From 03c49fdfef6df2a4c16ce34319983db8873fcf21 Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:28:13 +0100 Subject: [PATCH 01/20] update sdk dev (#2490) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 291b2d375b..11e45eaffb 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/zclconf/go-cty v1.15.0 go.mongodb.org/atlas v0.36.0 go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 - go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.0 + go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240809201355-5fc86d455f4c go.mongodb.org/realm v0.1.0 ) diff --git a/go.sum b/go.sum index 2910145caf..6e55e5623c 100644 --- a/go.sum +++ b/go.sum @@ -782,8 +782,8 @@ go.mongodb.org/atlas v0.36.0 h1:m05S3AO7zkl+bcG1qaNsEKBnAqnKx2FDwLooHpIG3j4= go.mongodb.org/atlas v0.36.0/go.mod h1:nfPldE9dSama6G2IbIzmEza02Ly7yFZjMMVscaM0uEc= go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 h1:d/gbYJ+obR0EM/3DZf7+ZMi2QWISegm3mid7Or708cc= go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0/go.mod h1:O47ZrMMfcWb31wznNIq2PQkkdoFoK0ea2GlmRqGJC2s= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.0 h1:EwA2g7i4JYc0b/oE7zvvOH+POYVrHrWR7BONex3MFTA= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.0/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= +go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240809201355-5fc86d455f4c h1:8mh2UocF0IYCc0tr4oWGrIEcuc7PqLg6GgHMFgN4fWU= +go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240809201355-5fc86d455f4c/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M= go.mongodb.org/realm v0.1.0/go.mod h1:4Vj6iy+Puo1TDERcoh4XZ+pjtwbOzPpzqy3Cwe8ZmDM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= From 8892a15f371146f32a25e1216a47998c0971910c Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Tue, 13 Aug 2024 15:00:52 +0100 Subject: [PATCH 02/20] chore: Creates TF models & interfaces for new `mongodbatlas_encryption_at_rest_private_endpoint` resource (#2493) --- internal/provider/provider.go | 5 +- .../encryptionatrestprivateendpoint/model.go | 34 +++++ .../model_test.go | 121 ++++++++++++++++++ .../resource.go | 110 ++++++++++++++++ .../resource_schema.go | 66 ++++++++++ .../resource_test.go | 29 +++++ .../tfplugingen/generator_config.yml | 15 +++ 7 files changed, 379 insertions(+), 1 deletion(-) create mode 100644 internal/service/encryptionatrestprivateendpoint/model.go create mode 100644 internal/service/encryptionatrestprivateendpoint/model_test.go create mode 100644 internal/service/encryptionatrestprivateendpoint/resource.go create mode 100644 internal/service/encryptionatrestprivateendpoint/resource_schema.go create mode 100644 internal/service/encryptionatrestprivateendpoint/resource_test.go create mode 100644 internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 71932f8aa6..8dd43e6014 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -31,6 +31,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/controlplaneipaddresses" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/databaseuser" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/project" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/projectipaccesslist" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/pushbasedlogexport" @@ -453,7 +454,9 @@ func (p *MongodbtlasProvider) Resources(context.Context) []func() resource.Resou streaminstance.Resource, streamconnection.Resource, } - previewResources := []func() resource.Resource{} // Resources not yet in GA + previewResources := []func() resource.Resource{ // Resources not yet in GA + encryptionatrestprivateendpoint.Resource, + } if providerEnablePreview { resources = append(resources, previewResources...) } diff --git a/internal/service/encryptionatrestprivateendpoint/model.go b/internal/service/encryptionatrestprivateendpoint/model.go new file mode 100644 index 0000000000..b15174058f --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/model.go @@ -0,0 +1,34 @@ +package encryptionatrestprivateendpoint + +import ( + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" + "go.mongodb.org/atlas-sdk/v20240805001/admin" +) + +func NewTFEarPrivateEndpoint(apiResp *admin.EARPrivateEndpoint) *TFEarPrivateEndpointModel { + if apiResp == nil { + return nil + } + return &TFEarPrivateEndpointModel{ + CloudProvider: conversion.StringNullIfEmpty(apiResp.GetCloudProvider()), + ErrorMessage: conversion.StringNullIfEmpty(apiResp.GetErrorMessage()), + ID: conversion.StringNullIfEmpty(apiResp.GetId()), + RegionName: conversion.StringNullIfEmpty(apiResp.GetRegionName()), + Status: conversion.StringNullIfEmpty(apiResp.GetStatus()), + PrivateEndpointConnectionName: conversion.StringNullIfEmpty(apiResp.GetPrivateEndpointConnectionName()), + } +} + +func NewEarPrivateEndpointReq(tfPlan *TFEarPrivateEndpointModel) *admin.EARPrivateEndpoint { + if tfPlan == nil { + return nil + } + return &admin.EARPrivateEndpoint{ + CloudProvider: tfPlan.CloudProvider.ValueStringPointer(), + ErrorMessage: tfPlan.ErrorMessage.ValueStringPointer(), + Id: tfPlan.ID.ValueStringPointer(), + RegionName: tfPlan.RegionName.ValueStringPointer(), + Status: tfPlan.Status.ValueStringPointer(), + PrivateEndpointConnectionName: tfPlan.PrivateEndpointConnectionName.ValueStringPointer(), + } +} diff --git a/internal/service/encryptionatrestprivateendpoint/model_test.go b/internal/service/encryptionatrestprivateendpoint/model_test.go new file mode 100644 index 0000000000..6f9fcf9755 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/model_test.go @@ -0,0 +1,121 @@ +package encryptionatrestprivateendpoint_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" + "github.com/stretchr/testify/assert" + "go.mongodb.org/atlas-sdk/v20240805001/admin" +) + +const ( + testCloudProvider = "AZURE" + testErrMsg = "error occurred" + testID = "6666666999999adsfsgdg" + testRegionName = "US_EAST" + testStatus = "PENDING_ACCEPTANCE" + testPEConnectionName = "mongodb-atlas-US_EAST-666666666067bd1e20a8bf14" +) + +type sdkToTFModelTestCase struct { + SDKResp *admin.EARPrivateEndpoint + expectedTFModel *encryptionatrestprivateendpoint.TFEarPrivateEndpointModel +} + +func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { + testCases := map[string]sdkToTFModelTestCase{ + "Complete SDK response": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString(""), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(testStatus), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedTFModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ + CloudProvider: types.StringValue(testCloudProvider), + ErrorMessage: types.StringNull(), + ID: types.StringValue(testID), + RegionName: types.StringValue(testRegionName), + Status: types.StringValue(testStatus), + PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + }, + }, + "Complete SDK response with error message": { + SDKResp: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString(testErrMsg), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(testStatus), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + expectedTFModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ + CloudProvider: types.StringValue(testCloudProvider), + ErrorMessage: types.StringValue(testErrMsg), + ID: types.StringValue(testID), + RegionName: types.StringValue(testRegionName), + Status: types.StringValue(testStatus), + PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + }, + }, + } + + for testName, tc := range testCases { + t.Run(testName, func(t *testing.T) { + resultModel := encryptionatrestprivateendpoint.NewTFEarPrivateEndpoint(tc.SDKResp) + assert.Equal(t, tc.expectedTFModel, resultModel, "created terraform model did not match expected output") + }) + } +} + +type tfToSDKModelTestCase struct { + tfModel *encryptionatrestprivateendpoint.TFEarPrivateEndpointModel + expectedSDKReq *admin.EARPrivateEndpoint +} + +func TestEncryptionAtRestPrivateEndpointTFModelToSDK(t *testing.T) { + testCases := map[string]tfToSDKModelTestCase{ + "Complete TF state": { + tfModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ + CloudProvider: types.StringValue(testCloudProvider), + ErrorMessage: types.StringNull(), + ID: types.StringValue(testID), + RegionName: types.StringValue(testRegionName), + Status: types.StringValue(testStatus), + PrivateEndpointConnectionName: types.StringValue(testPEConnectionName)}, + expectedSDKReq: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: nil, + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(testStatus), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName)}, + }, + "Complete TF state with error message": { + tfModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ + CloudProvider: types.StringValue(testCloudProvider), + ErrorMessage: types.StringValue(testErrMsg), + ID: types.StringValue(testID), + RegionName: types.StringValue(testRegionName), + Status: types.StringValue(testStatus), + PrivateEndpointConnectionName: types.StringValue(testPEConnectionName)}, + expectedSDKReq: &admin.EARPrivateEndpoint{ + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString(testErrMsg), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(testStatus), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName)}, + }, + } + + for testName, tc := range testCases { + t.Run(testName, func(t *testing.T) { + apiReqResult := encryptionatrestprivateendpoint.NewEarPrivateEndpointReq(tc.tfModel) + assert.Equal(t, tc.expectedSDKReq, apiReqResult, "created sdk model did not match expected output") + }) + } +} diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go new file mode 100644 index 0000000000..55ea8f3ab1 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -0,0 +1,110 @@ +//nolint:gocritic +package encryptionatrestprivateendpoint + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" +) + +const ( + encryptionAtRestPrivateEndpointName = "encryption_at_rest_private_endpoint" + warnUnsupportedOperation = "Operation not supported" +) + +var _ resource.ResourceWithConfigure = &encryptionAtRestPrivateEndpointRS{} +var _ resource.ResourceWithImportState = &encryptionAtRestPrivateEndpointRS{} + +func Resource() resource.Resource { + return &encryptionAtRestPrivateEndpointRS{ + RSCommon: config.RSCommon{ + ResourceName: encryptionAtRestPrivateEndpointName, + }, + } +} + +type encryptionAtRestPrivateEndpointRS struct { + config.RSCommon +} + +func (r *encryptionAtRestPrivateEndpointRS) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = ResourceSchema(ctx) +} + +func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var earPrivateEndpointPlan TFEarPrivateEndpointModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &earPrivateEndpointPlan)...) + if resp.Diagnostics.HasError() { + return + } + + // encryptionAtRestPrivateEndpointReq := NewEarPrivateEndpointReq(&earPrivateEndpointPlan) + + // TODO: make POST request to Atlas API and handle error in response + // connV2 := r.Client.AtlasV2 + // if err != nil { + // resp.Diagnostics.AddError("error creating resource", err.Error()) + // return + //} + + // TODO: process response into new terraform state + // newencryptionAtRestPrivateEndpointModel := NewTFencryptionAtRestPrivateEndpoint(apiResp) + // resp.Diagnostics.Append(resp.State.Set(ctx, newencryptionAtRestPrivateEndpointModel)...) +} + +func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var earPrivateEndpointState TFEarPrivateEndpointModel + resp.Diagnostics.Append(req.State.Get(ctx, &earPrivateEndpointState)...) + if resp.Diagnostics.HasError() { + return + } + + // TODO: make get request to resource + // connV2 := r.Client.AtlasV2 + // if err != nil { + // if apiResp != nil && apiResp.StatusCode == http.StatusNotFound { + // resp.State.RemoveResource(ctx) + // return + // } + // resp.Diagnostics.AddError("error fetching resource", err.Error()) + // return + //} + + // TODO: process response into new terraform state + // resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(apiResp))...) +} + +func (r *encryptionAtRestPrivateEndpointRS) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + resp.Diagnostics.AddWarning(warnUnsupportedOperation, "Updating the private endpoint for encryption at rest is not supported. To modify your infrastructure, please delete the existing mongodbatlas_encryption_at_rest_private_endpoint resource and create a new one with the necessary updates") +} + +func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var earPrivateEndpointState *TFEarPrivateEndpointModel + resp.Diagnostics.Append(req.State.Get(ctx, &earPrivateEndpointState)...) + if resp.Diagnostics.HasError() { + return + } + + // TODO: make Delete request to Atlas API + + // connV2 := r.Client.AtlasV2 + // if _, _, err := connV2.Api.Delete().Execute(); err != nil { + // resp.Diagnostics.AddError("error deleting resource", err.Error()) + // return + // } +} + +func (r *encryptionAtRestPrivateEndpointRS) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + // TODO: parse req.ID string taking into account documented format. Example: + + // projectID, other, err := splitencryptionAtRestPrivateEndpointImportID(req.ID) + // if err != nil { + // resp.Diagnostics.AddError("error splitting import ID", err.Error()) + // return + //} + + // TODO: define attributes that are required for read operation to work correctly. Example: + + // resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), projectID)...) +} diff --git a/internal/service/encryptionatrestprivateendpoint/resource_schema.go b/internal/service/encryptionatrestprivateendpoint/resource_schema.go new file mode 100644 index 0000000000..076488886c --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/resource_schema.go @@ -0,0 +1,66 @@ +package encryptionatrestprivateendpoint + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +func ResourceSchema(ctx context.Context) schema.Schema { + return schema.Schema{ + Attributes: map[string]schema.Attribute{ + "cloud_provider": schema.StringAttribute{ + Required: true, + Description: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", + MarkdownDescription: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", + }, + "endpoint_id": schema.StringAttribute{ + Computed: true, + Description: "Unique 24-hexadecimal digit string that identifies the private endpoint.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the private endpoint.", + }, + "error_message": schema.StringAttribute{ + Computed: true, + Description: "Error message for failures associated with the Encryption At Rest private endpoint.", + MarkdownDescription: "Error message for failures associated with the Encryption At Rest private endpoint.", + }, + "project_id": schema.StringAttribute{ + Required: true, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + }, + "id": schema.StringAttribute{ + Computed: true, + Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + }, + "private_endpoint_connection_name": schema.StringAttribute{ + Computed: true, + Description: "Connection name of the Azure Private Endpoint.", + MarkdownDescription: "Connection name of the Azure Private Endpoint.", + }, + "region_name": schema.StringAttribute{ + Required: true, + Description: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + MarkdownDescription: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + }, + "status": schema.StringAttribute{ + Computed: true, + Description: "State of the Encryption At Rest private endpoint.", + MarkdownDescription: "State of the Encryption At Rest private endpoint.", + }, + }, + } +} + +type TFEarPrivateEndpointModel struct { + CloudProvider types.String `tfsdk:"cloud_provider"` + EndpointID types.String `tfsdk:"endpoint_id"` + ErrorMessage types.String `tfsdk:"error_message"` + ProjectID types.String `tfsdk:"project_id"` + ID types.String `tfsdk:"id"` + PrivateEndpointConnectionName types.String `tfsdk:"private_endpoint_connection_name"` + RegionName types.String `tfsdk:"region_name"` + Status types.String `tfsdk:"status"` +} diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go new file mode 100644 index 0000000000..d9106af641 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -0,0 +1,29 @@ +//nolint:gocritic +package encryptionatrestprivateendpoint_test + +// TODO: if acceptance test will be run in an existing CI group of resources, the name should include the group in the prefix followed by the name of the resource e.i. TestAccStreamRSStreamInstance_basic +// In addition, if acceptance test contains testing of both resource and data sources, the RS/DS can be omitted. +// func TestAccEncryptionatrestprivateendpointRS_basic(t *testing.T) { +// resource.ParallelTest(t, resource.TestCase{ +// PreCheck: func() { acc.PreCheckBasic(t) }, +// ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, +// // CheckDestroy: checkDestroyEncryptionatrestprivateendpoint, +// Steps: []resource.TestStep{ // TODO: verify updates and import in case of resources +// // { +// // Config: encryptionatrestprivateendpointConfig(), +// // Check: encryptionatrestprivateendpointAttributeChecks(), +// // }, +// // { +// // Config: encryptionatrestprivateendpointConfig(), +// // Check: encryptionatrestprivateendpointAttributeChecks(), +// // }, +// // { +// // Config: encryptionatrestprivateendpointConfig(), +// // ResourceName: resourceName, +// // ImportStateIdFunc: checkEncryptionatrestprivateendpointImportStateIDFunc, +// // ImportState: true, +// // ImportStateVerify: true, +// }, +// }, +// ) +// } diff --git a/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml b/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml new file mode 100644 index 0000000000..a873e539fd --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml @@ -0,0 +1,15 @@ +provider: + name: mongodbatlas + +resources: + encryptionatrestprivateendpoint: + read: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} + method: GET + create: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints + method: POST + delete: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} + method: DELETE + From 19059e479423980a466b206e0aa1abdee0ac404c Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Tue, 13 Aug 2024 17:30:31 +0100 Subject: [PATCH 03/20] chore: Creates TF models & interfaces for new `mongodbatlas_encryption_at_rest_private_endpoint` data source (#2500) --- go.mod | 2 +- go.sum | 4 +- internal/provider/provider.go | 4 +- .../data_source.go | 48 +++++++++++++++++ .../data_source_schema.go | 54 +++++++++++++++++++ .../tfplugingen/generator_config.yml | 11 +++- 6 files changed, 118 insertions(+), 5 deletions(-) create mode 100644 internal/service/encryptionatrestprivateendpoint/data_source.go create mode 100644 internal/service/encryptionatrestprivateendpoint/data_source_schema.go diff --git a/go.mod b/go.mod index 11e45eaffb..e7f9b831f1 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/zclconf/go-cty v1.15.0 go.mongodb.org/atlas v0.36.0 go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 - go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240809201355-5fc86d455f4c + go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc go.mongodb.org/realm v0.1.0 ) diff --git a/go.sum b/go.sum index 6e55e5623c..ed0d3c50fe 100644 --- a/go.sum +++ b/go.sum @@ -782,8 +782,8 @@ go.mongodb.org/atlas v0.36.0 h1:m05S3AO7zkl+bcG1qaNsEKBnAqnKx2FDwLooHpIG3j4= go.mongodb.org/atlas v0.36.0/go.mod h1:nfPldE9dSama6G2IbIzmEza02Ly7yFZjMMVscaM0uEc= go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 h1:d/gbYJ+obR0EM/3DZf7+ZMi2QWISegm3mid7Or708cc= go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0/go.mod h1:O47ZrMMfcWb31wznNIq2PQkkdoFoK0ea2GlmRqGJC2s= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240809201355-5fc86d455f4c h1:8mh2UocF0IYCc0tr4oWGrIEcuc7PqLg6GgHMFgN4fWU= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240809201355-5fc86d455f4c/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= +go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc h1:ZZOXzXjt9PMOx1tKz76aenAikF6n5f8qvitaarDWJ9Q= +go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M= go.mongodb.org/realm v0.1.0/go.mod h1:4Vj6iy+Puo1TDERcoh4XZ+pjtwbOzPpzqy3Cwe8ZmDM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 8dd43e6014..dc16a595d5 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -435,7 +435,9 @@ func (p *MongodbtlasProvider) DataSources(context.Context) []func() datasource.D streamconnection.PluralDataSource, controlplaneipaddresses.DataSource, } - previewDataSources := []func() datasource.DataSource{} // Data sources not yet in GA + previewDataSources := []func() datasource.DataSource{ // Data sources not yet in GA + encryptionatrestprivateendpoint.DataSource, + } if providerEnablePreview { dataSources = append(dataSources, previewDataSources...) } diff --git a/internal/service/encryptionatrestprivateendpoint/data_source.go b/internal/service/encryptionatrestprivateendpoint/data_source.go new file mode 100644 index 0000000000..5bccd2ebc2 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/data_source.go @@ -0,0 +1,48 @@ +//nolint:gocritic +package encryptionatrestprivateendpoint + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" +) + +var _ datasource.DataSource = &encryptionAtRestPrivateEndpointDS{} +var _ datasource.DataSourceWithConfigure = &encryptionAtRestPrivateEndpointDS{} + +func DataSource() datasource.DataSource { + return &encryptionAtRestPrivateEndpointDS{ + DSCommon: config.DSCommon{ + DataSourceName: encryptionAtRestPrivateEndpointName, + }, + } +} + +type encryptionAtRestPrivateEndpointDS struct { + config.DSCommon +} + +func (d *encryptionAtRestPrivateEndpointDS) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = DataSourceSchema(ctx) +} + +func (d *encryptionAtRestPrivateEndpointDS) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var earPrivateEndpointConfig TFEarPrivateEndpointModel + resp.Diagnostics.Append(req.Config.Get(ctx, &earPrivateEndpointConfig)...) + if resp.Diagnostics.HasError() { + return + } + + // TODO: make get request to resource + + // connV2 := d.Client.AtlasV2 + // if err != nil { + // resp.Diagnostics.AddError("error fetching resource", err.Error()) + // return + //} + + // TODO: process response into new terraform state + // resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(apiResp))...) +} diff --git a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go new file mode 100644 index 0000000000..08f0a5c66a --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go @@ -0,0 +1,54 @@ +package encryptionatrestprivateendpoint + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" +) + +func DataSourceSchema(ctx context.Context) schema.Schema { + return schema.Schema{ + Attributes: map[string]schema.Attribute{ + "cloud_provider": schema.StringAttribute{ + Required: true, + Description: "Human-readable label that identifies the cloud provider of the private endpoint.", + MarkdownDescription: "Human-readable label that identifies the cloud provider of the private endpoint.", + }, + "endpoint_id": schema.StringAttribute{ + Required: true, + Description: "Unique 24-hexadecimal digit string that identifies the private endpoint.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the private endpoint.", + }, + "error_message": schema.StringAttribute{ + Computed: true, + Description: "Error message for failures associated with the Encryption At Rest private endpoint.", + MarkdownDescription: "Error message for failures associated with the Encryption At Rest private endpoint.", + }, + "project_id": schema.StringAttribute{ + Required: true, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + }, + "id": schema.StringAttribute{ + Computed: true, + Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + }, + "private_endpoint_connection_name": schema.StringAttribute{ + Computed: true, + Description: "Connection name of the Azure Private Endpoint.", + MarkdownDescription: "Connection name of the Azure Private Endpoint.", + }, + "region_name": schema.StringAttribute{ + Computed: true, + Description: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + MarkdownDescription: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + }, + "status": schema.StringAttribute{ + Computed: true, + Description: "State of the Encryption At Rest private endpoint.", + MarkdownDescription: "State of the Encryption At Rest private endpoint.", + }, + }, + } +} diff --git a/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml b/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml index a873e539fd..58d292fc60 100644 --- a/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml +++ b/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml @@ -2,7 +2,7 @@ provider: name: mongodbatlas resources: - encryptionatrestprivateendpoint: + encryption_at_rest_private_endpoint: read: path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} method: GET @@ -13,3 +13,12 @@ resources: path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} method: DELETE +data_sources: + encryption_at_rest_private_endpoint: + read: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} + method: GET + # encryption_at_rest_private_endpoints: + # read: + # path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints + # method: GET \ No newline at end of file From 4dc933a71cefc68b3c545ba0e3f425aaa195880d Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Mon, 19 Aug 2024 11:05:59 +0100 Subject: [PATCH 04/20] feat: Updates `mongodbatlas_encryption_at_rest` resource to use new `azure_key_vault_config.require_private_networking` field (#2509) --- .changelog/2509.txt | 3 + internal/common/conversion/type_conversion.go | 5 + .../common/conversion/type_conversion_test.go | 19 +- .../model_encryption_at_rest.go | 42 +-- .../model_encryption_at_rest_test.go | 81 ++--- .../resource_encryption_at_rest.go | 30 +- ...ource_encryption_at_rest_migration_test.go | 28 +- .../resource_encryption_at_rest_test.go | 322 +++++++++++------- 8 files changed, 332 insertions(+), 198 deletions(-) create mode 100644 .changelog/2509.txt diff --git a/.changelog/2509.txt b/.changelog/2509.txt new file mode 100644 index 0000000000..68aab37b6a --- /dev/null +++ b/.changelog/2509.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/mongodbatlas_encryption_at_rest: Adds new `azure_key_vault_config.