mongodb
diff --git a/‎.github/workflows/ipa-changelog.yml‎
Lines changed: 14 additions & 11 deletions b/‎.github/workflows/ipa-changelog.yml‎
Lines changed: 14 additions & 11 deletions
diff --git a/‎.github/workflows/ipa-release.yml‎
Lines changed: 47 additions & 10 deletions b/‎.github/workflows/ipa-release.yml‎
Lines changed: 47 additions & 10 deletions
diff --git a/‎changelog/changelog.json‎
Lines changed: 25 additions & 0 deletions b/‎changelog/changelog.json‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎changelog/changelog.yaml‎
Lines changed: 14 additions & 0 deletions b/‎changelog/changelog.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎changelog/internal/changelog-all.json‎
Lines changed: 25 additions & 0 deletions b/‎changelog/internal/changelog-all.json‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎changelog/internal/changelog-all.yaml‎
Lines changed: 14 additions & 0 deletions b/‎changelog/internal/changelog-all.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎changelog/internal/metadata.json‎
Lines changed: 3 additions & 3 deletions b/‎changelog/internal/metadata.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎openapi/.raw/v2.json‎
Lines changed: 23 additions & 2 deletions b/‎openapi/.raw/v2.json‎
Lines changed: 23 additions & 2 deletions
diff --git a/‎openapi/.raw/v2.yaml‎
Lines changed: 18 additions & 2 deletions b/‎openapi/.raw/v2.yaml‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎openapi/v1-deprecated/v1.json‎
Lines changed: 17 additions & 1 deletion b/‎openapi/v1-deprecated/v1.json‎
Lines changed: 17 additions & 1 deletion
@@ -32,20 +32,23 @@ jobs:
       env: 
         VERSION_BUMP: ${{ steps.version_check.outputs.version_changed }}
       run: | 
-        npm run gen-ipa-changelog
-
-        # Check for uncommitted changes specific to CHANGELOG.md  
-        uncommitted_changes=$(git status --porcelain | grep "CHANGELOG.md" || echo "")  
-
-        diff_changelog=$(git diff -- tools/spectral/ipa/CHANGELOG.md || echo "")  
+        diff_changelog=$(git diff origin/main -- CHANGELOG.md || echo "")  
+        
+        echo "Changelog diff: ${diff_changelog}"
   
-        if [[ "${VERSION_BUMP}" == "false" && -n "${uncommitted_changes}" ]]; then  
+        if [[ "${VERSION_BUMP}" == "false" && -n "${diff_changelog}" ]]; then  
           echo "Error: Changelog should only be updated alongside a version bump. Please restore the changelog."  
           exit 1  
         fi  
-  
-        if [[ "${VERSION_BUMP}" == "true" && -n "${diff_changelog}" ]]; then  
-          echo "Error: Changelog must be updated alongside a version bump. Please run 'npm run gen-ipa-changelog' from the ipa directory and commit the changes."  
+        
+        npm run gen-ipa-changelog
+
+        # Check CHANGELOG.md is the generated changelog result
+        uncommitted_changes=$(git status --porcelain | grep "CHANGELOG.md" || echo "")  
+        
+        if [[ "${VERSION_BUMP}" == "true" && -n "${uncommitted_changes}" ]]; then  
+          echo "Error: Changelog is not the same as the generated result. Please run 'npm run gen-ipa-changelog' from the ipa directory and commit the changes."  
           exit 1  
         fi 
-        exit 0
+        
+        exit 0
@@ -2,6 +2,15 @@ name: Release IPA Package
 
 on:  
   workflow_dispatch:
+    inputs:
+      workflow_call:
+        description: 'To distinguish workflow_call from regular push'
+        type: boolean
+        required: false
+        default: true
+      use_existing_tag:
+        description: 'Set value to `true` to use an existing tag for the release process, default is `false`'
+        default: 'false'
   push: 
     branches:
       - main
@@ -10,12 +19,13 @@ on:
 
