feat: [Terraform] Parameter Add: Cloud Provider Access for Azure (#1343)

Author: andreaangiolillo

.github/workflows/acceptance-tests.yml

@@ -385,6 +385,9 @@ jobs:
           MONGODB_ATLAS_BASE_URL: ${{ vars.MONGODB_ATLAS_BASE_URL }}
           SKIP_TEST_EXTERNAL_CREDENTIALS: ${{ vars.SKIP_TEST_EXTERNAL_CREDENTIALS }}
           MONGODB_ATLAS_USERNAME_CLOUD_DEV: ${{ vars.MONGODB_ATLAS_USERNAME_CLOUD_DEV }}
+          AZURE_ATLAS_APP_ID: ${{vars.AZURE_ATLAS_APP_ID}}
+          AZURE_SERVICE_PRINCIPAL_ID: ${{vars.AZURE_SERVICE_PRINCIPAL_ID}}
+          AZURE_TENANT_ID: ${{vars.AZURE_TENANT_ID}}
           ACCTEST_TIMEOUT: ${{ vars.ACCTEST_TIMEOUT }}
           TF_LOG: ${{ vars.LOG_LEVEL }}
           TF_ACC: 1

examples/atlas-cloud-provider-access/aws/README.md

@@ -0,0 +1,76 @@
+# MongoDB Atlas Provider -- Cloud Provider Access Role with AWS
+This example shows how to perform authorization for a cloud provider AWS role.
+
+## Dependencies
+
+* Terraform MongoDB Atlas Provider v1.10.0
+* A MongoDB Atlas account 
+* An AWS account
+
+
+```
+Terraform v1.5.2
++ provider registry.terraform.io/terraform-providers/mongodbatlas v1.10.0
+```
+
+## Usage
+
+**1\. Ensure your AWS and MongoDB Atlas credentials are set up.**
+
+This can be done using environment variables:
+
+```bash
+export MONGODB_ATLAS_PUBLIC_KEY="xxxx"
+export MONGODB_ATLAS_PRIVATE_KEY="xxxx"
+```
+
+``` bash
+$ export AWS_SECRET_ACCESS_KEY='your secret key'
+$ export AWS_ACCESS_KEY_ID='your key id'
+```
+
+... or the `~/.aws/credentials` file.
+
+```
+$ cat ~/.aws/credentials
+[default]
+aws_access_key_id = your key id
+aws_secret_access_key = your secret key
+```
+... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values, ex:
+```
+access_key           = "<AWS_ACCESS_KEY_ID>"
+secret_key           = "<AWS_SECRET_ACCESS_KEY>"
+public_key           = "<MONGODB_ATLAS_PUBLIC_KEY>"
+private_key          = "<MONGODB_ATLAS_PRIVATE_KEY>"
+```
+
+**2\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently supports the below deployments:
+
+- An AWS Policy
+- An AWS Role
+- Confiture Atlas to use your AWS Role
+
+**3\. Execute the Terraform apply.**
+
+Now execute the plan to provision the resources.
+
+``` bash
+$ terraform apply
+```
+
+**4\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges.
+
+``` bash
+$ terraform destroy
+```
+

examples/atlas-cloud-provider-access/aws/versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     mongodbatlas = {
       source  = "mongodb/mongodbatlas"
-      version = "~> 1.0"
+      version = "~> 1.10.0"
     }
     aws = {
       source  = "hashicorp/aws"

