feat: Adds new IsMongoDBGovCloud flag to profile (#1614)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: maastha

README.md

@@ -91,6 +91,26 @@ Incorrect usage:
   "Profile" : "cfn/atlas/profile/ProfileName"
 ```
 
+## MongoDB Atlas for Government
+
+MongoDB Atlas CloudFormation resources support [MongoDB Atlas for Government](https://www.mongodb.com/products/platform/atlas-for-government). To use Atlas for Government (Cloud Gov), configure the `IsMongoDBGovCloud` flag in your profile secret and use government-specific regions.
+
+### Configure your Profile for Cloud Gov
+
+When creating the profile secret in AWS Secrets Manager, include the `IsMongoDBGovCloud` field set to `true`:
+
+```
+SecretName: cfn/atlas/profile/{ProfileName}
+SecretValue: {"PublicKey": "YourPublicKey", "PrivateKey": "YourPrivateKey", "IsMongoDBGovCloud": true}
+```
+
+### Prerequisites
+1. Review [Atlas for Government considerations](https://www.mongodb.com/docs/atlas/government/atlas-for-government/).
+2. An existing Atlas Organization with billing set up in your Cloud Gov environment.
+3. API keys with the Organization Owner or Organization Project Creator role.
+
+**Note**: Set `RegionUsageRestrictions` to `GOV_REGIONS_ONLY` on your project and use government-specific region names (e.g., `US_GOV_WEST_1` for AWS).
+
 ## Logging 
 
 Logging for AWS CloudFormation Public extensions is currently disabled. AWS is evaluating if logging is useful for consumers of third party extensions, if this is something you need or would like to request please open a ticket directly with AWS Support.
@@ -215,7 +235,3 @@ Resources:
       RouteTableCIDRBlock: "10.0.0.0/16"
       VpcId: "YOUR-VPC-ID"
 ```
-
-
-
-

cfn-resources/profile/profile.go

@@ -29,14 +29,16 @@ import (
 )
 
 const (
-	DefaultProfile = "default"
+	DefaultProfile  = "default"
+	GovCloudBaseURL = "https://cloud.mongodbgov.com/"
 )
 
 type Profile struct {
-	DebugClient *bool  `json:"DebugClient,omitempty"`
-	PublicKey   string `json:"PublicKey"`
-	PrivateKey  string `json:"PrivateKey"`
-	BaseURL     string `json:"BaseUrl,omitempty"`
+	DebugClient       *bool  `json:"DebugClient,omitempty"`
+	IsMongoDBGovCloud *bool  `json:"IsMongoDBGovCloud,omitempty"`
+	PublicKey         string `json:"PublicKey"`
+	PrivateKey        string `json:"PrivateKey"`
+	BaseURL           string `json:"BaseUrl,omitempty"`
 }
 
 func NewProfile(req *handler.Request, profileName *string, prefixRequired bool) (*Profile, error) {
@@ -74,7 +76,15 @@ func (p *Profile) NewBaseURL() string {
 		return baseURL
 	}
 
-	return p.BaseURL
+	if p.BaseURL != "" {
+		return p.BaseURL
+	}
+
+	if p.IsMongoDBGovCloud != nil && *p.IsMongoDBGovCloud {
+		return GovCloudBaseURL
+	}
+
+	return ""
 }
 
 func (p *Profile) NewPublicKey() string {

cfn-resources/profile/profile_test.go

@@ -18,6 +18,7 @@ import (
 	"testing"
 
 	"github.com/mongodb/mongodbatlas-cloudformation-resources/profile"
+	"github.com/mongodb/mongodbatlas-cloudformation-resources/util"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -32,3 +33,73 @@ func Test_UseDebug(t *testing.T) {
 	profileTrue := profile.Profile{DebugClient: &trueBool}
 	assert.True(t, profileTrue.UseDebug())
 }
+
+func Test_NewBaseURL(t *testing.T) {
+	tests := []struct {
+		name     string
+		profile  profile.Profile
+		envURL   string
+		expected string
+	}{
+		{
+			name:     "empty profile returns empty string",
+			profile:  profile.Profile{},
+			expected: "",
+		},
+		{
+			name:     "explicit BaseURL is returned",
+			profile:  profile.Profile{BaseURL: "https://custom.example.com/"},
+			expected: "https://custom.example.com/",
+		},
+		{
+			name:     "IsMongoDBGovCloud true returns gov URL",
+			profile:  profile.Profile{IsMongoDBGovCloud: util.Pointer(true)},
+			expected: profile.GovCloudBaseURL,
+		},
+		{
+			name:     "IsMongoDBGovCloud false returns empty string",
+			profile:  profile.Profile{IsMongoDBGovCloud: util.Pointer(false)},
+			expected: "",
+		},
+		{
+			name:     "BaseURL takes precedence over IsMongoDBGovCloud",
+			profile:  profile.Profile{BaseURL: "https://custom.example.com/", IsMongoDBGovCloud: util.Pointer(true)},
+			expected: "https://custom.example.com/",
+		},
+		{
+			name:     "env var takes precedence over BaseURL",
+			profile:  profile.Profile{BaseURL: "https://custom.example.com/"},
+			envURL:   "https://env.example.com/",
+			expected: "https://env.example.com/",
+		},
+		{
+			name:     "env var takes precedence over IsMongoDBGovCloud",
+			profile:  profile.Profile{IsMongoDBGovCloud: util.Pointer(true)},
+			envURL:   "https://env.example.com/",
+			expected: "https://env.example.com/",
+		},
+		{
+			name:     "env var takes precedence over both BaseURL and IsMongoDBGovCloud",
+			profile:  profile.Profile{BaseURL: "https://custom.example.com/", IsMongoDBGovCloud: util.Pointer(true)},
+			envURL:   "https://env.example.com/",
+			expected: "https://env.example.com/",
+		},
+		{
+			name:     "IsMongoDBGovCloud nil returns empty string",
+			profile:  profile.Profile{IsMongoDBGovCloud: nil},
+			expected: "",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			if tc.envURL != "" {
+				t.Setenv("MONGODB_ATLAS_BASE_URL", tc.envURL)
+			} else {
+				t.Setenv("MONGODB_ATLAS_BASE_URL", "")
+			}
+			result := tc.profile.NewBaseURL()
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}

cfn-resources/util/util.go

@@ -153,7 +153,7 @@ func newAtlasV2Client(req *handler.Request, profileName *string, profileNamePref
 			HandlerErrorCode: string(types.HandlerErrorCodeInvalidRequest)}
 	}
 
-	c := Config{BaseURL: prof.BaseURL, DebugClient: prof.UseDebug()}
+	c := Config{BaseURL: prof.NewBaseURL(), DebugClient: prof.UseDebug()}
 
 	// new V2 version 20231115002 instance
 	sdk20231115002Client, err := c.NewSDKv20231115002Client(client)