New resource and datasource for Project IP Access list (#332)

* added validation when the github actions should run if it's in branch

* chore:updated vendor

* feat: added resource and datasource of access list

* test: added tests for resource and datasources of access list

* docs: added docs for resource and datasource of access list

* refactor: made changes suggested by melissa

* fix: fixes linter error about capitalization

Co-authored-by: Edgar López <[email protected]>

Author: coderGo93

.github/workflows/automated-test-acceptances.yml

@@ -19,7 +19,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   acceptances-tests:
-    if: ${{ github.event.label.name == 'run-testacc' }}
+    if: ${{ github.event.label.name == 'run-testacc' || github.ref == 'refs/heads/master' }}
     needs: [ authorize ]
     runs-on: ubuntu-latest
     steps:

go.sum

@@ -613,8 +613,6 @@ go.mongodb.org/atlas v0.4.1-0.20200903102338-049d0778b833 h1:gH8Ih2OacuB6qVitO+w
 go.mongodb.org/atlas v0.4.1-0.20200903102338-049d0778b833/go.mod h1:CIaBeO8GLHhtYLw7xSSXsw7N90Z4MFY87Oy9qcPyuEs=
 go.mongodb.org/atlas v0.4.1-0.20200916170654-ac3833accfa2 h1:qjEP4bC8yTi57jBYHtSSA8gzPN4vJl3XG23YBMXCgUg=
 go.mongodb.org/atlas v0.4.1-0.20200916170654-ac3833accfa2/go.mod h1:CIaBeO8GLHhtYLw7xSSXsw7N90Z4MFY87Oy9qcPyuEs=
-go.mongodb.org/atlas v0.5.1-0.20201005200951-cefc31adb4ca h1:aZlmsmzOW8kYabsoBdG6BAeSOP2QShQds+6gSoMnBcg=
-go.mongodb.org/atlas v0.5.1-0.20201005200951-cefc31adb4ca/go.mod h1:CIaBeO8GLHhtYLw7xSSXsw7N90Z4MFY87Oy9qcPyuEs=
 go.mongodb.org/atlas v0.5.1-0.20201007214134-b315fe7503d2 h1:b4Ng7d2sCSgYKwLMOetbwLcPE732SiBnJqH5rQrhZOs=
 go.mongodb.org/atlas v0.5.1-0.20201007214134-b315fe7503d2/go.mod h1:CIaBeO8GLHhtYLw7xSSXsw7N90Z4MFY87Oy9qcPyuEs=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

mongodbatlas/data_source_mongodbatlas_project_ip_access_list.go

@@ -0,0 +1,107 @@
+package mongodbatlas
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"net"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	matlas "go.mongodb.org/atlas/mongodbatlas"
+)
+
+func dataSourceMongoDBAtlasProjectIPAccessList() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceMongoDBAtlasProjectIPAccessListRead,
+		Schema: map[string]*schema.Schema{
+			"project_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"cidr_block": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"aws_security_group", "ip_address"},
+				ValidateFunc: func(i interface{}, k string) (s []string, es []error) {
+					v, ok := i.(string)
+					if !ok {
+						es = append(es, fmt.Errorf("expected type of %s to be string", k))
+						return
+					}
+
+					_, ipnet, err := net.ParseCIDR(v)
+					if err != nil {
+						es = append(es, fmt.Errorf("expected %s to contain a valid CIDR, got: %s with err: %s", k, v, err))
+						return
+					}
+
+					if ipnet == nil || v != ipnet.String() {
+						es = append(es, fmt.Errorf("expected %s to contain a valid network CIDR, expected %s, got %s", k, ipnet, v))
+						return
+					}
+					return
+				},
+			},
+			"ip_address": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"aws_security_group", "cidr_block"},
+				ValidateFunc:  validation.IsIPAddress,
+			},
+			"aws_security_group": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"ip_address", "cidr_block"},
+			},
+			"comment": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceMongoDBAtlasProjectIPAccessListRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*matlas.Client)
+	projectID := d.Get("project_id").(string)
+	cidrBlock := d.Get("cidr_block").(string)
+	ipAddress := d.Get("ip_address").(string)
+	awsSecurityGroup := d.Get("aws_security_group").(string)
+
+	if cidrBlock == "" && ipAddress == "" && awsSecurityGroup == "" {
+		return errors.New("cidr_block, ip_address or aws_security_group needs to contain a value")
+	}
+	var entry bytes.Buffer
+
+	entry.WriteString(cidrBlock)
+	entry.WriteString(ipAddress)
+	entry.WriteString(awsSecurityGroup)
+
+	accessList, _, err := conn.ProjectIPAccessList.Get(context.Background(), projectID, entry.String())
+	if err != nil {
+		return fmt.Errorf("error getting access list information: %s", err)
+	}
+
+	if err := d.Set("cidr_block", accessList.CIDRBlock); err != nil {
+		return fmt.Errorf("error setting `cidr_block` for the project access list: %s", err)
+	}
+	if err := d.Set("ip_address", accessList.IPAddress); err != nil {
+		return fmt.Errorf("error setting `ip_address` for the project access list: %s", err)
+	}
+	if err := d.Set("aws_security_group", accessList.AwsSecurityGroup); err != nil {
+		return fmt.Errorf("error setting `aws_security_group` for the project access list: %s", err)
+	}
+	if err := d.Set("comment", accessList.Comment); err != nil {
+		return fmt.Errorf("error setting `comment` for the project access list: %s", err)
+	}
+
+	d.SetId(resource.UniqueId())
+
+	return nil
+}

