azurerm_cosmosdb_account: Adding EnableMongoRetryableWrites EnableM…

…ongoRoleBasedAccessControl and EnableUniqueCompoundNestedDocs capabilities (#19261)
hashicorp · Jan 30, 2023 · f7ba194 · f7ba194
1 parent dcabc47
commit f7ba194
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 42 deletions.
diff --git a/internal/services/cosmos/cosmosdb_account_resource.go b/internal/services/cosmos/cosmosdb_account_resource.go
@@ -45,36 +45,45 @@ var connStringPropertyMap = map[string]string{
 type databaseAccountCapabilities string
 
 const (
-	databaseAccountCapabilitiesEnableAggregationPipeline      databaseAccountCapabilities = "EnableAggregationPipeline"
-	databaseAccountCapabilitiesEnableCassandra                databaseAccountCapabilities = "EnableCassandra"
-	databaseAccountCapabilitiesEnableGremlin                  databaseAccountCapabilities = "EnableGremlin"
-	databaseAccountCapabilitiesEnableTable                    databaseAccountCapabilities = "EnableTable"
-	databaseAccountCapabilitiesEnableServerless               databaseAccountCapabilities = "EnableServerless"
-	databaseAccountCapabilitiesEnableMongo                    databaseAccountCapabilities = "EnableMongo"
-	databaseAccountCapabilitiesEnableMongo16MBDocumentSupport databaseAccountCapabilities = "EnableMongo16MBDocumentSupport"
-	databaseAccountCapabilitiesMongoDBv34                     databaseAccountCapabilities = "MongoDBv3.4"
-	databaseAccountCapabilitiesMongoEnableDocLevelTTL         databaseAccountCapabilities = "mongoEnableDocLevelTTL"
-	databaseAccountCapabilitiesDisableRateLimitingResponses   databaseAccountCapabilities = "DisableRateLimitingResponses"
-	databaseAccountCapabilitiesAllowSelfServeUpgradeToMongo36 databaseAccountCapabilities = "AllowSelfServeUpgradeToMongo36"
+	databaseAccountCapabilitiesEnableAggregationPipeline         databaseAccountCapabilities = "EnableAggregationPipeline"
+	databaseAccountCapabilitiesEnableCassandra                   databaseAccountCapabilities = "EnableCassandra"
+	databaseAccountCapabilitiesEnableGremlin                     databaseAccountCapabilities = "EnableGremlin"
+	databaseAccountCapabilitiesEnableTable                       databaseAccountCapabilities = "EnableTable"
+	databaseAccountCapabilitiesEnableServerless                  databaseAccountCapabilities = "EnableServerless"
+	databaseAccountCapabilitiesEnableMongo                       databaseAccountCapabilities = "EnableMongo"
+	databaseAccountCapabilitiesEnableMongo16MBDocumentSupport    databaseAccountCapabilities = "EnableMongo16MBDocumentSupport"
+	databaseAccountCapabilitiesMongoDBv34                        databaseAccountCapabilities = "MongoDBv3.4"
+	databaseAccountCapabilitiesMongoEnableDocLevelTTL            databaseAccountCapabilities = "mongoEnableDocLevelTTL"
+	databaseAccountCapabilitiesDisableRateLimitingResponses      databaseAccountCapabilities = "DisableRateLimitingResponses"
+	databaseAccountCapabilitiesAllowSelfServeUpgradeToMongo36    databaseAccountCapabilities = "AllowSelfServeUpgradeToMongo36"
+	databaseAccountCapabilitiesEnableMongoRetryableWrites        databaseAccountCapabilities = "EnableMongoRetryableWrites"
+	databaseAccountCapabilitiesEnableMongoRoleBasedAccessControl databaseAccountCapabilities = "EnableMongoRoleBasedAccessControl"
+	databaseAccountCapabilitiesEnableUniqueCompoundNestedDocs    databaseAccountCapabilities = "EnableUniqueCompoundNestedDocs"
 )
 
 /*
 	The mapping of capabilities and kinds of cosmosdb account confirmed by service team is as follows:
 
