doc: Updates the `examples/mongodbatlas_federated_settings_org_role_m…

…apping` (#2335) * docs: Updates the `examples/mongodbatlas_federated_settings_org_role_mapping` * Add back SAML import and remove identity_provider_id variable * rename readme * Update examples/mongodbatlas_federated_settings_org_role_mapping/README.md Co-authored-by: John Williams <55147273+jwilliams-mongo@users.noreply.github.com> --------- Co-authored-by: John Williams <55147273+jwilliams-mongo@users.noreply.github.com>
mongodb · Jun 7, 2024 · dd63412 · dd63412
1 parent f84b9ee
commit dd63412
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 22 deletions.
diff --git a/...rated_settings_org_role_mapping/Readme.md → ...rated_settings_org_role_mapping/README.md b/...rated_settings_org_role_mapping/Readme.md → ...rated_settings_org_role_mapping/README.md
@@ -7,8 +7,8 @@ This project aims to provide an example of using Okta and MongoDB Atlas together
 
 * Terraform v0.13
 * Okta account 
-* A MongoDB Atlas account 
-
+* A MongoDB Atlas account with an organization configured with [Federated Authentication](https://www.mongodb.com/docs/atlas/security/federated-authentication/#federation-management-console)
+  * Get the `federated_settings_id` from the url, e.g., <https://cloud.mongodb.com/v2#/federation/{federated_settings_id}/overview>
 ```
 Terraform v0.13.0
 + provider registry.terraform.io/terraform-providers/mongodbatlas v1.4.0
@@ -27,33 +27,37 @@ Now create **terraform.tfvars** file with all the variable values and make sure
 Execute the below command and ensure you are happy with the plan.
 
 ``` bash
-$ terraform plan
+terraform plan
 ```
 This project currently does the below deployments:
 
 - MongoDB Atlas Federated Settings Organizational Role Mapping
-- MongoDB Atlas Federated Settings Organizational Identity Provider
+- MongoDB Atlas Federated Settings Organizational Identity Provider SAML
+- MongoDB Atlas Federated Settings Organizational Identity Provider OIDC
 - MongoDB Atlas Federated Settings Organizational configuration
 
 **4\. Execute the Terraform import for 2 resources that do not support create.**
-``` bash
-$ terraform import mongodbatlas_federated_settings_identity_provider.identity_provider  6287a67f7f7f7f7f441c6c-0oad7f7f7f7fk1297
-  terraform import mongodbatlas_federated_settings_org_config.org_connections_import  6287a67f7f7f7f7f441c6c-627a96837f7f7f7f7e306f14
 
+- find `idp_id` of your SAML identity provider in <https://cloud.mongodb.com/v2#/federation/{federation_settings_id}/identityProviders>
+- replace `federation_settings_id`, `idp_id`, and `org_id` and run:
+
+``` bash
+terraform import mongodbatlas_federated_settings_identity_provider.saml_identity_provider {federated_settings_id}-{idp_id}
+terraform import mongodbatlas_federated_settings_org_config.org_connections_import {federated_settings_id}-{org_id}
 ```
 
 **5\. Execute the Terraform apply.**
 
 Now execute the plan to provision the Federated settings resources.
 
 ``` bash
-$ terraform apply
+terraform apply
 ```
 
 **6\. Destroy the resources.**
 
 Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges.
 
 ``` bash
-$ terraform destroy
+terraform destroy
 ```
diff --git a/examples/mongodbatlas_federated_settings_org_role_mapping/main.tf b/examples/mongodbatlas_federated_settings_org_role_mapping/main.tf
@@ -30,12 +30,13 @@ resource "mongodbatlas_federated_settings_org_role_mapping" "org_role_mapping" {
 
 }
 resource "mongodbatlas_federated_settings_org_config" "org_connections_import" {
-  federation_settings_id     = data.mongodbatlas_federated_settings.federated_settings.id
-  org_id                     = var.org_id
-  identity_provider_id       = var.identity_provider_id
-  domain_restriction_enabled = false
-  domain_allow_list          = ["yourdomain.com"]
-  post_auth_role_grants      = ["ORG_MEMBER"]
+  federation_settings_id            = data.mongodbatlas_federated_settings.federated_settings.id
+  org_id                            = var.org_id
+  identity_provider_id              = mongodbatlas_federated_settings_identity_provider.saml_identity_provider.okta_idp_id
+  domain_restriction_enabled        = false
+  domain_allow_list                 = ["yourdomain.com"]
+  post_auth_role_grants             = ["ORG_MEMBER"]
+  data_access_identity_provider_ids = [mongodbatlas_federated_settings_identity_provider.oidc_identity_provider.idp_id]
 }
 
 resource "mongodbatlas_federated_settings_identity_provider" "saml_identity_provider" {

diff --git a/examples/mongodbatlas_federated_settings_org_role_mapping/variables.tf b/examples/mongodbatlas_federated_settings_org_role_mapping/variables.tf
@@ -12,17 +12,11 @@ variable "org_id" {
 }
 variable "group_id" {
   type        = string
-  description = "MongoDB Group ID"
+  description = "MongoDB Group/Project ID"
 }
 
 variable "name" {
   type        = string
   description = "MongoDB Identity Provider Name"
   default     = "mongodb_federation_test"
 }
-
-variable "identity_provider_id" {
-  type        = string
-  description = "MongoDB Identity Provider ID"
-  default     = "5754gdhgd758"
-}