refactor: change aws_kms to non forced new and add update implementat…

…ion in encryption_at_rest_resource
mongodb · Sep 13, 2019 · 0a682e2 · 0a682e2
1 parent 9828ef1
commit 0a682e2
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 15 deletions.
diff --git a/mongodbatlas/provider_test.go b/mongodbatlas/provider_test.go
@@ -60,7 +60,10 @@ func checkPeeringEnvGCP(t *testing.T) {
 func checkAwsEnv(t *testing.T) {
 	if os.Getenv("AWS_ACCESS_KEY_ID") == "" ||
 		os.Getenv("AWS_SECRET_ACCESS_KEY") == "" ||
-		os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID") == "" {
+		os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID") == "" ||
+		os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID_UPDATED") == "" ||
+		os.Getenv("AWS_ACCESS_KEY_ID_UPDATED") == "" ||
+		os.Getenv("AWS_SECRET_ACCESS_KEY_UPDATED") == "" {
 		t.Fatal("`AWS_ACCESS_KEY_ID`, `AWS_VPC_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_CUSTOMER_MASTER_KEY_ID` must be set for acceptance testing")
 	}
 }
diff --git a/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go b/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go
@@ -16,6 +16,7 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource {
 		Create:   resourceMongoDBAtlasEncryptionAtRestCreate,
 		Read:     resourceMongoDBAtlasEncryptionAtRestRead,
 		Delete:   resourceMongoDBAtlasEncryptionAtRestDelete,
+		Update:   resourceMongoDBAtlasEncryptionAtRestUpdate,
 		Importer: &schema.ResourceImporter{},
 		Schema: map[string]*schema.Schema{
 			"project_id": {
@@ -25,34 +26,28 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource {
 			},
 			"aws_kms": {
 				Type:     schema.TypeMap,
-				ForceNew: true,
 				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"enabled": {
 							Type:     schema.TypeBool,
-							ForceNew: true,
 							Required: true,
 						},
 						"access_key_id": {
 							Type:     schema.TypeString,
-							ForceNew: true,
 							Required: true,
 						},
 						"secret_access_key": {
 							Type:      schema.TypeString,
-							ForceNew:  true,
 							Required:  true,
 							Sensitive: true,
 						},
 						"customer_master_key_id": {
 							Type:     schema.TypeString,
-							ForceNew: true,
 							Required: true,
 						},
 						"region": {
 							Type:     schema.TypeString,
-							ForceNew: true,
 							Required: true,
 						},
 					},
@@ -140,19 +135,23 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource {
 	}
 }
 
+func expandAwsKms(awsKms map[string]interface{}) matlas.AwsKms {
+	awsRegion, _ := valRegion(awsKms["region"])
+	return matlas.AwsKms{
+		Enabled:             pointy.Bool(cast.ToBool(awsKms["enabled"])),
+		AccessKeyID:         awsKms["access_key_id"].(string),
+		SecretAccessKey:     awsKms["secret_access_key"].(string),
+		CustomerMasterKeyID: awsKms["customer_master_key_id"].(string),
+		Region:              awsRegion,
+	}
+}
+
 func resourceMongoDBAtlasEncryptionAtRestCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*matlas.Client)
-	awsRegion, _ := valRegion(d.Get("aws_kms.region"))
 
 	encryptionAtRestReq := &matlas.EncryptionAtRest{
 		GroupID: d.Get("project_id").(string),
-		AwsKms: matlas.AwsKms{
-			Enabled:             pointy.Bool(cast.ToBool(d.Get("aws_kms.enabled"))),
-			AccessKeyID:         d.Get("aws_kms.access_key_id").(string),
-			SecretAccessKey:     d.Get("aws_kms.secret_access_key").(string),
-			CustomerMasterKeyID: d.Get("aws_kms.customer_master_key_id").(string),
-			Region:              awsRegion,
-		},
+		AwsKms:  expandAwsKms(d.Get("aws_kms").(map[string]interface{})),
 		AzureKeyVault: matlas.AzureKeyVault{
 			Enabled:           pointy.Bool(cast.ToBool(d.Get("azure_key_vault.enabled"))),
 			ClientID:          d.Get("azure_key_vault.client_id").(string),
@@ -200,3 +199,28 @@ func resourceMongoDBAtlasEncryptionAtRestDelete(d *schema.ResourceData, meta int
 	}
 	return nil
 }
+
+func resourceMongoDBAtlasEncryptionAtRestUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*matlas.Client)
+	projectID := d.Id()
+
+	encrypt, _, err := conn.EncryptionsAtRest.Get(context.Background(), projectID)
+
+	if err != nil {
+		return fmt.Errorf("error getting encryption at rest information: %s", err)
+	}
+
+	if d.HasChange("aws_kms") {
+		encrypt.AwsKms = expandAwsKms(d.Get("aws_kms").(map[string]interface{}))
+	}
+
+	encrypt.GroupID = projectID
+
+	_, _, err = conn.EncryptionsAtRest.Create(context.Background(), encrypt)
+
+	if err != nil {
+		return fmt.Errorf("error updating encryption at rest (%s): %s", projectID, err)
+	}
+
+	return resourceMongoDBAtlasEncryptionAtRestRead(d, meta)
+}
diff --git a/mongodbatlas/resource_mongodbatlas_encryption_at_rest_test.go b/mongodbatlas/resource_mongodbatlas_encryption_at_rest_test.go
@@ -28,6 +28,14 @@ func TestAccResourceMongoDBAtlasEncryptionAtRest_basicAWS(t *testing.T) {
 		Region:              os.Getenv("AWS_REGION"),
 	}
 
+	awsKmsUpdated := matlas.AwsKms{
+		Enabled:             pointy.Bool(true),
+		AccessKeyID:         os.Getenv("AWS_ACCESS_KEY_ID_UPDATED"),
+		SecretAccessKey:     os.Getenv("AWS_SECRET_ACCESS_KEY_UPDATED"),
+		CustomerMasterKeyID: os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID_UPDATED"),
+		Region:              os.Getenv("AWS_REGION_UPDATED"),
+	}
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); checkAwsEnv(t) },
 		Providers:    testAccProviders,
@@ -46,6 +54,19 @@ func TestAccResourceMongoDBAtlasEncryptionAtRest_basicAWS(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "aws_kms.region", awsKms.Region),
 				),
 			},
+			{
+				Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(&awsKmsUpdated),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName, &encryptionAtRest),
+					testAccCheckMongoDBAtlasEncryptionAtRestAttributes(&encryptionAtRest, pointy.Bool(true)),
+					resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.enabled", cast.ToString(awsKmsUpdated.Enabled)),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.access_key_id", awsKmsUpdated.AccessKeyID),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.secret_access_key", awsKmsUpdated.SecretAccessKey),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.customer_master_key_id", awsKmsUpdated.CustomerMasterKeyID),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.region", awsKmsUpdated.Region),
+				),
+			},
 		},
 	})
 }