mongodb · maastha · Mar 31, 2025 · Mar 26, 2025 · Mar 26, 2025 · Mar 26, 2025
@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/mongodbatlas_resource_policy: Adds support for the new `description` field
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_resource_policy: Adds support for the new `description` field
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_resource_policies: Adds support for the new `description` field
+```
@@ -9,8 +9,9 @@
 ## Example Usages
 ```terraform
 resource "mongodbatlas_resource_policy" "project_ip_access_list" {
-  org_id = var.org_id
-  name   = "forbid-access-from-anywhere"
+  org_id      = var.org_id
+  name        = "forbid-access-from-anywhere"
+  description = "Forbids access from anywhere"
 
   policies = [
     {
@@ -29,8 +30,9 @@ EOF
 }
 
 resource "mongodbatlas_resource_policy" "cloud_provider" {
-  org_id = var.org_id
-  name   = "forbid-cloud-provider"
+  org_id      = var.org_id
+  name        = "forbid-cloud-provider"
+  description = "Forbids AWS and Azure for clusters"
   policies = [
     {
       body = templatefile("${path.module}/cloud-provider.cedar", {
@@ -107,6 +109,7 @@ Read-Only:
 
 - `created_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--resource_policies--created_by_user))
 - `created_date` (String) Date and time in UTC when the Atlas resource policy was created.
+- `description` (String) Description of the Atlas resource policy.
 - `id` (String) Unique 24-hexadecimal digit string that identifies an Atlas resource policy.
 - `last_updated_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--resource_policies--last_updated_by_user))
 - `last_updated_date` (String) Date and time in UTC when the Atlas resource policy was last updated.
@@ -150,6 +153,7 @@ Read-Only:
 
 - `created_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--results--created_by_user))
 - `created_date` (String) Date and time in UTC when the Atlas resource policy was created.
+- `description` (String) Description of the Atlas resource policy.
 - `id` (String) Unique 24-hexadecimal digit string that identifies an Atlas resource policy.
 - `last_updated_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--results--last_updated_by_user))
 - `last_updated_date` (String) Date and time in UTC when the Atlas resource policy was last updated.

@@ -9,8 +9,9 @@
 ## Example Usages
 ```terraform
 resource "mongodbatlas_resource_policy" "project_ip_access_list" {
-  org_id = var.org_id
-  name   = "forbid-access-from-anywhere"
+  org_id      = var.org_id
+  name        = "forbid-access-from-anywhere"
+  description = "Forbids access from anywhere"
 
   policies = [
     {
@@ -29,8 +30,9 @@ EOF
 }
 
 resource "mongodbatlas_resource_policy" "cloud_provider" {
-  org_id = var.org_id
-  name   = "forbid-cloud-provider"
+  org_id      = var.org_id
+  name        = "forbid-cloud-provider"
+  description = "Forbids AWS and Azure for clusters"
   policies = [
     {
       body = templatefile("${path.module}/cloud-provider.cedar", {
@@ -100,6 +102,7 @@ output "policy_ids" {
 
 - `created_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--created_by_user))
 - `created_date` (String) Date and time in UTC when the Atlas resource policy was created.
+- `description` (String) Description of the Atlas resource policy.
 - `last_updated_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--last_updated_by_user))
 - `last_updated_date` (String) Date and time in UTC when the Atlas resource policy was last updated.
 - `name` (String) Human-readable label that describes the Atlas resource policy.

