doc: Add azure federated database instance example and docs (#3521)

* Add aws directory to federated database instance examples

* Add azure cloud provider example to data federated instance resource

* Modify minimal example and add README

* Add documentation for azure cloud provider in federated database instances

* Decrease mongodbatlas version provider for tests

* Correct format

* Add newline to example files

* Add computed attributes on docs for azure cloud provider resouce

* Update outdated provider source path for example

* Fix indentation for attributes and add format to avoid spaces on field values

* Address PR review comments for wording

* Follow-up to correct wording on README example

Author: marcabreracast

docs/data-sources/federated_database_instance.md

@@ -10,7 +10,7 @@
 
 ```terraform
 data "mongodbatlas_federated_database_instance" "test" {
-  project_id         = "PROJECT ID"
+  project_id         = "<PROJECT_ID>"
   name               = "TENANT NAME OF THE FEDERATED DATABASE INSTANCE"
 }
 ```
@@ -19,8 +19,8 @@ data "mongodbatlas_federated_database_instance" "test" {
 
 ```terraform
 data "mongodbatlas_federated_database_instance" "test" {
-  project_id         = "PROJECT ID"
-  name               = "TENANT NAME OF THE FEDERATED DATABASE INSTANCE"
+  project_id         = "<PROJECT_ID>"
+  name               = "<TENANT_NAME_OF_THE_FEDERATED_DATABASE_INSTANCE>"
   cloud_provider_config {
 		aws {
 			test_s3_bucket = "Amazon S3 Bucket Name"
@@ -29,6 +29,20 @@ data "mongodbatlas_federated_database_instance" "test" {
 }
 ```
 
+## Example of Azure Blob Storage as storage database
+
+```terraform
+data "mongodbatlas_federated_database_instance" "test" {
+  project_id = "<PROJECT_ID>"
+  name       = "<TENANT_NAME_OF_THE_FEDERATED_DATABASE_INSTANCE>"
+  cloud_provider_config {
+    azure {
+      role_id = "<AZURE_ROLE_ID>"
+    }
+  }
+}
+```
+
 ## Argument Reference
 
 * `project_id` - (Required) The unique ID for the project to create a Federated Database Instance.
@@ -97,9 +111,15 @@ In addition to all arguments above, the following attributes are exported:
 * `iam_user_arn` - Amazon Resource Name (ARN) of the user that the Federated Database Instance assumes when accessing S3 Bucket data stores.
 * `external_id` - Unique identifier associated with the IAM Role that the Federated Database Instance assumes when accessing the data stores.
 * `role_id` - Unique identifier of the role that the data lake can use to access the data stores.
-### `data_process_region` - The cloud provider region to which the Federated Instance routes client connections for data processing.
-* `cloud_provider` -  Name of the cloud service provider. Atlas Federated Database only supports AWS.
-* `region` - Name of the region to which the Federanted Instnace routes client connections for data processing. 
 
+#### `azure` - Microsoft Azure provider of the cloud service where the Federated Database Instance can access Blob Storage.
+* `atlas_azure_app_id` - Unique identifier of the Azure Active Directory application associated with the service principal.
+* `service_principal_id` - Unique identifier of the Azure service principal that the Federated Database instance uses to access Azure Blob Storage.
+* `tenant_id` - Unique identifier of the Azure Active Directory tenant where the service principal resides.
+* `role_id` - Unique identifier of the role that the Federated Database Instance can use to access the data stores.
+
+### `data_process_region` - The cloud provider region to which the Federated Instance routes client connections for data processing.
+* `cloud_provider` -  Name of the cloud service provider. Supported providers: `AWS`, `AZURE`.
+* `region` - Name of the region to which the Federated Instance routes client connections for data processing.
 
-See [MongoDB Atlas API](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Data-Federation) Documentation for more information.
+To learn more, see the [MongoDB Atlas API](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Data-Federation) documentation.

docs/data-sources/federated_database_instances.md

@@ -1,6 +1,6 @@
 # Data Source: mongodbatlas_federated_database_instances
 
-`mongodbatlas_federated_database_instancess` provides a Federated Database Instance data source.
+`mongodbatlas_federated_database_instances` provides a Federated Database Instance data source.
 
 -> **NOTE:** Groups and projects are synonymous terms. You may find group_id in the official documentation.
 