#.require_private_networking` field to enable connection to Azure Key Vault over private networking +``` diff --git a/internal/common/conversion/type_conversion.go b/internal/common/conversion/type_conversion.go index 21a555db76..a05d8ecccd 100644 --- a/internal/common/conversion/type_conversion.go +++ b/internal/common/conversion/type_conversion.go @@ -62,3 +62,8 @@ func IsStringPresent(strPtr *string) bool { func MongoDBRegionToAWSRegion(region string) string { return strings.ReplaceAll(strings.ToLower(region), "_", "-") } + +// AWSRegionToMongoDBRegion converts region in us-east-1-like format to US_EAST_1-like +func AWSRegionToMongoDBRegion(region string) string { + return strings.ReplaceAll(strings.ToUpper(region), "-", "_") +} diff --git a/internal/common/conversion/type_conversion_test.go b/internal/common/conversion/type_conversion_test.go index badf82f279..028d7d163a 100644 --- a/internal/common/conversion/type_conversion_test.go +++ b/internal/common/conversion/type_conversion_test.go @@ -4,8 +4,9 @@ import ( "testing" "time" - "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/stretchr/testify/assert" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" ) func TestTimeWithoutNanos(t *testing.T) { @@ -78,3 +79,19 @@ func TestMongoDBRegionToAWSRegion(t *testing.T) { } } } + +func TestAWSRegionToMongoDBRegion(t *testing.T) { + tests := []struct { + region string + expected string + }{ + {"us-east-1", "US_EAST_1"}, + {"US-EAST-1", "US_EAST_1"}, + } + + for _, test := range tests { + if resp := conversion.AWSRegionToMongoDBRegion(test.region); resp != test.expected { + t.Errorf("AWSRegionToMongoDBRegion(%v) = %v; want %v", test.region, resp, test.expected) + } + } +} diff --git a/internal/service/encryptionatrest/model_encryption_at_rest.go b/internal/service/encryptionatrest/model_encryption_at_rest.go index 0e40129e11..b192009824 100644 --- a/internal/service/encryptionatrest/model_encryption_at_rest.go +++ b/internal/service/encryptionatrest/model_encryption_at_rest.go @@ -3,9 +3,11 @@ package encryptionatrest import ( "context" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) func NewTfEncryptionAtRestRSModel(ctx context.Context, projectID string, encryptionResp *admin.EncryptionAtRest) *TfEncryptionAtRestRSModel { @@ -42,15 +44,16 @@ func NewTFAzureKeyVaultConfig(ctx context.Context, az *admin.AzureKeyVault) []Tf return []TfAzureKeyVaultConfigModel{ { - Enabled: types.BoolPointerValue(az.Enabled), - ClientID: types.StringValue(az.GetClientID()), - AzureEnvironment: types.StringValue(az.GetAzureEnvironment()), - SubscriptionID: types.StringValue(az.GetSubscriptionID()), - ResourceGroupName: types.StringValue(az.GetResourceGroupName()), - KeyVaultName: types.StringValue(az.GetKeyVaultName()), - KeyIdentifier: types.StringValue(az.GetKeyIdentifier()), - TenantID: types.StringValue(az.GetTenantID()), - Secret: conversion.StringNullIfEmpty(az.GetSecret()), + Enabled: types.BoolPointerValue(az.Enabled), + ClientID: types.StringValue(az.GetClientID()), + AzureEnvironment: types.StringValue(az.GetAzureEnvironment()), + SubscriptionID: types.StringValue(az.GetSubscriptionID()), + ResourceGroupName: types.StringValue(az.GetResourceGroupName()), + KeyVaultName: types.StringValue(az.GetKeyVaultName()), + KeyIdentifier: types.StringValue(az.GetKeyIdentifier()), + TenantID: types.StringValue(az.GetTenantID()), + Secret: conversion.StringNullIfEmpty(az.GetSecret()), + RequirePrivateNetworking: types.BoolValue(az.GetRequirePrivateNetworking()), }, } } @@ -107,14 +110,15 @@ func NewAtlasAzureKeyVault(tfAzKeyVaultConfigSlice []TfAzureKeyVaultConfigModel) v := tfAzKeyVaultConfigSlice[0] return &admin.AzureKeyVault{ - Enabled: v.Enabled.ValueBoolPointer(), - ClientID: v.ClientID.ValueStringPointer(), - AzureEnvironment: v.AzureEnvironment.ValueStringPointer(), - SubscriptionID: v.SubscriptionID.ValueStringPointer(), - ResourceGroupName: v.ResourceGroupName.ValueStringPointer(), - KeyVaultName: v.KeyVaultName.ValueStringPointer(), - KeyIdentifier: v.KeyIdentifier.ValueStringPointer(), - Secret: v.Secret.ValueStringPointer(), - TenantID: v.TenantID.ValueStringPointer(), + Enabled: v.Enabled.ValueBoolPointer(), + ClientID: v.ClientID.ValueStringPointer(), + AzureEnvironment: v.AzureEnvironment.ValueStringPointer(), + SubscriptionID: v.SubscriptionID.ValueStringPointer(), + ResourceGroupName: v.ResourceGroupName.ValueStringPointer(), + KeyVaultName: v.KeyVaultName.ValueStringPointer(), + KeyIdentifier: v.KeyIdentifier.ValueStringPointer(), + Secret: v.Secret.ValueStringPointer(), + TenantID: v.TenantID.ValueStringPointer(), + RequirePrivateNetworking: v.RequirePrivateNetworking.ValueBoolPointer(), } } diff --git a/internal/service/encryptionatrest/model_encryption_at_rest_test.go b/internal/service/encryptionatrest/model_encryption_at_rest_test.go index ea426bc1a8..9569ff635b 100644 --- a/internal/service/encryptionatrest/model_encryption_at_rest_test.go +++ b/internal/service/encryptionatrest/model_encryption_at_rest_test.go @@ -4,31 +4,34 @@ import ( "context" "testing" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework/types" - "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" ) var ( - projectID = "projectID" - enabled = true - customerMasterKeyID = "CustomerMasterKeyID" - region = "Region" - accessKeyID = "AccessKeyID" - secretAccessKey = "SecretAccessKey" - roleID = "RoleID" - clientID = "clientID" - azureEnvironment = "AzureEnvironment" - subscriptionID = "SubscriptionID" - resourceGroupName = "ResourceGroupName" - keyVaultName = "KeyVaultName" - keyIdentifier = "KeyIdentifier" - tenantID = "TenantID" - secret = "Secret" - keyVersionResourceID = "KeyVersionResourceID" - serviceAccountKey = "ServiceAccountKey" - AWSKMSConfiguration = &admin.AWSKMSConfiguration{ + projectID = "projectID" + enabled = true + requirePrivateNetworking = true + customerMasterKeyID = "CustomerMasterKeyID" + region = "Region" + accessKeyID = "AccessKeyID" + secretAccessKey = "SecretAccessKey" + roleID = "RoleID" + clientID = "clientID" + azureEnvironment = "AzureEnvironment" + subscriptionID = "SubscriptionID" + resourceGroupName = "ResourceGroupName" + keyVaultName = "KeyVaultName" + keyIdentifier = "KeyIdentifier" + tenantID = "TenantID" + secret = "Secret" + keyVersionResourceID = "KeyVersionResourceID" + serviceAccountKey = "ServiceAccountKey" + AWSKMSConfiguration = &admin.AWSKMSConfiguration{ Enabled: &enabled, CustomerMasterKeyID: &customerMasterKeyID, Region: ®ion, @@ -45,26 +48,28 @@ var ( RoleID: types.StringValue(roleID), } AzureKeyVault = &admin.AzureKeyVault{ - Enabled: &enabled, - ClientID: &clientID, - AzureEnvironment: &azureEnvironment, - SubscriptionID: &subscriptionID, - ResourceGroupName: &resourceGroupName, - KeyVaultName: &keyVaultName, - KeyIdentifier: &keyIdentifier, - TenantID: &tenantID, - Secret: &secret, + Enabled: &enabled, + ClientID: &clientID, + AzureEnvironment: &azureEnvironment, + SubscriptionID: &subscriptionID, + ResourceGroupName: &resourceGroupName, + KeyVaultName: &keyVaultName, + KeyIdentifier: &keyIdentifier, + TenantID: &tenantID, + Secret: &secret, + RequirePrivateNetworking: &requirePrivateNetworking, } TfAzureKeyVaultConfigModel = encryptionatrest.TfAzureKeyVaultConfigModel{ - Enabled: types.BoolValue(enabled), - ClientID: types.StringValue(clientID), - AzureEnvironment: types.StringValue(azureEnvironment), - SubscriptionID: types.StringValue(subscriptionID), - ResourceGroupName: types.StringValue(resourceGroupName), - KeyVaultName: types.StringValue(keyVaultName), - KeyIdentifier: types.StringValue(keyIdentifier), - TenantID: types.StringValue(tenantID), - Secret: types.StringValue(secret), + Enabled: types.BoolValue(enabled), + ClientID: types.StringValue(clientID), + AzureEnvironment: types.StringValue(azureEnvironment), + SubscriptionID: types.StringValue(subscriptionID), + ResourceGroupName: types.StringValue(resourceGroupName), + KeyVaultName: types.StringValue(keyVaultName), + KeyIdentifier: types.StringValue(keyIdentifier), + TenantID: types.StringValue(tenantID), + Secret: types.StringValue(secret), + RequirePrivateNetworking: types.BoolValue(requirePrivateNetworking), } GoogleCloudKMS = &admin.GoogleCloudKMS{ Enabled: &enabled, diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest.go b/internal/service/encryptionatrest/resource_encryption_at_rest.go index 010cc03f3a..977664f86b 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest.go @@ -9,6 +9,8 @@ import ( "reflect" "time" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" @@ -19,12 +21,12 @@ import ( "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/validate" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/project" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) const ( @@ -67,15 +69,16 @@ type TfAwsKmsConfigModel struct { Enabled types.Bool `tfsdk:"enabled"` } type TfAzureKeyVaultConfigModel struct { - ClientID types.String `tfsdk:"client_id"` - AzureEnvironment types.String `tfsdk:"azure_environment"` - SubscriptionID types.String `tfsdk:"subscription_id"` - ResourceGroupName types.String `tfsdk:"resource_group_name"` - KeyVaultName types.String `tfsdk:"key_vault_name"` - KeyIdentifier types.String `tfsdk:"key_identifier"` - Secret types.String `tfsdk:"secret"` - TenantID types.String `tfsdk:"tenant_id"` - Enabled types.Bool `tfsdk:"enabled"` + ClientID types.String `tfsdk:"client_id"` + AzureEnvironment types.String `tfsdk:"azure_environment"` + SubscriptionID types.String `tfsdk:"subscription_id"` + ResourceGroupName types.String `tfsdk:"resource_group_name"` + KeyVaultName types.String `tfsdk:"key_vault_name"` + KeyIdentifier types.String `tfsdk:"key_identifier"` + Secret types.String `tfsdk:"secret"` + TenantID types.String `tfsdk:"tenant_id"` + Enabled types.Bool `tfsdk:"enabled"` + RequirePrivateNetworking types.Bool `tfsdk:"require_private_networking"` } type TfGcpKmsConfigModel struct { ServiceAccountKey types.String `tfsdk:"service_account_key"` @@ -173,6 +176,13 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ Optional: true, Sensitive: true, }, + "require_private_networking": schema.BoolAttribute{ + Optional: true, + Computed: true, + PlanModifiers: []planmodifier.Bool{ + boolplanmodifier.UseStateForUnknown(), + }, + }, }, }, }, diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go b/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go index 0c5f638c7a..285c8423ba 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go @@ -1,15 +1,18 @@ package encryptionatrest_test import ( + "fmt" "os" "testing" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) func TestMigEncryptionAtRest_basicAWS(t *testing.T) { @@ -22,7 +25,7 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { awsKms = admin.AWSKMSConfiguration{ Enabled: conversion.Pointer(true), CustomerMasterKeyID: conversion.StringPtr(os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID")), - Region: conversion.StringPtr(os.Getenv("AWS_REGION")), + Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), RoleId: conversion.StringPtr(os.Getenv("AWS_ROLE_ID")), } ) @@ -62,15 +65,15 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { var ( resourceName = "mongodbatlas_encryption_at_rest.test" projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") - accessKeyID = os.Getenv("AWS_ACCESS_KEY_ID") - secretKey = os.Getenv("AWS_SECRET_ACCESS_KEY") - policyName = acc.RandomName() - roleName = acc.RandomName() + + awsIAMRoleName = acc.RandomIAMRole() + awsIAMRolePolicyName = fmt.Sprintf("%s-policy", awsIAMRoleName) + awsKeyName = acc.RandomName() awsKms = admin.AWSKMSConfiguration{ Enabled: conversion.Pointer(true), + Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), CustomerMasterKeyID: conversion.StringPtr(os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID")), - Region: conversion.StringPtr(os.Getenv("AWS_REGION")), } ) @@ -80,18 +83,17 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProvidersWithAWS(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(awsKms.GetRegion(), accessKeyID, secretKey, projectID, policyName, roleName, false, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), }, { ExternalProviders: acc.ExternalProvidersOnlyAWS(), ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(awsKms.GetRegion(), accessKeyID, secretKey, projectID, policyName, roleName, false, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.role_id", awsKms.GetRoleId()), ), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ @@ -130,7 +132,7 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -142,7 +144,7 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -207,7 +209,7 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { AccessKeyID: conversion.StringPtr(os.Getenv("AWS_ACCESS_KEY_ID")), SecretAccessKey: conversion.StringPtr(os.Getenv("AWS_SECRET_ACCESS_KEY")), CustomerMasterKeyID: conversion.StringPtr(os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID")), - Region: conversion.StringPtr(os.Getenv("AWS_REGION")), + Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), RoleId: conversion.StringPtr(os.Getenv("AWS_ROLE_ID")), } ) diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest_test.go b/internal/service/encryptionatrest/resource_encryption_at_rest_test.go index 0b9980e92c..2b81de97cc 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest_test.