INTMDB-137: Add Get Role to CloudProviderAccessService (#498)

andreaangiolillo · web-flow · commit 33190b59256e · 2023-06-16T11:25:11.000+01:00
diff --git a/mongodbatlas/cloud_provider_access.go b/mongodbatlas/cloud_provider_access.go
@@ -24,9 +24,10 @@ const cloudProviderAccessPath = "api/atlas/v1.0/groups/%s/cloudProviderAccess"
 
 // CloudProviderAccessService provides access to the cloud provider access functions in the Atlas API.
 //
-// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access/
+// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access
 type CloudProviderAccessService interface {
 	ListRoles(context.Context, string) (*CloudProviderAccessRoles, *Response, error)
+	GetRole(context.Context, string, string) (*CloudProviderAccessRoles, *Response, error)
 	CreateRole(context.Context, string, *CloudProviderAccessRoleRequest) (*AWSIAMRole, *Response, error)
 	AuthorizeRole(context.Context, string, string, *CloudProviderAuthorizationRequest) (*AWSIAMRole, *Response, error)
 	DeauthorizeRole(context.Context, *CloudProviderDeauthorizationRequest) (*Response, error)
@@ -78,9 +79,37 @@ type CloudProviderDeauthorizationRequest struct {
 	RoleID       string
 }
 
-// ListRoles retrieve existing AWS IAM roles.
+// GetRole Returns the Amazon Web Services (AWS) Identity and Access Management (IAM) role
+// with the specified id and with access to the specified project.
 //
-// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-get-roles/
+// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/getCloudProviderAccessRole
+func (s *CloudProviderAccessServiceOp) GetRole(ctx context.Context, groupID, roleID string) (*CloudProviderAccessRoles, *Response, error) {
+	if groupID == "" {
+		return nil, nil, NewArgError("groupId", "must be set")
+	}
+	if roleID == "" {
+		return nil, nil, NewArgError("roleID", "must be set")
+	}
+
+	basePath := fmt.Sprintf(cloudProviderAccessPath, groupID)
+	path := fmt.Sprintf("%s/%s", basePath, roleID)
+	req, err := s.Client.NewRequest(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	root := new(CloudProviderAccessRoles)
+	resp, err := s.Client.Do(ctx, req, root)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return root, resp, nil
+}
+
+// ListRoles retrieves existing AWS IAM roles.
+//
+// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/listCloudProviderAccessRoles
 func (s *CloudProviderAccessServiceOp) ListRoles(ctx context.Context, groupID string) (*CloudProviderAccessRoles, *Response, error) {
 	path := fmt.Sprintf(cloudProviderAccessPath, groupID)
 
@@ -100,7 +129,7 @@ func (s *CloudProviderAccessServiceOp) ListRoles(ctx context.Context, groupID st
 
 // CreateRole creates an AWS IAM role.
 //
-// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-create-one-role/
+// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/createCloudProviderAccessRole
 func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID string, request *CloudProviderAccessRoleRequest) (*AWSIAMRole, *Response, error) {
 	if request == nil {
 		return nil, nil, NewArgError("request", "must be set")
@@ -124,7 +153,7 @@ func (s *CloudProviderAccessServiceOp) CreateRole(ctx context.Context, groupID s
 
 // AuthorizeRole authorizes and configure an AWS Assumed IAM role.
 //
-// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-authorize-one-role/
+// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/authorizeCloudProviderAccessRole
 func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupID, roleID string, request *CloudProviderAuthorizationRequest) (*AWSIAMRole, *Response, error) {
 	if roleID == "" {
 		return nil, nil, NewArgError("roleID", "must be set")
@@ -153,7 +182,7 @@ func (s *CloudProviderAccessServiceOp) AuthorizeRole(ctx context.Context, groupI
 
 // DeauthorizeRole deauthorizes an AWS Assumed IAM role.
 //
-// See more: https://docs.atlas.mongodb.com/reference/api/cloud-provider-access-deauthorize-one-role/
+// See more: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Cloud-Provider-Access/operation/deauthorizeCloudProviderAccessRole
 func (s *CloudProviderAccessServiceOp) DeauthorizeRole(ctx context.Context, request *CloudProviderDeauthorizationRequest) (*Response, error) {
 	if request.RoleID == "" {
 		return nil, NewArgError("roleID", "must be set")
diff --git a/mongodbatlas/cloud_provider_access_test.go b/mongodbatlas/cloud_provider_access_test.go
@@ -67,6 +67,50 @@ func TestCloudProviderAccessServiceOp_ListRoles(t *testing.T) {
 	}
 }
 
+func TestCloudProviderAccessServiceOp_GetRole(t *testing.T) {
+	client, mux, teardown := setup()
+	defer teardown()
+	roleID := "1"
+	mux.HandleFunc(fmt.Sprintf("/api/atlas/v1.0/groups/1/cloudProviderAccess/%s", roleID), func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodGet)
+		fmt.Fprint(w, `{
+		  "awsIamRoles": [{
+			"atlasAWSAccountArn": "arn:aws:iam::123456789012:root",
+			"atlasAssumedRoleExternalId": "3192be49-6e76-4b7d-a7b8-b486a8fc4483",
+			"authorizedDate": "2020-08-03T20:42:49Z",
+			"createdDate": "2020-07-30T20:20:36Z",
+			"featureUsages": [],
+			"iamAssumedRoleArn": "arn:aws:iam::772401394250:role/my-test-aws-role",
+			"providerName": "AWS",
+			"roleId": "5f232b94af0a6b41747bcc2d"
+		  }]
+		}`)
+	})
+
+	roles, _, err := client.CloudProviderAccess.GetRole(ctx, groupID, roleID)
+	if err != nil {
+		t.Fatalf("CloudProviderAccess.GetRole returned error: %v", err)
+	}
+
+	expected := &CloudProviderAccessRoles{
+		AWSIAMRoles: []AWSIAMRole{
+			{
+				AtlasAWSAccountARN:         "arn:aws:iam::123456789012:root",
+				AtlasAssumedRoleExternalID: "3192be49-6e76-4b7d-a7b8-b486a8fc4483",
+				AuthorizedDate:             "2020-08-03T20:42:49Z",
+				CreatedDate:                "2020-07-30T20:20:36Z",
+				FeatureUsages:              []*FeatureUsage{},
+				IAMAssumedRoleARN:          "arn:aws:iam::772401394250:role/my-test-aws-role",
+				ProviderName:               "AWS",
+				RoleID:                     "5f232b94af0a6b41747bcc2d",
+			},
+		},
+	}
+	if diff := deep.Equal(roles, expected); diff != nil {
+		t.Error(diff)
+	}
+}
+
 func TestCloudProviderAccessServiceOp_CreateRole(t *testing.T) {
 	client, mux, teardown := setup()
 	defer teardown()