@@ -87,8 +87,15 @@ In addition to all arguments above, the following attributes are exported:
 * `iam_user_arn` - Amazon Resource Name (ARN) of the user that the Federated Database Instance assumes when accessing S3 Bucket data stores.
 * `external_id` - Unique identifier associated with the IAM Role that the Federated Database Instance assumes when accessing the data stores.
 * `role_id` - Unique identifier of the role that the data lake can use to access the data stores.
-#### `data_process_region` - The cloud provider region to which the Federated Instance routes client connections for data processing.
-* `cloud_provider` -  Name of the cloud service provider. Atlas Federated Database only supports AWS.
-* `region` - Name of the region to which the Federanted Instnace routes client connections for data processing. 
+
+#### `azure` - Azure provider of the cloud service where the Federated Database Instance can access Blob Storage.
+* `atlas_azure_app_id` - Unique identifier of the Azure Active Directory application associated with the service principal.
+* `service_principal_id` - Unique identifier of the Azure service principal that the Federated Database instance uses to access Azure Blob Storage.
+* `tenant_id` - Unique identifier of the Azure Active Directory tenant where the service principal resides.
+* `role_id` - Unique identifier of the role that the Federated Database Instance can use to access the data stores.
+
+### `data_process_region` - The cloud provider region to which the Federated Instance routes client connections for data processing.
+* `cloud_provider` -  Name of the cloud service provider. Supported providers: `AWS`, `AZURE`.
+* `region` - Name of the region to which the Federated Instance routes client connections for data processing.
 
 See [MongoDB Atlas API](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Data-Federation) Documentation for more information.

docs/resources/federated_database_instance.md

@@ -85,6 +85,52 @@ resource "mongodbatlas_federated_database_instance" "test" {
 }
 ```
 
+## Example of Azure Blob Storage as storage database
+
+```terraform
+resource "mongodbatlas_federated_database_instance" "test" {
+  project_id = "<PROJECT_ID>"
+  name       = "<TENANT_NAME_OF_THE_FEDERATED DATABASE_INSTANCE>"
+  
+  cloud_provider_config {
+    azure {
+      role_id = "<AZURE_ROLE_ID>"
+    }
+  }
+  
+  storage_databases {
+    name = "VirtualDatabase0"
+    collections {
+      name = "NAME OF THE COLLECTION"
+      data_sources {
+        collection = "COLLECTION IN THE CLUSTER"
+        database   = "DB IN THE CLUSTER"
+        store_name = "CLUSTER NAME"
+      }
+      data_sources {
+        store_name = "AZURE BLOB STORAGE NAME"
+        path       = "AZURE BLOB PATH"
+      }
+    }
+  }
+
+  storage_stores {
+    name         = "STORE NAME"
+    cluster_name = "CLUSTER NAME"
+    project_id   = "PROJECT ID"
+    provider     = "atlas"
+    read_preference {
+      mode = "secondary"
+    }
+  }
+
+  storage_stores {
+    name     = "AZURE BLOB STORAGE NAME"
+    provider = "azure"
+  }
+}
+```
+
 ## Example specifying data process region and provider
 ```terraform
 resource "mongodbatlas_federated_database_instance" "test" {
@@ -103,12 +149,14 @@ resource "mongodbatlas_federated_database_instance" "test" {
 * `project_id` - (Required) The unique ID for the project to create a Federated Database Instance.
 * `name` - (Required) Name of the Atlas Federated Database Instance.
 * `cloud_provider_config` - (Optional) Cloud provider linked to this data federated instance.
-  * `cloud_provider_config.aws` - (Required) AWS provider of the cloud service where the Federated Database Instance can access the S3 Bucket. Note this parameter is only required if using `cloud_provider_config` since AWS is currently the only supported Cloud vendor on this feature at this time. 
+  * `cloud_provider_config.aws` - AWS provider of the cloud service where the Federated Database Instance can access the S3 Bucket.
       * `cloud_provider_config.aws.role_id` - (Required) Unique identifier of the role that the Federated Instance can use to access the data stores. If necessary, use the Atlas [UI](https://docs.atlas.mongodb.com/security/manage-iam-roles/) or [API](https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-get-roles/) to retrieve the role ID. You must also specify the `test_s3_bucket`.
       * `cloud_provider_config.aws.test_s3_bucket` - (Required) Name of the S3 data bucket that the provided role ID is authorized to access. You must also specify the `role_id`.
+    * `cloud_provider_config.azure` - Microsoft Azure provider of the cloud service where the Federated Database Instance can access Blob Storage.
+      * `cloud_provider_config.azure.role_id` - (Required) Unique identifier of the role that the Federated Database Instance can use to access the data stores.
 * `data_process_region` - (Optional) The cloud provider region to which the Federated Instance routes client connections for data processing.
-  * `data_process_region.cloud_provider` - (Required) Name of the cloud service provider. Atlas Federated Database only supports AWS.
-  * `data_process_region.region` - (Required) Name of the region to which the Federanted Instnace routes client connections for data processing. See the [documention](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Data-Federation/operation/createFederatedDatabase) for the available region.
+  * `data_process_region.cloud_provider` - (Required) Name of the cloud service provider. Supported providers: `AWS`, `AZURE`.
+  * `data_process_region.region` - (Required) Name of the region to which the Federated Instance routes client connections for data processing. See the [documentation](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Data-Federation/operation/createFederatedDatabase) for the available region.
 * `storage_databases` - Configuration details for mapping each data store to queryable databases and collections. For complete documentation on this object and its nested fields, see [databases](https://docs.mongodb.com/datalake/reference/format/data-lake-configuration#std-label-datalake-databases-reference). An empty object indicates that the Federated Database Instance has no mapping configuration for any data store.
   * `storage_databases.#.name` - Name of the database to which the Federated Database Instance maps the data contained in the data store.
   * `storage_databases.#.collections` -     Array of objects where each object represents a collection and data sources that map to a [stores](https://docs.mongodb.com/datalake/reference/format/data-lake-configuration#mongodb-datalakeconf-datalakeconf.stores) data store.
@@ -167,10 +215,13 @@ In addition to all arguments above, the following attributes are exported:
       * `s3:GetObjectVersion` 
 
