"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.



{
 "awsIAMType": "NONE",
 "databaseName": "admin",
 "groupId": "6414908c207f4d22f4d8f232",
 "labels": [],
 "ldapAuthType": "NONE",
 "links": [
  {
   "href": "https://cloud-dev.mongodb.com/api/atlas/v1.0/groups/6414908c207f4d22f4d8f232/databaseUsers/admin/64d613677e1ad50839cce4db%2FtestAndrea22",
   "rel": "self"
  }
 ],
 "oidcAuthType": "IDP_GROUP",
 "roles": [
  {
   "databaseName": "admin",
   "roleName": "readWriteAnyDatabase"
  }
 ],
 "scopes": [],
 "username": "64d613677e1ad50839cce4db/testAndrea22",
 "x509Type": "NONE"
}
-----------------------------------------------------: timestamp=2023-08-11T12:21:22.725+0100
mongodbatlas_database_user.test: Creation complete after 1s [id=YXV0aF9kYXRhYmFzZV9uYW1l:YWRtaW4=-cHJvamVjdF9pZA==:NjQxNDkwOGMyMDdmNGQyMmY0ZDhmMjMy-dXNlcm5hbWU=:NjRkNjEzNjc3ZTFhZDUwODM5Y2NlNGRiL3Rlc3RBbmRyZWEyMg==]
2023-08-11T12:21:22.747+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-08-11T12:21:22.749+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-08-11T12:21:22.751+0100 [DEBUG] provider: plugin process exited: path=../bin/terraform-provider-mongodbatlas pid=89817
2023-08-11T12:21:22.751+0100 [DEBUG] provider: plugin exited

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.



mongodbatlas_database_user.test: Destruction complete after 1s
2023-08-11T12:21:57.643+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-08-11T12:21:57.647+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-08-11T12:21:57.656+0100 [DEBUG] provider: plugin process exited: path=../bin/terraform-provider-mongodbatlas pid=90102
2023-08-11T12:21:57.656+0100 [DEBUG] provider: plugin exited

Destroy complete! Resources: 1 destroyed.

Terraform state

terraform state show data.mongodbatlas_database_user.test
# data.mongodbatlas_database_user.test:
data "mongodbatlas_database_user" "test" {
    auth_database_name = "admin"
    aws_iam_type       = "NONE"
    id                 = "YXV0aF9kYXRhYmFzZV9uYW1l:YWRtaW4=-cHJvamVjdF9pZA==:NjQxNDkwOGMyMDdmNGQyMmY0ZDhmMjMy-dXNlcm5hbWU=:NjRkNjEzNjc3ZTFhZDUwODM5Y2NlNGRiL3Rlc3RBbmRyZWEyMg=="
    labels             = []
    ldap_auth_type     = "NONE"
    oidc_auth_type     = "IDP_GROUP"
    project_id         = "6414908c207f4d22f4d8f232"
    roles              = [
        {
            collection_name = ""
            database_name   = "admin"
            role_name       = "readWriteAnyDatabase"
        },
    ]
    scopes             = []
    username           = "64d613677e1ad50839cce4db/testAndrea22"
    x509_type          = "NONE"



terraform state show data.mongodbatlas_database_users.test
# data.mongodbatlas_database_users.test:
data "mongodbatlas_database_users" "test" {
    id         = "terraform-20230811113157412700000001"
    project_id = "6414908c207f4d22f4d8f232"
    results    = [
        {
            auth_database_name = "admin"
            aws_iam_type       = "NONE"
            labels             = []
            ldap_auth_type     = "NONE"
            oidc_auth_type     = "IDP_GROUP"
            project_id         = "6414908c207f4d22f4d8f232"
            roles              = [
                {
                    collection_name = ""
                    database_name   = "admin"
                    role_name       = "readWriteAnyDatabase"
                },
            ]
            scopes             = []
            username           = "64d613677e1ad50839cce4db/testAndrea"
            x509_type          = "NONE"
        },
        {
            auth_database_name = "admin"
            aws_iam_type       = "NONE"
            labels             = []
            ldap_auth_type     = "NONE"
            oidc_auth_type     = "IDP_GROUP"
            project_id         = "6414908c207f4d22f4d8f232"
            roles              = [
                {
                    collection_name = ""
                    database_name   = "admin"
                    role_name       = "readWriteAnyDatabase"
                },
            ]
            scopes             = []
            username           = "64d613677e1ad50839cce4db/testAndrea22"
            x509_type          = "NONE"
        },
    ]
}

Screenshot 2023-08-11 at 12 21 50

@andreaangiolillo andreaangiolillo marked this pull request as ready for review August 11, 2023 11:35
@andreaangiolillo andreaangiolillo requested a review from a team as a code owner August 11, 2023 11:35
Zuhairahmed
Zuhairahmed approved these changes Aug 14, 2023
View reviewed changes
Copy link
Contributor

@Zuhairahmed Zuhairahmed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, minor comments. Nice! Customers are going to love this one

@andreaangiolillo andreaangiolillo merged commit b1c79d0 into master Aug 16, 2023
@andreaangiolillo andreaangiolillo deleted the INTMDB-931 branch August 16, 2023 09:15
zach-carr
zach-carr reviewed Aug 17, 2023
View reviewed changes
Copy link
Contributor

@zach-carr zach-carr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Retroactively commenting - this looks good copy-wise 👍

andreaangiolillo added a commit that referenced this pull request Sep 7, 2023
@andreaangiolillo
feat: Parameter Add: OIDC Database Users (#1382)
a8a017c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zach-carr zach-carr zach-carr left review comments

@gssbzn gssbzn gssbzn approved these changes

@AgustinBettati AgustinBettati AgustinBettati approved these changes

@Zuhairahmed Zuhairahmed Zuhairahmed approved these changes

@pierwill pierwill Awaiting requested review from pierwill

@jwilliams-mongo jwilliams-mongo Awaiting requested review from jwilliams-mongo

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andreaangiolillo @gssbzn @AgustinBettati @Zuhairahmed @zach-carr