feat: Adds new mongodbatlas_cloud_user_team_assignment resource (#3502)

* Extracted users attribute common schema to dsschema/users_schema.go

* Added attribute users to team data source

* Modified tests

* Modified doc

* Added changelog

* Created ressource, schema and models

* WIP - Implementing Create method

* WIP - Added markdown description for attributes in schema and fixed model functions

* Fixed variables names

* WIP - Implement Read, Update, Delete, Import

* Fixed model attributes names.

* Minor change

* Added tests

* Fix

* Add github

* Fix

* Fix

* Changelog

* Fix

* Fixed function naming

* Changed test

* Changed `project_role_assignments` from List to Set

* Changed the attribute name `project_roles_assignments` to project_role_assignments in `organization` and `team` DS for consistency in naming.

* minor changes

* Fix

* Fix

* Fix

* Changed `project_role_assignments` from List to Set

* Removed redundant check

* Code improvements

* feat: Adds new singular data source `mongodbatlas_cloud_user_team_assignment` (#3517)

* Added DS schema generation and Read operation

* Add to provider

* Fix

* Added tests

* Changelog

* Modified tests

* Removed redundant condition

* Removed IsUserID

---------

Co-authored-by: Cristina Sánchez Sánchez <[email protected]>

---------

Co-authored-by: Cristina Sánchez Sánchez <[email protected]>

Author: csanx

.changelog/3502.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+resource/mongodbatlas_cloud_user_team_assignment 
+```

.changelog/3517.txt

@@ -0,0 +1,3 @@
+```release-note:new-datasource
+data-source/mongodbatlas_cloud_user_team_assignment 
+```

.github/workflows/acceptance-tests-runner.yml

@@ -302,6 +302,7 @@ jobs:
             - 'internal/service/controlplaneipaddresses/*.go'
           cloud_user:
             - 'internal/service/clouduserorgassignment/*.go'
+            - 'internal/service/clouduserteamassignment/*.go'
           cluster:
             - 'internal/service/cluster/*.go'
           cluster_outage_simulation:
@@ -592,7 +593,7 @@ jobs:
           MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }}
           ACCTEST_PACKAGES: ./internal/service/controlplaneipaddresses
         run: make testacc
-
+        
   cloud_user:
     needs: [ change-detection, get-provider-version ]
     if: ${{ needs.change-detection.outputs.cloud_user == 'true' || inputs.test_group == 'cloud_user' }}
@@ -613,9 +614,13 @@ jobs:
         env:
           MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }}
           MONGODB_ATLAS_TEAMS_IDS: ${{ inputs.mongodb_atlas_teams_ids }}
-          ACCTEST_PACKAGES: ./internal/service/clouduserorgassignment
+          MONGODB_ATLAS_PROJECT_OWNER_ID: ${{ inputs.mongodb_atlas_project_owner_id }}
+          MONGODB_ATLAS_ORG_ID: ${{ inputs.mongodb_atlas_org_id }}
+          ACCTEST_PACKAGES: |
+            ./internal/service/clouduserorgassignment
+            ./internal/service/clouduserteamassignment
         run: make testacc
-      
+
   cluster:
     needs: [ change-detection, get-provider-version ]
     if: ${{ needs.change-detection.outputs.cluster == 'true' || inputs.test_group == 'cluster' }}

internal/common/conversion/flatten_expand.go

@@ -57,14 +57,14 @@ func FlattenUsers(users []admin.OrgUserResponse) []map[string]any {
 func flattenUserRoles(roles admin.OrgUserRolesResponse) []map[string]any {
 	ret := make([]map[string]any, 0)
 	roleMap := map[string]any{
-		"org_roles":                 []string{},
-		"project_roles_assignments": []map[string]any{},
+		"org_roles":                []string{},
+		"project_role_assignments": []map[string]any{},
 	}
 	if roles.HasOrgRoles() {
 		roleMap["org_roles"] = roles.GetOrgRoles()
 	}
 	if roles.HasGroupRoleAssignments() {
-		roleMap["project_roles_assignments"] = flattenProjectRolesAssignments(roles.GetGroupRoleAssignments())
+		roleMap["project_role_assignments"] = flattenProjectRolesAssignments(roles.GetGroupRoleAssignments())
 	}
 	ret = append(ret, roleMap)
 	return ret

internal/common/dsschema/users_schema.go

@@ -28,7 +28,7 @@ func DSOrgUsersSchema() *schema.Schema {
 								Computed: true,
 								Elem:     &schema.Schema{Type: schema.TypeString},
 							},
-							"project_roles_assignments": {
+							"project_role_assignments": {
 								Type:     schema.TypeSet,
 								Computed: true,
 								Elem: &schema.Resource{