-EnableMongo :                    MongoDB
-EnableCassandra :                GlobalDocumentDB, Parse
-EnableGremlin :                  GlobalDocumentDB, Parse
-EnableTable :                    GlobalDocumentDB, Parse
-EnableAggregationPipeline :      GlobalDocumentDB, MongoDB, Parse
-EnableServerless :               GlobalDocumentDB, MongoDB, Parse
-MongoDBv3.4 :                    GlobalDocumentDB, MongoDB, Parse
-mongoEnableDocLevelTTL :         GlobalDocumentDB, MongoDB, Parse
-DisableRateLimitingResponses :   GlobalDocumentDB, MongoDB, Parse
-AllowSelfServeUpgradeToMongo36 : GlobalDocumentDB, MongoDB, Parse
+EnableMongo :                    	MongoDB
+EnableCassandra :                	GlobalDocumentDB, Parse
+EnableGremlin :                  	GlobalDocumentDB, Parse
+EnableTable :                    	GlobalDocumentDB, Parse
+EnableAggregationPipeline :      	GlobalDocumentDB, MongoDB, Parse
+EnableServerless :               	GlobalDocumentDB, MongoDB, Parse
+MongoDBv3.4 :                    	GlobalDocumentDB, MongoDB, Parse
+mongoEnableDocLevelTTL :         	GlobalDocumentDB, MongoDB, Parse
+DisableRateLimitingResponses :   	GlobalDocumentDB, MongoDB, Parse
+AllowSelfServeUpgradeToMongo36 : 	GlobalDocumentDB, MongoDB, Parse
+EnableMongoRetryableWrites :		MongoDB
+EnableMongoRoleBasedAccessControl : MongoDB
+EnableUniqueCompoundNestedDocs : 	MongoDB
 */
 var capabilitiesToKindMap = map[string]interface{}{
 	strings.ToLower(string(databaseAccountCapabilitiesEnableMongo)):                    []string{strings.ToLower(string(documentdb.DatabaseAccountKindMongoDB))},
 	strings.ToLower(string(databaseAccountCapabilitiesEnableMongo16MBDocumentSupport)): []string{strings.ToLower(string(documentdb.DatabaseAccountKindMongoDB))},
+	strings.ToLower(string(databaseAccountCapabilitiesEnableMongoRetryableWrites)):     []string{strings.ToLower(string(documentdb.DatabaseAccountKindMongoDB))},
+	strings.ToLower(string(databaseAccountCapabilitiesEnableMongoRetryableWrites)):     []string{strings.ToLower(string(documentdb.DatabaseAccountKindMongoDB))},
+	strings.ToLower(string(databaseAccountCapabilitiesEnableUniqueCompoundNestedDocs)): []string{strings.ToLower(string(documentdb.DatabaseAccountKindMongoDB))},
 	strings.ToLower(string(databaseAccountCapabilitiesEnableCassandra)):                []string{strings.ToLower(string(documentdb.DatabaseAccountKindGlobalDocumentDB)), strings.ToLower(string(documentdb.DatabaseAccountKindParse))},
 	strings.ToLower(string(databaseAccountCapabilitiesEnableGremlin)):                  []string{strings.ToLower(string(documentdb.DatabaseAccountKindGlobalDocumentDB)), strings.ToLower(string(documentdb.DatabaseAccountKindParse))},
 	strings.ToLower(string(databaseAccountCapabilitiesEnableTable)):                    []string{strings.ToLower(string(documentdb.DatabaseAccountKindGlobalDocumentDB)), strings.ToLower(string(documentdb.DatabaseAccountKindParse))},
@@ -396,6 +405,9 @@ func resourceCosmosDbAccount() *pluginsdk.Resource {
 								string(databaseAccountCapabilitiesMongoEnableDocLevelTTL),
 								string(databaseAccountCapabilitiesDisableRateLimitingResponses),
 								string(databaseAccountCapabilitiesAllowSelfServeUpgradeToMongo36),
+								string(databaseAccountCapabilitiesEnableMongoRetryableWrites),
+								string(databaseAccountCapabilitiesEnableMongoRoleBasedAccessControl),
+								string(databaseAccountCapabilitiesEnableUniqueCompoundNestedDocs),
 							}, false),
 						},
 					},
@@ -1854,18 +1866,22 @@ func flattenCosmosdbAccountDatabasesToRestore(input *[]documentdb.DatabaseRestor
 }
 