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest_test.go @@ -5,101 +5,22 @@ import ( "errors" "fmt" "os" + "strconv" "testing" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" + "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" -) - -const ( - initialConfigEncryptionRestRoleAWS = ` -provider "aws" { - region = lower(replace("%[1]s", "_", "-")) - access_key = "%[2]s" - secret_key = "%[3]s" -} - -%[7]s - -resource "mongodbatlas_cloud_provider_access" "test" { - project_id = "%[4]s" - provider_name = "AWS" - %[8]s - -} - -resource "aws_iam_role_policy" "test_policy" { - name = "%[5]s" - role = aws_iam_role.test_role.id - - policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Deny", - "Action": "*", - "Resource": "*" - } - ] - } - EOF -} - -resource "aws_iam_role" "test_role" { - name = "%[6]s" - - assume_role_policy = < Date: Mon, 19 Aug 2024 15:47:17 +0100 Subject: [PATCH 05/20] chore: Creates TF models & interfaces for `mongodbatlas_encryption_at_rest_private_endpoints` plural data source (#2502) --- internal/provider/provider.go | 1 + .../data_source_schema.go | 7 +- .../encryptionatrestprivateendpoint/model.go | 8 +- .../model_test.go | 71 +++++++++++- .../plural_data_source.go | 56 +++++++++ .../pural_data_source_schema.go | 107 ++++++++++++++++++ .../resource_schema.go | 6 - 7 files changed, 239 insertions(+), 17 deletions(-) create mode 100644 internal/service/encryptionatrestprivateendpoint/plural_data_source.go create mode 100644 internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go diff --git a/internal/provider/provider.go b/internal/provider/provider.go index dc16a595d5..73ed20a0c1 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -437,6 +437,7 @@ func (p *MongodbtlasProvider) DataSources(context.Context) []func() datasource.D } previewDataSources := []func() datasource.DataSource{ // Data sources not yet in GA encryptionatrestprivateendpoint.DataSource, + encryptionatrestprivateendpoint.PluralDataSource, } if providerEnablePreview { dataSources = append(dataSources, previewDataSources...) diff --git a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go index 08f0a5c66a..cf4b2c0df6 100644 --- a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go @@ -14,11 +14,6 @@ func DataSourceSchema(ctx context.Context) schema.Schema { Description: "Human-readable label that identifies the cloud provider of the private endpoint.", MarkdownDescription: "Human-readable label that identifies the cloud provider of the private endpoint.", }, - "endpoint_id": schema.StringAttribute{ - Required: true, - Description: "Unique 24-hexadecimal digit string that identifies the private endpoint.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the private endpoint.", - }, "error_message": schema.StringAttribute{ Computed: true, Description: "Error message for failures associated with the Encryption At Rest private endpoint.", @@ -30,7 +25,7 @@ func DataSourceSchema(ctx context.Context) schema.Schema { MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", }, "id": schema.StringAttribute{ - Computed: true, + Required: true, Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", }, diff --git a/internal/service/encryptionatrestprivateendpoint/model.go b/internal/service/encryptionatrestprivateendpoint/model.go index b15174058f..5467b490cc 100644 --- a/internal/service/encryptionatrestprivateendpoint/model.go +++ b/internal/service/encryptionatrestprivateendpoint/model.go @@ -1,15 +1,19 @@ package encryptionatrestprivateendpoint import ( - "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/hashicorp/terraform-plugin-framework/types" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" ) -func NewTFEarPrivateEndpoint(apiResp *admin.EARPrivateEndpoint) *TFEarPrivateEndpointModel { +func NewTFEarPrivateEndpoint(apiResp *admin.EARPrivateEndpoint, projectID string) *TFEarPrivateEndpointModel { if apiResp == nil { return nil } return &TFEarPrivateEndpointModel{ + ProjectID: types.StringValue(projectID), CloudProvider: conversion.StringNullIfEmpty(apiResp.GetCloudProvider()), ErrorMessage: conversion.StringNullIfEmpty(apiResp.GetErrorMessage()), ID: conversion.StringNullIfEmpty(apiResp.GetId()), diff --git a/internal/service/encryptionatrestprivateendpoint/model_test.go b/internal/service/encryptionatrestprivateendpoint/model_test.go index 6f9fcf9755..322e3c0629 100644 --- a/internal/service/encryptionatrestprivateendpoint/model_test.go +++ b/internal/service/encryptionatrestprivateendpoint/model_test.go @@ -3,14 +3,18 @@ package encryptionatrestprivateendpoint_test import ( "testing" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "github.com/hashicorp/terraform-plugin-framework/types" - "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" ) const ( testCloudProvider = "AZURE" + testProjectID = "666666666067bd1e20a8bf14" + testTotalResultCount = 99 testErrMsg = "error occurred" testID = "6666666999999adsfsgdg" testRegionName = "US_EAST" @@ -41,6 +45,7 @@ func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { RegionName: types.StringValue(testRegionName), Status: types.StringValue(testStatus), PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + ProjectID: types.StringValue(testProjectID), }, }, "Complete SDK response with error message": { @@ -59,13 +64,14 @@ func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { RegionName: types.StringValue(testRegionName), Status: types.StringValue(testStatus), PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + ProjectID: types.StringValue(testProjectID), }, }, } for testName, tc := range testCases { t.Run(testName, func(t *testing.T) { - resultModel := encryptionatrestprivateendpoint.NewTFEarPrivateEndpoint(tc.SDKResp) + resultModel := encryptionatrestprivateendpoint.NewTFEarPrivateEndpoint(tc.SDKResp, testProjectID) assert.Equal(t, tc.expectedTFModel, resultModel, "created terraform model did not match expected output") }) } @@ -119,3 +125,62 @@ func TestEncryptionAtRestPrivateEndpointTFModelToSDK(t *testing.T) { }) } } + +type sdkToTFModelPluralDSTestCase struct { + expectedTFModel *encryptionatrestprivateendpoint.TFEncryptionAtRestPrivateEndpointsDSModel + SDKResp []admin.EARPrivateEndpoint +} + +func TestEncryptionAtRestPrivateEndpointPluralDSSDKToTFModel(t *testing.T) { + testCases := map[string]sdkToTFModelPluralDSTestCase{ + "Complete SDK response": { + SDKResp: []admin.EARPrivateEndpoint{ + { + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString(""), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(testStatus), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + { + CloudProvider: admin.PtrString(testCloudProvider), + ErrorMessage: admin.PtrString(testErrMsg), + Id: admin.PtrString(testID), + RegionName: admin.PtrString(testRegionName), + Status: admin.PtrString(testStatus), + PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), + }, + }, + expectedTFModel: &encryptionatrestprivateendpoint.TFEncryptionAtRestPrivateEndpointsDSModel{ + CloudProvider: types.StringValue(testCloudProvider), + ProjectID: types.StringValue(testProjectID), + Results: []encryptionatrestprivateendpoint.TFEarPrivateEndpointDSModel{ + { + CloudProvider: types.StringValue(testCloudProvider), + ErrorMessage: types.StringNull(), + ID: types.StringValue(testID), + RegionName: types.StringValue(testRegionName), + Status: types.StringValue(testStatus), + PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + }, + { + CloudProvider: types.StringValue(testCloudProvider), + ErrorMessage: types.StringValue(testErrMsg), + ID: types.StringValue(testID), + RegionName: types.StringValue(testRegionName), + Status: types.StringValue(testStatus), + PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + }, + }, + }, + }, + } + + for testName, tc := range testCases { + t.Run(testName, func(t *testing.T) { + resultModel := encryptionatrestprivateendpoint.NewTFEarPrivateEndpoints(testProjectID, testCloudProvider, tc.SDKResp) + assert.Equal(t, tc.expectedTFModel, resultModel, "created terraform model did not match expected output") + }) + } +} diff --git a/internal/service/encryptionatrestprivateendpoint/plural_data_source.go b/internal/service/encryptionatrestprivateendpoint/plural_data_source.go new file mode 100644 index 0000000000..c7c7f019e1 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/plural_data_source.go @@ -0,0 +1,56 @@ +//nolint:gocritic +package encryptionatrestprivateendpoint + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" +) + +var _ datasource.DataSource = &encryptionAtRestPrivateEndpointsDS{} +var _ datasource.DataSourceWithConfigure = &encryptionAtRestPrivateEndpointsDS{} + +func PluralDataSource() datasource.DataSource { + return &encryptionAtRestPrivateEndpointsDS{ + DSCommon: config.DSCommon{ + DataSourceName: fmt.Sprintf("%ss", encryptionAtRestPrivateEndpointName), + }, + } +} + +type encryptionAtRestPrivateEndpointsDS struct { + config.DSCommon +} + +func (d *encryptionAtRestPrivateEndpointsDS) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = PluralDataSourceSchema(ctx) +} + +func (d *encryptionAtRestPrivateEndpointsDS) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var encryptionAtRestPrivateEndpointsConfig TFEncryptionAtRestPrivateEndpointsDSModel + resp.Diagnostics.Append(req.Config.Get(ctx, &encryptionAtRestPrivateEndpointsConfig)...) + if resp.Diagnostics.HasError() { + return + } + + // TODO: make get request to obtain list of results + + // connV2 := d.Client.AtlasV2 + // TODO: GetEncryptionAtRestPrivateEndpointsForCloudProvider returns paginated results + // v, resp, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRestPrivateEndpointsForCloudProvider(ctx, "", "").Execute() + // if err != nil { + // resp.Diagnostics.AddError("error fetching results", err.Error()) + // return + //} + + // TODO: process response into new terraform state + // newEncryptionAtRestPrivateEndpointsModel := NewTFEarPrivateEndpoints("","",conversion.IntPtr(99), v.GetResults()) + // if diags.HasError() { + // resp.Diagnostics.Append(diags...) + // return + // } + // resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoints(ctx))...) +} diff --git a/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go new file mode 100644 index 0000000000..9f88d4979a --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go @@ -0,0 +1,107 @@ +package encryptionatrestprivateendpoint + +import ( + "context" + + "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" +) + +func PluralDataSourceSchema(ctx context.Context) schema.Schema { + return schema.Schema{ + Attributes: map[string]schema.Attribute{ + "cloud_provider": schema.StringAttribute{ + Required: true, + Description: "Human-readable label that identifies the cloud provider for the private endpoints to return.", + MarkdownDescription: "Human-readable label that identifies the cloud provider for the private endpoints to return.", + }, + "project_id": schema.StringAttribute{ + Required: true, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + }, + "results": schema.ListNestedAttribute{ + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "cloud_provider": schema.StringAttribute{ + Computed: true, + Description: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", + MarkdownDescription: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", + }, + "error_message": schema.StringAttribute{ + Computed: true, + Description: "Error message for failures associated with the Encryption At Rest private endpoint.", + MarkdownDescription: "Error message for failures associated with the Encryption At Rest private endpoint.", + }, + "id": schema.StringAttribute{ + Computed: true, + Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + }, + "private_endpoint_connection_name": schema.StringAttribute{ + Computed: true, + Description: "Connection name of the Azure Private Endpoint.", + MarkdownDescription: "Connection name of the Azure Private Endpoint.", + }, + "region_name": schema.StringAttribute{ + Computed: true, + Description: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + MarkdownDescription: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + }, + "status": schema.StringAttribute{ + Computed: true, + Description: "State of the Encryption At Rest private endpoint.", + MarkdownDescription: "State of the Encryption At Rest private endpoint.", + }, + }, + }, + Computed: true, + Description: "List of returned documents that MongoDB Cloud providers when completing this request.", + MarkdownDescription: "List of returned documents that MongoDB Cloud providers when completing this request.", + }, + }, + } +} + +type TFEncryptionAtRestPrivateEndpointsDSModel struct { + CloudProvider types.String `tfsdk:"cloud_provider"` + ProjectID types.String `tfsdk:"project_id"` + Results []TFEarPrivateEndpointDSModel `tfsdk:"results"` +} + +type TFEarPrivateEndpointDSModel struct { + CloudProvider types.String `tfsdk:"cloud_provider"` + ErrorMessage types.String `tfsdk:"error_message"` + ID types.String `tfsdk:"id"` + PrivateEndpointConnectionName types.String `tfsdk:"private_endpoint_connection_name"` + RegionName types.String `tfsdk:"region_name"` + Status types.String `tfsdk:"status"` +} + +func NewTFEarPrivateEndpoints(projectID, cloudProvider string, results []admin.EARPrivateEndpoint) *TFEncryptionAtRestPrivateEndpointsDSModel { + return &TFEncryptionAtRestPrivateEndpointsDSModel{ + ProjectID: types.StringValue(projectID), + CloudProvider: types.StringValue(cloudProvider), + Results: NewTFEarPrivateEndpointsDS(results), + } +} + +func NewTFEarPrivateEndpointsDS(endpoints []admin.EARPrivateEndpoint) []TFEarPrivateEndpointDSModel { + results := make([]TFEarPrivateEndpointDSModel, len(endpoints)) + + for i, v := range endpoints { + results[i] = TFEarPrivateEndpointDSModel{ + CloudProvider: conversion.StringNullIfEmpty(v.GetCloudProvider()), + ErrorMessage: conversion.StringNullIfEmpty(v.GetErrorMessage()), + ID: conversion.StringNullIfEmpty(v.GetId()), + RegionName: conversion.StringNullIfEmpty(v.GetRegionName()), + Status: conversion.StringNullIfEmpty(v.GetStatus()), + PrivateEndpointConnectionName: conversion.StringNullIfEmpty(v.GetPrivateEndpointConnectionName()), + } + } + return results +} diff --git a/internal/service/encryptionatrestprivateendpoint/resource_schema.go b/internal/service/encryptionatrestprivateendpoint/resource_schema.go index 076488886c..13a2ef96d3 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_schema.go @@ -15,11 +15,6 @@ func ResourceSchema(ctx context.Context) schema.Schema { Description: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", MarkdownDescription: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", }, - "endpoint_id": schema.StringAttribute{ - Computed: true, - Description: "Unique 24-hexadecimal digit string that identifies the private endpoint.