From 2024f52e5549062b39ddb193c47aee42281b6069 Mon Sep 17 00:00:00 2001 From: Steven Hirschorn Date: Fri, 10 Nov 2023 09:49:23 +0000 Subject: [PATCH 1/5] doc: Fix typos and syntax errors --- website/docs/r/cloud_provider_access.markdown | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/website/docs/r/cloud_provider_access.markdown b/website/docs/r/cloud_provider_access.markdown index 8a207cb9cf..0c107d9d27 100644 --- a/website/docs/r/cloud_provider_access.markdown +++ b/website/docs/r/cloud_provider_access.markdown @@ -13,10 +13,6 @@ The Terraform MongoDB Atlas Provider offers two either-or/mutually exclusive pat * A Two Resource path: consisting of `mongodbatlas_cloud_provider_access_setup` and `mongodbatlas_cloud_provider_access_authorization`. The first resource, `mongodbatlas_cloud_provider_access_setup`, only generates the initial configuration (create, delete operations). The second resource, `mongodbatlas_cloud_provider_access_authorization`, helps to perform the authorization using the role_id of the first resource. This path is helpful in a multi-provider Terraform file, and allows for a single and decoupled apply. See example of this Two Resource path option with AWS Cloud [here](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/aws) and AZURE Cloud [here](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/azure). -* A Single Resource path: using the `mongodbatlas_cloud_provider_access` that at provision time sets up all the required configuration for a given provider, then with a subsequent update it can perform the authorize of the role. Note this path requires two `terraform apply` commands, once for setup and once for auth. This resource supports only `AWS`. -* A Two Resource path: consisting of `mongodbatlas_cloud_provider_access_setup` and `mongodbatlas_cloud_provider_access_authorization`. The first resource, `mongodbatlas_cloud_provider_access_setup`, only generates -the initial configuration (create, delete operations). The second resource, `mongodbatlas_cloud_provider_access_authorization`, helps to perform the authorization using the role_id of the first resource. This path is helpful in a multi-provider Terraform file, and allows for a single and decoupled apply. See example of this Two Resource path option with AWS Cloud [here](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/aws) and AZURE Cloud [here](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/azure). - * A Single Resource path: using the `mongodbatlas_cloud_provider_access` that at provision time sets up all the required configuration for a given provider, then with a subsequent update it can perform the authorize of the role. Note this path requires two `terraform apply` commands, once for setup and once for auth. This resource supports only `AWS`. **WARNING:** The resource `mongodbatlas_cloud_provider_access` is deprecated and will be removed in version v1.14.0, use the Two Resource path instead. @@ -86,7 +82,7 @@ can be imported using project ID and the provider name and mongodbatlas role id, $ terraform import mongodbatlas_cloud_provider_access_setup.my_role 1112222b3bf99403840e8934-AWS-5fc17d476f7a33224f5b224e ``` -## mongodbatlas_cloud_provider_authorization +## mongodbatlas_cloud_provider_access_authorization This is the second resource in the two-resource path as described above. `mongodbatlas_cloud_provider_access_authorization` Allows you to authorize an AWS or AZURE IAM roles in Atlas. @@ -104,8 +100,8 @@ resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" { project_id = mongodbatlas_cloud_provider_access_setup.setup_only.project_id role_id = mongodbatlas_cloud_provider_access_setup.setup_only.role_id - aws_config { - atlas_aws_account_arn = "arn:aws:iam::772401394250:role/test-user-role" + aws { + iam_assumed_role_arn = "arn:aws:iam::772401394250:role/test-user-role" } } From 0ec5400b317ed783e4f04b37a4e3e6afdcffbeba Mon Sep 17 00:00:00 2001 From: Steven Hirschorn Date: Fri, 10 Nov 2023 09:50:10 +0000 Subject: [PATCH 2/5] doc: Add details about how this resource can be used --- website/docs/r/cloud_provider_access.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/r/cloud_provider_access.markdown b/website/docs/r/cloud_provider_access.markdown index 0c107d9d27..b127aa44cc 100644 --- a/website/docs/r/cloud_provider_access.markdown +++ b/website/docs/r/cloud_provider_access.markdown @@ -73,6 +73,8 @@ resource "mongodbatlas_cloud_provider_access_setup" "test_role" { * `last_updated_date` - Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC. * `role_id` - Unique ID of this role. +* -> **NOTE:** the two sub-attributes of the aws_config block will likely be needed on the external AWS account side as the constraints on the trust policy of an IAM role you're granting Atlas access to. They can be accessed via `mongodbatlas_cloud_provider_access_setup.`, for example the trust policy will reference `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_aws_account_arn` in its `Principal` statement, and the `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_assumed_role_external_id` in its `Condition.StringEquals.sts:ExternalId` statement. + ## Import: mongodbatlas_cloud_provider_access_setup For consistency is has the same format as the regular mongodbatlas_cloud_provider_access resource can be imported using project ID and the provider name and mongodbatlas role id, in the format From 22796a1eabf72fbe391a1efff1b8c5666d6f42f3 Mon Sep 17 00:00:00 2001 From: Steven Hirschorn Date: Mon, 13 Nov 2023 13:52:02 +0000 Subject: [PATCH 3/5] Update website/docs/r/cloud_provider_access.markdown Co-authored-by: John Williams <55147273+jwilliams-mongo@users.noreply.github.com> --- website/docs/r/cloud_provider_access.