chore: Enable OAuth token test

.github/workflows/acceptance-tests-runner.yml

@@ -548,6 +548,38 @@ jobs:
           ACCTEST_REGEX_RUN: '^TestAccServiceAccount'
           ACCTEST_PACKAGES: ./internal/provider
         run: make testacc
+      - name: Generate OAuth2 Token
+        id: generate-token
+        shell: bash
+        env:
+          MONGODB_ATLAS_BASE_URL: ${{ inputs.mongodb_atlas_base_url }}
+          MONGODB_ATLAS_CLIENT_ID: ${{ secrets.mongodb_atlas_client_id }}
+          MONGODB_ATLAS_CLIENT_SECRET: ${{ secrets.mongodb_atlas_client_secret }}
+        run: |
+          if ! ACCESS_TOKEN=$(make generate-oauth2-token); then
+            echo "Error: Failed to generate access token"
+            exit 1
+          fi
+          if [ -z "$ACCESS_TOKEN" ]; then
+            echo "Error: Generated access token is empty"
+            exit 1
+          fi
+          {
+            echo "access_token<<EOF"
+            echo "$ACCESS_TOKEN"
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+      - name: Acceptance Tests (Access Token)
+        env:
+          MONGODB_ATLAS_PUBLIC_KEY: ""
+          MONGODB_ATLAS_PRIVATE_KEY: ""
+          MONGODB_ATLAS_CLIENT_ID: ""
+          MONGODB_ATLAS_CLIENT_SECRET: ""
+          MONGODB_ATLAS_ACCESS_TOKEN: ${{ steps.generate-token.outputs.access_token }}
+          MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }}
+          ACCTEST_REGEX_RUN: '^TestAccAccessToken'
+          ACCTEST_PACKAGES: ./internal/provider
+        run: make testacc
       - name: Acceptance Tests (Service Account smoke tests) # small selection of fast tests to run with SA
         env:
           MONGODB_ATLAS_PUBLIC_KEY: ""

Makefile

@@ -201,6 +201,10 @@ check-changelog-entry-file: ## Check a changelog entry file in a PR
 jira-release-version: ## Update Jira version in a release
 	go run ./tools/jira-release-version/*.go
 
+.PHONY: generate-oauth2-token
+generate-oauth2-token: ## Generate OAuth2 access token from Service Account credentials
+	@go run ./tools/generate-oauth2-token/*.go
+
 .PHONY: enable-autogen
 enable-autogen: ## Enable use of autogen resources in the provider
 	$(eval filename := ./internal/provider/provider.go)

internal/provider/provider_authentication_test.go

@@ -63,7 +63,6 @@ func TestAccServiceAccount_basic(t *testing.T) {
 }
 
 func TestAccAccessToken_basic(t *testing.T) {
-	acc.SkipTestForCI(t) // access token has a validity period of 1 hour, so it cannot be used in CI reliably
 	acc.SkipInPAK(t, "skipping as this test is for Token credentials only")
 	acc.SkipInSA(t, "skipping as this test is for Token credentials only")
 	var (

tools/generate-oauth2-token/main.go

@@ -0,0 +1,28 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/mongodb/atlas-sdk-go/auth/clientcredentials"
+)
+
+func main() {
+	baseURL := strings.TrimRight(os.Getenv("MONGODB_ATLAS_BASE_URL"), "/")
+	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
+	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
+	if baseURL == "" || clientID == "" || clientSecret == "" {
+		fmt.Fprintln(os.Stderr, "Error: MONGODB_ATLAS_BASE_URL, MONGODB_ATLAS_CLIENT_ID, and MONGODB_ATLAS_CLIENT_SECRET environment variables are required")
+		os.Exit(1)
+	}
+	conf := clientcredentials.NewConfig(clientID, clientSecret)
+	conf.TokenURL = baseURL + clientcredentials.TokenAPIPath
+	token, err := conf.Token(context.Background())
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Failed to generate OAuth2 token: %v\n", err)
+		os.Exit(1)
+	}
+	fmt.Print(token.AccessToken)
+}