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the private endpoint.", - }, "error_message": schema.StringAttribute{ Computed: true, Description: "Error message for failures associated with the Encryption At Rest private endpoint.", @@ -56,7 +51,6 @@ func ResourceSchema(ctx context.Context) schema.Schema { type TFEarPrivateEndpointModel struct { CloudProvider types.String `tfsdk:"cloud_provider"` - EndpointID types.String `tfsdk:"endpoint_id"` ErrorMessage types.String `tfsdk:"error_message"` ProjectID types.String `tfsdk:"project_id"` ID types.String `tfsdk:"id"` From 33e18d2341ee2aa898bcb79992032640f1a39d51 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Tue, 27 Aug 2024 09:58:46 +0200 Subject: [PATCH 06/20] feat: Implements `mongodbatlas_encryption_at_rest_private_endpoint` resource (#2512) * wip - implementing CRUD * include changelog entry * small adjustments * supporting state transition logic * implement acceptance test * add unit testing for state transitions * handle return error message if failed status is present * add acceptance test transitioning for public to private network * improve messaging for failed status * fix prechecks * use global const for resource name * avoid hardcoded value * adjust state transition logic for delete * adjusting target version in migration test to 1.19.0 * adjust default refresh to 30 seconds for quicker response --- .changelog/2512.txt | 3 + internal/common/retrystrategy/retry_state.go | 21 ++- ...ource_encryption_at_rest_migration_test.go | 4 +- .../resource_encryption_at_rest_test.go | 72 ++------ .../main_test.go | 15 ++ .../encryptionatrestprivateendpoint/model.go | 12 +- .../model_test.go | 25 +-- .../resource.go | 129 +++++++++---- .../resource_migration_test.go | 13 ++ .../resource_test.go | 174 +++++++++++++++--- .../state_transition.go | 78 ++++++++ .../state_transition_test.go | 135 ++++++++++++++ internal/testutil/acc/encryption_at_rest.go | 34 ++++ internal/testutil/acc/pre_check.go | 17 +- 14 files changed, 565 insertions(+), 167 deletions(-) create mode 100644 .changelog/2512.txt create mode 100644 internal/service/encryptionatrestprivateendpoint/main_test.go create mode 100644 internal/service/encryptionatrestprivateendpoint/resource_migration_test.go create mode 100644 internal/service/encryptionatrestprivateendpoint/state_transition.go create mode 100644 internal/service/encryptionatrestprivateendpoint/state_transition_test.go create mode 100644 internal/testutil/acc/encryption_at_rest.go diff --git a/.changelog/2512.txt b/.changelog/2512.txt new file mode 100644 index 0000000000..8197f201b4 --- /dev/null +++ b/.changelog/2512.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +resource/mongodbatlas_encryption_at_rest_private_endpoint +``` diff --git a/internal/common/retrystrategy/retry_state.go b/internal/common/retrystrategy/retry_state.go index f926cc3225..00d5f6670e 100644 --- a/internal/common/retrystrategy/retry_state.go +++ b/internal/common/retrystrategy/retry_state.go @@ -1,11 +1,18 @@ package retrystrategy const ( - RetryStrategyPendingState = "PENDING" - RetryStrategyCompletedState = "COMPLETED" - RetryStrategyErrorState = "ERROR" - RetryStrategyPausedState = "PAUSED" - RetryStrategyUpdatingState = "UPDATING" - RetryStrategyIdleState = "IDLE" - RetryStrategyDeletedState = "DELETED" + RetryStrategyPendingState = "PENDING" + RetryStrategyCompletedState = "COMPLETED" + RetryStrategyErrorState = "ERROR" + RetryStrategyPausedState = "PAUSED" + RetryStrategyUpdatingState = "UPDATING" + RetryStrategyDeletingState = "DELETING" + RetryStrategyInitiatingState = "INITIATING" + RetryStrategyIdleState = "IDLE" + RetryStrategyFailedState = "FAILED" + RetryStrategyActiveState = "ACTIVE" + RetryStrategyDeletedState = "DELETED" + + RetryStrategyPendingAcceptanceState = "PENDING_ACCEPTANCE" + RetryStrategyPendingRecreationState = "PENDING_RECREATION" ) diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go b/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go index 285c8423ba..671cc702a9 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go @@ -132,7 +132,7 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -144,7 +144,7 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest_test.go b/internal/service/encryptionatrest/resource_encryption_at_rest_test.go index 2b81de97cc..65ba3844e4 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest_test.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest_test.go @@ -23,12 +23,15 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" ) +const ( + resourceName = "mongodbatlas_encryption_at_rest.test" +) + func TestAccEncryptionAtRest_basicAWS(t *testing.T) { acc.SkipTestForCI(t) // needs AWS configuration var ( - resourceName = "mongodbatlas_encryption_at_rest.test" - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") awsKms = admin.AWSKMSConfiguration{ Enabled: conversion.Pointer(true), @@ -90,8 +93,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { acc.SkipTestForCI(t) // needs Azure configuration var ( - resourceName = "mongodbatlas_encryption_at_rest.test" - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -119,12 +121,12 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { ) resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, + PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -136,7 +138,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVaultUpdated, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -163,8 +165,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T acc.SkipTestForCI(t) // needs Azure configuration var ( - resourceName = "mongodbatlas_encryption_at_rest.test" - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -194,12 +195,12 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T ) resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, + PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t); acc.PreCheckPreviewFlag(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVault, true), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -211,7 +212,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID, &azureKeyVaultUpdated, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), @@ -238,8 +239,7 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { acc.SkipTestForCI(t) // needs GCP configuration var ( - resourceName = "mongodbatlas_encryption_at_rest.test" - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") googleCloudKms = admin.GoogleCloudKMS{ Enabled: conversion.Pointer(true), @@ -290,7 +290,6 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { func TestAccEncryptionAtRestWithRole_basicAWS(t *testing.T) { acc.SkipTestForCI(t) // needs AWS configuration var ( - resourceName = "mongodbatlas_encryption_at_rest.test" projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") awsIAMRoleName = acc.RandomIAMRole() awsIAMRolePolicyName = fmt.Sprintf("%s-policy", awsIAMRoleName) @@ -604,49 +603,6 @@ func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admi `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId()) } -func testAccMongoDBAtlasEncryptionAtRestConfigAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking bool) string { - if useRequirePrivateNetworking { - return fmt.Sprintf(` - resource "mongodbatlas_encryption_at_rest" "test" { - project_id = "%s" - - azure_key_vault_config { - enabled = %t - client_id = "%s" - azure_environment = "%s" - subscription_id = "%s" - resource_group_name = "%s" - key_vault_name = "%s" - key_identifier = "%s" - secret = "%s" - tenant_id = "%s" - require_private_networking = %t - } - } - `, projectID, *azure.Enabled, azure.GetClientID(), azure.GetAzureEnvironment(), azure.GetSubscriptionID(), azure.GetResourceGroupName(), - azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), azure.GetRequirePrivateNetworking()) - } - - return fmt.Sprintf(` - resource "mongodbatlas_encryption_at_rest" "test" { - project_id = "%s" - - azure_key_vault_config { - enabled = %t - client_id = "%s" - azure_environment = "%s" - subscription_id = "%s" - resource_group_name = "%s" - key_vault_name = "%s" - key_identifier = "%s" - secret = "%s" - tenant_id = "%s" - } - } - `, projectID, *azure.Enabled, azure.GetClientID(), azure.GetAzureEnvironment(), azure.GetSubscriptionID(), azure.GetResourceGroupName(), - azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID()) -} - func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS) string { return fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { diff --git a/internal/service/encryptionatrestprivateendpoint/main_test.go b/internal/service/encryptionatrestprivateendpoint/main_test.go new file mode 100644 index 0000000000..aebf50828f --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/main_test.go @@ -0,0 +1,15 @@ +package encryptionatrestprivateendpoint_test + +import ( + "os" + "testing" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" +) + +func TestMain(m *testing.M) { + cleanup := acc.SetupSharedResources() + exitCode := m.Run() + cleanup() + os.Exit(exitCode) +} diff --git a/internal/service/encryptionatrestprivateendpoint/model.go b/internal/service/encryptionatrestprivateendpoint/model.go index 5467b490cc..acc8e385c5 100644 --- a/internal/service/encryptionatrestprivateendpoint/model.go +++ b/internal/service/encryptionatrestprivateendpoint/model.go @@ -1,11 +1,9 @@ package encryptionatrestprivateendpoint import ( - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "github.com/hashicorp/terraform-plugin-framework/types" - "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" + "go.mongodb.org/atlas-sdk/v20240805001/admin" ) func NewTFEarPrivateEndpoint(apiResp *admin.EARPrivateEndpoint, projectID string) *TFEarPrivateEndpointModel { @@ -28,11 +26,7 @@ func NewEarPrivateEndpointReq(tfPlan *TFEarPrivateEndpointModel) *admin.EARPriva return nil } return &admin.EARPrivateEndpoint{ - CloudProvider: tfPlan.CloudProvider.ValueStringPointer(), - ErrorMessage: tfPlan.ErrorMessage.ValueStringPointer(), - Id: tfPlan.ID.ValueStringPointer(), - RegionName: tfPlan.RegionName.ValueStringPointer(), - Status: tfPlan.Status.ValueStringPointer(), - PrivateEndpointConnectionName: tfPlan.PrivateEndpointConnectionName.ValueStringPointer(), + CloudProvider: tfPlan.CloudProvider.ValueStringPointer(), + RegionName: tfPlan.RegionName.ValueStringPointer(), } } diff --git a/internal/service/encryptionatrestprivateendpoint/model_test.go b/internal/service/encryptionatrestprivateendpoint/model_test.go index 322e3c0629..35c0d08f44 100644 --- a/internal/service/encryptionatrestprivateendpoint/model_test.go +++ b/internal/service/encryptionatrestprivateendpoint/model_test.go @@ -93,28 +93,9 @@ func TestEncryptionAtRestPrivateEndpointTFModelToSDK(t *testing.T) { Status: types.StringValue(testStatus), PrivateEndpointConnectionName: types.StringValue(testPEConnectionName)}, expectedSDKReq: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: nil, - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(testStatus), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName)}, - }, - "Complete TF state with error message": { - tfModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ - CloudProvider: types.StringValue(testCloudProvider), - ErrorMessage: types.StringValue(testErrMsg), - ID: types.StringValue(testID), - RegionName: types.StringValue(testRegionName), - Status: types.StringValue(testStatus), - PrivateEndpointConnectionName: types.StringValue(testPEConnectionName)}, - expectedSDKReq: &admin.EARPrivateEndpoint{ - CloudProvider: admin.PtrString(testCloudProvider), - ErrorMessage: admin.PtrString(testErrMsg), - Id: admin.PtrString(testID), - RegionName: admin.PtrString(testRegionName), - Status: admin.PtrString(testStatus), - PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName)}, + CloudProvider: admin.PtrString(testCloudProvider), + RegionName: admin.PtrString(testRegionName), + }, }, } diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 55ea8f3ab1..48a928d7b1 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -1,16 +1,23 @@ -//nolint:gocritic package encryptionatrestprivateendpoint import ( "context" + "errors" + "fmt" + "net/http" + "regexp" + "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" + "go.mongodb.org/atlas-sdk/v20240805001/admin" ) const ( encryptionAtRestPrivateEndpointName = "encryption_at_rest_private_endpoint" warnUnsupportedOperation = "Operation not supported" + failedStatusErrorMessage = "Private endpoint is in a failed status" ) var _ resource.ResourceWithConfigure = &encryptionAtRestPrivateEndpointRS{} @@ -39,18 +46,27 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso return } - // encryptionAtRestPrivateEndpointReq := NewEarPrivateEndpointReq(&earPrivateEndpointPlan) + privateEndpointReq := NewEarPrivateEndpointReq(&earPrivateEndpointPlan) + connV2 := r.Client.AtlasV2 + projectID := earPrivateEndpointPlan.ProjectID.ValueString() + cloudProvider := earPrivateEndpointPlan.CloudProvider.ValueString() + createResp, _, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.CreateEncryptionAtRestPrivateEndpoint(ctx, projectID, cloudProvider, privateEndpointReq).Execute() + if err != nil { + resp.Diagnostics.AddError("error creating resource", err.Error()) + return + } - // TODO: make POST request to Atlas API and handle error in response - // connV2 := r.Client.AtlasV2 - // if err != nil { - // resp.Diagnostics.AddError("error creating resource", err.Error()) - // return - //} + finalResp, err := waitStateTransition(ctx, projectID, cloudProvider, createResp.GetId(), connV2.EncryptionAtRestUsingCustomerKeyManagementApi) + if err != nil { + resp.Diagnostics.AddError("error