chore: Update CLOUDP-320243-dev-2.0.0 from master (#3435)

* chore: Fix clusterapi and add acceptance tests (#3412)

* applyOverrides uses all path parts

* complete clusterapi config

* add acc tests

* update generate code

* use full path attributes

* undo changes to applyOverrides

* remove comment

* fix test check

* electable_specs is not an array

* fix computed

* Update tools/codegen/config.yml

Co-authored-by: Agustin Bettati <bettatiagustin@gmail.com>

* improve comment

---------

Co-authored-by: Agustin Bettati <bettatiagustin@gmail.com>

* chore: Adds guide on reasons and steps for deleting a BCP-enabled cluster (#3409)

* chore: adds guide to explain how to delete cluster when BCP is enabled.

* update content.

* adds references to the resource and data source docs.

* address comments.

* address comments.

* remove unnecessary newlines.

* update autogen resources from openapi spec (#3418)

* chore: Groups compliance scripts together and adds information of compliance process in the contributing guidelines (#3420)

* refactor

* fix

* chore: Fix PATCH in auto-generated resources (#3421)

* empty lists and sets in update

* update tests

* add autogen:"includejsonupdate" in autogen tool

* support includejsonupdate

* use fieldalignment in schema files

* fix unit tests

* reduce linter exceptions

* build(deps): bump go.mongodb.org/atlas-sdk (#3423)

Co-authored-by: oarbusi <55513886+oarbusi@users.noreply.github.com>

* chore: Bump softprops/action-gh-release from 2.2.2 to 2.3.2 (#3414)

Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.2.2 to 2.3.2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@da05d55...72f2c25)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Bump github.com/hashicorp/terraform-plugin-testing (#3413)

Bumps [github.com/hashicorp/terraform-plugin-testing](https://github.com/hashicorp/terraform-plugin-testing) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/hashicorp/terraform-plugin-testing/releases)
- [Changelog](https://github.com/hashicorp/terraform-plugin-testing/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-plugin-testing@v1.13.1...v1.13.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/terraform-plugin-testing
  dependency-version: 1.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix TestAccConfigDSOrganization_noAccessShouldFail (#3426)

* feat: Adds support for cluster_project_id field for stream_connection (#3424)

* chore: Updates CHANGELOG.md for #3424

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com>
Co-authored-by: Agustin Bettati <bettatiagustin@gmail.com>
Co-authored-by: Marco Suma <marco.suma@mongodb.com>
Co-authored-by: Oriol <oriol.abadal@mongodb.com>
Co-authored-by: oarbusi <55513886+oarbusi@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kush Patel <66638373+kpatel71716@users.noreply.github.com>

Author: 7 people

.changelog/3424.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+data-source/mongodbatlas_stream_connection Adds `cluster_project_id` to allow connections to clusters in other projects within an organization
+```
+
+```release-note:enhancement
+resource/mongodbatlas_stream_connection Adds `cluster_project_id` to allow connections to clusters in other projects within an organization
+```

.github/workflows/acceptance-tests-runner.yml

@@ -280,6 +280,7 @@ jobs:
             - 'internal/provider/*.go'
           autogen:
             - 'internal/common/autogen/*.go'
+            - 'internal/serviceapi/clusterapi/*.go'
             - 'internal/serviceapi/customdbroleapi/*.go'
             - 'internal/serviceapi/databaseuserapi/*.go'
             - 'internal/serviceapi/projectapi/*.go'
@@ -513,6 +514,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key_id }}
           MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }}
           ACCTEST_PACKAGES: |
+            ./internal/serviceapi/clusterapi
             ./internal/serviceapi/customdbroleapi
             ./internal/serviceapi/databaseuserapi
             ./internal/serviceapi/projectapi

.github/workflows/generate-augmented-sbom.yml

@@ -31,7 +31,7 @@ jobs:
 
       - name: Generate PURLs from release artifacts
         run: |
-          ./scripts/generate-purls-from-release.sh "${{ inputs.release_version }}"
+          ./scripts/compliance/generate-purls-from-release.sh "${{ inputs.release_version }}"
 
       - name: Generate SBOM with Silkbomb
         run: |
@@ -40,12 +40,11 @@ jobs:
 
       - name: Get current date
         id: date
-        run: |
-          echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV"
+        run: echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
 
       - name: Augment SBOM with Kondukto
         env:
-          DATE: ${{ env.date }}
+          DATE: ${{ steps.date.outputs.date }}
           RELEASE_VERSION: ${{ inputs.release_version }}
         run: |
           make augment-sbom
@@ -55,13 +54,13 @@ jobs:
             AUTHOR: ${{ github.actor }}
             VERSION: ${{ inputs.release_version }}
             AUGMENTED_REPORT: "true"
-        run: ./scripts/gen-ssdlc-report.sh
+        run: ./scripts/compliance/gen-ssdlc-report.sh
 
       - name: Upload augmented SBOM as artifact
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: augmented_sbom_and_ssdlc_report
           path: |
-            compliance/augmented-sbom-v${{ inputs.release_version }}-${{ env.date }}.json
-            compliance/ssdlc-compliance-${{ inputs.release_version }}-${{ env.date }}.md
+            compliance/augmented-sbom-v${{ inputs.release_version }}-${{ steps.date.outputs.date }}.json
+            compliance/ssdlc-compliance-${{ inputs.release_version }}-${{ steps.date.outputs.date }}.md
           if-no-files-found: error

