chore: Disables preview mode for EAR private endpoint so it may be no…

…rmally accessible (#2571)
mongodb · Sep 10, 2024 · ee569f6 · ee569f6
1 parent 56feda7
commit ee569f6
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 27 deletions.
diff --git a/docs/data-sources/encryption_at_rest_private_endpoint.md b/docs/data-sources/encryption_at_rest_private_endpoint.md
@@ -3,7 +3,7 @@
 `mongodbatlas_encryption_at_rest_private_endpoint` describes a private endpoint used for encryption at rest using customer-managed keys.
 
 ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. 
-Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
 
 ## Example Usages
 

diff --git a/docs/data-sources/encryption_at_rest_private_endpoints.md b/docs/data-sources/encryption_at_rest_private_endpoints.md
@@ -3,7 +3,7 @@
 `mongodbatlas_encryption_at_rest_private_endpoints` describes private endpoints of a particular cloud provider used for encryption at rest using customer-managed keys.
 
 ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. 
-Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
 
 ## Example Usages
 

diff --git a/docs/resources/encryption_at_rest_private_endpoint.md b/docs/resources/encryption_at_rest_private_endpoint.md
@@ -3,7 +3,7 @@
 `mongodbatlas_encryption_at_rest_private_endpoint` provides a resource for managing a private endpoint used for encryption at rest with customer-managed keys. This ensures all traffic between Atlas and customer key management systems take place over private network interfaces.
 
 ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. 
-Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this resource. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
 
 -> **NOTE:** As a prerequisite to configuring a private endpoint for Azure Key Vault, the corresponding [`mongodbatlas_encryption_at_rest`](encryption_at_rest) resource has to be adjust by configuring [`azure_key_vault_config.require_private_networking`](encryption_at_rest#require_private_networking) to true. This attribute should be updated in place, ensuring the customer-managed keys encryption is never disabled.
 

diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md
@@ -14,15 +14,7 @@ This example shows how to configure encryption at rest using Azure with customer
 
 The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager.
 
-**2\. Enable `MONGODB_ATLAS_ENABLE_PREVIEW` flag.**
-
-This step is needed to make use of the `mongodbatlas_encryption_at_rest_private_endpoint` resource.
-
-```
-export MONGODB_ATLAS_ENABLE_PREVIEW="true"
-```
-
-**3\. Provide the appropriate values for the input variables.**
+**2\. Provide the appropriate values for the input variables.**
 
 - `atlas_public_key`: The public API key for MongoDB Atlas
 - `atlas_private_key`: The private API key for MongoDB Atlas
@@ -41,7 +33,7 @@ export MONGODB_ATLAS_ENABLE_PREVIEW="true"
 - GET (Key Management Operation), ENCRYPT (Cryptographic Operation) and DECRYPT (Cryptographic Operation) policy permissions.
 - A `Key Vault Reader` role.
 
-**4\. Review the Terraform plan.**
+**3\. Review the Terraform plan.**
 
 Execute the following command and ensure you are happy with the plan.
 
@@ -55,15 +47,15 @@ This project will execute the following changes to acheive a successful Azure Pr
 - Approve the connection from the Azure Key Vault. This is being done through terraform with the `azapi_update_resource` resource. Alternatively, the private connection can be approved through the Azure UI or CLI.
     - CLI example command: `az keyvault private-endpoint-connection approve --approval-description {"OPTIONAL DESCRIPTION"} --resource-group {RG} --vault-name {KEY VAULT NAME} –name {PRIVATE LINK CONNECTION NAME}`
 
-**3\. Execute the Terraform apply.**
+**4\. Execute the Terraform apply.**
 
 Now execute the plan to provision the resources.
 
 ``` bash
 $ terraform apply
 ```
 
-**4\. Destroy the resources.**
+**5\. Destroy the resources.**
 
 When you have finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges.
 

