chore: Adjust SA environment variables #3770
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…, environment variables and AWS Secrets Manager (#3700) * implement service account as credentials * env variables support * aws secret support * changed condition of warning of missing credentials * changelog * change factory * Revert "change factory" This reverts commit 40e19ae. * refactor * don't fail when no valid auth method * try: fix data race failure * Revert "try: fix data race failure" This reverts commit 9c59355. * prevent data races in HTTP client mocking for OAuth2 authentication * skip reset * add test * run test in CI * fix * matrix remove * Revert "matrix remove" This reverts commit 9d901bf. * Revert "fix" This reverts commit d2fa94b. * execute only relevant test * remove increased timeout * Apply suggestions from code review Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> * use enum instead of string * pr suggestions * pr comments doc * remove matrix * use credential provider in auth helper methods * error instead of warning when no credetials are set * typo * set env vars * unit test only --------- Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com>
* master: chore: Updates CHANGELOG.md for #3701 doc: Improve documentation about advanced cluster plan verbosity (#3701) chore: Updates CHANGELOG.md for #3680 feat: Support OIDC configs in mongodbatlas_stream_connection (#3680) chore: Updates repository to use supported Terraform versions (#3699) chore: Remove `advancedcluster` folder (#3698) # Conflicts: # .github/workflows/acceptance-tests-runner.yml
* master: remove Terraform files for each example (#3713)
…ronment variables and AWS Secrets Manager (#3716) * support JWT token as authentication credentials * changelog * Update internal/testutil/acc/pre_check.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * token has priority over SA and PAK * rename methods * mention SA in changelog --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* master: (29 commits) build(deps): bump go.mongodb.org/atlas-sdk (#3704) chore: Bring SA dev branch non-production changes to master (#3733) chore: Add generation of `org_service_account_api` resource (#3726) chore: Update SSDLC report for v1.41.1 chore: Updates CHANGELOG.md header for v1.41.1 release chore: Update example links in registry docs for v1.41.1 release chore: Supports backport releases for v1.x (#3732) chore: Bump github.com/hashicorp/terraform-json from 0.27.1 to 0.27.2 (#3729) chore: Bump github.com/hashicorp/terraform-exec from 0.23.1 to 0.24.0 (#3728) uset ListOrgs in getKeyDetails (#3723) chore: Bump github.com/hashicorp/terraform-plugin-framework-timeouts (#3706) chore: Bump github.com/hashicorp/terraform-plugin-mux (#3707) chore: Updates CHANGELOG.md for #3725 fix: Supporting `advanced_cluster` upgrade to dedicated with NMVe instance (#3725) test: Fixes TestAccAdvancedCluster_updateDeleteTimeoutFlex test (#3730) chore: Update SSDLC report for v2.0.1 chore: Updates CHANGELOG.md header for v2.0.1 release chore: Update example links in registry docs for v2.0.1 release doc: Restores migration guide to transition out of Serverless (#3724) chore: Bump github.com/hashicorp/terraform-plugin-sdk/v2 (#3710) ... # Conflicts: # .github/workflows/acceptance-tests-runner.yml # .github/workflows/acceptance-tests.yml # internal/testutil/acc/pre_check.go
…ce-accounts-dev
* master: chore: Remove all attributes in assume_role except role_arn (#3745) # Conflicts: # internal/config/client.go
…ce-accounts-dev
…ce-accounts-dev
* remove Atlas version 20240805 * remove admin20240530 version from resources except cluster * NormalizeBaseURL
* master: chore: Allow SA for mongodbatlas_roles_org_id datasource (#3764) doc: Fixes path for collection attributes in cluster docs (#3739) build(deps): bump go.mongodb.org/atlas-sdk (#3750) doc: Add FLEX value under provider_name in advanced_cluster docs (#3763) chore: Add codegen intermediate model serialization (#3756) chore: Bump github.com/hashicorp/terraform-plugin-framework-validators (#3761) chore: Bump softprops/action-gh-release from 2.3.3 to 2.4.0 (#3759) chore: Bump actions/stale from 10.0.0 to 10.1.0 (#3758) chore: Bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 (#3760) chore: Bump github.com/hashicorp/terraform-plugin-framework (#3762) include acceptance tests for org service account resource (#3755) chore: Add project_settings_api acceptance tests (#3751) chore: Add create only plan modifier for non-updateable attributes in autogenerated resources (#3747) # Conflicts: # go.mod # internal/service/advancedcluster/common.go # internal/service/advancedcluster/common_model_sdk_version_conversion.go # internal/service/advancedcluster/common_model_sdk_version_conversion_test.go # internal/service/advancedcluster/resource_test.go
…ce-accounts-dev
There was a problem hiding this comment.