mongodbatlas/data_source_mongodbatlas_project_ip_access_list_test.go

@@ -0,0 +1,160 @@
+package mongodbatlas
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccDataMongoDBAtlasProjectIPAccessList_SettingIPAddress(t *testing.T) {
+	resourceName := "mongodbatlas_project_ip_access_list.test"
+	projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID")
+	ipAddress := fmt.Sprintf("179.154.226.%d", acctest.RandIntRange(0, 255))
+	comment := fmt.Sprintf("TestAcc for ipAddress (%s)", ipAddress)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataMongoDBAtlasProjectIPAccessListConfigSettingIPAddress(projectID, ipAddress, comment),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "ip_address"),
+					resource.TestCheckResourceAttrSet(resourceName, "comment"),
+
+					resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
+					resource.TestCheckResourceAttr(resourceName, "ip_address", ipAddress),
+					resource.TestCheckResourceAttr(resourceName, "comment", comment),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataMongoDBAtlasProjectIPAccessList_SettingCIDRBlock(t *testing.T) {
+	resourceName := "mongodbatlas_project_ip_access_list.test"
+	projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID")
+	cidrBlock := fmt.Sprintf("179.154.226.%d/32", acctest.RandIntRange(0, 255))
+	comment := fmt.Sprintf("TestAcc for cidrBlock (%s)", cidrBlock)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataMongoDBAtlasProjectIPAccessListConfigSettingCIDRBlock(projectID, cidrBlock, comment),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasProjectIPAccessListExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "cidr_block"),
+					resource.TestCheckResourceAttrSet(resourceName, "comment"),
+
+					resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
+					resource.TestCheckResourceAttr(resourceName, "cidr_block", cidrBlock),
+					resource.TestCheckResourceAttr(resourceName, "comment", comment),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataMongoDBAtlasProjectIPAccessList_SettingAWSSecurityGroup(t *testing.T) {
+	SkipTestExtCred(t)
+	resourceName := "mongodbatlas_project_ip_access_list.test"
+	vpcID := os.Getenv("AWS_VPC_ID")
+	vpcCIDRBlock := os.Getenv("AWS_VPC_CIDR_BLOCK")
+	awsAccountID := os.Getenv("AWS_ACCOUNT_ID")
+	awsRegion := os.Getenv("AWS_REGION")
+	providerName := "AWS"
+
+	projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID")
+	awsSGroup := os.Getenv("AWS_SECURITY_GROUP_ID")
+	comment := fmt.Sprintf("TestAcc for awsSecurityGroup (%s)", awsSGroup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataMongoDBAtlasProjectIPAccessListConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasProjectIPAccessListExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "aws_security_group"),
+					resource.TestCheckResourceAttrSet(resourceName, "comment"),
+
+					resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
+					resource.TestCheckResourceAttr(resourceName, "aws_security_group", awsSGroup),
+					resource.TestCheckResourceAttr(resourceName, "comment", comment),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataMongoDBAtlasProjectIPAccessListConfigSettingIPAddress(projectID, ipAddress, comment string) string {
+	return fmt.Sprintf(`