 jobs:
   check-version:
-    runs-on: ubuntu-latest  
-    outputs:  
-      version_changed: ${{ steps.version_check.outputs.version_changed }}  
-      
+    runs-on: ubuntu-latest
+    outputs:
+      version_changed: ${{ steps.version_check.outputs.version_changed }}
+      current_version: ${{ steps.version_check.outputs.current_version }}
+
     steps:
-    - name: Checkout Repository  
+    - name: Checkout Repository
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
           fetch-depth: 0
@@ -24,21 +34,47 @@ jobs:
             .github/scripts
     - name: Fetch Versions
       id: version_check
-      env:   
+      env:
         BASE_BRANCH: "main~1"
       run: |
         version_changed=$(./.github/scripts/ipa_version_check.sh)  
         echo "Version changed? ${version_changed}"  
         echo "version_changed=${version_changed}" >> "${GITHUB_OUTPUT}"
-  
+        current_version=$(jq -r '.version' tools/spectral/ipa/package.json)
+        echo "Current version: ${current_version}"  
+        echo "current_version=${current_version}" >> "${GITHUB_OUTPUT}"
+
+  create-tag:
+    runs-on: ubuntu-latest
+    needs: check-version
+    if: >-
+      !cancelled()
+      && (!inputs.use_existing_tag || inputs.use_existing_tag == 'false')
+      && needs.check-version.outputs.version_changed == 'true'
+    steps:
+      - name: Validation of version format
+        run: |
+          echo "${{ needs.check-version.outputs.current_version }}" | grep -P '^\d+\.\d+\.\d+$'
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - name: Get the latest commit SHA
+        id: get-sha
+        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+      - name: Create release tag
+        uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72
+        with:
+          tag: 'ipa-validation-ruleset-v${{ needs.check-version.outputs.current_version }}'
+          commit_sha: ${{ steps.get-sha.outputs.sha }}
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg_passphrase: ${{ secrets.PASSPHRASE }}
+
   publish:
     needs: check-version
     runs-on: ubuntu-latest
     permissions:
       contents: read
       id-token: write
-    if: ${{ needs.check-version.outputs.version_changed == 'true' }}
-
+    if: ${{ needs.check-version.outputs.version_changed == 'true' || inputs.workflow_call }}
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       - uses: actions/setup-node@v4
@@ -50,4 +86,5 @@ jobs:
       - run: npm publish --access public
         working-directory: tools/spectral/ipa
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.IPA_VALIDATION_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.IPA_VALIDATION_NPM_TOKEN }}
+          
@@ -1,4 +1,29 @@
 [
+  {
+    "date": "2025-08-08",
+    "paths": [
+      {
+        "path": "/api/atlas/v2/groups/{groupId}/cloudProviderAccess",
+        "httpMethod": "GET",
+        "versions": [
+          {
+            "version": "2025-03-12",
+            "changes": [
+              {
+                "change": "added the optional property 'gcpServiceAccounts' to the response",
+                "changeCode": "response-optional-property-added",
+                "backwardCompatible": true
+              }
+            ],
+            "stabilityLevel": "stable",
+            "changeType": "update"
+          }
+        ],
+        "operationId": "listCloudProviderAccessRoles",
+        "tag": "Cloud Provider Access"
+      }
+    ]
+  },
   {
     "date": "2025-08-06",
     "paths": [
 
@@ -1,3 +1,17 @@
+- date: "2025-08-08"
+  paths:
+    - httpMethod: GET
+      operationId: listCloudProviderAccessRoles
+      path: /api/atlas/v2/groups/{groupId}/cloudProviderAccess
+      tag: Cloud Provider Access
+      versions:
+        - changeType: update
+          changes:
+            - backwardCompatible: true
+              change: added the optional property 'gcpServiceAccounts' to the response
+              changeCode: response-optional-property-added
+          stabilityLevel: stable
+          version: "2025-03-12"
 - date: "2025-08-06"
   paths:
     - httpMethod: GET
 
@@ -1,4 +1,29 @@
 [
+  {
+    "date": "2025-08-08",
+    "paths": [
+      {
+        "path": "/api/atlas/v2/groups/{groupId}/cloudProviderAccess",
+        "httpMethod": "GET",
+        "versions": [
+          {
+            "version": "2025-03-12",
+            "changes": [
+              {
+                "change": "added the optional property 'gcpServiceAccounts' to the response",
+                "changeCode": "response-optional-property-added",
+                "backwardCompatible": true
+              }
+            ],
+            "stabilityLevel": "stable",
+            "changeType": "update"
+          }
+        ],
+        "operationId": "listCloudProviderAccessRoles",
+        "tag": "Cloud Provider Access"
+      }
+    ]
+  },
   {
     "date": "2025-08-06",
     "paths": [
 