when waiting for status transition in creation", err.Error()) + return + } - // TODO: process response into new terraform state - // newencryptionAtRestPrivateEndpointModel := NewTFencryptionAtRestPrivateEndpoint(apiResp) - // resp.Diagnostics.Append(resp.State.Set(ctx, newencryptionAtRestPrivateEndpointModel)...) + privateEndpointModel := NewTFEarPrivateEndpoint(finalResp, projectID) + resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) + if err := getErrorMsgForFailedStatus(finalResp); err != nil { + resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) + } } func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { @@ -60,19 +76,25 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour return } - // TODO: make get request to resource - // connV2 := r.Client.AtlasV2 - // if err != nil { - // if apiResp != nil && apiResp.StatusCode == http.StatusNotFound { - // resp.State.RemoveResource(ctx) - // return - // } - // resp.Diagnostics.AddError("error fetching resource", err.Error()) - // return - //} - - // TODO: process response into new terraform state - // resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(apiResp))...) + connV2 := r.Client.AtlasV2 + projectID := earPrivateEndpointState.ProjectID.ValueString() + cloudProvider := earPrivateEndpointState.CloudProvider.ValueString() + endpointID := earPrivateEndpointState.ID.ValueString() + + endpointModel, apiResp, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRestPrivateEndpoint(ctx, projectID, cloudProvider, endpointID).Execute() + if err != nil { + if apiResp != nil && apiResp.StatusCode == http.StatusNotFound { + resp.State.RemoveResource(ctx) + return + } + resp.Diagnostics.AddError("error fetching resource", err.Error()) + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(endpointModel, projectID))...) + if err := getErrorMsgForFailedStatus(endpointModel); err != nil { + resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) + } } func (r *encryptionAtRestPrivateEndpointRS) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { @@ -86,25 +108,56 @@ func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req reso return } - // TODO: make Delete request to Atlas API + connV2 := r.Client.AtlasV2 + projectID := earPrivateEndpointState.ProjectID.ValueString() + cloudProvider := earPrivateEndpointState.CloudProvider.ValueString() + endpointID := earPrivateEndpointState.ID.ValueString() + if _, _, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.RequestEncryptionAtRestPrivateEndpointDeletion(ctx, projectID, cloudProvider, endpointID).Execute(); err != nil { + resp.Diagnostics.AddError("error deleting resource", err.Error()) + return + } - // connV2 := r.Client.AtlasV2 - // if _, _, err := connV2.Api.Delete().Execute(); err != nil { - // resp.Diagnostics.AddError("error deleting resource", err.Error()) - // return - // } + model, err := WaitDeleteStateTransition(ctx, projectID, cloudProvider, endpointID, connV2.EncryptionAtRestUsingCustomerKeyManagementApi) + if err != nil { + resp.Diagnostics.AddError("error when waiting for status transition in delete", err.Error()) + return + } + if err := getErrorMsgForFailedStatus(model); err != nil { + resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) + } } func (r *encryptionAtRestPrivateEndpointRS) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { - // TODO: parse req.ID string taking into account documented format. Example: + projectID, cloudProvider, privateEndpointID, err := splitEncryptionAtRestPrivateEndpointImportID(req.ID) + if err != nil { + resp.Diagnostics.AddError("error splitting import ID", err.Error()) + return + } - // projectID, other, err := splitencryptionAtRestPrivateEndpointImportID(req.ID) - // if err != nil { - // resp.Diagnostics.AddError("error splitting import ID", err.Error()) - // return - //} + resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), projectID)...) + resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("cloud_provider"), cloudProvider)...) + resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("id"), privateEndpointID)...) +} - // TODO: define attributes that are required for read operation to work correctly. Example: +func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudProvider, privateEndpointID string, err error) { + re := regexp.MustCompile(`(?s)^([0-9a-fA-F]{24})-(.*)-([0-9a-fA-F]{24})$`) + parts := re.FindStringSubmatch(id) - // resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), projectID)...) + if len(parts) != 4 { + err = errors.New("use the format {project_id}-{cloud_provider}-{private_endpoint_id}") + return + } + + projectID = parts[1] + cloudProvider = parts[2] + privateEndpointID = parts[3] + return +} + +func getErrorMsgForFailedStatus(model *admin.EARPrivateEndpoint) error { + if model.GetStatus() != retrystrategy.RetryStrategyFailedState { + return nil + } + msg := model.GetErrorMessage() + return fmt.Errorf("detail of error message: %s", msg) } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go b/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go new file mode 100644 index 0000000000..256bfc93c3 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go @@ -0,0 +1,13 @@ +package encryptionatrestprivateendpoint_test + +import ( + "testing" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" +) + +func TestMigEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { + mig.SkipIfVersionBelow(t, "1.19.0") + testCase := basicTestCase(t) + mig.CreateAndRunTest(t, testCase) +} diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index d9106af641..925ca81bb9 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -1,29 +1,149 @@ -//nolint:gocritic package encryptionatrestprivateendpoint_test -// TODO: if acceptance test will be run in an existing CI group of resources, the name should include the group in the prefix followed by the name of the resource e.i. TestAccStreamRSStreamInstance_basic -// In addition, if acceptance test contains testing of both resource and data sources, the RS/DS can be omitted. -// func TestAccEncryptionatrestprivateendpointRS_basic(t *testing.T) { -// resource.ParallelTest(t, resource.TestCase{ -// PreCheck: func() { acc.PreCheckBasic(t) }, -// ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, -// // CheckDestroy: checkDestroyEncryptionatrestprivateendpoint, -// Steps: []resource.TestStep{ // TODO: verify updates and import in case of resources -// // { -// // Config: encryptionatrestprivateendpointConfig(), -// // Check: encryptionatrestprivateendpointAttributeChecks(), -// // }, -// // { -// // Config: encryptionatrestprivateendpointConfig(), -// // Check: encryptionatrestprivateendpointAttributeChecks(), -// // }, -// // { -// // Config: encryptionatrestprivateendpointConfig(), -// // ResourceName: resourceName, -// // ImportStateIdFunc: checkEncryptionatrestprivateendpointImportStateIDFunc, -// // ImportState: true, -// // ImportStateVerify: true, -// }, -// }, -// ) -// } +import ( + "context" + "fmt" + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" + "go.mongodb.org/atlas-sdk/v20240805001/admin" +) + +const ( + resourceName = "mongodbatlas_encryption_at_rest_private_endpoint.test" + earResourceName = "mongodbatlas_encryption_at_rest.test" +) + +func TestAccEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { + resource.ParallelTest(t, *basicTestCase(t)) +} + +func basicTestCase(tb testing.TB) *resource.TestCase { + tb.Helper() + acc.SkipTestForCI(tb) // needs Azure configuration + var ( + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + azureKeyVault = &admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + RequirePrivateNetworking: conversion.Pointer(true), + AzureEnvironment: conversion.StringPtr("AZURE"), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), + Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + } + region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") + ) + + return &resource.TestCase{ + PreCheck: func() { acc.PreCheck(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb); acc.PreCheckPreviewFlag(tb) }, + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + CheckDestroy: checkDestroy, + Steps: []resource.TestStep{ + { + Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet(resourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "status", retrystrategy.RetryStrategyPendingAcceptanceState), + ), + }, + { + Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), + ResourceName: resourceName, + ImportStateIdFunc: importStateIDFunc(resourceName), + ImportState: true, + ImportStateVerify: true, + }, + }, + } +} + +func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t *testing.T) { + acc.SkipTestForCI(t) // needs Azure configuration + var ( + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + azureKeyVault = &admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + RequirePrivateNetworking: conversion.Pointer(true), + AzureEnvironment: conversion.StringPtr("AZURE"), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), + Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + } + region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") + ) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + CheckDestroy: checkDestroy, + Steps: []resource.TestStep{ + { + Config: acc.ConfigEARAzureKeyVault(projectID, azureKeyVault, false), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.enabled", "true"), + resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.require_private_networking", "false"), + ), + }, + { + Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.require_private_networking", "true"), + resource.TestCheckResourceAttrSet(resourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "status", "PENDING_ACCEPTANCE"), + ), + }, + }, + }) +} + +func importStateIDFunc(resourceName string) resource.ImportStateIdFunc { + return func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return "", fmt.Errorf("not found: %s", resourceName) + } + return fmt.Sprintf("%s-%s-%s", rs.Primary.Attributes["project_id"], rs.Primary.Attributes["cloud_provider"], rs.Primary.Attributes["id"]), nil + } +} + +func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault, region string) string { + encryptionAtRestConfig := acc.ConfigEARAzureKeyVault(projectID, azure, true) + return fmt.Sprintf(` + %[1]s + + resource "mongodbatlas_encryption_at_rest_private_endpoint" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id + cloud_provider = "AZURE" + region_name = %[2]q + } + `, encryptionAtRestConfig, region) +} + +func checkDestroy(state *terraform.State) error { + for _, rs := range state.RootModule().Resources { + if rs.Type != "mongodbatlas_encryption_at_rest_private_endpoint" { + continue + } + projectID := rs.Primary.Attributes["project_id"] + cloudProvider := rs.Primary.Attributes["cloud_provider"] + endpointID := rs.Primary.Attributes["id"] + _, _, err := acc.ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRestPrivateEndpoint(context.Background(), projectID, cloudProvider, endpointID).Execute() + if err == nil { + return fmt.Errorf("EAR private endpoint (%s:%s:%s) still exists", projectID, cloudProvider, endpointID) + } + } + return nil +} diff --git a/internal/service/encryptionatrestprivateendpoint/state_transition.go b/internal/service/encryptionatrestprivateendpoint/state_transition.go new file mode 100644 index 0000000000..26aaba312f --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/state_transition.go @@ -0,0 +1,78 @@ +package encryptionatrestprivateendpoint + +import ( + "context" + "errors" + "net/http" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" + "go.mongodb.org/atlas-sdk/v20240805001/admin" +) + +const ( + defaultTimeout = 20 * time.Minute // The amount of time to wait before timeout + defaultMinTimeout = 30 * time.Second // Smallest time to wait before refreshes +) + +func waitStateTransition(ctx context.Context, projectID, cloudProvider, endpointID string, client admin.EncryptionAtRestUsingCustomerKeyManagementApi) (*admin.EARPrivateEndpoint, error) { + return WaitStateTransitionWithMinTimeout(ctx, defaultMinTimeout, projectID, cloudProvider, endpointID, client) +} + +func WaitStateTransitionWithMinTimeout(ctx context.Context, minTimeout time.Duration, projectID, cloudProvider, endpointID string, client admin.EncryptionAtRestUsingCustomerKeyManagementApi) (*admin.EARPrivateEndpoint, error) { + return waitStateTransitionForStates( + ctx, + []string{retrystrategy.RetryStrategyInitiatingState}, + []string{retrystrategy.RetryStrategyPendingAcceptanceState, retrystrategy.RetryStrategyActiveState, retrystrategy.RetryStrategyFailedState}, + minTimeout, projectID, cloudProvider, endpointID, client) +} + +func WaitDeleteStateTransition(ctx context.Context, projectID, cloudProvider, endpointID string, client admin.EncryptionAtRestUsingCustomerKeyManagementApi) (*admin.EARPrivateEndpoint, error) { + return WaitDeleteStateTransitionWithMinTimeout(ctx, defaultMinTimeout, projectID, cloudProvider, endpointID, client) +} + +func WaitDeleteStateTransitionWithMinTimeout(ctx context.Context, minTimeout time.Duration, projectID, cloudProvider, endpointID string, client admin.EncryptionAtRestUsingCustomerKeyManagementApi) (*admin.EARPrivateEndpoint, error) { + return waitStateTransitionForStates( + ctx, + []string{retrystrategy.RetryStrategyDeletingState}, + []string{retrystrategy.RetryStrategyDeletedState, retrystrategy.RetryStrategyFailedState}, + minTimeout, projectID, cloudProvider, endpointID, client) +} + +func waitStateTransitionForStates(ctx context.Context, pending, target []string, minTimeout time.Duration, projectID, cloudProvider, endpointID string, client admin.EncryptionAtRestUsingCustomerKeyManagementApi) (*admin.EARPrivateEndpoint, error) { + stateConf := &retry.StateChangeConf{ + Pending: pending, + Target: target, + Refresh: refreshFunc(ctx, projectID, cloudProvider, endpointID, client), + Timeout: defaultTimeout, + MinTimeout: minTimeout, + Delay: 0, + } + + result, err := stateConf.WaitForStateContext(ctx) + if err != nil { + return nil, err + } + if privateEndpointResp, ok := result.