refactor: Removes deprecation messages for is_slow_operation_threshol…

…ding_enabled and unreachable code (#2922) * refactor: remove deprecations * remove unreachable code * feat: add support for additional MongoDB Atlas public and private keys to use for testing limited access * fix: update MongoDB Atlas key references for QA and DEV environments in acceptance tests * refactor: Renames keys from PUBLIC_KEY2 to PUBLIC_KEY_READ_ONLY
mongodb · Dec 24, 2024 · c2dd5db · c2dd5db
1 parent a3f7e43
commit c2dd5db
Show file tree

Hide file tree

Showing 9 changed files with 92 additions and 14 deletions.
diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml
@@ -103,6 +103,10 @@ on:
         required: true
       mongodb_atlas_private_key:
         required: true
+      mongodb_atlas_public_key_read_only:
+        required: true
+      mongodb_atlas_private_key_read_only:
+        required: true
       ca_cert: 
         required: true
       aws_account_id:
@@ -175,6 +179,8 @@ env:
   MONGODB_ATLAS_ORG_ID: ${{ inputs.mongodb_atlas_org_id }}
   MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.mongodb_atlas_public_key }}
   MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.mongodb_atlas_private_key }}
+  MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY: ${{ secrets.mongodb_atlas_public_key_read_only }}
+  MONGODB_ATLAS_PRIVATE_KEY_READ_ONLY: ${{ secrets.mongodb_atlas_private_key_read_only }}
   MONGODB_ATLAS_GOV_PUBLIC_KEY: ${{ secrets.mongodb_atlas_gov_public_key }}
   MONGODB_ATLAS_GOV_PRIVATE_KEY: ${{ secrets.mongodb_atlas_gov_private_key }}
   MONGODB_ATLAS_GOV_BASE_URL:  ${{ inputs.mongodb_atlas_gov_base_url }}

diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml
@@ -55,7 +55,9 @@ jobs:
     secrets:
       mongodb_atlas_public_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_PUBLIC_KEY_CLOUD_QA || secrets.MONGODB_ATLAS_PUBLIC_KEY_CLOUD_DEV }}
       mongodb_atlas_private_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_PRIVATE_KEY_CLOUD_QA || secrets.MONGODB_ATLAS_PRIVATE_KEY_CLOUD_DEV }}
-      mongodb_atlas_gov_public_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_GOV_PUBLIC_KEY_QA || secrets.MONGODB_ATLAS_GOV_PUBLIC_KEY_DEV }}
+      mongodb_atlas_public_key_read_only: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY_QA || secrets.MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY_DEV }}
+      mongodb_atlas_private_key_read_only: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_PRIVATE_KEY_READ_ONLY_QA || secrets.MONGODB_ATLAS_PRIVATE_KEY_READ_ONLY_DEV }}
+      mongodb_atlas_gov_public_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_GOV_PUBLIC_KEY_QA || secrets.MONGODB_ATLAS_GOV_PUBLIC_KEY_DEV  }}
       mongodb_atlas_gov_private_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_GOV_PRIVATE_KEY_QA || secrets.MONGODB_ATLAS_GOV_PRIVATE_KEY_DEV }}
       mongodb_atlas_rp_public_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_RP_PUBLIC_KEY_QA || secrets.MONGODB_ATLAS_RP_PUBLIC_KEY_DEV }}
       mongodb_atlas_rp_private_key: ${{ inputs.atlas_cloud_env == 'qa' && secrets.MONGODB_ATLAS_RP_PRIVATE_KEY_QA || secrets.MONGODB_ATLAS_RP_PRIVATE_KEY_DEV }}

diff --git a/internal/service/project/data_source_project.go b/internal/service/project/data_source_project.go
@@ -104,8 +104,7 @@ func (d *projectDS) Schema(ctx context.Context, req datasource.SchemaRequest, re
 				Computed: true,
 			},
 			"is_slow_operation_thresholding_enabled": schema.BoolAttribute{
-				Computed:           true,
-				DeprecationMessage: fmt.Sprintf(constant.DeprecationParamByVersion, "1.24.0"),
+				Computed: true,
 			},
 			"region_usage_restrictions": schema.StringAttribute{
 				Computed: true,

diff --git a/internal/service/project/data_source_projects.go b/internal/service/project/data_source_projects.go
@@ -98,8 +98,7 @@ func (d *ProjectsDS) Schema(ctx context.Context, req datasource.SchemaRequest, r
 							Computed: true,
 						},
 						"is_slow_operation_thresholding_enabled": schema.BoolAttribute{
-							Computed:           true,
-							DeprecationMessage: fmt.Sprintf(constant.DeprecationParamByVersion, "1.24.0"),
+							Computed: true,
 						},
 						"region_usage_restrictions": schema.StringAttribute{
 							Computed: true,

diff --git a/internal/service/project/resource_project.go b/internal/service/project/resource_project.go
@@ -420,12 +420,6 @@ func SetSlowOperationThresholding(ctx context.Context, performanceAdvisorAPI adm
 func ReadIsSlowMsThresholdingEnabled(ctx context.Context, api admin.PerformanceAdvisorApi, projectID string, warnings *diag.Diagnostics) (bool, error) {
 	response, err := api.GetManagedSlowMs(ctx, projectID).Execute()
 	if err != nil {
-		if admin.IsErrorCode(err, "USER_UNAUTHORIZED") {
-			if warnings != nil {
-				warnings.AddWarning("user does not have permission to read is_slow_operation_thresholding_enabled. Please read our documentation for more information.", fmt.Sprintf(ErrorProjectRead, projectID, err.Error()))
-			}
-			return false, nil
-		}
 		return false, err
 	}
 	var isEnabled bool

diff --git a/internal/service/project/resource_project_schema.go b/internal/service/project/resource_project_schema.go
@@ -101,9 +101,8 @@ func ResourceSchema(ctx context.Context) schema.Schema {
 				},
 			},
 			"is_slow_operation_thresholding_enabled": schema.BoolAttribute{
-				Computed:           true,
-				Optional:           true,
-				DeprecationMessage: fmt.Sprintf(constant.DeprecationParamByVersion, "1.24.0"),
+				Computed: true,
+				Optional: true,
 				PlanModifiers: []planmodifier.Bool{
 					boolplanmodifier.UseStateForUnknown(),
 				},

diff --git a/internal/service/project/resource_project_test.go b/internal/service/project/resource_project_test.go
@@ -1080,6 +1080,74 @@ func TestAccProject_withTags(t *testing.T) {
 	})
 }
 
+func TestAccProject_slowOperationReadOnly(t *testing.T) {
+	var (
+		orgID                  = os.Getenv("MONGODB_ATLAS_ORG_ID")
+		projectName            = acc.RandomProjectName()
+		config                 = configBasic(orgID, projectName, "", false, nil, conversion.Pointer(false))
+		providerConfigReadOnly = acc.ConfigReadOnlyProvider()
+	)
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckPublicKey2(t) },
+		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
+		CheckDestroy:             acc.CheckDestroyProject,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "is_slow_operation_thresholding_enabled", "false"),
+				),
+			},
+			{
+				PreConfig: func() { changeRoles(t, orgID, projectName, "GROUP_READ_ONLY") },
+				Config:    providerConfigReadOnly + config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "is_slow_operation_thresholding_enabled", "false"),
+				),
+			},
+			// Validate the API Key has a different role
+			{
+				Config:      providerConfigReadOnly + configBasic(orgID, projectName, "", false, nil, conversion.Pointer(true)),
+				ExpectError: regexp.MustCompile("error in project settings update"),
+			},
+			// read back again to ensure no changes, and allow deletion to work
+			{
+				Config: config,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "is_slow_operation_thresholding_enabled", "false"),
+				),
+			},
+		},
+	})
+}
+
+func changeRoles(t *testing.T, orgID, projectName, roleName string) {
+	t.Helper()
+	ctx := context.Background()
+	respProject, _, _ := acc.ConnV2().ProjectsApi.GetProjectByName(ctx, projectName).Execute()
+	projectID := respProject.GetId()
+	if projectID == "" {
+		t.Errorf("PreConfig: error finding project %s", projectName)
+	}
+	api := acc.ConnV2().ProgrammaticAPIKeysApi
+	respList, _, _ := api.ListApiKeys(ctx, orgID).Execute()
+	publicKey := os.Getenv("MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY")
+	keys := respList.GetResults()
+	for _, result := range keys {
+		if result.GetPublicKey() != publicKey {
+			continue
+		}
+		apiKeyID := result.GetId()
+		assignment := admin.UpdateAtlasProjectApiKey{Roles: &[]string{roleName}}
+		_, _, err := api.UpdateApiKeyRoles(ctx, projectID, apiKeyID, &assignment).Execute()
+		if err != nil {
+			t.Errorf("PreConfig: error updating key %s", err)
+		}
+		return
+	}
+	t.Error("PreConfig: key not found")
+}
+
 func createDataFederationLimit(limitName string) admin.DataFederationLimit {
 	return admin.DataFederationLimit{
 		Name: limitName,

diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go
@@ -148,6 +148,13 @@ func PreCheckGovBasic(tb testing.TB) {
 		tb.Fatal("`MONGODB_ATLAS_GOV_BASE_URL`, `MONGODB_ATLAS_GOV_PUBLIC_KEY`, `MONGODB_ATLAS_GOV_PRIVATE_KEY`and `MONGODB_ATLAS_GOV_ORG_ID` must be set for acceptance testing")
 	}
 }
+func PreCheckPublicKey2(tb testing.TB) {
+	tb.Helper()
+	if os.Getenv("MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY") == "" ||
+		os.Getenv("MONGODB_ATLAS_PRIVATE_KEY_READ_ONLY") == "" {
+		tb.Fatal("`MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY`, `MONGODB_ATLAS_PRIVATE_KEY_READ_ONLY` must be set for acceptance testing")
+	}
+}
 
 func PreCheckGPCEnv(tb testing.TB) {
 	tb.Helper()

diff --git a/internal/testutil/acc/provider.go b/internal/testutil/acc/provider.go
@@ -76,6 +76,10 @@ func ConfigGovProvider() string {
 	return configProvider(os.Getenv("MONGODB_ATLAS_GOV_PUBLIC_KEY"), os.Getenv("MONGODB_ATLAS_GOV_PRIVATE_KEY"), os.Getenv("MONGODB_ATLAS_GOV_BASE_URL"))
 }
 
+func ConfigReadOnlyProvider() string {
+	return configProvider(os.Getenv("MONGODB_ATLAS_PUBLIC_KEY_READ_ONLY"), os.Getenv("MONGODB_ATLAS_PRIVATE_KEY_READ_ONLY"), os.Getenv("MONGODB_ATLAS_BASE_URL"))
+}
+
 // configAzapiProvider creates a new azure/azapi provider with credentials explicit in config.
 // This will authorize the provider for a client
 func ConfigAzapiProvider(subscriptionID, clientID, clientSecret, tenantID string) string {