Validate One Atlas Resource Policy

POST /api/atlas/v2/orgs/{orgId}/resourcePolicies:validate

Validate one Atlas Resource Policy for an org.

Atlas Resource Policies

Path parameters

  • orgId string Required

    Unique 24-hexadecimal digit string that identifies the organization that contains your projects. Use the /orgs endpoint to retrieve all organizations to which the authenticated user has access.

    Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

    Prettyprint
application/vnd.atlas.2024-08-05+json

Body Required

Atlas Resource Policy to create.

  • description string

    Description of the atlas resource policy.

  • name string Required

    Human-readable label that describes the atlas resource policy.

  • policies array[object] Required

    List of policies that make up the atlas resource policy.

    Hide policies attribute Show policies attribute object
    • body string Required

      A string that defines the permissions for the policy. The syntax used is the Cedar Policy language.

Responses

  • 200 application/vnd.atlas.2024-08-05+json

    Ok

    Hide response attributes Show response attributes object
    • createdByUser object

      The user that last updated the atlas resource policy.

      Hide createdByUser attributes Show createdByUser attributes object
      • id string

        Unique 24-hexadecimal character string that identifies a user.

        Format should match the following pattern: ^([a-f0-9]{24})$.

      • name string

        Human-readable label that describes a user.

    • createdDate string(date-time)

      Date and time in UTC when the atlas resource policy was created.

    • description string

      Description of the atlas resource policy.

    • id string

      Unique 24-hexadecimal character string that identifies the atlas resource policy.

      Format should match the following pattern: ^([a-f0-9]{24})$.

    • lastUpdatedByUser object

      The user that last updated the atlas resource policy.

      Hide lastUpdatedByUser attributes Show lastUpdatedByUser attributes object
      • id string

        Unique 24-hexadecimal character string that identifies a user.

        Format should match the following pattern: ^([a-f0-9]{24})$.

      • name string

        Human-readable label that describes a user.

    • lastUpdatedDate string(date-time)

      Date and time in UTC when the atlas resource policy was last updated.

    • name string

      Human-readable label that describes the atlas resource policy.

    • orgId string

      Unique 24-hexadecimal character string that identifies the organization the atlas resource policy belongs to.

      Format should match the following pattern: ^([a-f0-9]{24})$.

    • policies array[object]

      List of policies that make up the atlas resource policy.

      Hide policies attributes Show policies attributes object
      • body string

        A string that defines the permissions for the policy. The syntax used is the Cedar Policy language.

      • id string

        Unique 24-hexadecimal character string that identifies the policy.

        Format should match the following pattern: ^([a-f0-9]{24})$.

    • version string

      A string that identifies the version of the atlas resource policy.

  • 400 application/vnd.atlas.2024-08-05+json

    Bad request.

    Hide response attributes Show response attributes object
    • errorType string

      Human-readable label that displays the type of an error.

      Values are POLICY_PARSING_ERROR, POLICY_HAS_FAILED_VALIDATIONS, POLICY_HAS_INVALID_PRINCIPAL, POLICY_HAS_BODY_EXCEEDING_MAX_SIZE, or POLICY_HAS_UNEXPECTED_ENTITIES.

    • invalidPolicies array[object]

      List of invalid policies containing details of their validation errors.

      Hide invalidPolicies attributes Show invalidPolicies attributes object
      • body string

        A string that defines the permissions for the policy. The syntax used is the Cedar Policy language.

      • errors array[object]

        List of validation errors.

        Hide errors attribute Show errors attribute object
        • detail string

          A string that provides a detailed description of a validation error.

  • 401 application/json

    Unauthorized.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 403 application/json

    Forbidden.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 404 application/json

    Not Found.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

POST /api/atlas/v2/orgs/{orgId}/resourcePolicies:validate
atlas api validateAtlasResourcePolicy --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	client, err := sdk.NewClient(
		sdk.UseOAuthAuth(clientID, clientSecret),
		sdk.UseBaseURL(url))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.ValidateAtlasResourcePolicyApiParams{}
	sdkResp, httpResp, err := client.ResourcePoliciesApi.
		ValidateAtlasResourcePolicyWithParams(ctx, params).
		Execute()
}
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  --header "Content-Type: application/json" \
  -X POST "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/resourcePolicies:validate" \
  -d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  --header "Content-Type: application/json" \
  -X POST "https://cloud.mongodb.com/api/atlas/v2/orgs/{orgId}/resourcePolicies:validate" \
  -d '{ <Payload> }'
Request examples
{
  "description": "string",
  "name": "string",
  "policies": [
    {
      "body": "  forbid (\n    principal,\n    action == cloud::Action::\"cluster.createEdit\",\n    resource\n  ) when {\n   context.cluster.regions.contains(cloud::region::\"aws:us-east-1\")\n  };\n"
    }
  ]
}
Response examples (200)
{
  "createdByUser": {
    "id": "32b6e34b3d91647abb20e7b8",
    "name": "string"
  },
  "createdDate": "2025-05-04T09:42:00Z",
  "description": "string",
  "id": "32b6e34b3d91647abb20e7b8",
  "lastUpdatedByUser": {
    "id": "32b6e34b3d91647abb20e7b8",
    "name": "string"
  },
  "lastUpdatedDate": "2025-05-04T09:42:00Z",
  "name": "string",
  "orgId": "32b6e34b3d91647abb20e7b8",
  "policies": [
    {
      "body": "  forbid (\n    principal,\n    action == cloud::Action::\"cluster.createEdit\",\n    resource\n  ) when {\n   context.cluster.regions.contains(cloud::region::\"aws:us-east-1\")\n  };\n",
      "id": "32b6e34b3d91647abb20e7b8"
    }
  ],
  "version": "v1"
}
Response examples (400)
{
  "errorType": "POLICY_PARSING_ERROR",
  "invalidPolicies": [
    {
      "body": "  forbid (\n    principal,\n    action == cloud::Action::\"cluster.createEdit\",\n    resource\n  ) when {\n   context.cluster.regions.contains(cloud::region::\"aws:us-east-1\")\n  };\n",
      "errors": [
        {
          "detail": "string"
        }
      ]
    }
  ]
}
Response examples (401)
{
  "error": 401,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Unauthorized",
  "errorCode": "NOT_ORG_GROUP_CREATOR"
}
Response examples (403)
{
  "error": 403,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Forbidden",
  "errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
Response examples (404)
{
  "error": 404,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "reason": "Not Found",
  "errorCode": "RESOURCE_NOT_FOUND"
}
Response examples (500)
{
  "error": 500,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Internal Server Error",
  "errorCode": "UNEXPECTED_ERROR"
}