Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Adds support for skip_default_alerts_settings in mongodbatlas_organization resource & data sources #2933

Open
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

maastha
Copy link
Collaborator

@maastha maastha commented Dec 30, 2024

Description

Adds support for skip_default_alerts_settings in mongodbatlas_organization resource & data sources.

***For implementation details, please refer the doc in the ticket description.

Link to any related issue(s): CLOUDP-282824

Type of change:

  • Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
  • New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR. A migration guide must be created or updated if the new feature will go in a major version.
  • Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR. A migration guide must be created or updated.
  • This change requires a documentation update
  • Documentation fix/enhancement

Required Checklist:

  • I have signed the MongoDB CLA
  • I have read the contributing guides
  • I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
  • I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code
  • If changes include deprecations or removals I have added appropriate changelog entries.
  • If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

@maastha maastha marked this pull request as ready for review December 30, 2024 12:22
@maastha maastha requested review from a team as code owners December 30, 2024 12:22
Copy link
Contributor

github-actions bot commented Dec 30, 2024

APIx bot: a message has been sent to Docs Slack channel

APIx bot: a message has been sent to Docs Slack channel

@maastha maastha marked this pull request as draft December 30, 2024 12:52
@@ -27,6 +27,6 @@ In addition to all arguments above, the following attributes are exported:
* `multi_factor_auth_required` - (Optional) Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
* `restrict_employee_access` - (Optional) Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.
* `gen_ai_features_enabled` - (Optional) Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.

* `skip_default_alerts_settings` - (Optional) Disables automatic alert creation and defaults to `true`. When set to true, no organization level alerts will be created automatically.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `skip_default_alerts_settings` - (Optional) Disables automatic alert creation and defaults to `true`. When set to true, no organization level alerts will be created automatically.
* `skip_default_alerts_settings` - (Optional) Disables automatic alert creation. When set to true, Atlas doesn't automatically create organization-level alerts. Defaults to `true`.

Favor active voice and present tense. Default values generally come after the 'core' description.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@maastha @lmkerbey-mdb Terraform (and other IaCs) are intentionally defaulting to true to avoid drift changes in the customer state configurations (since alerts would be created as a side-effect). Should we add a small note about to explain why we are defaulting to true?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes I think the 'why' would make sense since we diverge from API behavior which clearly states the default value to be false.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated and added a note about we we default to true

@@ -32,5 +32,6 @@ data "mongodbatlas_organizations" "test" {
* `multi_factor_auth_required` - (Optional) Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
* `restrict_employee_access` - (Optional) Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.
* `gen_ai_features_enabled` - (Optional) Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.

* `skip_default_alerts_settings` - (Optional) Disables automatic alert creation and defaults to `true`. When set to true, no organization level alerts will be created automatically.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See above.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@@ -33,6 +33,8 @@ resource "mongodbatlas_organization" "test" {
* `multi_factor_auth_required` - (Optional) Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
* `restrict_employee_access` - (Optional) Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.
* `gen_ai_features_enabled` - (Optional) Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.
* `skip_default_alerts_settings` - (Optional) Disables automatic alert creation and defaults to `true`. When set to true, no organization level alerts will be created automatically.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See above.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@@ -82,6 +82,11 @@ func Resource() *schema.Resource {
Optional: true,
Default: true,
},
"skip_default_alerts_settings": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a way to define the default value here?

I could only find the following in the docs so just wondering if you know:

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://developer.hashicorp.com/terraform/plugin/sdkv2/schemas/schema-behaviors#computed
The above clarifies that default cannot be used with Computed.

The problem is that if backend ever returns a false for an org that may be created with <1.25 (assuming this would be released in 1.25), then:

  • user config will not have this attr specified
  • so TF will try to use the default true value
  • during Read() TF will get false from the backend
  • since we cannot mark the attribute as Computed if it also has Default, TF will plan to change the value to default true resulting in below non-empty plan for orgs created with older versions of our provider:

  ~ update in-place

Terraform will perform the following actions:

  # mongodbatlas_organization.test will be updated in-place
  ~ resource "mongodbatlas_organization" "test" {
        id                           = "b3JnX2lk:Njc3Mjk1Y2Y4ZTMyNWI0MjExOTVjMGJl"
        name                         = "manual-org-renamed-3-def"
      ~ skip_default_alerts_settings = false -> true
        # (10 unchanged attributes hidden)
    }

We may be able to define Default: true here ONLY if it can be guaranteed from the backend for all IaC orgs created with older versions of our provider to return true for this attribute. But we should not go this route because APIx 1 may do a one-time 'backfill' of this attr to true for IaC orgs but it may be possible in the future for users to use lower provider version for some reason and create new orgs. Does that make sense?

@github-actions github-actions bot added the stale label Jan 6, 2025
@github-actions github-actions bot removed the stale label Jan 8, 2025
@maastha maastha marked this pull request as ready for review January 9, 2025 16:14
@mongodb mongodb deleted a comment from github-actions bot Jan 9, 2025
Copy link
Contributor

@davidhou17 davidhou17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants