terraform-provider-mongodbatlas: Unable to update Slack alert_configurations via Oauth integration

Hello @TheQueenIsDead / @nthienan. Thanks again for the details, this is bring more clarity on your use case and expectations.

As per the expected behaviour defined in this issue:

Terraform should have been able to execute an update to a slack notification without passing in a token. In the same way that the UI populates that for the user, it would be super if the backend was capable of retrieving the token itself

The notifier_id is effectively solving this specific use case, being able to update an existing alert configuration notification without having to provide the original api key.

With this in mind, seeing both of your inputs:

hopefully this provides some insight into the true outcome I had imagined (Manually configured Slack OAuth integration in the UI, with the ability to reference that within Terraform in order to create new alert resources)

It’s about creating new alerts while Slack integration already created via web UI.

It is clear that there is different use case that has not been addressed. The end goal would be to provide a mechanism that enables using an existing atlas third party integration when using the mongodbatlas_alert_configuration resource to create or update a notification. This is relevant for the Slack integration as it has to be created through the Atlas UI using OAuth2 (as described in API docs). This would require a change from the Atlas API to either enable obtaining the raw value of the api key defined in a third party integration, or allowing to reference the third party integration when creating an alert configuration.

@Zuhairahmed’s input will be valuable here in case there is any existing work or alternative I am not aware of. If this is in fact a valid feature that is not being worked on, I will follow up here so that we create a separate ticket to track this. Please let me know if you have any additional points or concerns to add.

@AgustinBettati really neat to see that this use-case is being supported and worked on, thank you 😃

Would you be able to confirm where the notifier_id is meant to be sourced from? I setup the following but encountered an issue:

data "mongodbatlas_third_party_integration" "slack" {
  project_id = mongodbatlas_project.this.id
  type       = "SLACK"
}

resource "mongodbatlas_alert_configuration" "query_targeting_scanned_objects_per_returned" {
  project_id = mongodbatlas_project.this.id
  event_type = "OUTSIDE_METRIC_THRESHOLD"
  enabled    = true

  metric_threshold_config {
    metric_name = "QUERY_TARGETING_SCANNED_OBJECTS_PER_RETURNED"
    mode        = "AVERAGE"
    operator    = "GREATER_THAN"
    threshold   = 1000
    units       = "RAW"
  }

  notification {
    email_enabled = true
    interval_min  = 60
    roles         = ["GROUP_OWNER"]
    type_name     = "GROUP"
  }

  # Alert to Slack
  notification {
    delay_min    = 1
    interval_min = 60
    type_name    = "SLACK"
    notifier_id  = data.mongodbatlas_third_party_integration.slack.id
  }
}

╷
│ Error: error updating Alert Configuration information: %s
│ 
│   with mongodbatlas_alert_configuration.query_targeting_scanned_objects_per_returned,
│   on alert_configuration.tf line 12, in resource "mongodbatlas_alert_configuration" "query_targeting_scanned_objects_per_returned":
│   12: resource "mongodbatlas_alert_configuration" "query_targeting_scanned_objects_per_returned" {
│ 
│ PUT https://cloud.mongodb.com/api/atlas/v1.0/groups/5b<XXX>b7/alertConfigs/64<XXX>3b: 400 (request "INVALID_JSON_ATTRIBUTE") Received JSON for the notifications.java.util.ArrayList[1].notifierId
│ attribute does not match expected format.
╵

I had a look in the Terraform state, and it doesn’t look like a valid notifier ID is exposed in the data resource for the third party integration. The ID changes like so when I attempt to move from WEBHOOK to SLACK:

 ~ notifier_id   = "642de7efe2ea8a3468551a2c" -> "cHJvamVjdF9pZA==:N<XXX>=:U0xBQ0s="

The ID seems to read “project_id:<ACTUAL_ID>:SLACK” when decoded, which isn’t in keeping with the style of the webhook id

In our feature request website we have an existing post for the support of slack third party integration: https://feedback.mongodb.com/forums/924145-atlas/suggestions/45030598-support-slack-in-third-party-integration. In addition, I have created a post for being able to reference existing third party integrations from alert configuration resource: https://feedback.mongodb.com/forums/924145-atlas/suggestions/47533295-reference-existing-third-party-integration-in-aler.

@AgustinBettati my case is a bit different. It’s about creating new alerts while Slack integration already created via web UI.

@TheQueenIsDead really impressive investigation here! As you’ve noticed the UI does not use the Admin API, they are actually different. So the UI behavior is not always the same as the Admin API. But you bring up a good point - let me talk with the Product Managers in these areas and see what our options might be here.

Hello,

v1.12.2 has been released with the support of the new notifier_id attribute. Closing this issue, feel free to reopen if you have any remaining concerns on this matter.

Hi @Zuhairahmed , If I could retrieve the token that would absolutely be a fine interim solution. However, as noted above, the token is obfuscated on the UI, and there is no data provider for a slack third_party_integration.

If you could point me to where I can retrieve that token once setup, that would be super

Super, thanks @themantissa ! This is certainly more of a feature request than a bug, as I’m aware that the API would likely require a change to support this (Which is somewhat outside of the scope of this provider)