(*admin.EARPrivateEndpoint); ok { + return privateEndpointResp, nil + } + return nil, errors.New("did not obtain valid result when waiting for state transition") +} + +func refreshFunc(ctx context.Context, projectID, cloudProvider, endpointID string, client admin.EncryptionAtRestUsingCustomerKeyManagementApi) retry.StateRefreshFunc { + return func() (any, string, error) { + model, resp, err := client.GetEncryptionAtRestPrivateEndpoint(ctx, projectID, cloudProvider, endpointID).Execute() + if err != nil && model == nil && resp == nil { + return nil, "", err + } + if err != nil { + if resp.StatusCode == http.StatusNotFound { + return &admin.EARPrivateEndpoint{}, retrystrategy.RetryStrategyDeletedState, nil + } + return nil, "", err + } + status := model.GetStatus() + return model, status, nil + } +} diff --git a/internal/service/encryptionatrestprivateendpoint/state_transition_test.go b/internal/service/encryptionatrestprivateendpoint/state_transition_test.go new file mode 100644 index 0000000000..8cd5792811 --- /dev/null +++ b/internal/service/encryptionatrestprivateendpoint/state_transition_test.go @@ -0,0 +1,135 @@ +package encryptionatrestprivateendpoint_test + +import ( + "context" + "time" + + "errors" + "net/http" + "testing" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" +) + +type testCase struct { + expectedState *string + mockResponses []response + expectedError bool +} + +func TestStateTransition(t *testing.T) { + testCases := map[string]testCase{ + "Successful transitioning to PENDING_ACCEPTANCE": { + mockResponses: []response{ + {state: conversion.StringPtr(retrystrategy.RetryStrategyInitiatingState)}, + {state: conversion.StringPtr(retrystrategy.RetryStrategyPendingAcceptanceState)}, + }, + expectedState: conversion.StringPtr(retrystrategy.RetryStrategyPendingAcceptanceState), + expectedError: false, + }, + "Successful transitioning to ACTIVE": { + mockResponses: []response{ + {state: conversion.StringPtr(retrystrategy.RetryStrategyInitiatingState)}, + {state: conversion.StringPtr(retrystrategy.RetryStrategyActiveState)}, + }, + expectedState: conversion.StringPtr(retrystrategy.RetryStrategyActiveState), + expectedError: false, + }, + "Return model without error when transitioning to FAILED state": { + mockResponses: []response{ + {state: conversion.StringPtr(retrystrategy.RetryStrategyInitiatingState)}, + {state: conversion.StringPtr(retrystrategy.RetryStrategyFailedState)}, + }, + expectedState: conversion.StringPtr(retrystrategy.RetryStrategyFailedState), + expectedError: false, + }, + "Error when API responds with error": { + mockResponses: []response{ + {statusCode: admin.PtrInt(http.StatusInternalServerError), err: errors.New("Internal server error")}, + }, + expectedState: nil, + expectedError: true, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + m := mockadmin.NewEncryptionAtRestUsingCustomerKeyManagementApi(t) + m.EXPECT().GetEncryptionAtRestPrivateEndpoint(mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(admin.GetEncryptionAtRestPrivateEndpointApiRequest{ApiService: m}) + + for _, resp := range tc.mockResponses { + modelResp, httpResp, err := resp.get() + m.EXPECT().GetEncryptionAtRestPrivateEndpointExecute(mock.Anything).Return(modelResp, httpResp, err).Once() + } + resp, err := encryptionatrestprivateendpoint.WaitStateTransitionWithMinTimeout(context.Background(), 1*time.Second, "project-id", "cloud-provider", "endpoint-id", m) + assert.Equal(t, tc.expectedError, err != nil) + if resp != nil { + assert.Equal(t, tc.expectedState, resp.Status) + } + }) + } +} + +func TestDeleteStateTransition(t *testing.T) { + testCases := map[string]testCase{ + "Successful transitioning from DELELTING to deleted": { + mockResponses: []response{ + {state: conversion.StringPtr(retrystrategy.RetryStrategyDeletingState)}, + {statusCode: admin.PtrInt(http.StatusNotFound), err: errors.New("does not exist")}, + }, + expectedError: false, + }, + "Return model without error when transitioning to FAILED state": { + mockResponses: []response{ + {state: conversion.StringPtr(retrystrategy.RetryStrategyDeletingState)}, + {state: conversion.StringPtr(retrystrategy.RetryStrategyFailedState)}, + }, + expectedError: false, + expectedState: conversion.StringPtr(retrystrategy.RetryStrategyFailedState), + }, + "Error when API responds with error": { + mockResponses: []response{ + {statusCode: admin.PtrInt(http.StatusInternalServerError), err: errors.New("Internal server error")}, + }, + expectedState: nil, + expectedError: true, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + m := mockadmin.NewEncryptionAtRestUsingCustomerKeyManagementApi(t) + m.EXPECT().GetEncryptionAtRestPrivateEndpoint(mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(admin.GetEncryptionAtRestPrivateEndpointApiRequest{ApiService: m}) + + for _, resp := range tc.mockResponses { + modelResp, httpResp, err := resp.get() + m.EXPECT().GetEncryptionAtRestPrivateEndpointExecute(mock.Anything).Return(modelResp, httpResp, err).Once() + } + resp, err := encryptionatrestprivateendpoint.WaitDeleteStateTransitionWithMinTimeout(context.Background(), 1*time.Second, "project-id", "cloud-provider", "endpoint-id", m) + assert.Equal(t, tc.expectedError, err != nil) + if resp != nil { + assert.Equal(t, tc.expectedState, resp.Status) + } + }) + } +} + +type response struct { + state *string + statusCode *int + err error +} + +func (r *response) get() (*admin.EARPrivateEndpoint, *http.Response, error) { + var httpResp *http.Response + if r.statusCode != nil { + httpResp = &http.Response{StatusCode: *r.statusCode} + } + return &admin.EARPrivateEndpoint{Status: r.state}, httpResp, r.err +} diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go new file mode 100644 index 0000000000..f1a2a1308a --- /dev/null +++ b/internal/testutil/acc/encryption_at_rest.go @@ -0,0 +1,34 @@ +package acc + +import ( + "fmt" + + "go.mongodb.org/atlas-sdk/v20240805001/admin" +) + +func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking bool) string { + var requirePrivateNetworkingAttr string + if useRequirePrivateNetworking { + requirePrivateNetworkingAttr = fmt.Sprintf("require_private_networking = %t", azure.GetRequirePrivateNetworking()) + } + + return fmt.Sprintf(` + resource "mongodbatlas_encryption_at_rest" "test" { + project_id = "%s" + + azure_key_vault_config { + enabled = %t + client_id = "%s" + azure_environment = "%s" + subscription_id = "%s" + resource_group_name = "%s" + key_vault_name = "%s" + key_identifier = "%s" + secret = "%s" + tenant_id = "%s" + %s + } + } + `, projectID, *azure.Enabled, azure.GetClientID(), azure.GetAzureEnvironment(), azure.GetSubscriptionID(), azure.GetResourceGroupName(), + azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr) +} diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go index b0fba2919a..92ab1e5978 100644 --- a/internal/testutil/acc/pre_check.go +++ b/internal/testutil/acc/pre_check.go @@ -136,16 +136,25 @@ func PreCheckPeeringEnvAzure(tb testing.TB) { func PreCheckEncryptionAtRestEnvAzure(tb testing.TB) { tb.Helper() if os.Getenv("AZURE_CLIENT_ID") == "" || - os.Getenv("AZURE_CLIENT_ID_UPDATED") == "" || os.Getenv("AZURE_SUBSCRIPTION_ID") == "" || os.Getenv("AZURE_RESOURCE_GROUP_NAME") == "" || - os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED") == "" || os.Getenv("AZURE_SECRET") == "" || os.Getenv("AZURE_KEY_VAULT_NAME") == "" || - os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || os.Getenv("AZURE_KEY_IDENTIFIER") == "" || - os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED") == "" || os.Getenv("AZURE_TENANT_ID") == "" { + tb.Fatal(`'AZURE_CLIENT_ID', 'AZURE_SUBSCRIPTION_ID', + 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_SECRET', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) + } +} + +func PreCheckEncryptionAtRestEnvAzureWithUpdate(tb testing.TB) { + tb.Helper() + PreCheckEncryptionAtRestEnvAzure(tb) + + if os.Getenv("AZURE_CLIENT_ID_UPDATED") == "" || + os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED") == "" || + os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || + os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED") == "" { tb.Fatal(`'AZURE_CLIENT_ID','AZURE_CLIENT_ID_UPDATED', 'AZURE_SUBSCRIPTION_ID', 'AZURE_RESOURCE_GROUP_NAME','AZURE_RESOURCE_GROUP_NAME_UPDATED', 'AZURE_SECRET', 'AZURE_SECRET_UPDATED', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', 'AZURE_KEY_VAULT_NAME_UPDATED', From aaabcff8f51600ef636c0f1cc16394bca198f4c8 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Tue, 27 Aug 2024 14:42:47 +0200 Subject: [PATCH 07/20] feat: Implements `mongodbatlas_encryption_at_rest_private_endpoint` singular data source (#2527) * implement singular data source * including changelog entry --- .changelog/2527.txt | 3 ++ .../data_source.go | 20 +++++++------ .../resource_test.go | 26 ++++++++++++++--- internal/testutil/acc/attribute_checks.go | 28 +++++++++++++++++++ 4 files changed, 64 insertions(+), 13 deletions(-) create mode 100644 .changelog/2527.txt diff --git a/.changelog/2527.txt b/.changelog/2527.txt new file mode 100644 index 0000000000..c8acc8ea4e --- /dev/null +++ b/.changelog/2527.txt @@ -0,0 +1,3 @@ +```release-note:new-datasource +data-source/mongodbatlas_encryption_at_rest_private_endpoint +``` diff --git a/internal/service/encryptionatrestprivateendpoint/data_source.go b/internal/service/encryptionatrestprivateendpoint/data_source.go index 5bccd2ebc2..3a2a223653 100644 --- a/internal/service/encryptionatrestprivateendpoint/data_source.go +++ b/internal/service/encryptionatrestprivateendpoint/data_source.go @@ -35,14 +35,16 @@ func (d *encryptionAtRestPrivateEndpointDS) Read(ctx context.Context, req dataso return } - // TODO: make get request to resource - - // connV2 := d.Client.AtlasV2 - // if err != nil { - // resp.Diagnostics.AddError("error fetching resource", err.Error()) - // return - //} + connV2 := d.Client.AtlasV2 + projectID := earPrivateEndpointConfig.ProjectID.ValueString() + cloudProvider := earPrivateEndpointConfig.CloudProvider.ValueString() + endpointID := earPrivateEndpointConfig.ID.ValueString() + + endpointModel, _, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRestPrivateEndpoint(ctx, projectID, cloudProvider, endpointID).Execute() + if err != nil { + resp.Diagnostics.AddError("error fetching resource", err.Error()) + return + } - // TODO: process response into new terraform state - // resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(apiResp))...) + resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(endpointModel, projectID))...) } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 925ca81bb9..1c573467e4 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -16,6 +16,7 @@ import ( const ( resourceName = "mongodbatlas_encryption_at_rest_private_endpoint.test" + dataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoint.test" earResourceName = "mongodbatlas_encryption_at_rest.test" ) @@ -50,10 +51,7 @@ func basicTestCase(tb testing.TB) *resource.TestCase { Steps: []resource.TestStep{ { Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), - Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttrSet(resourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "status", retrystrategy.RetryStrategyPendingAcceptanceState), - ), + Check: checkPrivateEndpointAzureBasic(projectID, azureKeyVault, region), }, { Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), @@ -129,9 +127,29 @@ func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVaul cloud_provider = "AZURE" region_name = %[2]q } + + data "mongodbatlas_encryption_at_rest_private_endpoint" "test" { + project_id = mongodbatlas_encryption_at_rest_private_endpoint.test.project_id + cloud_provider = mongodbatlas_encryption_at_rest_private_endpoint.test.cloud_provider + id = mongodbatlas_encryption_at_rest_private_endpoint.test.id + } `, encryptionAtRestConfig, region) } +func checkPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault, region string) resource.TestCheckFunc { + return acc.CheckRSAndDS( + resourceName, + admin.PtrString(dataSourceName), + nil, + []string{"id", "private_endpoint_connection_name"}, + map[string]string{ + "project_id": projectID, + "status": retrystrategy.RetryStrategyPendingAcceptanceState, + "region_name": region, + "cloud_provider": *azure.AzureEnvironment, + }) +} + func checkDestroy(state *terraform.State) error { for _, rs := range state.RootModule().Resources { if rs.Type != "mongodbatlas_encryption_at_rest_private_endpoint" { diff --git a/internal/testutil/acc/attribute_checks.go b/internal/testutil/acc/attribute_checks.go index fd818b0594..b0e1f6e7a4 100644 --- a/internal/testutil/acc/attribute_checks.go +++ b/internal/testutil/acc/attribute_checks.go @@ -65,6 +65,24 @@ func JSONEquals(expected string) resource.CheckResourceAttrWithFunc { } } +// CheckRSAndDS returns a check function that asserts a set of attributes (presence and values) in resource and data sources. +// If a plural data source name is provided, it will apply checks over first result +func CheckRSAndDS(resourceName string, dataSourceName, pluralDataSourceName *string, attrsSet []string, attrsMap map[string]string, extra ...resource.TestCheckFunc) resource.TestCheckFunc { + checks := []resource.TestCheckFunc{} + checks = AddAttrChecks(resourceName, checks, attrsMap) + checks = AddAttrSetChecks(resourceName, checks, attrsSet...) + if dataSourceName != nil { + checks = AddAttrChecks(*dataSourceName, checks, attrsMap) + checks = AddAttrSetChecks(*dataSourceName, checks, attrsSet...) + } + if pluralDataSourceName != nil { + checks = AddAttrChecksPrefix(*pluralDataSourceName, checks, attrsMap, "results.0") + checks = AddAttrSetChecksPrefix(*pluralDataSourceName, checks, attrsSet, "results.0") + } + checks = append(checks, extra...) + return resource.ComposeAggregateTestCheckFunc(checks...) +} + func AddAttrSetChecks(targetName string, checks []resource.TestCheckFunc, attrNames ...string) []resource.TestCheckFunc { newChecks := copyChecks(checks, attrNames) for _, attrName := range attrNames { @@ -102,6 +120,16 @@ func AddAttrChecksPrefix(targetName string, checks []resource.TestCheckFunc, map return newChecks } +func AddAttrSetChecksPrefix(targetName string, checks []resource.TestCheckFunc, attrNames []string, prefix string) []resource.TestCheckFunc { + newChecks := copyChecks(checks, attrNames) + prefix, _ = strings.CutSuffix(prefix, ".") + for _, key := range attrNames { + keyWithPrefix := fmt.Sprintf("%s.