Support terraform plan with ORG_READ_ONLY role
An API key with ORGREADONLY should be sufficient to run a terraform plan. Afterall its describe is "Provides read-only access to the settings, users, projects, and billing in the organization.")
However, this is not the case: checking settings for "Cloud Provider Access" [1] and "Encrypting at Rest" [2] fail due to mission permission. Read-write project permissions like GROUP_OWNER on each project are required.
[1] https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Cloud-Provider-Access/operation/listCloudProviderAccessRoles
[2] https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRest
4
votes
![](https://secure.gravatar.com/avatar/371d7d28d9b62fc028b29810f7195149?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)