fix: Realm Client Auth Token Overwritten by Transport Assignment (#3362)

* don't use custom transport for realm

* changelog entry

* changelog

* use baseTransport instead of default

* add basic test that expects 404 and makes sure realm client works

* correct projectID

* add realm url in GHA

Author: oarbusi

.changelog/3362.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+provider: Fixes Realm Client authentication
+```

.github/workflows/acceptance-tests-runner.yml

@@ -37,6 +37,9 @@ on:
       mongodb_atlas_base_url:
         type: string
         required: true
+      mongodb_realm_base_url:
+        type: string
+        required: true
       mongodb_atlas_project_owner_id:
         type: string
         required: true
@@ -199,6 +202,7 @@ env:
   # If the name (regex) of the test is set, only that test is run
   ACCTEST_REGEX_RUN: ${{ inputs.test_name || inputs.provider_version == '' && '^Test(Acc|Mig)' || '^TestMig' }}
   MONGODB_ATLAS_BASE_URL: ${{ inputs.mongodb_atlas_base_url }}
+  MONGODB_REALM_BASE_URL: ${{ inputs.mongodb_realm_base_url }}
   MONGODB_ATLAS_ORG_ID: ${{ inputs.mongodb_atlas_org_id }}
   MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.mongodb_atlas_public_key }}
   MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.mongodb_atlas_private_key }}

.github/workflows/acceptance-tests.yml

@@ -106,6 +106,7 @@ jobs:
       aws_region_federation: ${{ vars.AWS_REGION_FEDERATION }}
       mongodb_atlas_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_ORG_ID_CLOUD_QA || vars.MONGODB_ATLAS_ORG_ID_CLOUD_DEV }}
       mongodb_atlas_base_url: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_BASE_URL_QA || vars.MONGODB_ATLAS_BASE_URL }}
+      mongodb_realm_base_url: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_REALM_BASE_URL_QA || vars.MONGODB_REALM_BASE_URL }}
       mongodb_atlas_project_owner_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_PROJECT_OWNER_ID_QA || vars.MONGODB_ATLAS_PROJECT_OWNER_ID }}
       mongodb_atlas_teams_ids: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_TEAMS_IDS_QA || vars.MONGODB_ATLAS_TEAMS_IDS }}
       azure_atlas_app_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.AZURE_ATLAS_APP_ID_QA || vars.AZURE_ATLAS_APP_ID }}

internal/config/client.go

@@ -243,10 +243,12 @@ func (c *MongoDBClient) GetRealmClient(ctx context.Context) (*realm.Client, erro
 		return nil, err
 	}
 
-	clientRealm := realmAuth.NewClient(realmAuth.BasicTokenSource(token))
-
-	clientRealm.Transport = baseTransport
-	clientRealm.Transport = logging.NewTransport("MongoDB Realm", clientRealm.Transport)
+	clientRealm := &http.Client{
+		Transport: &realmAuth.Transport{
+			Source: realmAuth.BasicTokenSource(token),
+			Base:   logging.NewTransport("MongoDB Realm", baseTransport),
+		},
+	}
 
 	// Initialize the MongoDB Realm API Client.
 	realmClient, err := realm.New(clientRealm, optsRealm...)

internal/service/eventtrigger/data_source_event_triggers_test.go

@@ -3,6 +3,7 @@ package eventtrigger_test
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -51,6 +52,23 @@ func TestAccEventTriggerDSPlural_basic(t *testing.T) {
 	})
 }
 
+func TestAccEventTriggerDSPlural_realmClientWorks(t *testing.T) {
+	// This test is designed to run in CI and expects a 404 "app not found" error from the Realm API.
+	projectID := acc.ProjectIDExecution(t)
+	appID := "invalid-app-id" // known-bad app ID
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acc.PreCheckBasic(t) },
+		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccMongoDBAtlasEventTriggers404Config(projectID, appID),
+				ExpectError: regexp.MustCompile("app not found"),
+			},
+		},
+	})
+}
+
 func testAccMongoDBAtlasEventTriggersDataSourceConfig(projectID, appID, operationTypes string, eventTrigger *realm.EventTriggerRequest) string {
 	return fmt.Sprintf(`
 		resource "mongodbatlas_event_trigger" "test" {
@@ -76,3 +94,12 @@ func testAccMongoDBAtlasEventTriggersDataSourceConfig(projectID, appID, operatio
 		eventTrigger.Config.Database, eventTrigger.Config.Collection,
 		eventTrigger.Config.ServiceID)
 }
+
+func testAccMongoDBAtlasEventTriggers404Config(projectID, appID string) string {
+	return fmt.Sprintf(`
+		data "mongodbatlas_event_triggers" "this" {
+			project_id = %q
+			app_id     = %q
+		}
+	`, projectID, appID)
+}