@@ -1,3 +1,17 @@
+- date: "2025-08-08"
+  paths:
+    - httpMethod: GET
+      operationId: listCloudProviderAccessRoles
+      path: /api/atlas/v2/groups/{groupId}/cloudProviderAccess
+      tag: Cloud Provider Access
+      versions:
+        - changeType: update
+          changes:
+            - backwardCompatible: true
+              change: added the optional property 'gcpServiceAccounts' to the response
+              changeCode: response-optional-property-added
+          stabilityLevel: stable
+          version: "2025-03-12"
 - date: "2025-08-06"
   paths:
     - httpMethod: GET
 
@@ -1,7 +1,7 @@
 {
-  "runDate": "2025-08-07",
-  "specRevision": "d85d82acd096f120c66f7f9302e8b0f55b4f5678",
-  "specRevisionShort": "d85d82acd09",
+  "runDate": "2025-08-13",
+  "specRevision": "5e6ecb5261d104e00de686c2f3ef0db114eb926b",
+  "specRevisionShort": "5e6ecb5261d",
   "versions": [
     "2023-01-01",
     "2023-02-01",
 
@@ -10366,6 +10366,17 @@
                 "pattern": "^([a-f0-9]{24})$",
                 "readOnly": true,
                 "type": "string"
+              },
+              "status": {
+                "description": "Provision status of the service account.",
+                "enum": [
+                  "IN_PROGRESS",
+                  "COMPLETE",
+                  "FAILED",
+                  "NOT_INITIATED"
+                ],
+                "readOnly": true,
+                "type": "string"
               }
             },
             "type": "object"
@@ -10563,6 +10574,16 @@
             "x-xgen-IPA-exception": {
               "xgen-IPA-124-array-max-items": "Schema predates IPA validation"
             }
+          },
+          "gcpServiceAccounts": {
+            "description": "List that contains the Google Service Accounts registered and authorized with MongoDB Cloud.",
+            "items": {
+              "$ref": "#/components/schemas/CloudProviderAccessGCPServiceAccount"
+            },
+            "type": "array",
+            "x-xgen-IPA-exception": {
+              "xgen-IPA-124-array-max-items": "Schema predates IPA validation"
+            }
           }
         },
         "type": "object"
@@ -52998,7 +53019,7 @@
     "termsOfService": "https://www.mongodb.com/mongodb-management-service-terms-and-conditions",
     "title": "MongoDB Atlas Administration API",
     "version": "2.0",
-    "x-xgen-sha": "d85d82acd096f120c66f7f9302e8b0f55b4f5678"
+    "x-xgen-sha": "5e6ecb5261d104e00de686c2f3ef0db114eb926b"
   },
   "openapi": "3.0.1",
   "paths": {
@@ -57443,7 +57464,7 @@
         "x-xgen-owner-team": "Atlas Dedicated"
       },
       "post": {
-        "description": "Creates one access role for the specified cloud provider. Some MongoDB Cloud features use these cloud provider access roles for authentication. To use this resource, the requesting Service Account or API Key must have the Project Owner role.",
+        "description": "Creates one access role for the specified cloud provider. Some MongoDB Cloud features use these cloud provider access roles for authentication. To use this resource, the requesting Service Account or API Key must have the Project Owner role. For the GCP provider, if the project folder is not yet provisioned, Atlas will now create the role asynchronously. An intermediate role with status `IN_PROGRESS` will be returned, and the final service account will be provisioned. Once the GCP project is set up, subsequent requests will create the service account synchronously.",
         "externalDocs": {
           "description": "Set Up Access to Cloud Providers",
           "url": "https://www.mongodb.com/docs/atlas/security/cloud-provider-access/"
 