+		resource "mongodbatlas_project_ip_access_list" "test" {
+			project_id = "%s"
+			ip_address = "%s"
+			comment    = "%s"
+		}
+
+		data "mongodbatlas_project_ip_access_list" "test" {
+			project_id = mongodbatlas_project_ip_access_list.test.project_id
+			ip_address = mongodbatlas_project_ip_access_list.test.ip_address
+		}
+	`, projectID, ipAddress, comment)
+}
+
+func testAccDataMongoDBAtlasProjectIPAccessListConfigSettingCIDRBlock(projectID, cidrBlock, comment string) string {
+	return fmt.Sprintf(`
+		resource "mongodbatlas_project_ip_access_list" "test" {
+			project_id = "%s"
+			cidr_block = "%s"
+			comment    = "%s"
+		}
+		data "mongodbatlas_project_ip_access_list" "test" {
+			project_id = mongodbatlas_project_ip_access_list.test.project_id
+			cidr_block = mongodbatlas_project_ip_access_list.test.cidr_block
+		}
+	`, projectID, cidrBlock, comment)
+}
+
+func testAccDataMongoDBAtlasProjectIPAccessListConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment string) string {
+	return fmt.Sprintf(`
+		resource "mongodbatlas_network_container" "test" {
+			project_id   		  = "%[1]s"
+			atlas_cidr_block  = "192.168.208.0/21"
+			provider_name		  = "%[2]s"
+			region_name			  = "%[6]s"
+		}
+
+		resource "mongodbatlas_network_peering" "test" {
+			accepter_region_name    = lower(replace("%[6]s", "_", "-"))
+			project_id    		    = "%[1]s"
+			container_id            = mongodbatlas_network_container.test.container_id
+			provider_name           = "%[2]s"
+			route_table_cidr_block  = "%[5]s"
+			vpc_id					        = "%[3]s"
+			aws_account_id	        = "%[4]s"
+		}
+
+		resource "mongodbatlas_project_ip_access_list" "test" {
+			project_id         = "%[1]s"
+			aws_security_group = "%[7]s"
+			comment            = "%[8]s"
+
+			depends_on = ["mongodbatlas_network_peering.test"]
+		}
+
+		data "mongodbatlas_project_ip_access_list" "test" {
+			project_id = mongodbatlas_project_ip_access_list.test.project_id
+			aws_security_group = mongodbatlas_project_ip_access_list.test.aws_security_group
+		}
+	`, projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment)
+}

mongodbatlas/provider.go

@@ -62,6 +62,7 @@ func Provider() terraform.ResourceProvider {
 			"mongodbatlas_cloud_provider_snapshot_backup_policy": dataSourceMongoDBAtlasCloudProviderSnapshotBackupPolicy(),
 			"mongodbatlas_third_party_integrations":              dataSourceMongoDBAtlasThirdPartyIntegrations(),
 			"mongodbatlas_third_party_integration":               dataSourceMongoDBAtlasThirdPartyIntegration(),
+			"mongodbatlas_project_ip_access_list":                dataSourceMongoDBAtlasProjectIPAccessList(),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -87,6 +88,7 @@ func Provider() terraform.ResourceProvider {
 			"mongodbatlas_private_endpoint_interface_link":       resourceMongoDBAtlasPrivateEndpointInterfaceLink(),
 			"mongodbatlas_cloud_provider_snapshot_backup_policy": resourceMongoDBAtlasCloudProviderSnapshotBackupPolicy(),
 			"mongodbatlas_third_party_integration":               resourceMongoDBAtlasThirdPartyIntegration(),
+			"mongodbatlas_project_ip_access_list":                resourceMongoDBAtlasProjectIPAccessList(),
 		},
 
 		ConfigureFunc: providerConfigure,