feat: update organization resource (#1533)

Co-authored-by: sivaram-mongodb <sivaram@mongodb.com>

Author: ParthasarathyV

cfn-resources/organization/cmd/resource/model.go

@@ -217,7 +217,7 @@ func Delete(req handler.Request, prevModel *Model, currentModel *Model) (handler
 
 	// If exists
 	_, response, err = currentModel.getOrgDetails(ctx, conn, currentModel)
-	if err != nil && response.StatusCode == http.StatusUnauthorized {
+	if err != nil && util.StatusUnauthorized(response) {
 		return handleError(response, constants.DELETE, err)
 	}
 
@@ -283,7 +283,7 @@ func deleteCallback(ctx context.Context, conn *admin.APIClient, currentModel *Mo
 	// Read before delete
 	org, response, err := currentModel.getOrgDetails(ctx, conn, currentModel)
 	if err != nil {
-		if response.StatusCode == http.StatusUnauthorized {
+		if util.StatusUnauthorized(response) {
 			return handler.ProgressEvent{
 				OperationStatus: handler.Success,
 				Message:         DeleteCompleted,
@@ -333,28 +333,29 @@ func (model *Model) getOrgDetails(ctx context.Context, conn *admin.APIClient, cu
 	model.MultiFactorAuthRequired = settings.MultiFactorAuthRequired
 	model.RestrictEmployeeAccess = settings.RestrictEmployeeAccess
 	model.GenAIFeaturesEnabled = settings.GenAIFeaturesEnabled
+	model.SecurityContact = settings.SecurityContact
 
 	return model, response, nil
 }
 
 func handleError(response *http.Response, method constants.CfnFunctions, err error) (handler.ProgressEvent, error) {
 	errMsg := fmt.Sprintf("%s error:%s", method, err.Error())
 	_, _ = logger.Warn(errMsg)
-	if response.StatusCode == http.StatusConflict {
+	if util.StatusConflict(response) {
 		return handler.ProgressEvent{
 			OperationStatus:  handler.Failed,
 			Message:          errMsg,
 			HandlerErrorCode: string(types.HandlerErrorCodeAlreadyExists)}, nil
 	}
 
-	if response.StatusCode == http.StatusUnauthorized {
+	if util.StatusUnauthorized(response) {
 		return handler.ProgressEvent{
 			OperationStatus:  handler.Failed,
 			Message:          "Not found",
 			HandlerErrorCode: string(types.HandlerErrorCodeNotFound)}, nil
 	}
 
-	if response.StatusCode == http.StatusBadRequest {
+	if util.StatusBadRequest(response) {
 		return handler.ProgressEvent{
 			OperationStatus:  handler.Failed,
 			Message:          errMsg,
@@ -377,6 +378,7 @@ func newOrganizationSettings(model *Model) *admin.OrganizationSettings {
 		MultiFactorAuthRequired: model.MultiFactorAuthRequired,
 		RestrictEmployeeAccess:  model.RestrictEmployeeAccess,
 		GenAIFeaturesEnabled:    model.GenAIFeaturesEnabled,
+		SecurityContact:         model.SecurityContact,
 	}
 }
 

cfn-resources/organization/cmd/resource/resource.go

@@ -23,7 +23,8 @@ To declare this entity in your AWS CloudFormation template, use the following sy
         "<a href="#isdeleted" title="IsDeleted">IsDeleted</a>" : <i>Boolean</i>,
         "<a href="#apiaccesslistrequired" title="ApiAccessListRequired">ApiAccessListRequired</a>" : <i>Boolean</i>,
         "<a href="#multifactorauthrequired" title="MultiFactorAuthRequired">MultiFactorAuthRequired</a>" : <i>Boolean</i>,
-        "<a href="#restrictemployeeaccess" title="RestrictEmployeeAccess">RestrictEmployeeAccess</a>" : <i>Boolean</i>
+        "<a href="#restrictemployeeaccess" title="RestrictEmployeeAccess">RestrictEmployeeAccess</a>" : <i>Boolean</i>,
+        "<a href="#securitycontact" title="SecurityContact">SecurityContact</a>" : <i>String</i>
     }
 }
 </pre>
@@ -45,6 +46,7 @@ Properties:
     <a href="#apiaccesslistrequired" title="ApiAccessListRequired">ApiAccessListRequired</a>: <i>Boolean</i>
     <a href="#multifactorauthrequired" title="MultiFactorAuthRequired">MultiFactorAuthRequired</a>: <i>Boolean</i>
     <a href="#restrictemployeeaccess" title="RestrictEmployeeAccess">RestrictEmployeeAccess</a>: <i>Boolean</i>
+    <a href="#securitycontact" title="SecurityContact">SecurityContact</a>: <i>String</i>
 </pre>
 
 ## Properties
@@ -173,6 +175,16 @@ _Type_: Boolean
 
 _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
 
+#### SecurityContact
+
+Email address of the security contact for the organization.
+
+_Required_: No
+
+_Type_: String
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
 ## Return Values
 
 ### Fn::GetAtt

cfn-resources/organization/docs/README.md

@@ -83,6 +83,10 @@
     "RestrictEmployeeAccess": {
       "type": "boolean",
       "description": "Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/."
+    },
+    "SecurityContact": {
+      "type": "string",
+      "description": "Email address of the security contact for the organization."
     }
   },
   "additionalProperties": false,

cfn-resources/organization/mongodb-atlas-organization.json

@@ -14,5 +14,6 @@
   "RestrictEmployeeAccess": "false",
   "ApiAccessListRequired": "false",
   "SkipDefaultAlertsSettings": "true",
-  "GenAIFeaturesEnabled": "true"
+  "GenAIFeaturesEnabled": "true",
+  "SecurityContact": "security-test@example.com"
 }

cfn-resources/organization/test/inputs_1_create.json

@@ -14,5 +14,6 @@
   "RestrictEmployeeAccess": "true",
   "ApiAccessListRequired": "false",
   "SkipDefaultAlertsSettings": "false",
-  "GenAIFeaturesEnabled": "false"
+  "GenAIFeaturesEnabled": "false",
+  "SecurityContact": "security-updated@example.com"
 }

cfn-resources/organization/test/inputs_1_update.json

@@ -31,3 +31,7 @@ func StatusBadRequest(resp *http.Response) bool {
 func StatusServiceUnavailable(resp *http.Response) bool {
 	return resp != nil && resp.StatusCode == http.StatusServiceUnavailable
 }
+
+func StatusUnauthorized(resp *http.Response) bool {
+	return resp != nil && resp.StatusCode == http.StatusUnauthorized
+}

cfn-resources/util/http_status.go

@@ -81,6 +81,11 @@
       ],
       "Default": "true",
       "Description": "Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/"
+    },
+    "SecurityContact": {
+      "Type": "String",
+      "Description": "Email address of the security contact for the organization.",
+      "Default": ""
     }
   },
   "Mappings": {},
@@ -139,6 +144,9 @@
         },
         "GenAIFeaturesEnabled": {
           "Ref": "GenAIFeaturesEnabled"
+        },
+        "SecurityContact": {
+          "Ref": "SecurityContact"
         }
       }
     }