From 758bc525f3190ddc8fa4f6755d27016a8088fcd1 Mon Sep 17 00:00:00 2001 From: Andrea Angiolillo Date: Fri, 28 Jul 2023 10:46:06 +0200 Subject: [PATCH] INTMDB-545: Update CloudProviderAccessService to support azure (#508) --- mongodbatlas/cloud_provider_access.go | 15 +++++---------- mongodbatlas/cloud_provider_access_test.go | 6 +++--- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/mongodbatlas/cloud_provider_access.go b/mongodbatlas/cloud_provider_access.go index d0ce9266..85cedac3 100644 --- a/mongodbatlas/cloud_provider_access.go +++ b/mongodbatlas/cloud_provider_access.go @@ -29,7 +29,7 @@ type CloudProviderAccessService interface { ListRoles(context.Context, string) (*CloudProviderAccessRoles, *Response, error) GetRole(context.Context, string, string) (*CloudProviderAccessRole, *Response, error) CreateRole(context.Context, string, *CloudProviderAccessRoleRequest) (*CloudProviderAccessRole, *Response, error) - AuthorizeRole(context.Context, string, string, *CloudProviderAuthorizationRequest) (*CloudProviderAccessRole, *Response, error) + AuthorizeRole(context.Context, string, string, *CloudProviderAccessRoleRequest) (*CloudProviderAccessRole, *Response, error) DeauthorizeRole(context.Context, *CloudProviderDeauthorizationRequest) (*Response, error) } @@ -40,7 +40,8 @@ var _ CloudProviderAccessService = &CloudProviderAccessServiceOp{} // CloudProviderAccessRoles an array of awsIamRoles objects. type CloudProviderAccessRoles struct { - AWSIAMRoles []CloudProviderAccessRole `json:"awsIamRoles,omitempty"` // Unique identifier of AWS security group in this access list entry. + AWSIAMRoles []CloudProviderAccessRole `json:"awsIamRoles,omitempty"` // Unique identifier of AWS security group in this access list entry. + AzureServicePrincipals []CloudProviderAccessRole `json:"azureServicePrincipals,omitempty"` // Unique identifier of Azure security group in this access list entry. } // CloudProviderAccessRole is the response from the CloudProviderAccessService.ListRoles. @@ -69,19 +70,13 @@ type FeatureUsage struct { // CloudProviderAccessRoleRequest represent a new role creation. type CloudProviderAccessRoleRequest struct { ProviderName string `json:"providerName"` // Human-readable label that identifies the cloud provider of the role. - IamAssumedRoleArn *string `json:"iamAssumedRoleArn,omitempty"` // Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account. + IAMAssumedRoleARN *string `json:"iamAssumedRoleArn,omitempty"` // Amazon Resource Name (ARN) that identifies the Amazon Web Services (AWS) Identity and Access Management (IAM) role that MongoDB Cloud assumes when it accesses resources in your AWS account. AtlasAzureAppID *string `json:"atlasAzureAppId,omitempty"` // Date and time when this Azure Service Principal was last updated. This parameter expresses its value in the ISO 8601 timestamp format in UTC. AzureServicePrincipalID *string `json:"servicePrincipalId,omitempty"` // Unique AzureID of this role. AzureTenantID *string `json:"tenantId,omitempty"` // UUID String that identifies the Azure Active Directory Tenant AzureID. } -// CloudProviderAuthorizationRequest represents an authorization request. -type CloudProviderAuthorizationRequest struct { - ProviderName string `json:"providerName"` - IAMAssumedRoleARN string `json:"iamAssumedRoleArn"` -} - // CloudProviderDeauthorizationRequest represents a request to remove authorization. type CloudProviderDeauthorizationRequest struct { ProviderName string @@ -164,7 +159,7 @@ func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID s // AuthorizeRole authorizes and configure an AWS Assumed IAM role. // // See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/authorizeCloudProviderAccessRole -func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAuthorizationRequest) (*CloudProviderAccessRole, *Response, error) { +func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAccessRoleRequest) (*CloudProviderAccessRole, *Response, error) { if roleID == "" { return nil, nil, NewArgError("roleID", "must be set") } diff --git a/mongodbatlas/cloud_provider_access_test.go b/mongodbatlas/cloud_provider_access_test.go index 1d90df38..faacb8c7 100644 --- a/mongodbatlas/cloud_provider_access_test.go +++ b/mongodbatlas/cloud_provider_access_test.go @@ -220,7 +220,7 @@ func TestCloudProviderAccessServiceOp_CreateRoleAWS(t *testing.T) { createRequest := &CloudProviderAccessRoleRequest{ ProviderName: "AWS", - IamAssumedRoleArn: pointer("test"), + IAMAssumedRoleARN: pointer("test"), } mux.HandleFunc("/api/atlas/v1.0/groups/1/cloudProviderAccess", func(w http.ResponseWriter, r *http.Request) { @@ -278,9 +278,9 @@ func TestCloudProviderAccessServiceOp_AuthorizeRole(t *testing.T) { roleID := "5f232b94af0a6b41747bcc2d" - request := &CloudProviderAuthorizationRequest{ + request := &CloudProviderAccessRoleRequest{ ProviderName: "AWS", - IAMAssumedRoleARN: "arn:aws:iam::772401394250:role/test-user-role", + IAMAssumedRoleARN: pointer("arn:aws:iam::772401394250:role/test-user-role"), } mux.HandleFunc(fmt.Sprintf("/api/atlas/v1.0/groups/1/cloudProviderAccess/%s", roleID), func(w http.ResponseWriter, r *http.Request) {