feat(mongodb): add TLS certificate (#3228)

jremy42 · web-flow · commit 90f2f01ae0a0 · 2025-07-24T08:08:44.000Z
* feat(mongodb): add tsl certificate

* use io.ReadAll
diff --git a/docs/resources/mongodb_instance.md b/docs/resources/mongodb_instance.md
@@ -126,6 +126,7 @@ In addition to all arguments above, the following attributes are exported:
     - `id` - The ID of the endpoint.
     - `port` - TCP port of the endpoint.
     - `dns_records` - List of DNS records for your endpoint.
+- `tls_certificate` - The PEM-encoded TLS certificate for the MongoDB® instance, if available.
 
 ## Import
 
diff --git a/internal/services/mongodb/instance.go b/internal/services/mongodb/instance.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"strings"
 	"time"
 
@@ -233,6 +234,11 @@ func ResourceInstance() *schema.Resource {
 			// Common
 			"region":     regional.Schema(),
 			"project_id": account.ProjectIDSchema(),
+			"tls_certificate": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "PEM-encoded TLS certificate for MongoDB",
+			},
 		},
 		CustomizeDiff: customdiff.All(
 			func(ctx context.Context, d *schema.ResourceDiff, meta any) error {
@@ -460,6 +466,24 @@ func ResourceInstanceRead(ctx context.Context, d *schema.ResourceData, m any) di
 
 	_ = d.Set("settings", map[string]string{})
 
+	cert, err := mongodbAPI.GetInstanceCertificate(&mongodb.GetInstanceCertificateRequest{
+		Region:     region,
+		InstanceID: ID,
+	}, scw.WithContext(ctx))
+
+	if err == nil && cert != nil {
+		certBytes, readErr := io.ReadAll(cert.Content)
+		if readErr == nil {
+			_ = d.Set("tls_certificate", string(certBytes))
+		} else {
+			diags = append(diags, diag.Diagnostic{
+				Severity: diag.Warning,
+				Summary:  "Failed to read MongoDB TLS certificate content",
+				Detail:   readErr.Error(),
+			})
+		}
+	}
+
 	return diags
 }
 
diff --git a/internal/services/mongodb/instance_test.go b/internal/services/mongodb/instance_test.go
@@ -41,6 +41,7 @@ func TestAccMongoDBInstance_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_mongodb_instance.main", "node_number", "1"),
 					resource.TestCheckResourceAttr("scaleway_mongodb_instance.main", "user_name", "my_initial_user"),
 					resource.TestCheckResourceAttr("scaleway_mongodb_instance.main", "password", "thiZ_is_v&ry_s3cret"),
+					resource.TestCheckResourceAttrSet("scaleway_mongodb_instance.main", "tls_certificate"),
 				),
 			},
 		},
diff --git a/internal/services/mongodb/testdata/mongo-db-instance-basic.cassette.yaml b/internal/services/mongodb/testdata/mongo-db-instance-basic.cassette.yaml