 func checkCapabilitiesCanBeUpdated(kind string, oldCapabilities *[]documentdb.Capability, newCapabilities *[]documentdb.Capability) bool {
-	// The feedback from service team : "DisableRateLimitingResponses", "AllowSelfServeUpgradeToMongo36","EnableAggregationPipeline","MongoDBv3.4"
-	// , "mongoEnableDocLevelTTL" and "EnableMongo16MBDocumentSupport" of capabilities can be added to an existing account, others can not.
+	// The feedback from service team : capabilities that can be added to an existing account
 	canBeAddedCaps := []string{
 		strings.ToLower(string(databaseAccountCapabilitiesDisableRateLimitingResponses)),
 		strings.ToLower(string(databaseAccountCapabilitiesAllowSelfServeUpgradeToMongo36)),
 		strings.ToLower(string(databaseAccountCapabilitiesEnableAggregationPipeline)),
 		strings.ToLower(string(databaseAccountCapabilitiesMongoDBv34)),
 		strings.ToLower(string(databaseAccountCapabilitiesMongoEnableDocLevelTTL)),
-		strings.ToLower(string(databaseAccountCapabilitiesEnableMongo16MBDocumentSupport))}
+		strings.ToLower(string(databaseAccountCapabilitiesEnableMongo16MBDocumentSupport)),
+		strings.ToLower(string(databaseAccountCapabilitiesEnableMongoRetryableWrites)),
+		strings.ToLower(string(databaseAccountCapabilitiesEnableMongoRoleBasedAccessControl)),
+		strings.ToLower(string(databaseAccountCapabilitiesEnableUniqueCompoundNestedDocs)),
+	}
 
-	// The feedback from service team : only "DisableRateLimitingResponses" of capabilities can be removed to an existing account.
+	// The feedback from service team: capabilities that can be removed from an existing account
 	canBeRemovedCaps := []string{
+		strings.ToLower(string(databaseAccountCapabilitiesEnableMongoRetryableWrites)),
 		strings.ToLower(string(databaseAccountCapabilitiesDisableRateLimitingResponses)),
 	}
 

diff --git a/internal/services/cosmos/cosmosdb_account_resource_test.go b/internal/services/cosmos/cosmosdb_account_resource_test.go
@@ -2891,6 +2891,18 @@ resource "azurerm_cosmosdb_account" "test" {
     name = "EnableMongo16MBDocumentSupport"
   }
 
+  capabilities {
+    name = "EnableMongoRetryableWrites"
+  }
+
+  capabilities {
+    name = "EnableMongoRoleBasedAccessControl"
+  }
+
+  capabilities {
+    name = "EnableUniqueCompoundNestedDocs"
+  }
+
   consistency_policy {
     consistency_level = "%s"
   }

diff --git a/website/docs/r/cosmosdb_account.html.markdown b/website/docs/r/cosmosdb_account.html.markdown
@@ -70,15 +70,15 @@ resource "azurerm_cosmosdb_account" "db" {
 
 The following arguments are supported:
 
-* `name` - (Required) Specifies the name of the CosmosDB Account. Changing this forces a new resource to be created. 
+* `name` - (Required) Specifies the name of the CosmosDB Account. Changing this forces a new resource to be created.
 
 * `resource_group_name` - (Required) The name of the resource group in which the CosmosDB Account is created. Changing this forces a new resource to be created.
 
-* `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. 
+* `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
 
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
-* `offer_type` - (Required) Specifies the Offer Type to use for this CosmosDB Account - currently this can only be set to `Standard`.
+* `offer_type` - (Required) Specifies the Offer Type to use for this CosmosDB Account; currently, this can only be set to `Standard`.
 
 * `analytical_storage` - (Optional) An `analytical_storage` block as defined below.
 
@@ -96,17 +96,17 @@ The following arguments are supported:
 
 * `geo_location` - (Required) Specifies a `geo_location` resource, used to define where data should be replicated with the `failover_priority` 0 specifying the primary location. Value is a `geo_location` block as defined below.
 