   For more information on S3 actions, see [Actions, Resources, and Condition Keys for Amazon S3](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html).
-  * `iam_user_arn` - Amazon Resource Name (ARN) of the user that the Federated Database Instance assumes when accessing S3 Bucket data stores.
-  * `external_id` - Unique identifier associated with the IAM Role that the Federated Database Instance assumes when accessing the data stores.
-
+      * `iam_user_arn` - Amazon Resource Name (ARN) of the user that the Federated Database Instance assumes when accessing S3 Bucket data stores.
+      * `external_id` - Unique identifier associated with the IAM Role that the Federated Database Instance assumes when accessing the data stores.
 
+* `cloud_provider_config.azure` - Microsoft Azure cloud service configuration.
+  * `atlas_azure_app_id` - Unique identifier of the Azure Active Directory application associated with the service principal.
+  * `service_principal_id` - Unique identifier of the Azure service principal that the Federated Database instance uses to access Azure Blob Storage.
+  * `tenant_id` - Unique identifier of the Azure Active Directory tenant where the service principal resides.
 
 ## Import
 

examples/mongodbatlas_federated_database_instance/README.md renamed to examples/mongodbatlas_federated_database_instance/aws/README.md

@@ -0,0 +1,94 @@
+# Example - MongoDB Atlas Federated Database Instance with Microsoft Azure Blob Storage and MongoDB Cluster as storage databases
+
+This project aims to provide an example of using [MongoDB Atlas Federated Database Instance](https://www.mongodb.com/docs/atlas/data-federation/overview/).
+
+## Dependencies
+
+* Terraform MongoDB Atlas Provider v1.39.0
+* A MongoDB Atlas account
+* An Azure account
+
+```
+Terraform v1.39.0
++ provider registry.terraform.io/mongodb/mongodbatlas v1.39.0
+```
+
+## Usage
+
+**1\. Set up your Azure credentials.**
+
+1. Install the Azure CLI by following the steps from the [Azure documentation](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+2. Run the command `az login`. This takes you to the default browser where you can authenticate with Azure.
+3. Once authenticated, it will print the user details as follows:
+
+```
+⇒  az login
+You have logged in. Now let us find all the subscriptions to which you have access...
+The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
+XXXXX
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "XXXXX",
+    "id": "XXXXX",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Pay-As-You-Go",
+    "state": "Enabled",
+    "tenantId": "XXXXX",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+**2\. Set up your MongoDB Atlas credentials.**
+
+You can use environment variables to set up credentials for Atlas as follows:
+
+```bash
+export MONGODB_ATLAS_PUBLIC_KEY="<ATLAS_PUBLIC_KEY>"
+export MONGODB_ATLAS_PRIVATE_KEY="<ATLAS_PRIVATE_KEY>"
+```
+
+... or create a **terraform.tfvars** file with all variable values:
+
+```terraform
+public_key                 = "<MONGODB_ATLAS_PUBLIC_KEY>"
+private_key                = "<MONGODB_ATLAS_PRIVATE_KEY>"
+project_id                 = "<ATLAS_PROJECT_ID>"
+azure_atlas_app_id         = "<AZURE_ATLAS_APP_ID>"
+azure_service_principal_id = "<AZURE_SERVICE_PRINCIPAL_ID>"
+azure_tenant_id            = "<AZURE_TENANT_ID>"
+```
+
+**3\. Review the Terraform plan.**
+
+Run the following command and review the plan you created.
+
+``` bash
+$ terraform plan
+```
+This project currently supports the following deployments:
+
+- MongoDB Atlas Cloud Provider Access Setup for Azure
+- MongoDB Atlas Cloud Provider Access Authorization
+- MongoDB Atlas Federated Database Instance with Azure cloud provider configuration
+
+**5\. Run the Terraform apply command to apply the plan.**
+
+Now run the plan to provision the resources.
+
+``` bash
+$ terraform apply
+```
+
+**6\. Destroy the resources.**
+
+Once you are finished with our testing, ensure you destroy the resources to avoid unnecessary Atlas charges.
+
+``` bash
+$ terraform destroy
+```