feat: Adds support for empty collection and DatabaseName for CustomDBRole (#1341)

Author: EspenAlbert

cfn-resources/custom-db-role/cmd/resource/config.go

@@ -249,11 +249,11 @@ func (r Resource) toAtlasResource() admin.DatabasePermittedNamespaceResource {
 	out := admin.DatabasePermittedNamespaceResource{
 		Cluster: false,
 	}
-	if util.IsStringPresent(r.Collection) {
+	if r.Collection != nil {
 		out.Collection = *r.Collection
 	}
 
-	if util.IsStringPresent(r.DB) {
+	if r.DB != nil {
 		out.Db = *r.DB
 	}
 

cfn-resources/custom-db-role/cmd/resource/resource.go

@@ -28,7 +28,7 @@ To declare this entity in your AWS CloudFormation template, use the following sy
 
 #### Collection
 
-Human-readable label that identifies the collection on which you grant the action to one MongoDB user. If you don't set this parameter, you grant the action to all collections in the database specified in the actions.resources.db parameter. If you set "actions.resources.cluster" : true, MongoDB Cloud ignores this parameter.
+Human-readable label that identifies the collection on which you grant the action to one MongoDB user. If you don't set this parameter, you grant the action to all collections in the database specified in the actions.resources.db parameter. If you set "actions.resources.cluster" : true, MongoDB Cloud ignores this parameter. Use the empty string ("") to allow an action on all collections.
 
 _Required_: No
 
@@ -38,7 +38,7 @@ _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormati
 
 #### DB
 
-Human-readable label that identifies the database on which you grant the action to one MongoDB user. If you set "actions.resources.cluster" : true, MongoDB Cloud ignores this parameter.
+Human-readable label that identifies the database on which you grant the action to one MongoDB user. If you set "actions.resources.cluster" : true, MongoDB Cloud ignores this parameter. Use the empty string ("") to allow an action on all databases.
 
 _Required_: No
 

cfn-resources/custom-db-role/docs/resource.md

@@ -20,11 +20,11 @@
       "properties": {
         "Collection": {
           "type": "string",
-          "description": "Human-readable label that identifies the collection on which you grant the action to one MongoDB user. If you don't set this parameter, you grant the action to all collections in the database specified in the actions.resources.db parameter. If you set \"actions.resources.cluster\" : true, MongoDB Cloud ignores this parameter."
+          "description": "Human-readable label that identifies the collection on which you grant the action to one MongoDB user. If you don't set this parameter, you grant the action to all collections in the database specified in the actions.resources.db parameter. If you set \"actions.resources.cluster\" : true, MongoDB Cloud ignores this parameter. Use the empty string (\"\") to allow an action on all collections."
         },
         "DB": {
           "type": "string",
-          "description": "Human-readable label that identifies the database on which you grant the action to one MongoDB user. If you set \"actions.resources.cluster\" : true, MongoDB Cloud ignores this parameter."
+          "description": "Human-readable label that identifies the database on which you grant the action to one MongoDB user. If you set \"actions.resources.cluster\" : true, MongoDB Cloud ignores this parameter. Use the empty string (\"\") to allow an action on all databases."
         },
         "Cluster": {
           "type": "boolean",

cfn-resources/custom-db-role/mongodb-atlas-customdbrole.json

@@ -19,6 +19,7 @@ rm -rf inputs
 mkdir inputs
 
 projectName="${1}"
+MONGODB_ATLAS_PROFILE=${MONGODB_ATLAS_PROFILE:-"default"}
 projectId=$(atlas projects list --output json | jq --arg NAME "${projectName}" -r '.results[] | select(.name==$NAME) | .id')
 if [ -z "$projectId" ]; then
 	projectId=$(atlas projects create "${projectName}" --output=json | jq -r '.id')
@@ -30,10 +31,12 @@ fi
 
 echo "Created project \"${projectName}\" with id: ${projectId}"
 
-jq --arg projectId "$projectId" \
-	'.ProjectId?|=$projectId ' \
-	"$(dirname "$0")/inputs_1_create.template.json" >"inputs/inputs_1_create.json"
-
-jq --arg projectId "$projectId" \
-	'.ProjectId?|=$projectId ' \
-	"$(dirname "$0")/inputs_1_update.template.json" >"inputs/inputs_1_update.json"
+cd "$(dirname "$0")" || exit
+WORDTOREMOVE="template."
+for inputFile in inputs_*; do
+	outputFile=${inputFile//$WORDTOREMOVE/}
+	jq --arg ProjectId "$projectId" --arg Profile "${MONGODB_ATLAS_PROFILE}" \
+		'.ProjectId?|=$ProjectId | .Profile?|=$Profile' \
+		"$inputFile" >"../inputs/$outputFile"
+done
+cd ..

cfn-resources/custom-db-role/test/cfn-test-create-inputs.sh

@@ -1,5 +1,5 @@
 {
-  "ProjectId": "",
+  "ProjectId": "${MONGODB_ATLAS_PROJECT_ID}",
   "Actions": [
     {
       "Action": "FIND",
@@ -12,5 +12,5 @@
     }
   ],
   "RoleName": "testcreate",
-  "Profile": "default"
+  "Profile": "${MONGODB_ATLAS_PROFILE}"
 }

cfn-resources/custom-db-role/test/inputs_1_create.template.json

@@ -1,5 +1,5 @@
 {
-  "ProjectId": "",
+  "ProjectId": "${MONGODB_ATLAS_PROJECT_ID}",
   "Actions": [
     {
       "Action": "FIND",
@@ -9,8 +9,17 @@
           "DB": "sample_airbnb"
         }
       ]
+    },
+    {
+      "Action": "INSERT",
+      "Resources": [
+        {
+          "Collection": "listingsAndReviews",
+          "DB": "sample_airbnb"
+        }
+      ]
     }
   ],
   "RoleName": "testcreate",
-  "Profile": "default"
+  "Profile": "${MONGODB_ATLAS_PROFILE}"
 }

cfn-resources/custom-db-role/test/inputs_1_update.template.json

@@ -0,0 +1,16 @@
+{
+  "ProjectId": "${MONGODB_ATLAS_PROJECT_ID}",
+  "Actions": [
+    {
+      "Action": "FIND",
+      "Resources": [
+        {
+          "Collection": "",
+          "DB": ""
+        }
+      ]
+    }
+  ],
+  "RoleName": "testcreate-cfn-empty-db",
+  "Profile": "${MONGODB_ATLAS_PROFILE}"
+}

cfn-resources/custom-db-role/test/inputs_2_create.template.json

@@ -0,0 +1,16 @@
+{
+  "ProjectId": "${MONGODB_ATLAS_PROJECT_ID}",
+  "Actions": [
+    {
+      "Action": "INSERT",
+      "Resources": [
+        {
+          "Collection": "",
+          "DB": ""
+        }
+      ]
+    }
+  ],
+  "RoleName": "testcreate-cfn-empty-db",
+  "Profile": "${MONGODB_ATLAS_PROFILE}"
+}