examples/atlas-cloud-provider-access/azure/README.md

@@ -0,0 +1,89 @@
+# MongoDB Atlas Provider -- Cloud Provider Access Role with AZURE
+This example shows how to perform authorization for a cloud provider Azure Service Principal. 
+
+## Dependencies
+
+* Terraform MongoDB Atlas Provider v1.11.0
+* A MongoDB Atlas account 
+* An AZURE account
+
+
+```
+Terraform v1.5.2
++ provider registry.terraform.io/terraform-providers/mongodbatlas v1.11.0
+```
+
+## Usage
+
+**1\. Ensure your Azure credentials are set up.**
+
+1. Install the Azure CLI by following the steps from the [official Azure documentation](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+2. Run the command `az login` and this will take you to the default browser and perform the authentication.
+3. Once authenticated, it will print the user details as below:
+
+```
+⇒  az login
+You have logged in. Now let us find all the subscriptions to which you have access...
+The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
+XXXXX
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "XXXXX",
+    "id": "XXXXX",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Pay-As-You-Go",
+    "state": "Enabled",
+    "tenantId": "XXXXX",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+**2\. Ensure your MongoDB Atlas credentials are set up.**
+
+This can be done using environment variables:
+
+```bash
+export MONGODB_ATLAS_PUBLIC_KEY="xxxx"
+export MONGODB_ATLAS_PRIVATE_KEY="xxxx"
+```
+
+... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values, ex:
+```terraform
+public_key           = "<MONGODB_ATLAS_PUBLIC_KEY>"
+private_key          = "<MONGODB_ATLAS_PRIVATE_KEY>"
+```
+
+**3\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently supports the below deployments:
+
+- An Azure Service Principal
+- Confiture Atlas to use your Azure Service Principal
+
+**5\. Execute the Terraform apply.**
+
+Now execute the plan to provision the resources.
+
+``` bash
+$ terraform apply
+```
+
+**6\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges.
+
+``` bash
+$ terraform destroy
+```
+

examples/atlas-cloud-provider-access/azure/azure-service-principal.tf

@@ -0,0 +1,5 @@
+# Use the following block to create the Service Principal 
+resource "azuread_service_principal" "example" {
+  application_id               = var.atlas_azure_app_id
+  app_role_assignment_required = false
+}

examples/atlas-cloud-provider-access/azure/main.tf

@@ -0,0 +1,21 @@
+resource "mongodbatlas_cloud_provider_access_setup" "setup_only" {
+  project_id    = var.project_id
+  provider_name = var.cloud_provider_access_name
+  azure_config {
+    atlas_azure_app_id   = var.atlas_azure_app_id
+    service_principal_id = azuread_service_principal.example.object_id
+    tenant_id            = var.azure_tenant_id
+  }
+
+}
+
+resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" {
+  project_id = var.project_id
+  role_id    = mongodbatlas_cloud_provider_access_setup.setup_only.role_id
+
+  azure {
+    atlas_azure_app_id   = var.atlas_azure_app_id
+    service_principal_id = azuread_service_principal.example.object_id
+    tenant_id            = var.azure_tenant_id
+  }
+}

examples/atlas-cloud-provider-access/azure/providers.tf

@@ -0,0 +1,7 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+provider "azuread" {
+  tenant_id = var.azure_tenant_id
+}

examples/atlas-cloud-provider-access/azure/variables.tf

@@ -0,0 +1,23 @@
+# mongo
+variable "project_id" {
+  type = string
+}
+variable "cloud_provider_access_name" {
+  type    = string
+  default = "AZURE"
+}
+variable "public_key" {
+  type = string
+}
+variable "private_key" {
+  type = string
+}
+
+variable "azure_tenant_id" {
+  type = string
+}
+
+variable "atlas_azure_app_id" {
+  type = string
+}
+

examples/atlas-cloud-provider-access/azure/versions.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    mongodbatlas = {
+      source  = "mongodb/mongodbatlas"
+      version = "~> 1.11.0"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 2.15.0"
+    }
+  }
+  required_version = ">= 0.13"
+}

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/mwielbut/pointy v1.1.0
 	github.com/spf13/cast v1.5.1
 	github.com/zclconf/go-cty v1.13.2
-	go.mongodb.org/atlas v0.31.0
+	go.mongodb.org/atlas v0.32.0
 	go.mongodb.org/atlas-sdk/v20230201002 v20230201002.0.0
 	go.mongodb.org/realm v0.1.0
 	golang.org/x/exp v0.0.0-20221208152030-732eee02a75a