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -440,11 +440,10 @@ func (p *MongodbtlasProvider) DataSources(context.Context) []func() datasource.D
 		streamprocessor.DataSource,
 		streamprocessor.PluralDataSource,
 		encryptionatrest.DataSource,
-	}
-	previewDataSources := []func() datasource.DataSource{ // Data sources not yet in GA
 		encryptionatrestprivateendpoint.DataSource,
 		encryptionatrestprivateendpoint.PluralDataSource,
 	}
+	previewDataSources := []func() datasource.DataSource{} // Data sources not yet in GA
 
 	if providerEnablePreview {
 		dataSources = append(dataSources, previewDataSources...)
@@ -464,10 +463,10 @@ func (p *MongodbtlasProvider) Resources(context.Context) []func() resource.Resou
 		streaminstance.Resource,
 		streamconnection.Resource,
 		streamprocessor.Resource,
-	}
-	previewResources := []func() resource.Resource{ // Resources not yet in GA
 		encryptionatrestprivateendpoint.Resource,
 	}
+	previewResources := []func() resource.Resource{} // Resources not yet in GA
+
 	if providerEnablePreview {
 		resources = append(resources, previewResources...)
 	}

diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go
@@ -52,7 +52,7 @@ func basicTestCase(tb testing.TB) *resource.TestCase {
 	)
 
 	return &resource.TestCase{
-		PreCheck:                 func() { acc.PreCheckBasic(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb); acc.PreCheckPreviewFlag(tb) },
+		PreCheck:                 func() { acc.PreCheckBasic(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb) },
 		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
 		CheckDestroy:             checkDestroy,
 		Steps: []resource.TestStep{
@@ -95,7 +95,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_approveEndpointWithAzureProvider(t *
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) },
+		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) },
 		ExternalProviders:        acc.ExternalProvidersOnlyAzapi(),
 		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
 		CheckDestroy:             checkDestroy,
@@ -137,7 +137,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t *
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) },
+		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) },
 		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
 		CheckDestroy:             checkDestroy,
 		Steps: []resource.TestStep{
@@ -160,7 +160,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t *
 	})
 }
 
-func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) {
+func TestAccEncryptionAtRest_azure_requirePrivateNetworking(t *testing.T) {
 	var (
 		projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID")
 
@@ -199,7 +199,6 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T
 		PreCheck: func() {
 			acc.PreCheckEncryptionAtRestPrivateEndpoint(t)
 			acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t)
-			acc.PreCheckPreviewFlag(t)
 		},
 		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
 		CheckDestroy:             acc.EARDestroy,

diff --git a/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl b/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl
@@ -3,7 +3,7 @@
 `{{.Name}}` describes a private endpoint used for encryption at rest using customer-managed keys.
 
 ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. 
-Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
 
 ## Example Usages
 

diff --git a/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl b/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl
@@ -3,7 +3,7 @@
 `{{.Name}}` describes private endpoints of a particular cloud provider used for encryption at rest using customer-managed keys.
 
 ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. 
-Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
 
 ## Example Usages
 

diff --git a/templates/resources/encryption_at_rest_private_endpoint.md.tmpl b/templates/resources/encryption_at_rest_private_endpoint.md.tmpl
@@ -3,7 +3,7 @@
 `{{.Name}}` provides a resource for managing a private endpoint used for encryption at rest with customer-managed keys. This ensures all traffic between Atlas and customer key management systems take place over private network interfaces.
 
 ~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. 
-Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this resource. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
+To learn more about existing limitations, see [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints).
 
 -> **NOTE:** As a prerequisite to configuring a private endpoint for Azure Key Vault, the corresponding [`mongodbatlas_encryption_at_rest`](encryption_at_rest) resource has to be adjust by configuring [`azure_key_vault_config.require_private_networking`](encryption_at_rest#require_private_networking) to true. This attribute should be updated in place, ensuring the customer-managed keys encryption is never disabled.