feat: Add Federated Settings Identity Provider Resource

[rakhul-mongo]

Proposed changes

Added new resource MongoDB::Atlas::FederatedSettingsIdentityProvider for managing Atlas Federated Authentication Identity Providers (OIDC and SAML).

Resource Configuration

Required Properties:

• FederationSettingsId: Unique 24-hexadecimal digit string that identifies your federation
• Name: Human-readable label (display name) of the identity provider
• IssuerUri: Issuer URI of the identity provider

Optional Properties:

• Protocol: Identity provider protocol (OIDC or SAML) - automatically set to "OIDC" for create operations
• IdpType: Identity provider type (WORKFORCE or WORKLOAD)
• Audience: OIDC audience claim value
• ClientId: OIDC client ID (optional for WORKLOAD providers like GitHub Actions)
• GroupsClaim: OIDC groups claim
• UserClaim: OIDC user claim
• RequestedScopes: OIDC requested scopes (not needed for WORKLOAD providers)
• Description: Description of the identity provider
• AuthorizationType: OIDC authorization type
• AssociatedDomains: List of domains associated with the identity provider
• SsoUrl: SSO URL (SAML only)
• SsoDebugEnabled: Flag to enable SSO debug (SAML only)
• RequestBinding: SAML request binding
• ResponseSignatureAlgorithm: SAML response signature algorithm
• Status: Identity provider status
• Profile: Secret Manager Profile containing Atlas API keys (default: "default")

Read-Only Properties:

• IdpId: Unique identifier of the identity provider
• OktaIdpId: Legacy identity provider identifier (not returned for WORKLOAD providers)

Note: CREATE operation only supports OIDC protocol. SAML identity providers must be imported. FederationSettingsId and Profile are create-only properties.

Testing

CFN Contract Tests:

Stack Testing:

• Before Testing

• Successfully created stack with WORKLOAD provider (GitHub Actions OIDC)

• Updated stack to modify display name, description, and audience values

• Confirmed stack deletion properly removes identity provider from Atlas

Jira ticket: CLOUDP-369801

Type of change:

• New feature (non-breaking change which adds functionality)
• This change requires a documentation update

Manual QA performed:

• cfn invoke for each of CRUDL/cfn test
• Updated resource in example
• Published to AWS private registry
• Used the template in example to create and update a stack in AWS
• Deleted stack to ensure resources are deleted
• Created multiple resources in same stack
• Validated in Atlas UI

Required Checklist:

• I have signed the MongoDB CLA
• I have added tests that prove my fix is effective or that my feature works
• I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
• I have added any necessary documentation (if appropriate)
• I have run make fmt and formatted my code
• For CFN Resources: I have released by changes in the private registry and proved by change works in Atlas

[oarbusi]

LGTM, thanks for addressing the comments. Since this is a new resource, 1.0.0 version of it should be released