Unable to import $external auth users

[TheUnixRoot]

I'm upgrading provider in my current infrastructure but I cannot import already defined users as they have an "-" in the name, and they are authenticated against $external database.

But the regex used to split the import ID, is using - and $external is not allowed as a database name: https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/mongodbatlas/resource_mongodbatlas_database_user.go

299 func splitDatabaseUserImportID(id string) (projectID, username, authDatabaseName *string, err error) {
300     var re = regexp.MustCompile(`(?s)^([0-9a-fA-F]{24})-(.*)-([a-z]{1,15})$`)

So this regex should allow the "$external" keyword in the third group for allowing user imports.

Some regex tests:

Current behaviour:

• User is splitted and the rest of the string is used as database name

$terraform import  mongodbatlas_database_user.external "0000aaaa0000aaaa0000aaaa-some_test-user-$external"
Error: couldn't import user(some_test) in project(0000aaaa0000aaaa0000aaaa), error: GET https://cloud.mongodb.com/api/atlas/v1.0/groups/0000aaaa0000aaaa0000aaaa/databaseUsers/user-$external/some_test: 404 (request "Not Found") No user with username some_test exists.

Proposed fix:

• Adding $external literal to the third grup in an OR statement

299 func splitDatabaseUserImportID(id string) (projectID, username, authDatabaseName *string, err error) {
300     var re = regexp.MustCompile(`(?s)^([0-9a-fA-F]{24})-(.*)-([a-z]{1,15}|\$external)$`)

[themantissa]

Thank you @TheUnixRoot for reporting this in. Can you provide what terraform and MongoDB Atlas provider version you are using? Also is the user that the $external is for X.509, AWS IAM, or LDAP? While we have written in X.509 and AWS IAM support but we have not yet done so for LDAP, but it is on our roadmap. Would be good to know which it is.

I'll have our developers take a look at both reported issues: 1) the name containing a - should been corrected by https://github.com/mongodb/terraform-provider-mongodbatlas/pull/214 hence the ask for the version.
2) the $external import should work but since we recently added support may have been left off in the import function. I'll have the developers take a look.

[TheUnixRoot]

Yes, absolutely.

• provider.mongodbatlas = 0.5.1
• I'm importing X.509 users

I'll check with latest version which is released for testing if it fits our modules.

[TheUnixRoot]

Still having same issue.

This is expected as it already exists: $ terraform apply Error: error creating database user: POST https://cloud.mongodb.com/api/atlas/v1.0/groups/0000aaaa0000aaaa0000aaaa/databaseUsers: 409 (request "Conflict") A user with username CN=user,OU=some-ou,O=org already exists.

on .terraform/.../atlas_user.tf line 6, in resource "mongodbatlas_database_user" "external": 6: resource "mongodbatlas_database_user" "external" {

But when I run import command with X.509 certificate issued name, it still throws the format error:

$ terraform import mongodbatlas_database_user.external[\"CN=user,OU=some-ou,O=org\"] "0000aaaa0000aaaa0000aaaa-CN=user,OU=some-ou,O=org-\$external"

Acquiring state lock. This may take a few moments... module.mongodb_atlas.mongodbatlas_database_user.external["CN=user,OU=some-ou,O=org"]: Importing from ID "0000aaaa0000aaaa0000aaaa-CN=user,OU=some-ou,O=org-$external"...

Error: import format error: to import a Database User, use the format {project_id}-{username}-{auth_database_name}

$ terraform providers . ├── provider.azurerm ├── provider.mongodbatlas ├── module.mongodb_atlas │   ├── provider.azurerm ~> 2.18.0 │   └── provider.mongodbatlas = 0.6.3

I tried without the '$' in external and throws a 404, so seems like the $ is the one that makes the regex fail

[themantissa]

@TheUnixRoot I have created an item to investigate this further on our schedule, if more information is needed we'll reach out here. Thank you.

[PacoDw]

Hello, @TheUnixRoot thank you so much for your review and description it was very helpful. I created a PR with the fix 👍 so you can test the branch fix-#285 to validate that it works fine if you want.

Let me know if you have another comment or concern, thanks.

[TheUnixRoot]

Hello @PacoDw I managed to build it locally and I tested the import, it works for my cases.

I'll wait impatiently the new release including your changes 💯

[themantissa]

@TheUnixRoot we are shooting for a release end of Aug, early Sept so hopefully the wait won't be too long! Thank you :)

[themantissa]

@TheUnixRoot we've released a preview version that should allow you to test if this fixes the issue. If you can confirm we'd appreciate it. https://github.com/mongodb/terraform-provider-mongodbatlas/releases/tag/0.6.4

[TheUnixRoot]

It works as expected :)