internal/provider/provider.go

@@ -30,6 +30,7 @@ import (
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/apikeyprojectassignment"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/atlasuser"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/clouduserorgassignment"
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/clouduserteamassignment"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/controlplaneipaddresses"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/databaseuser"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest"
@@ -461,6 +462,7 @@ func (p *MongodbtlasProvider) DataSources(context.Context) []func() datasource.D
 		resourcepolicy.DataSource,
 		resourcepolicy.PluralDataSource,
 		clouduserorgassignment.DataSource,
+		clouduserteamassignment.DataSource,
 		apikeyprojectassignment.DataSource,
 		apikeyprojectassignment.PluralDataSource,
 	}
@@ -489,6 +491,7 @@ func (p *MongodbtlasProvider) Resources(context.Context) []func() resource.Resou
 		resourcepolicy.Resource,
 		clouduserorgassignment.Resource,
 		apikeyprojectassignment.Resource,
+		clouduserteamassignment.Resource,
 	}
 	if config.PreviewProviderV2AdvancedCluster() {
 		resources = append(resources, advancedclustertpf.Resource)

internal/service/clouduserteamassignment/data_source.go

@@ -0,0 +1,105 @@
+package clouduserteamassignment
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/config"
+	"go.mongodb.org/atlas-sdk/v20250312005/admin"
+)
+
+var _ datasource.DataSource = &cloudUserTeamAssignmentDS{}
+var _ datasource.DataSourceWithConfigure = &cloudUserTeamAssignmentDS{}
+
+func DataSource() datasource.DataSource {
+	return &cloudUserTeamAssignmentDS{
+		DSCommon: config.DSCommon{
+			DataSourceName: resourceName,
+		},
+	}
+}
+
+type cloudUserTeamAssignmentDS struct {
+	config.DSCommon
+}
+
+func (d *cloudUserTeamAssignmentDS) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = dataSourceSchema()
+}
+
+func (d *cloudUserTeamAssignmentDS) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var state TFUserTeamAssignmentModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	connV2 := d.Client.AtlasV2
+	orgID := state.OrgId.ValueString()
+	teamID := state.TeamId.ValueString()
+	userID := state.UserId.ValueString()
+	username := state.Username.ValueString()
+
+	if username == "" && userID == "" {
+		resp.Diagnostics.AddError("invalid configuration", "either username or user_id must be provided")
+		return
+	}
+
+	var userListResp *admin.PaginatedOrgUser
+	var userResp *admin.OrgUserResponse
+	var err error
+
+	if userID != "" {
+		userListResp, _, err = connV2.MongoDBCloudUsersApi.ListTeamUsers(ctx, orgID, teamID).Execute()
+		if err != nil {
+			resp.Diagnostics.AddError(fmt.Sprintf("error retrieving resource by user_id: %s", userID), err.Error())
+			return
+		}
+
+		if userListResp == nil || len(userListResp.GetResults()) == 0 {
+			resp.Diagnostics.AddError("resource not found", "no user found with the specified user_id")
+			return
+		}
+		results := userListResp.GetResults()
+		for i := range results {
+			if results[i].GetId() == userID {
+				userResp = &results[i]
+				break
+			}
+		}
+	} else if username != "" {
+		params := &admin.ListTeamUsersApiParams{
+			OrgId:    orgID,
+			TeamId:   teamID,
+			Username: &username,
+		}
+		userListResp, _, err = connV2.MongoDBCloudUsersApi.ListTeamUsersWithParams(ctx, params).Execute()
+		if err != nil {
+			resp.Diagnostics.AddError(fmt.Sprintf("error retrieving resource by username: %s", username), err.Error())
+			return
+		}
+
+		if userListResp == nil || len(userListResp.GetResults()) == 0 {
+			resp.Diagnostics.AddError("resource not found", "no user found with the specified username")
+			return
+		}
+
+		userResp = &(userListResp.GetResults())[0]
+	}
+
+	if userResp == nil {
+		resp.State.RemoveResource(ctx)
+		return
+	}
+
+	newCloudUserTeamAssignmentModel, diags := NewTFUserTeamAssignmentModel(ctx, userResp)
+	if diags.HasError() {
+		resp.Diagnostics.Append(diags...)
+		return
+	}
+
+	newCloudUserTeamAssignmentModel.OrgId = state.OrgId
+	newCloudUserTeamAssignmentModel.TeamId = state.TeamId
+	resp.Diagnostics.Append(resp.State.Set(ctx, newCloudUserTeamAssignmentModel)...)
+}

