mongodbatlas federated_settings_org_role_mapping does not validate role names of role assignments

[sonlir]

terraform_version: 1.2.5

Terraform Configuration File

terraform {
  required_version = ">= 1.2.0"

  required_providers {
    mongodbatlas = {
      source  = "mongodb/mongodbatlas"
      version = "1.5.0"
    }
  }
}

Steps to Reproduce

Add to code role_assignments for mongodbatlas federated_settings_org_role_mapping with non-existent role like

  role_assignments {
    org_id = local.mongo_rtp_org_id
    roles  = ["GROUP_DATA_ACCESS_READ"]
  }

Run:

terraform plan
terraform apply

Expected Behavior

The Terraform plan returns an error that roles named GROUP_DATA_ACCESS_READ do not exist. The Terraform apply returns an error that roles named GROUP_DATA_ACCESS_READ do not exist.

Actual Behavior

The Terraform plan is successfully completed. The Terraform apply returns unexpected errors

Crash Output

│ Error: error updating federation settings connected organization (): PUT https://cloud.mongodb.com/api/atlas/v1.0/federationSettings//connectedOrgConfigs//roleMappings/: 500 (request "UNEXPECTED_ERROR") Unexpected error.

Additional Context

This behavior complicates the troubleshooting process.

[Zuhairahmed]

Thanks @sonlir . This is a feature improvement request, but I think a good one. Added to our product roadmap (internal tracking INTMDB-483), but given competing priorities will likely take us a few months to update. If easier, feel free to create PR directly and happy to have team review sooner.

[Zuhairahmed]

(update 1/3/23): created internal ticket to first build out a new Atlas Admin API endpoint that would allow us to programmatically validate Atlas Roles (PRODTRIAGE-3609). Once we have this we can then appropriately address this issue raised while avoiding Hardcoding specific roles validations since these are regularly added, edited, deleted.