INTMDB-299: Support Cloud Backup Export Jobs (#673)

* added snapshot export bucket resource and datasource

* added integration test

* fix go.mod issue

* minor fixes

* added snapshot export job support


Co-authored-by: Abner Garcia <[email protected]>

Author: abner-dou

examples/atlas-provider-snapshot-export-bucket/aws-roles.tf

@@ -0,0 +1,41 @@
+resource "aws_iam_role_policy" "test_policy" {
+  name = "mongo_setup_policy"
+  role = aws_iam_role.test_role.id
+
+  policy = <<-EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+		"Action": "*",
+		"Resource": "*"
+      }
+    ]
+  }
+  EOF
+}
+
+resource "aws_iam_role" "test_role" {
+  name = "mongo_setup_test_role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "${mongodbatlas_cloud_provider_access_setup.setup_only.aws_config[0].atlas_aws_account_arn}"
+      },
+      "Action": "sts:AssumeRole",
+      "Condition": {
+        "StringEquals": {
+          "sts:ExternalId": "${mongodbatlas_cloud_provider_access_setup.setup_only.aws_config[0].atlas_assumed_role_external_id}"
+        }
+      }
+    }
+  ]
+}
+EOF
+}

examples/atlas-provider-snapshot-export-bucket/main.tf

@@ -0,0 +1,32 @@
+resource "mongodbatlas_cloud_provider_access_setup" "setup_only" {
+  project_id    = var.project_id
+  provider_name = "AWS"
+}
+
+resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" {
+  project_id = var.project_id
+  role_id    = mongodbatlas_cloud_provider_access_setup.setup_only.role_id
+
+  aws {
+    iam_assumed_role_arn = aws_iam_role.test_role.arn
+  }
+}
+
+
+resource "aws_s3_bucket" "test_bucket" {
+  bucket = "mongo-test-bucket-1"
+
+  tags = {
+    Name        = "My bucket"
+    Environment = "Dev"
+  }
+}
+
+resource "mongodbatlas_cloud_backup_snapshot_export_bucket" "test" {
+  project_id = var.project_id
+
+  iam_role_id    = mongodbatlas_cloud_provider_access_authorization.auth_role.role_id
+  bucket_name    = aws_s3_bucket.test_bucket.bucket
+  cloud_provider = "AWS"
+}
+

examples/atlas-provider-snapshot-export-bucket/provider.tf

@@ -0,0 +1,9 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+provider "aws" {
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = var.aws_region
+}

examples/atlas-provider-snapshot-export-bucket/variables.tf

@@ -0,0 +1,24 @@
+variable "public_key" {
+  description = "The public API key for MongoDB Atlas"
+  default     = ""
+}
+variable "private_key" {
+  description = "The private API key for MongoDB Atlas"
+  default     = ""
+}
+variable "project_id" {
+  description = "Atlas project ID"
+  default     = ""
+}
+variable "access_key" {
+  description = "The access key for AWS Account"
+  default     = ""
+}
+variable "secret_key" {
+  description = "The secret key for AWS Account"
+  default     = ""
+}
+variable "aws_region" {
+  default     = ""
+  description = "AWS Region"
+}

examples/atlas-provider-snapshot-export-bucket/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    mongodbatlas = {
+      source = "mongodb/mongodbatlas"
+    }
+  }
+  required_version = ">= 0.13"
+}

examples/atlas-provider-snapshot-export-job/aws-roles.tf

@@ -0,0 +1,41 @@
+resource "aws_iam_role_policy" "test_policy" {
+  name = "mongo_setup_policy"
+  role = aws_iam_role.test_role.id
+
+  policy = <<-EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+		"Action": "*",
+		"Resource": "*"
+      }
+    ]
+  }
+  EOF
+}
+
+resource "aws_iam_role" "test_role" {
+  name = "mongo_setup_test_role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "${mongodbatlas_cloud_provider_access_setup.setup_only.aws_config[0].atlas_aws_account_arn}"
+      },
+      "Action": "sts:AssumeRole",
+      "Condition": {
+        "StringEquals": {
+          "sts:ExternalId": "${mongodbatlas_cloud_provider_access_setup.setup_only.aws_config[0].atlas_assumed_role_external_id}"
+        }
+      }
+    }
+  ]
+}
+EOF
+}

examples/atlas-provider-snapshot-export-job/main.tf

@@ -0,0 +1,62 @@
+resource "mongodbatlas_cloud_provider_access_setup" "setup_only" {
+  project_id    = var.project_id
+  provider_name = "AWS"
+}
+
+resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" {
+  project_id = var.project_id
+  role_id    = mongodbatlas_cloud_provider_access_setup.setup_only.role_id
+
+  aws {
+    iam_assumed_role_arn = aws_iam_role.test_role.arn
+  }
+}
+
+
+resource "aws_s3_bucket" "test_bucket" {
+  bucket = "mongo-test-bucket-1"
+
+  tags = {
+    Name        = "My bucket"
+    Environment = "Dev"
+  }
+}
+
+resource "mongodbatlas_cluster" "my_cluster" {
+  project_id   = var.project_id
+  name         = "MyCluster"
+  disk_size_gb = 1
+
+  provider_name               = "AWS"
+  provider_region_name        = "US_EAST_1"
+  provider_instance_size_name = "M10"
+  cloud_backup                = true
+}
+
+resource "mongodbatlas_cloud_backup_snapshot" "test" {
+  project_id        = var.project_id
+  cluster_name      = mongodbatlas_cluster.my_cluster.name
+  description       = "myDescription"
+  retention_in_days = 1
+}
+
+resource "mongodbatlas_cloud_backup_snapshot_export_bucket" "test" {
+  project_id = var.project_id
+
+  iam_role_id    = mongodbatlas_cloud_provider_access_authorization.auth_role.role_id
+  bucket_name    = aws_s3_bucket.test_bucket.bucket
+  cloud_provider = "AWS"
+}
+
+resource "mongodbatlas_cloud_backup_snapshot_export_job" "test" {
+  project_id       = var.project_id
+  cluster_name     = mongodbatlas_cluster.my_cluster.name
+  snapshot_id      = mongodbatlas_cloud_backup_snapshot.test.snapshot_id
+  export_bucket_id = mongodbatlas_cloud_backup_snapshot_export_bucket.test.export_bucket_id
+
+
+  custom_data {
+    key   = "exported by"
+    value = "myName"
+  }
+}

examples/atlas-provider-snapshot-export-job/provider.tf

@@ -0,0 +1,9 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+provider "aws" {
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = "us-east-1"
+}

examples/atlas-provider-snapshot-export-job/variables.tf

@@ -0,0 +1,20 @@
+variable "public_key" {
+  description = "The public API key for MongoDB Atlas"
+  default     = ""
+}
+variable "private_key" {
+  description = "The private API key for MongoDB Atlas"
+  default     = ""
+}
+variable "project_id" {
+  description = "Atlas project ID"
+  default     = ""
+}
+variable "access_key" {
+  description = "The access key for AWS Account"
+  default     = ""
+}
+variable "secret_key" {
+  description = "The secret key for AWS Account"
+  default     = ""
+}

examples/atlas-provider-snapshot-export-job/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    mongodbatlas = {
+      source = "mongodb/mongodbatlas"
+    }
+  }
+  required_version = ">= 0.13"
+}