chore: Allow SA for mongodbatlas_roles_org_id datasource (#3764)

Co-authored-by: kanchana-mongodb <[email protected]>

Author: lantoli

docs/data-sources/roles_org_id.md

@@ -4,7 +4,7 @@ subcategory: "Organizations"
 
 # Data Source: mongodbatlas_roles_org_id
 
-`mongodbatlas_roles_org_id` describes a MongoDB Atlas Roles Org ID. This represents a Roles Org ID.
+`mongodbatlas_roles_org_id` allows to retrieve the Org ID of the authenticated user.
 
 ## Example Usage
 
@@ -26,6 +26,6 @@ output "org_id" {
 
 In addition to all arguments above, the following attributes are exported:
 
-* `org_id` - The ID of the organization you want to retrieve associated to an API Key.
+* `org_id` - The ID of the organization you want to retrieve, which is associated with the Service Account or Programmatic API Key (PAK) of the authenticated user.
 
 See [MongoDB Atlas API - Role Org ID](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Root/operation/getSystemStatus) Documentation for more information.

internal/common/constant/error_message.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion"
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/rolesorgid"
 	"go.mongodb.org/atlas-sdk/v20250312008/admin"
 )
 
@@ -67,16 +68,10 @@ func sameRoles(roles1, roles2 []string) bool {
 
 // getKeyDetails returns nil error and nil details if not found as it's not considered an error
 func getKeyDetails(ctx context.Context, connV2 *admin.APIClient, apiKeyID string) (*admin.ApiKeyUserDetails, string, error) {
-	resp, _, err := connV2.OrganizationsApi.ListOrgs(ctx).Execute()
+	orgID, err := rolesorgid.GetCurrentOrgID(ctx, connV2)
 	if err != nil {
 		return nil, "", err
 	}
-	orgIDs := resp.GetResults()
-	if len(orgIDs) == 0 {
-		return nil, "", fmt.Errorf("no organizations found")
-	}
-	// At present a PAK or SA belongs to exactly one organization. If this changes in the future, this logic will need to be updated.
-	orgID := orgIDs[0].GetId()
 	key, _, err := connV2.ProgrammaticAPIKeysApi.GetOrgApiKey(ctx, orgID, apiKeyID).Execute()
 	if err != nil {
 		if admin.IsErrorCode(err, "API_KEY_NOT_FOUND") {

internal/service/projectapikey/model_project_api_key.go

@@ -2,13 +2,13 @@ package rolesorgid
 
 import (
 	"context"
-	"strings"
+	"fmt"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/config"
+	"go.mongodb.org/atlas-sdk/v20250312008/admin"
 )
 
 func DataSource() *schema.Resource {
@@ -25,19 +25,28 @@ func DataSource() *schema.Resource {
 
 func dataSourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	connV2 := meta.(*config.MongoDBClient).AtlasV2
-	apiKeyOrgList, _, err := connV2.RootApi.GetSystemStatus(ctx).Execute()
+	orgID, err := GetCurrentOrgID(ctx, connV2)
 	if err != nil {
-		return diag.Errorf("error getting API Key's org assigned (%s): ", err)
+		return diag.Errorf("error getting current organization ID: %v", err)
 	}
-	for _, role := range apiKeyOrgList.ApiKey.GetRoles() {
-		if strings.HasPrefix(role.GetRoleName(), "ORG_") {
-			if err := d.Set("org_id", role.GetOrgId()); err != nil {
-				return diag.Errorf(constant.ErrorSettingAttribute, "org_id", err)
-			}
-			d.SetId(role.GetOrgId())
-			return nil
-		}
+	if err := d.Set("org_id", orgID); err != nil {
+		return diag.Errorf("error setting `org_id`: %v", err)
 	}
 	d.SetId(id.UniqueId())
 	return nil
 }
+
+// GetCurrentOrgID returns the current organization ID for the SA or Programmatic API key (PAK) of the authenticated user.
+func GetCurrentOrgID(ctx context.Context, connV2 *admin.APIClient) (string, error) {
+	resp, _, err := connV2.OrganizationsApi.ListOrgs(ctx).Execute()
+	if err != nil {
+		return "", err
+	}
+	orgIDs := resp.GetResults()
+	if len(orgIDs) == 0 {
+		return "", fmt.Errorf("no organizations found")
+	}
+
+	// At present a PAK or SA belongs to exactly one organization. If this changes in the future, this logic will need to be updated.
+	return orgIDs[0].GetId(), nil
+}

internal/service/rolesorgid/data_source_roles_org_id.go

@@ -1,6 +1,7 @@
 package rolesorgid_test
 
 import (
+	"os"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -10,6 +11,7 @@ import (
 func TestAccConfigDSOrgID_basic(t *testing.T) {
 	var (
 		dataSourceName = "data.mongodbatlas_roles_org_id.test"
+		orgID          = os.Getenv("MONGODB_ATLAS_ORG_ID")
 	)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -18,7 +20,7 @@ func TestAccConfigDSOrgID_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: configDS(),
-				Check:  resource.TestCheckResourceAttrSet(dataSourceName, "org_id"),
+				Check:  resource.TestCheckResourceAttr(dataSourceName, "org_id", orgID),
 			},
 		},
 	})