-* `ip_range_filter` - (Optional) CosmosDB Firewall Support: This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IP's for a given database account. IP addresses/ranges must be comma separated and must not contain any spaces.
+* `ip_range_filter` - (Optional) CosmosDB Firewall Support: This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs for a given database account. IP addresses/ranges must be comma separated and must not contain any spaces.
 
 ~> **NOTE:** To enable the "Allow access from the Azure portal" behavior, you should add the IP addresses provided by the [documentation](https://docs.microsoft.com/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal) to this list.
 
 ~> **NOTE:** To enable the "Accept connections from within public Azure datacenters" behavior, you should add `0.0.0.0` to the list, see the [documentation](https://docs.microsoft.com/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-global-azure-datacenters-or-other-sources-within-azure) for more details.
 
-* `enable_free_tier` - (Optional) Enable Free Tier pricing option for this Cosmos DB account. Defaults to `false`. Changing this forces a new resource to be created.
+* `enable_free_tier` - (Optional) Enable the Free Tier pricing option for this Cosmos DB account. Defaults to `false`. Changing this forces a new resource to be created.
 
 * `analytical_storage_enabled` - (Optional) Enable Analytical Storage option for this Cosmos DB account. Defaults to `false`. Enabling and then disabling analytical storage forces a new resource to be created.
 
-* `enable_automatic_failover` - (Optional) Enable automatic fail over for this Cosmos DB account.
+* `enable_automatic_failover` - (Optional) Enable automatic failover for this Cosmos DB account.
 
 * `public_network_access_enabled` - (Optional) Whether or not public network access is allowed for this CosmosDB account. Defaults to `true`.
 
@@ -149,8 +149,10 @@ The following arguments are supported:
 The `consistency_policy` block Configures the database consistency and supports the following:
 
 * `consistency_level` - (Required) The Consistency Level to use for this CosmosDB Account - can be either `BoundedStaleness`, `Eventual`, `Session`, `Strong` or `ConsistentPrefix`.
-* `max_interval_in_seconds` - (Optional) When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is `5` - `86400` (1 day). Defaults to `5`. Required when `consistency_level` is set to `BoundedStaleness`.
-* `max_staleness_prefix` - (Optional) When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is `10` – `2147483647`. Defaults to `100`. Required when `consistency_level` is set to `BoundedStaleness`.
+
+* `max_interval_in_seconds` - (Optional) When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. The accepted range for this value is `5` - `86400` (1 day). Defaults to `5`. Required when `consistency_level` is set to `BoundedStaleness`.
+
+* `max_staleness_prefix` - (Optional) When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. The accepted range for this value is `10` – `2147483647`. Defaults to `100`. Required when `consistency_level` is set to `BoundedStaleness`.
 
 ~> **Note:** `max_interval_in_seconds` and `max_staleness_prefix` can only be set to custom values when `consistency_level` is set to `BoundedStaleness` - otherwise they will return the default values shown above.
 
@@ -159,20 +161,22 @@ The `consistency_policy` block Configures the database consistency and supports
 The `geo_location` block Configures the geographic locations the data is replicated to and supports the following:
 
 * `location` - (Required) The name of the Azure region to host replicated data.
+
 * `failover_priority` - (Required) The failover priority of the region. A failover priority of `0` indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. Changing this causes the location to be re-provisioned and cannot be changed for the location with failover priority `0`.
+
 * `zone_redundant` - (Optional) Should zone redundancy be enabled for this region? Defaults to `false`.
 
 ---
 
-A `capabilities` block Configures the capabilities to enable for this Cosmos DB account:
+A `capabilities` block Configures the capabilities to be enabled for this Cosmos DB account:
 
-* `name` - (Required) The capability to enable - Possible values are `AllowSelfServeUpgradeToMongo36`, `DisableRateLimitingResponses`, `EnableAggregationPipeline`, `EnableCassandra`, `EnableGremlin`, `EnableMongo`, `EnableMongo16MBDocumentSupport`, `EnableTable`, `EnableServerless`, `MongoDBv3.4` and `mongoEnableDocLevelTTL`.
+* `name` - (Required) The capability to enable - Possible values are `AllowSelfServeUpgradeToMongo36`, `DisableRateLimitingResponses`, `EnableAggregationPipeline`, `EnableCassandra`, `EnableGremlin`, `EnableMongo`, `EnableMongo16MBDocumentSupport`, `EnableMongoRetryableWrites`, `EnableMongoRoleBasedAccessControl`, `EnableServerless`, `EnableTable`, `EnableUniqueCompoundNestedDocs`, `MongoDBv3.4` and `mongoEnableDocLevelTTL`. Changing this forces a new resource to be created in certain cases as defined below.
 
