mongodb · csanx · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025 · Jul 29, 2025
@@ -0,0 +1,3 @@
+```release-note:new-resource
+resource/mongodbatlas_cloud_user_project_assignment 
+```
@@ -305,6 +305,7 @@ jobs:
             - 'internal/service/controlplaneipaddresses/*.go'
           cloud_user:
             - 'internal/service/clouduserorgassignment/*.go'
+            - 'internal/service/clouduserprojectassignment/*.go'
             - 'internal/service/clouduserteamassignment/*.go'
           cluster:
             - 'internal/service/cluster/*.go'
@@ -601,8 +602,10 @@ jobs:
           MONGODB_ATLAS_PROJECT_OWNER_ID: ${{ inputs.mongodb_atlas_project_owner_id }}
           MONGODB_ATLAS_ORG_ID: ${{ inputs.mongodb_atlas_org_id }}
           MONGODB_ATLAS_USERNAME: ${{ vars.MONGODB_ATLAS_USERNAME }}
+          MONGODB_ATLAS_USERNAME_2: ${{ vars.MONGODB_ATLAS_USERNAME_2 }}
           ACCTEST_PACKAGES: |
             ./internal/service/clouduserorgassignment
+            ./internal/service/clouduserprojectassignment
             ./internal/service/clouduserteamassignment
         run: make testacc
 

@@ -30,6 +30,7 @@ import (
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/apikeyprojectassignment"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/atlasuser"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/clouduserorgassignment"
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/clouduserprojectassignment"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/clouduserteamassignment"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/controlplaneipaddresses"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/databaseuser"
@@ -491,6 +492,7 @@ func (p *MongodbtlasProvider) Resources(context.Context) []func() resource.Resou
 		resourcepolicy.Resource,
 		clouduserorgassignment.Resource,
 		apikeyprojectassignment.Resource,
+		clouduserprojectassignment.Resource,
 		teamprojectassignment.Resource,
 		clouduserteamassignment.Resource,
 		advancedclustertpf.Resource,

@@ -0,0 +1,15 @@
+package clouduserprojectassignment_test
+
+import (
+	"os"
+	"testing"
+
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc"
+)
+
+func TestMain(m *testing.M) {
+	cleanup := acc.SetupSharedResources()
+	exitCode := m.Run()
+	cleanup()
+	os.Exit(exitCode)
+}
@@ -0,0 +1,98 @@
+package clouduserprojectassignment
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion"
+
+	"go.mongodb.org/atlas-sdk/v20250312006/admin"
+)
+
+func NewTFModel(ctx context.Context, projectID string, apiResp *admin.GroupUserResponse) (*TFModel, diag.Diagnostics) {
+	diags := diag.Diagnostics{}
+
+	if apiResp == nil {
+		return nil, diags
+	}
+
+	roles := conversion.TFSetValueOrNull(ctx, &apiResp.Roles, types.StringType)
+
+	return &TFModel{
+		Country:             types.StringPointerValue(apiResp.Country),
+		CreatedAt:           types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.CreatedAt)),
+		FirstName:           types.StringPointerValue(apiResp.FirstName),
+		ProjectId:           types.StringValue(projectID),
+		UserId:              types.StringValue(apiResp.GetId()),
+		InvitationCreatedAt: types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.InvitationCreatedAt)),
+		InvitationExpiresAt: types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.InvitationExpiresAt)),
+		InviterUsername:     types.StringPointerValue(apiResp.InviterUsername),
+		LastAuth:            types.StringPointerValue(conversion.TimePtrToStringPtr(apiResp.LastAuth)),
+		LastName:            types.StringPointerValue(apiResp.LastName),
+		MobileNumber:        types.StringPointerValue(apiResp.MobileNumber),
+		OrgMembershipStatus: types.StringValue(apiResp.GetOrgMembershipStatus()),
+		Roles:               roles,
+		Username:            types.StringValue(apiResp.GetUsername()),
+	}, diags
+}
+
+func NewProjectUserReq(ctx context.Context, plan *TFModel) (*admin.GroupUserRequest, diag.Diagnostics) {
+	roleNames := []string{}
+	if !plan.Roles.IsNull() && !plan.Roles.IsUnknown() {
+		roleNames = conversion.TypesSetToString(ctx, plan.Roles)
+	}
+
+	addProjectUserReq := admin.GroupUserRequest{
+		Username: plan.Username.ValueString(),
+		Roles:    roleNames,
+	}
+	return &addProjectUserReq, nil
+}
+
+func NewAtlasUpdateReq(ctx context.Context, plan *TFModel, currentRoles []string) (addRequests, removeRequests []*admin.AddOrRemoveGroupRole, diags diag.Diagnostics) {
+	var desiredRoles []string
+	if !plan.Roles.IsNull() && !plan.Roles.IsUnknown() {
+		desiredRoles = conversion.TypesSetToString(ctx, plan.Roles)
+	}
+
+	rolesToAdd, rolesToRemove := diffRoles(currentRoles, desiredRoles)
+
+	addRequests = make([]*admin.AddOrRemoveGroupRole, 0, len(rolesToAdd))
+	for _, role := range rolesToAdd {
+		addRequests = append(addRequests, &admin.AddOrRemoveGroupRole{
+			GroupRole: role,
+		})
+	}
+
+	removeRequests = make([]*admin.AddOrRemoveGroupRole, 0, len(rolesToRemove))
+	for _, role := range rolesToRemove {
+		removeRequests = append(removeRequests, &admin.AddOrRemoveGroupRole{
+			GroupRole: role,
+		})
+	}
+
+	return addRequests, removeRequests, nil
+}
+
+func diffRoles(oldRoles, newRoles []string) (toAdd, toRemove []string) {
+	oldRolesMap := make(map[string]bool, len(oldRoles))
+
+	for _, role := range oldRoles {
+		oldRolesMap[role] = true
+	}
+
+	for _, role := range newRoles {
+		if oldRolesMap[role] {
+			delete(oldRolesMap, role)
+		} else {
+			toAdd = append(toAdd, role)
+		}
+	}
+
+	for role := range oldRolesMap {
+		toRemove = append(toRemove, role)
+	}
+
+	return toAdd, toRemove
+}