@@ -11,8 +11,9 @@
 
 ```terraform
 resource "mongodbatlas_resource_policy" "project_ip_access_list" {
-  org_id = var.org_id
-  name   = "forbid-access-from-anywhere"
+  org_id      = var.org_id
+  name        = "forbid-access-from-anywhere"
+  description = "Forbids access from anywhere"
 
   policies = [
     {
@@ -31,8 +32,9 @@ EOF
 }
 
 resource "mongodbatlas_resource_policy" "cloud_provider" {
-  org_id = var.org_id
-  name   = "forbid-cloud-provider"
+  org_id      = var.org_id
+  name        = "forbid-cloud-provider"
+  description = "Forbids AWS and Azure for clusters"
   policies = [
     {
       body = templatefile("${path.module}/cloud-provider.cedar", {
@@ -99,6 +101,10 @@ output "policy_ids" {
 - `org_id` (String) Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the [/orgs](#tag/Organizations/operation/listOrganizations) endpoint to retrieve all organizations to which the authenticated user has access.
 - `policies` (Attributes List) List of policies that make up the Atlas resource policy. (see [below for nested schema](#nestedatt--policies))
 
+### Optional
+
+- `description` (String) Description of the Atlas resource policy.
+
 ### Read-Only
 
 - `created_by_user` (Attributes) The user that last updated the Atlas resource policy. (see [below for nested schema](#nestedatt--created_by_user))

@@ -1,6 +1,7 @@
 resource "mongodbatlas_resource_policy" "project_ip_access_list" {
-  org_id = var.org_id
-  name   = "forbid-access-from-anywhere"
+  org_id      = var.org_id
+  name        = "forbid-access-from-anywhere"
+  description = "Forbids access from anywhere"
 
   policies = [
     {
@@ -19,8 +20,9 @@ EOF
 }
 
 resource "mongodbatlas_resource_policy" "cloud_provider" {
-  org_id = var.org_id
-  name   = "forbid-cloud-provider"
+  org_id      = var.org_id
+  name        = "forbid-cloud-provider"
+  description = "Forbids AWS and Azure for clusters"
   policies = [
     {
       body = templatefile("${path.module}/cloud-provider.cedar", {

@@ -1,4 +1,4 @@
 provider "mongodbatlas" {
   public_key  = var.public_key
   private_key = var.private_key
-}
+}
@@ -9,4 +9,4 @@ variable "private_key" {
 variable "org_id" {
   description = "Atlas Organization ID"
   type        = string
-} 
+}
@@ -6,7 +6,7 @@ terraform {
     }
     mongodbatlas = {
       source  = "mongodb/mongodbatlas"
-      version = "~> 1.20"
+      version = "~> 1.31"
     }
   }
   required_version = ">= 1.0"

@@ -5,6 +5,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/types"
+
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion"
 	"go.mongodb.org/atlas-sdk/v20250312001/admin"
 )
@@ -24,6 +25,7 @@ func NewTFModel(ctx context.Context, input *admin.ApiAtlasResourcePolicy) (*TFMo
 		LastUpdatedByUser: lastUpdatedByUser,
 		LastUpdatedDate:   types.StringPointerValue(conversion.TimePtrToStringPtr(input.LastUpdatedDate)),
 		Name:              types.StringPointerValue(input.Name),
+		Description:       types.StringPointerValue(input.Description),
 		OrgID:             types.StringPointerValue(input.OrgId),
 		Policies:          policies,
 		Version:           types.StringPointerValue(input.Version),

@@ -5,12 +5,15 @@ import (
 	"encoding/json"
 	"testing"
 
+	"go.mongodb.org/atlas-sdk/v20250312001/admin"
+
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/service/resourcepolicy"
 	"github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/unit"
-	"github.com/stretchr/testify/assert"
-	"go.mongodb.org/atlas-sdk/v20250312001/admin"
 )
 
 var (
@@ -21,6 +24,7 @@ var (
 )
 
 type tfModelTestCase struct {
+	description     *string
 	name            string
 	SDKRespJSON     string
 	userIDCreate    string
@@ -101,6 +105,7 @@ func createTFModel(t *testing.T, testCase *tfModelTestCase) *resourcepolicy.TFMo
 		Name:            types.StringValue(testCase.name),
 		OrgID:           types.StringValue(testCase.orgID),
 		Version:         types.StringValue(testCase.version),
+		Description:     types.StringPointerValue(testCase.description),
 	}
 }
 
@@ -118,6 +123,7 @@ func TestNewTFModel(t *testing.T) {
 			createdDate:     "2024-09-11T13:36:18Z",
 			lastUpdatedDate: "2024-09-11T13:36:18Z",
 			policyID:        "66e19cd2fdc0332d1fa5e877",
+			description:     conversion.StringPtr("test description"),
 		},
 	}
 

@@ -80,8 +80,9 @@ func (r *resourcePolicyRS) Create(ctx context.Context, req resource.CreateReques
 
 	connV2 := r.Client.AtlasV2
 	policySDK, _, err := connV2.ResourcePoliciesApi.CreateAtlasResourcePolicy(ctx, orgID, &admin.ApiAtlasResourcePolicyCreate{
-		Name:     plan.Name.ValueString(),
-		Policies: policies,
+		Name:        plan.Name.ValueString(),
+		Description: plan.Description.ValueStringPointer(),
+		Policies:    policies,
 	}).Execute()
 	if err != nil {
 		resp.Diagnostics.AddError(errorCreate, err.Error())
@@ -134,8 +135,11 @@ func (r *resourcePolicyRS) Update(ctx context.Context, req resource.UpdateReques
 	connV2 := r.Client.AtlasV2
 	policies := NewAdminPolicies(ctx, plan.Policies)
 	editAdmin := admin.ApiAtlasResourcePolicyEdit{
-		Name:     plan.Name.ValueStringPointer(),
-		Policies: &policies,
+		Name: plan.Name.ValueStringPointer(),
+		// description is an optional attribute (i.e. null by default), if it is removed from the config during an update
+		// (i.e. user wants to remove the existing description from resource policy), we send an empty string ("") as the value in API request for update
+		Description: conversion.Pointer(plan.Description.ValueString()),
+		Policies:    &policies,
 	}
 	policySDK, _, err := connV2.ResourcePoliciesApi.UpdateAtlasResourcePolicy(ctx, orgID, resourcePolicyID, &editAdmin).Execute()
 

@@ -8,5 +8,11 @@ import (
 
 func TestMigResourcePolicy_basic(t *testing.T) {
 	mig.SkipIfVersionBelow(t, "1.22.0") // this feature was introduced in provider version 1.21.0, plural data source schema was changed in 1.22.0
-	mig.CreateAndRunTestNonParallel(t, basicTestCase(t))
+
+	var description *string
+	if mig.IsProviderVersionAtLeast("1.32.0") {
+		description = descriptionPtr
+	}
+
+	mig.CreateAndRunTestNonParallel(t, basicTestCase(t, description))
 }
@@ -60,6 +60,10 @@ func ResourceSchema(ctx context.Context) schema.Schema {
 				MarkdownDescription: "Human-readable label that describes the Atlas resource policy.",
 				Required:            true,
 			},
+			"description": schema.StringAttribute{
+				MarkdownDescription: "Description of the Atlas resource policy.",
+				Optional:            true,
+			},
 			"org_id": schema.StringAttribute{
 				MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the [/orgs](#tag/Organizations/operation/listOrganizations) endpoint to retrieve all organizations to which the authenticated user has access.",
 				Required:            true,
@@ -98,6 +102,7 @@ type TFModel struct {
 	LastUpdatedByUser types.Object    `tfsdk:"last_updated_by_user"`
 	LastUpdatedDate   types.String    `tfsdk:"last_updated_date"`
 	Name              types.String    `tfsdk:"name"`
+	Description       types.String    `tfsdk:"description"`
 	OrgID             types.String    `tfsdk:"org_id"`
 	Version           types.String    `tfsdk:"version"`
 	Policies          []TFPolicyModel `tfsdk:"policies"`