 ~> **NOTE:** Setting `MongoDBv3.4` also requires setting `EnableMongo`. 
 
-~> **NOTE:** Only `AllowSelfServeUpgradeToMongo36`, `DisableRateLimitingResponses`, `EnableAggregationPipeline`, `MongoDBv3.4`, `EnableMongo16MBDocumentSupport` and `mongoEnableDocLevelTTL` can be added to an existing Cosmos DB account.
+~> **NOTE:** Only `AllowSelfServeUpgradeToMongo36`, `DisableRateLimitingResponses`, `EnableAggregationPipeline`, `MongoDBv3.4`, `EnableMongoRetryableWrites`, `EnableMongoRoleBasedAccessControl`, `EnableUniqueCompoundNestedDocs`, `EnableMongo16MBDocumentSupport` and `mongoEnableDocLevelTTL` can be added to an existing Cosmos DB account.
 
-~> **NOTE:** Only `DisableRateLimitingResponses` can be removed from an existing Cosmos DB account.
+~> **NOTE:** Only `DisableRateLimitingResponses` and `EnableMongoRetryableWrites` can be removed from an existing Cosmos DB account.
 
 ---
 
@@ -183,7 +187,7 @@ The `virtual_network_rule` block Configures the virtual network subnets allowed
 
 ---
 
-A `analytical_storage` block supports the following:
+An `analytical_storage` block supports the following:
 
 * `schema_type` - (Required) The schema type of the Analytical Storage for this Cosmos DB account. Possible values are `FullFidelity` and `WellDefined`.
 
@@ -203,15 +207,15 @@ A `backup` block supports the following:
 
 * `retention_in_hours` - (Optional) The time in hours that each backup is retained. This is configurable only when `type` is `Periodic`. Possible values are between 8 and 720.
 
-* `storage_redundancy` - (Optional) The storage redundancy which is used to indicate type of backup residency. This is configurable only when `type` is `Periodic`. Possible values are `Geo`, `Local` and `Zone`.
+* `storage_redundancy` - (Optional) The storage redundancy is used to indicate the type of backup residency. This is configurable only when `type` is `Periodic`. Possible values are `Geo`, `Local` and `Zone`.
 
 ---
 
 A `cors_rule` block supports the following:
 
 * `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.
 
-* `allowed_methods` - (Required) A list of HTTP headers that are allowed to be executed by the origin. Valid options are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`.
+* `allowed_methods` - (Required) A list of HTTP headers that are allowed to be executed by the origin. Valid options are  `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`.
 
 * `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS.
 
@@ -221,7 +225,7 @@ A `cors_rule` block supports the following:
 
 ---
 
-A `identity` block supports the following:
+An `identity` block supports the following:
 
 * `type` - (Required) The Type of Managed Identity assigned to this Cosmos account. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`.
 
@@ -233,7 +237,7 @@ A `restore` block supports the following:
 
 * `source_cosmosdb_account_id` - (Required) The resource ID of the restorable database account from which the restore has to be initiated. The example is `/subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName}`. Changing this forces a new resource to be created.
 
-~> **NOTE:** Any database account with `Continuous` type (live account or accounts deleted in last 30 days) are the restorable database accounts and there cannot be Create/Update/Delete operations on the restorable database accounts. They can only be read and be retrieved by `azurerm_cosmosdb_restorable_database_accounts`.
+~> **NOTE:** Any database account with `Continuous` type (live account or accounts deleted in last 30 days) is a restorable database account and there cannot be Create/Update/Delete operations on the restorable database accounts. They can only be read and retrieved by `azurerm_cosmosdb_restorable_database_accounts`.
 
 * `restore_timestamp_in_utc` - (Required) The creation time of the database or the collection (Datetime Format `RFC 3339`). Changing this forces a new resource to be created.