search

mongodb / terraform-provider-mongodbatlas

Terraform MongoDB Atlas Provider: Deploy, update, and manage MongoDB Atlas infrastructure as code through HashiCorp Terraform
https://registry.terraform.io/providers/mongodb/mongodbatlas
Mozilla Public License 2.0
242 stars 168 forks source link

mongodbatlas_database_user cannot handle mongodbatlas_custom_db_role #853

Closed bulowaty closed 2 years ago

bulowaty commented 2 years ago

Hello, first of all I would like to let you know that I checked the issue history (opened or not) and there were no answer for this problem. Delaying the process of user creation is not solving that problem so I think it needs to be reviewed deeper. I hope that this issue can be resolved with your help and if you need something else info do not hesitate to ask :)

Additionally if this feature would start to work, can I ask for add an example for mongodbatlas_database_user with custom role assignation? Thanks in advance for your time.

Terraform CLI and Terraform MongoDB Atlas Provider Version

Terraform v1.2.9
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v4.37.0
+ provider registry.terraform.io/hashicorp/google-beta v4.37.0
+ provider registry.terraform.io/mongodb/mongodbatlas v1.4.6

Terraform Configuration File

resource "mongodbatlas_custom_db_role" "creator" {
 project_id = mongodbatlas_project.mongo-project.id
 role_name = "creatorRole"

 actions {
  action = "INSERT"
  resources {
   collection_name = ""
   database_name = "anyDatabase"
  }
 }
 actions {
  action = "UPDATE"
  resources {
   collection_name = ""
   database_name = "anyDatabase"
  }
 }
 actions {
  action = "CREATE_COLLECTION"
  resources {
   collection_name = ""
   database_name = "anyDatabase"
  }
 }
 actions {
  action = "CREATE_INDEX"
  resources {
   collection_name = ""
   database_name = "anyDatabase"
  }
 }
}

resource "mongodbatlas_database_user" "protagonist" {
  username           = "protagonistUser"
  password           = "SomeRandomPasswordHere1"
  project_id         = mongodbatlas_project.mongo-project.id
  auth_database_name = "admin"

# all of mentiones role_name options are returning that they are not supported
  roles {
    role_name     = "creatorRole"
   #role_name    = mongodbatlas_custom_db_role.creator.role_name 
   #role_name    = "${mongodbatlas_custom_db_role.creator.role_name}"
    database_name = "anyDatabase"
  }
  depends_on = [mongodbatlas_custom_db_role.creator]  #it doesn't matter if that dependency exist or not
}

Expected Behavior

The user should be created with assigned custom role.

Actual Behavior

The custom database roles have been created correctly but there is no possibility to use them image

Error: error creating database user: POST https://cloud.mongodb.com/api/atlas/v1.0/groups/632c13e281d54d4af8ec56a9/databaseUsers: 400 (request "UNSUPPORTED_ROLE") The provided role is not supported.
│
│   with mongodbatlas_database_user.protagonist,
│   on main.tf line 23, in resource "mongodbatlas_database_user" "protagonist":
│   23: resource "mongodbatlas_database_user" "protagonist" {
│

Additional Context

References

https://github.com/mongodb/terraform-provider-mongodbatlas/issues/273 https://github.com/mongodb/terraform-provider-mongodbatlas/issues/728

bulowaty commented 2 years ago 
resource "mongodbatlas_database_user" "protagonist" {
  username           = "protagonistUser"
  password           = "SomeRandomPasswordHere1"
  project_id         = mongodbatlas_project.mongo-project.id
  auth_database_name = "admin"

  roles {
    role_name     = "creatorRole"
    database_name = "admin" #all the things related with user should be declared in 'admin' database
  }
}

This one solved my issue. I think that it's worth to add it to documentation as example :)