Pull Request Overview
This PR adds Service Account authentication support to the Terraform provider, enabling authentication via OAuth Client ID/Secret and Access Tokens. It also refactors the credential source selection to enforce a strict hierarchy (AWS Secrets Manager → provider vars → environment variables).
- Adds Service Account authentication with Client ID/Secret and Access Token support
- Refactors configuration system to use modular credential handling
- Updates the provider to prioritize different authentication methods properly
Reviewed Changes
Copilot reviewed 30 out of 31 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/config/service_account.go | Implements Service Account OAuth token source management |
| internal/config/credentials.go | Adds credential hierarchy and authentication method detection |
| internal/config/client.go | Refactors client creation to support multiple authentication methods |
| internal/provider/provider.go | Updates TPF provider to use new credential system |
| internal/provider/provider_sdk2.go | Updates SDK v2 provider to use new credential system |
| internal/provider/aws_credentials.go | Simplifies AWS credential handling |
| internal/testutil/acc/pre_check.go | Updates environment variable name for access token validation |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| IsDelete: true, | ||
| }, "waiting for cluster to be deleted after cleanup in create timeout", diags) | ||
| time.Sleep(1 * time.Minute) // decrease the chance of `CONTAINER_WAITING_FOR_FAST_RECORD_CLEAN_UP`: "A transient error occurred. Please try again in a minute or use a different name" | ||
| time.Sleep(2 * time.Minute) // decrease the chance of `CONTAINER_WAITING_FOR_FAST_RECORD_CLEAN_UP`: "A transient error occurred. Please try again in a minute or use a different name" |
There was a problem hiding this comment.
[nitpick] The sleep duration has been doubled from 1 to 2 minutes. Consider if this change is necessary or if there's a better way to handle the race condition without increasing test execution time.
Suggested change
| time.Sleep(2 * time.Minute) // decrease the chance of `CONTAINER_WAITING_FOR_FAST_RECORD_CLEAN_UP`: "A transient error occurred. Please try again in a minute or use a different name" | |
| // Poll for up to 2 minutes to ensure the cluster is fully deleted and avoid transient errors. | |
| const pollInterval = 5 * time.Second | |
| const pollTimeout = 2 * time.Minute | |
| deadline := time.Now().Add(pollTimeout) | |
| for time.Now().Before(deadline) { | |
| clusterResp, _ := advancedcluster.GetClusterDetails(t.Context(), diags, projectID, clusterName, acc.MongoDBClient, false) | |
| if clusterResp == nil { | |
| // Cluster is deleted, exit early. | |
| return | |
| } | |
| time.Sleep(pollInterval) | |
| } | |
| t.Fatalf("cluster %s was not fully deleted after waiting %v", clusterName, pollTimeout) |
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: configAzure(&clusterInfo, &admin20240530.DiskBackupApiPolicyItem{ | ||
| Config: configAzure(&clusterInfo, &admin.BackupComplianceOnDemandPolicyItem{ |
There was a problem hiding this comment.
The type name has changed from DiskBackupApiPolicyItem to BackupComplianceOnDemandPolicyItem. Ensure this type change is intentional and matches the expected API contract.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adjust SA environment variables
Link to any related issue(s): CLOUDP-350205
Type of change:
Required Checklist:
Further comments