.github/workflows/release.yml

@@ -182,7 +182,7 @@ jobs:
           KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
           KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
       - name: Upload SBOM as release artifact
-        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631
+        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8
         with:
           files: compliance/sbom.json
           tag_name: ${{ inputs.version_number }}
@@ -207,7 +207,7 @@ jobs:
             VERSION="${TAG#v}"
             AUTHOR="${{ github.actor }}"
             export AUTHOR VERSION
-            ./scripts/gen-ssdlc-report.sh
+            ./scripts/compliance/gen-ssdlc-report.sh
           file_to_commit: 'compliance/v*/ssdlc-compliance-*.md'
           commit_message: "chore: Update SSDLC report for ${{ inputs.version_number }}"
           apix_bot_pat: ${{ secrets.APIX_BOT_PAT }}

.golangci.yml

@@ -108,7 +108,7 @@ linters:
           - gocritic
         text: "^hugeParam: req is heavy"
       - path: schema\.go # exclude rules for schema files as it's auto-genereated from OpenAPI spec
-        text: fieldalignment|hugeParam|var-naming|ST1003|S1007|exceeds the maximum|too long|regexpSimplify|nolint
+        text: var-naming|exceeds the maximum|regexpSimplify
       - path: (.+)\.go$
         text: declaration of ".*" shadows declaration at line .*
 formatters:

CHANGELOG.md

@@ -1,5 +1,10 @@
 ## (Unreleased)
 
+ENHANCEMENTS:
+
+* data-source/mongodbatlas_stream_connection Adds `cluster_project_id` to allow connections to clusters in other projects within an organization ([#3424](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/3424))
+* resource/mongodbatlas_stream_connection Adds `cluster_project_id` to allow connections to clusters in other projects within an organization ([#3424](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/3424))
+
 ## 1.36.0 (June 11, 2025)
 
 FEATURES:

Makefile

@@ -224,16 +224,16 @@ change-lines:
 
 .PHONY: gen-purls
 gen-purls: # Generate purls on linux os
-	./scripts/generate-purls.sh
+	./scripts/compliance/generate-purls.sh
 
 .PHONY: generate-sbom
 generate-sbom: ## Generate SBOM
-	./scripts/generate-sbom.sh
+	./scripts/compliance/generate-sbom.sh
 
 .PHONY: upload-sbom
 upload-sbom: ## Upload SBOM
-	./scripts/upload-sbom.sh
+	./scripts/compliance/upload-sbom.sh
 
 .PHONY: augment-sbom
 augment-sbom: ## Augment SBOM
-	./scripts/augment-sbom.sh
+	./scripts/compliance/augment-sbom.sh

contributing/README.md

@@ -9,3 +9,4 @@ Thanks for your interest in contributing to MongoDB Atlas Terraform Provider, th
 - [Changelog process](changelog-process.md)
 - [Atlas SDK](atlas-sdk.md)
 - [Enhanced Network Logging](network-logging.md)
+- [Compliance](compliance.md)

contributing/compliance.md

@@ -0,0 +1,19 @@
+# Third Party Dependencies and Vulnerability Scanning
+
+We scan our dependencies for vulnerabilities and incompatible licenses using [Snyk](https://snyk.io/).
+To run Snyk locally please follow their [CLI reference](https://support.snyk.io/hc/en-us/articles/360003812458-Getting-started-with-the-CLI).
+
+We also use Kondukto to scan for third-party dependency vulnerabilities. Kondukto creates tickets in MongoDB's issue tracking system for any vulnerabilities found.
+
+## SBOM and Compliance
+We generate Software Bill of Materials (SBOM) files for each release as part of MongoDB's SSDLC initiative. SBOM Lite files are automatically generated and included as release artifacts. Compliance reports are generated after each release and stored in the compliance/<release-version> directory.
+
+Augmented SBOMs can be generated on customer request for any released version. This can only be done by MongoDB employees as it requires access to our GitHub workflow.
+
+## Papertrail Integration
+All releases are recorded using a MongoDB-internal application called Papertrail. This records various pieces of information about releases, including the date and time of the release, who triggered the release (by pushing to Evergreen), and a checksum of each release file.
+
+This is done automatically as part of the release.
+
+## Release Artifact Signing
+All releases are signed automatically as part of the release process.

docs/data-sources/advanced_cluster (preview provider 2.0.0).md

@@ -10,6 +10,8 @@ This page describes the **Preview for MongoDB Atlas Provider 2.0.0** of `mongodb
 <br> &#8226; Changes to cluster configurations can affect costs. Before making changes, please see [Billing](https://docs.atlas.mongodb.com/billing/).
 <br> &#8226; If your Atlas project contains a custom role that uses actions introduced in a specific MongoDB version, you cannot create a cluster with a MongoDB version less than that version unless you delete the custom role.
 
+-> **NOTE:** To delete an Atlas cluster that has an associated `mongodbatlas_cloud_backup_schedule` resource and an enabled Backup Compliance Policy, first instruct Terraform to remove the `mongodbatlas_cloud_backup_schedule` resource from the state and then use Terraform to delete the cluster. To learn more, see [Delete a Cluster with a Backup Compliance Policy](../guides/delete-cluster-with-backup-compliance-policy.md).
+
 **NOTE:** This data source also includes Flex clusters.
 
 ## Example Usage