internal/service/clouduserteamassignment/main_test.go

@@ -0,0 +1,15 @@
+package clouduserteamassignment_test
+
+import (
+	"os"
+	"testing"
+
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc"
+)
+
+func TestMain(m *testing.M) {
+	cleanup := acc.SetupSharedResources()
+	exitCode := m.Run()
+	cleanup()
+	os.Exit(exitCode)
+}

internal/service/clouduserteamassignment/model.go

@@ -0,0 +1,90 @@
+package clouduserteamassignment
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion"
+	"go.mongodb.org/atlas-sdk/v20250312005/admin"
+)
+
+func NewTFUserTeamAssignmentModel(ctx context.Context, apiResp *admin.OrgUserResponse) (*TFUserTeamAssignmentModel, diag.Diagnostics) {
+	diags := diag.Diagnostics{}
+
+	if apiResp == nil {
+		return nil, diags
+	}
+
+	rolesObj, rolesDiags := NewTFRolesModel(ctx, &apiResp.Roles)
+	diags.Append(rolesDiags...)
+
+	teamIDs := conversion.TFSetValueOrNull(ctx, apiResp.TeamIds, types.StringType)
+
+	userTeamAssignment := TFUserTeamAssignmentModel{
+		UserId:              types.StringValue(apiResp.GetId()),
+		Username:            types.StringValue(apiResp.GetUsername()),
+		OrgMembershipStatus: types.StringValue(apiResp.GetOrgMembershipStatus()),
+		Roles:               rolesObj,
+		TeamIds:             teamIDs,
+		InvitationCreatedAt: types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.InvitationCreatedAt)),
+		InvitationExpiresAt: types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.InvitationExpiresAt)),
+		InviterUsername:     types.StringPointerValue(apiResp.InviterUsername),
+		Country:             types.StringPointerValue(apiResp.Country),
+		FirstName:           types.StringPointerValue(apiResp.FirstName),
+		LastName:            types.StringPointerValue(apiResp.LastName),
+		CreatedAt:           types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.CreatedAt)),
+		LastAuth:            types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.LastAuth)),
+		MobileNumber:        types.StringPointerValue(apiResp.MobileNumber),
+	}
+
+	return &userTeamAssignment, nil
+}
+
+func NewTFRolesModel(ctx context.Context, roles *admin.OrgUserRolesResponse) (types.Object, diag.Diagnostics) {
+	diags := diag.Diagnostics{}
+
+	if roles == nil {
+		return types.ObjectNull(RolesObjectAttrTypes), diags
+	}
+
+	orgRoles := conversion.TFSetValueOrNull(ctx, roles.OrgRoles, types.StringType)
+
+	projectRoleAssignmentsSet := NewTFProjectRoleAssignments(ctx, roles.GroupRoleAssignments)
+
+	rolesModel := TFRolesModel{
+		OrgRoles:               orgRoles,
+		ProjectRoleAssignments: projectRoleAssignmentsSet,
+	}
+
+	rolesObj, _ := types.ObjectValueFrom(ctx, RolesObjectAttrTypes, rolesModel)
+	return rolesObj, diags
+}
+
+func NewTFProjectRoleAssignments(ctx context.Context, groupRoleAssignments *[]admin.GroupRoleAssignment) types.Set {
+	if groupRoleAssignments == nil {
+		return types.SetNull(ProjectRoleAssignmentsAttrType)
+	}
+
+	var projectRoleAssignments []TFProjectRoleAssignmentsModel
+
+	for _, pra := range *groupRoleAssignments {
+		projectID := types.StringPointerValue(pra.GroupId)
+		projectRoles := conversion.TFSetValueOrNull(ctx, pra.GroupRoles, types.StringType)
+
+		projectRoleAssignments = append(projectRoleAssignments, TFProjectRoleAssignmentsModel{
+			ProjectId:    projectID,
+			ProjectRoles: projectRoles,
+		})
+	}
+
+	praSet, _ := types.SetValueFrom(ctx, ProjectRoleAssignmentsAttrType.ElemType.(types.ObjectType), projectRoleAssignments)
+	return praSet
+}
+
+func NewUserTeamAssignmentReq(ctx context.Context, plan *TFUserTeamAssignmentModel) (*admin.AddOrRemoveUserFromTeam, diag.Diagnostics) {
+	addOrRemoveUserFromTeam := admin.AddOrRemoveUserFromTeam{
+		Id: plan.UserId.ValueString(),
+	}
+	return &addOrRemoveUserFromTeam, nil
+}