@@ -8420,6 +8420,15 @@ components:
                         pattern: ^([a-f0-9]{24})$
                         readOnly: true
                         type: string
+                    status:
+                        description: Provision status of the service account.
+                        enum:
+                            - IN_PROGRESS
+                            - COMPLETE
+                            - FAILED
+                            - NOT_INITIATED
+                        readOnly: true
+                        type: string
                   type: object
             description: Details that describe the features linked to the GCP Service Account.
             required:
@@ -8554,6 +8563,13 @@ components:
                     type: array
                     x-xgen-IPA-exception:
                         xgen-IPA-124-array-max-items: Schema predates IPA validation
+                gcpServiceAccounts:
+                    description: List that contains the Google Service Accounts registered and authorized with MongoDB Cloud.
+                    items:
+                        $ref: '#/components/schemas/CloudProviderAccessGCPServiceAccount'
+                    type: array
+                    x-xgen-IPA-exception:
+                        xgen-IPA-124-array-max-items: Schema predates IPA validation
             type: object
         CloudProviderAzureAutoScaling:
             description: Range of instance sizes to which your cluster can scale.
@@ -41687,7 +41703,7 @@ info:
     termsOfService: https://www.mongodb.com/mongodb-management-service-terms-and-conditions
     title: MongoDB Atlas Administration API
     version: "2.0"
-    x-xgen-sha: d85d82acd096f120c66f7f9302e8b0f55b4f5678
+    x-xgen-sha: 5e6ecb5261d104e00de686c2f3ef0db114eb926b
 openapi: 3.0.1
 paths:
     /api/atlas/v2:
@@ -44497,7 +44513,7 @@ paths:
             x-xgen-docs-url: https://mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/listCloudProviderAccessRoles
             x-xgen-owner-team: Atlas Dedicated
         post:
-            description: Creates one access role for the specified cloud provider. Some MongoDB Cloud features use these cloud provider access roles for authentication. To use this resource, the requesting Service Account or API Key must have the Project Owner role.
+            description: Creates one access role for the specified cloud provider. Some MongoDB Cloud features use these cloud provider access roles for authentication. To use this resource, the requesting Service Account or API Key must have the Project Owner role. For the GCP provider, if the project folder is not yet provisioned, Atlas will now create the role asynchronously. An intermediate role with status `IN_PROGRESS` will be returned, and the final service account will be provisioned. Once the GCP project is set up, subsequent requests will create the service account synchronously.
             externalDocs:
                 description: Set Up Access to Cloud Providers
                 url: https://www.mongodb.com/docs/atlas/security/cloud-provider-access/
 
@@ -6640,7 +6640,7 @@
       "post": {
         "tags": ["Cloud Provider Access"],
         "summary": "Create One Cloud Provider Access Role",
-        "description": "Creates one access role for the specified cloud provider. Some MongoDB Cloud features use these cloud provider access roles for authentication. To use this resource, the requesting Service Account or API Key must have the Project Owner role.",
+        "description": "Creates one access role for the specified cloud provider. Some MongoDB Cloud features use these cloud provider access roles for authentication. To use this resource, the requesting Service Account or API Key must have the Project Owner role. For the GCP provider, if the project folder is not yet provisioned, Atlas will now create the role asynchronously. An intermediate role with status `IN_PROGRESS` will be returned, and the final service account will be provisioned. Once the GCP project is set up, subsequent requests will create the service account synchronously.",
         "externalDocs": {
           "description": "Set Up Access to Cloud Providers",
           "url": "https://www.mongodb.com/docs/atlas/security/cloud-provider-access/"
@@ -45624,6 +45624,12 @@
                 "description": "Unique 24-hexadecimal digit string that identifies the role.",
                 "readOnly": true,
                 "example": "32b6e34b3d91647abb20e7b8"
+              },
+              "status": {
+                "type": "string",
+                "description": "Provision status of the service account.",
+                "readOnly": true,
+                "enum": ["IN_PROGRESS", "COMPLETE", "FAILED", "NOT_INITIATED"]
               }
             }
           }
@@ -45879,6 +45885,16 @@
             "items": {
               "$ref": "#/components/schemas/CloudProviderAccessAzureServicePrincipal"
             }
+          },
+          "gcpServiceAccounts": {
+            "type": "array",
+            "description": "List that contains the Google Service Accounts registered and authorized with MongoDB Cloud.",
+            "x-xgen-IPA-exception": {
+              "xgen-IPA-124-array-max-items": "Schema predates IPA validation"
+            },
+            "items": {
+              "$ref": "#/components/schemas/CloudProviderAccessGCPServiceAccount"
+            }
           }
         }
       },