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/cloud_provider_access.markdown b/website/docs/r/cloud_provider_access.markdown index b127aa44cc..8002a07f46 100644 --- a/website/docs/r/cloud_provider_access.markdown +++ b/website/docs/r/cloud_provider_access.markdown @@ -73,7 +73,7 @@ resource "mongodbatlas_cloud_provider_access_setup" "test_role" { * `last_updated_date` - Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC. * `role_id` - Unique ID of this role. -* -> **NOTE:** the two sub-attributes of the aws_config block will likely be needed on the external AWS account side as the constraints on the trust policy of an IAM role you're granting Atlas access to. They can be accessed via `mongodbatlas_cloud_provider_access_setup.`, for example the trust policy will reference `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_aws_account_arn` in its `Principal` statement, and the `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_assumed_role_external_id` in its `Condition.StringEquals.sts:ExternalId` statement. +* -> **NOTE:** the two sub-attributes of the `aws_config block` will likely be needed on the external AWS account side as the constraints on the trust policy of an IAM role you're granting Atlas access to. They can be accessed via `mongodbatlas_cloud_provider_access_setup.`. For example, the trust policy will reference `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_aws_account_arn` in its `Principal` statement, and the `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_assumed_role_external_id` in its `Condition.StringEquals.sts:ExternalId` statement. ## Import: mongodbatlas_cloud_provider_access_setup For consistency is has the same format as the regular mongodbatlas_cloud_provider_access resource From 7eb3bf1dd3d1c4b5ce67da9c56e33725f6472d9e Mon Sep 17 00:00:00 2001 From: Steven Hirschorn Date: Mon, 13 Nov 2023 16:55:53 +0000 Subject: [PATCH 4/5] doc: Add references to documentation in Github --- website/docs/r/cloud_provider_access.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/cloud_provider_access.markdown b/website/docs/r/cloud_provider_access.markdown index 8002a07f46..1c6d67d43f 100644 --- a/website/docs/r/cloud_provider_access.markdown +++ b/website/docs/r/cloud_provider_access.markdown @@ -73,7 +73,7 @@ resource "mongodbatlas_cloud_provider_access_setup" "test_role" { * `last_updated_date` - Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC. * `role_id` - Unique ID of this role. -* -> **NOTE:** the two sub-attributes of the `aws_config block` will likely be needed on the external AWS account side as the constraints on the trust policy of an IAM role you're granting Atlas access to. They can be accessed via `mongodbatlas_cloud_provider_access_setup.`. For example, the trust policy will reference `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_aws_account_arn` in its `Principal` statement, and the `mongodbatlas_cloud_provider_access_setup..aws_config[0].atlas_assumed_role_external_id` in its `Condition.StringEquals.sts:ExternalId` statement. +-> **NOTE:** Code examples of how the mongodbatlas_cloud_provider_access_setup resource and its attributes should be used to permit Atlas to access resources in your own cloud provider accounts are in Github, for [AWS](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/aws) and for [Azure](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/azure) ## Import: mongodbatlas_cloud_provider_access_setup For consistency is has the same format as the regular mongodbatlas_cloud_provider_access resource From 55c8d6ab3c326c0d341e983e157e110058066e27 Mon Sep 17 00:00:00 2001 From: Steven Hirschorn Date: Tue, 14 Nov 2023 12:16:20 +0000 Subject: [PATCH 5/5] Update website/docs/r/cloud_provider_access.markdown Co-authored-by: Agustin Bettati --- website/docs/r/cloud_provider_access.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/cloud_provider_access.markdown b/website/docs/r/cloud_provider_access.markdown index 1c6d67d43f..85aaebc842 100644 --- a/website/docs/r/cloud_provider_access.markdown +++ b/website/docs/r/cloud_provider_access.markdown @@ -73,7 +73,7 @@ resource "mongodbatlas_cloud_provider_access_setup" "test_role" { * `last_updated_date` - Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC. * `role_id` - Unique ID of this role. --> **NOTE:** Code examples of how the mongodbatlas_cloud_provider_access_setup resource and its attributes should be used to permit Atlas to access resources in your own cloud provider accounts are in Github, for [AWS](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/aws) and for [Azure](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/azure) +-> **NOTE:** For more details on how attributes are used to enable access to cloud provider accounts see [AWS example](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/aws) and [Azure example](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-cloud-provider-access/azure). ## Import: mongodbatlas_cloud_provider_access_setup For consistency is has the same format as the regular mongodbatlas_cloud_provider_access resource