[Bug]: MongoDB::Atlas::DatabaseUser - drift detection not working - read handler does not return "AWSIAMType" and "Scopes" properties

mongodb / mongodbatlas-cloudformation-resources

MongoDB Atlas CloudFormation Resources: Deploy, update, and manage MongoDB Atlas infrastructure as code through AWS CloudFormation

Apache License 2.0

61 stars 37 forks source link

Is there an existing issue for this?

[X] I have searched the existing issues

CFN Resource version

v2.1.0

CFN Resource Region

eu-central-1

Current Behavior

CFN drift detection detects a drift:

Screenshot from 2024-11-27 13-20-55

The "AWSIAMType" and "Scopes" properties are missing.

The Read handler of the MongoDB::Atlas::DatabaseUser resource does not process the "Scopes" property. In addition, the condition for copying the "AWSIAMType" property seems to be erronous. Why should that property only be copied, if some default value has been set???

    if currentModel.AWSIAMType != nil {
        currentModel.AWSIAMType = databaseUser.AwsIAMType
    }

CFN template to reproduce the issue

{
      "Type": "MongoDB::Atlas::DatabaseUser",
      "Properties": {
        "AWSIAMType": "ROLE",
        "DatabaseName": "$external",
        "ProjectId": "...",
        "Roles": [
          {
            "DatabaseName": "...",
            "RoleName": "read"
          }
        ],
        "Scopes": [
          {
            "Name": "...",
            "Type": "CLUSTER"
          }
        ],
        "Username": "..."
      }

Steps To Reproduce

Deploy DatabaseUser resource in a stack and execute drift detection on that stack.

Code of Conduct

[X] I agree to follow this project's Code of Conduct

Thanks for opening this issue! Please make sure to provide the following information to help us reproduce the issue:

Complete cloud formation template used by the customers
List of Public CFN Resources that are activated in the AWS account with their release version
AWS Region where the CFN stack is running
The policies and service principals of the IAM role that is used to activate the CFN resource and run the CFN template (if any). Note that passing an IAM role to CloudFormation when creating a stack is optional. If you don't supply one, the user permissions are assumed. See the IAM permissions section in the General information guide for more information.

The ticket CLOUDP-287006 was created for internal tracking.

mongodb / mongodbatlas-cloudformation-resources