diff --git a/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go b/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go index 401bd568ca..1a99b6c25b 100644 --- a/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go +++ b/mongodbatlas/resource_mongodbatlas_encryption_at_rest.go @@ -55,53 +55,43 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource { }, "azure_key_vault": { Type: schema.TypeMap, - ForceNew: true, Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { Type: schema.TypeBool, - ForceNew: true, Required: true, }, "client_id": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "azure_environment": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "subscription_id": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "resource_group_name": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "key_vault_name": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "key_identifier": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "secret": { Type: schema.TypeString, - ForceNew: true, Required: true, }, "tenant_id": { Type: schema.TypeString, - ForceNew: true, Required: true, }, }, @@ -135,38 +125,17 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource { } } -func expandAwsKms(awsKms map[string]interface{}) matlas.AwsKms { - awsRegion, _ := valRegion(awsKms["region"]) - return matlas.AwsKms{ - Enabled: pointy.Bool(cast.ToBool(awsKms["enabled"])), - AccessKeyID: awsKms["access_key_id"].(string), - SecretAccessKey: awsKms["secret_access_key"].(string), - CustomerMasterKeyID: awsKms["customer_master_key_id"].(string), - Region: awsRegion, - } -} - func resourceMongoDBAtlasEncryptionAtRestCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*matlas.Client) encryptionAtRestReq := &matlas.EncryptionAtRest{ - GroupID: d.Get("project_id").(string), - AwsKms: expandAwsKms(d.Get("aws_kms").(map[string]interface{})), - AzureKeyVault: matlas.AzureKeyVault{ - Enabled: pointy.Bool(cast.ToBool(d.Get("azure_key_vault.enabled"))), - ClientID: d.Get("azure_key_vault.client_id").(string), - AzureEnvironment: d.Get("azure_key_vault.azure_environment").(string), - SubscriptionID: d.Get("azure_key_vault.subscription_id").(string), - ResourceGroupName: d.Get("azure_key_vault.resource_group_name").(string), - KeyVaultName: d.Get("azure_key_vault.key_vault_name").(string), - KeyIdentifier: d.Get("azure_key_vault.key_identifier").(string), - Secret: d.Get("azure_key_vault.secret").(string), - TenantID: d.Get("azure_key_vault.tenant_id").(string), - }, + GroupID: d.Get("project_id").(string), + AwsKms: expandAwsKms(d.Get("aws_kms").(map[string]interface{})), + AzureKeyVault: expandAzureKeyVault(d.Get("azure_key_vault").(map[string]interface{})), GoogleCloudKms: matlas.GoogleCloudKms{ Enabled: pointy.Bool(cast.ToBool(d.Get("google_cloud_kms.enabled"))), - ServiceAccountKey: d.Get("google_cloud_kms.service_account_key").(string), - KeyVersionResourceID: d.Get("google_cloud_kms.key_version_resource_id").(string), + ServiceAccountKey: cast.ToString(d.Get("google_cloud_kms.service_account_key")), + KeyVersionResourceID: cast.ToString(d.Get("google_cloud_kms.key_version_resource_id")), }, } @@ -190,37 +159,62 @@ func resourceMongoDBAtlasEncryptionAtRestRead(d *schema.ResourceData, meta inter return nil } -func resourceMongoDBAtlasEncryptionAtRestDelete(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*matlas.Client) - - _, err := conn.EncryptionsAtRest.Delete(context.Background(), d.Id()) - if err != nil { - return fmt.Errorf("error deleting a encryptionAtRest (%s): %s", d.Id(), err) - } - return nil -} - func resourceMongoDBAtlasEncryptionAtRestUpdate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*matlas.Client) projectID := d.Id() encrypt, _, err := conn.EncryptionsAtRest.Get(context.Background(), projectID) - if err != nil { return fmt.Errorf("error getting encryption at rest information: %s", err) } + encrypt.GroupID = projectID if d.HasChange("aws_kms") { encrypt.AwsKms = expandAwsKms(d.Get("aws_kms").(map[string]interface{})) } - - encrypt.GroupID = projectID + if d.HasChange("azure_key_vault") { + encrypt.AzureKeyVault = expandAzureKeyVault(d.Get("azure_key_vault").(map[string]interface{})) + } _, _, err = conn.EncryptionsAtRest.Create(context.Background(), encrypt) - if err != nil { return fmt.Errorf("error updating encryption at rest (%s): %s", projectID, err) } return resourceMongoDBAtlasEncryptionAtRestRead(d, meta) } + +func resourceMongoDBAtlasEncryptionAtRestDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*matlas.Client) + + _, err := conn.EncryptionsAtRest.Delete(context.Background(), d.Id()) + if err != nil { + return fmt.Errorf("error deleting a encryptionAtRest (%s): %s", d.Id(), err) + } + return nil +} + +func expandAwsKms(awsKms map[string]interface{}) matlas.AwsKms { + awsRegion, _ := valRegion(awsKms["region"]) + return matlas.AwsKms{ + Enabled: pointy.Bool(cast.ToBool(awsKms["enabled"])), + AccessKeyID: cast.ToString(awsKms["access_key_id"]), + SecretAccessKey: cast.ToString(awsKms["secret_access_key"]), + CustomerMasterKeyID: cast.ToString(awsKms["customer_master_key_id"]), + Region: awsRegion, + } +} + +func expandAzureKeyVault(azure map[string]interface{}) matlas.AzureKeyVault { + return matlas.AzureKeyVault{ + Enabled: pointy.Bool(cast.ToBool(azure["enabled"])), + ClientID: cast.ToString(azure["client_id"]), + AzureEnvironment: cast.ToString(azure["azure_environment"]), + SubscriptionID: cast.ToString(azure["subscription_id"]), + ResourceGroupName: cast.ToString(azure["resource_group_name"]), + KeyVaultName: cast.ToString(azure["key_vault_name"]), + KeyIdentifier: cast.ToString(azure["key_identifier"]), + Secret: cast.ToString(azure["secret"]), + TenantID: cast.ToString(azure["tenant_id"]), + } +}