How do I create Organization API Key with Organization Billing Admin permission and Project Read Only for projects

[shirakiya]

Until 1.10.0, I create an organization API key using mongodbatlas_api_key and api_keys parameter of mongodbatlas_project to get the organization API key with "Organization Billing Admin" permission and "Project Read Only" permission for multiple projects as following.

resource "mongodbatlas_api_key" "test" {
  org_id     = "<ORG ID>"
  role_names = ["ORG_BILLING_ADMIN"]
}

resource "mongodbatlas_project" "test1" {
  name   = "project-1"
  org_id = "<ORG ID>"

  api_keys {
    api_key_id = mongodbatlas_api_key.test.api_key_id
    role_names = ["GROUP_READ_ONLY"]
  }
}

resource "mongodbatlas_project" "test2" {
  name   = "project-2"
  org_id = "<ORG ID>"

  api_keys {
    api_key_id = mongodbatlas_api_key.test.api_key_id
    role_names = ["GROUP_READ_ONLY"]
  }
}

In the mongodbatlas provider 1.10.0, api_keys of mongodbatlas_project is deprecated, and mongodbatlas_project_api_key comes. I'm sure mongodbatlas_project_api_key and its project_assignment cannot create such API key. How do I create it after 1.10.0?

Terraform CLI and Terraform MongoDB Atlas Provider Version

/opt/terraform # terraform providers

Providers required by configuration:
.
└── provider[registry.terraform.io/mongodb/mongodbatlas] 1.10.0

Terraform Configuration File

# Copy-paste your configuration info here

Steps to Reproduce

Expected Behavior

Actual Behavior

Debug Output

Crash Output

Additional Context

References

[github-actions]

Thanks for opening this issue. The ticket INTMDB-898 was created for internal tracking.

[colm-quinn]

Hi, as part of 1.10.0, we've consolidated management of Programmatic API keys in the mongodbatlas_poroject_api_key resource. See https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/Programmatic-API-Key-upgrade-guide-1.10.0 for an upgrade guide for how to move from existing projects that were managing api keys via mongodbatlas_project

In addition, we have a number of examples in https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/atlas-api-key - feel free to reach out if there's a particular example or clarifiication thats needed here.

[shirakiya]

Thanks for your advice. I understand the process of migrating existing API key based on the suggested document.
However, how do I create a new API key with Organization Billing Admin permission and Project Read Only for projects?

[Lord-Y]

We have the same issue. project_assignment is not know by terraform so it's not working. That's really a blocking point guys.

[colm-quinn]

Thanks for the additional context. We're currently investigating & looking into a fix here. Please follow the linked ticket for more details.

[Zuhairahmed]

shirakiya just as an update this is on our roadmap, but still several quarters away. will leave this github issue open in the interim. internal tracking ticket CLOUDP-192770

[Zuhairahmed]

Issue has since been resolved CLOUDP-192770! closing this issue and feel free to open new ticket in case you need anything else. thank you

[AgustinBettati]

Updating this issue as it is still relevant. For context this issue did have a PR that was merged #1369 but then reverted #1416 due to a limitation encountered at that time.

We currently have the following internal ticket CLOUDP-215112 (alias to INTMDB-898) to track work related to this limitation.