%s", prefix, key) + newChecks = append(newChecks, resource.TestCheckResourceAttrSet(targetName, keyWithPrefix)) + } + return newChecks +} + // copyChecks helps to prevent the accidental modification of the existing slice func copyChecks[T map[string]string | []string](checks []resource.TestCheckFunc, additionalChecks T) []resource.TestCheckFunc { newChecks := make([]resource.TestCheckFunc, len(checks), len(checks)+len(additionalChecks)) From c22c80ef240726ffc1309792e6f229ce644b192a Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Wed, 28 Aug 2024 12:14:54 +0100 Subject: [PATCH 08/20] doc: Updates existing documentation for `mongodbatlas_encryption_at_rest` resource to be auto-generated (#2529) --- docs/resources/encryption_at_rest.md | 81 +++++++++----- .../resource_encryption_at_rest.go | 102 +++++++++++++----- .../tfplugingen/generator_config.yml | 11 ++ .../resources/encryption_at_rest.md.tmpl | 37 +++++++ 4 files changed, 178 insertions(+), 53 deletions(-) create mode 100644 internal/service/encryptionatrest/tfplugingen/generator_config.yml create mode 100644 templates/resources/encryption_at_rest.md.tmpl diff --git a/docs/resources/encryption_at_rest.md b/docs/resources/encryption_at_rest.md index ea85a74fa2..10064434e3 100644 --- a/docs/resources/encryption_at_rest.md +++ b/docs/resources/encryption_at_rest.md @@ -21,7 +21,7 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ -> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. -## Example Usage +## Example Usages ```terraform resource "mongodbatlas_encryption_at_rest" "test" { @@ -106,39 +106,70 @@ resource "mongodbatlas_advanced_cluster" "example_cluster" { ``` -## Argument Reference -* `project_id` - (Required) The unique identifier for the project. + +## Schema -### aws_kms_config -Refer to the example in the [official github repository](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples) to implement Encryption at Rest -* `enabled` - Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details. -* `customer_master_key_id` - The AWS customer master key used to encrypt and decrypt the MongoDB master keys. -* `region` - The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1 -* `role_id` - ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the `role_id` attribute of the `mongodbatlas_cloud_provider_access` resource. +### Required -### azure_key_vault_config -* `enabled` - Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details. -* `client_id` - The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant. -* `azure_environment` - The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY -* `subscription_id` - The unique identifier associated with an Azure subscription. -* `resource_group_name` - The name of the Azure Resource group that contains an Azure Key Vault. -* `key_vault_name` - The name of an Azure Key Vault containing your key. -* `key_identifier` - The unique identifier of a key in an Azure Key Vault. -* `secret` - The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID. -* `tenant_id` - The unique identifier for an Azure AD tenant within an Azure subscription. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. -### google_cloud_kms_config -* `enabled` - Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details. -* `service_account_key` - String-formatted JSON object containing GCP KMS credentials from your GCP account. -* `key_version_resource_id` - The Key Version Resource ID from your GCP account. +**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. -## Import +### Optional +- `aws_kms_config` (Block List) Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project. (see [below for nested schema](#nestedblock--aws_kms_config)) +- `azure_key_vault_config` (Block List) Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV). (see [below for nested schema](#nestedblock--azure_key_vault_config)) +- `google_cloud_kms_config` (Block List) Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS). (see [below for nested schema](#nestedblock--google_cloud_kms_config)) + +### Read-Only + +- `id` (String) The ID of this resource. + + +### Nested Schema for `aws_kms_config` + +Optional: + +- `access_key_id` (String, Sensitive) Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK). +- `customer_master_key_id` (String, Sensitive) Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys. +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `region` (String) Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts. +- `role_id` (String) Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key. +- `secret_access_key` (String, Sensitive) Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key. + + + +### Nested Schema for `azure_key_vault_config` + +Optional: + +- `azure_environment` (String) Azure environment in which your account credentials reside. +- `client_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant. +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `key_identifier` (String, Sensitive) Web address with a unique key that identifies for your Azure Key Vault. +- `key_vault_name` (String) Unique string that identifies the Azure Key Vault that contains your key. +- `require_private_networking` (Boolean) Enable connection to your Azure Key Vault over private networking. +- `resource_group_name` (String) Name of the Azure resource group that contains your Azure Key Vault. +- `secret` (String, Sensitive) Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data. +- `subscription_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies your Azure subscription. +- `tenant_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription. + + + +### Nested Schema for `google_cloud_kms_config` + +Optional: + +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `key_version_resource_id` (String, Sensitive) Resource path that displays the key version resource ID for your Google Cloud KMS. +- `service_account_key` (String, Sensitive) JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object. + +# Import Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. ``` $ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 ``` -For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest.go b/internal/service/encryptionatrest/resource_encryption_at_rest.go index 977664f86b..08ff5582ea 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest.go @@ -100,11 +100,15 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", }, }, Blocks: map[string]schema.Block{ "aws_kms_config": schema.ListNestedBlock{ - Validators: []validator.List{listvalidator.SizeAtMost(1)}, + Description: "Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.", + MarkdownDescription: "Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.", + Validators: []validator.List{listvalidator.SizeAtMost(1)}, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ @@ -113,31 +117,45 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", }, "access_key_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).", + MarkdownDescription: "Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).", }, "secret_access_key": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.", + MarkdownDescription: "Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.", }, "customer_master_key_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.", + MarkdownDescription: "Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.", }, "region": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. + MarkdownDescription: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. }, "role_id": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", }, }, Validators: []validator.Object{validate.AwsKmsConfig()}, }, }, "azure_key_vault_config": schema.ListNestedBlock{ - Validators: []validator.List{listvalidator.SizeAtMost(1)}, + Description: "Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).", + MarkdownDescription: "Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).", + Validators: []validator.List{listvalidator.SizeAtMost(1)}, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ @@ -146,35 +164,53 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", }, "client_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.", }, "azure_environment": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Azure environment in which your account credentials reside.", + MarkdownDescription: "Azure environment in which your account credentials reside.", }, "subscription_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies your Azure subscription.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies your Azure subscription.", }, "resource_group_name": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Name of the Azure resource group that contains your Azure Key Vault.", + MarkdownDescription: "Name of the Azure resource group that contains your Azure Key Vault.", }, "key_vault_name": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Unique string that identifies the Azure Key Vault that contains your key.", + MarkdownDescription: "Unique string that identifies the Azure Key Vault that contains your key.", }, "key_identifier": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Web address with a unique key that identifies for your Azure Key Vault.", + MarkdownDescription: "Web address with a unique key that identifies for your Azure Key Vault.", }, "secret": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.", + MarkdownDescription: "Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.", }, "tenant_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.", }, "require_private_networking": schema.BoolAttribute{ Optional: true, @@ -182,12 +218,16 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Enable connection to your Azure Key Vault over private networking.", + MarkdownDescription: "Enable connection to your Azure Key Vault over private networking.", }, }, }, }, "google_cloud_kms_config": schema.ListNestedBlock{ - Validators: []validator.List{listvalidator.SizeAtMost(1)}, + Description: "Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).", + MarkdownDescription: "Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).", + Validators: []validator.List{listvalidator.SizeAtMost(1)}, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ @@ -196,14 +236,20 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", }, "service_account_key": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.", + MarkdownDescription: "JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.", }, "key_version_resource_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Resource path that displays the key version resource ID for your Google Cloud KMS.", + MarkdownDescription: "Resource path that displays the key version resource ID for your Google Cloud KMS.", }, }, }, diff --git a/internal/service/encryptionatrest/tfplugingen/generator_config.yml b/internal/service/encryptionatrest/tfplugingen/generator_config.yml new file mode 100644 index 0000000000..08b2657a14 --- /dev/null +++ b/internal/service/encryptionatrest/tfplugingen/generator_config.yml @@ -0,0 +1,11 @@ +provider: + name: mongodbatlas + +resources: + encryption_at_rest: + create: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest + method: PATCH + read: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest + method: GET \ No newline at end of file diff --git a/templates/resources/encryption_at_rest.md.tmpl b/templates/resources/encryption_at_rest.md.tmpl new file mode 100644 index 0000000000..947e4450c9 --- /dev/null +++ b/templates/resources/encryption_at_rest.md.tmpl @@ -0,0 +1,37 @@ +# {{.Type}}: {{.Name}} + +`{{.Name}}` allows management of encryption at rest for an Atlas project with one of the following providers: + +[Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) +[Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) +[Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) + +After configuring at least one Encryption at Rest provider for the Atlas project, Project Owners can enable Encryption at Rest for each Atlas cluster for which they require encryption. The Encryption at Rest provider does not have to match the cluster cloud service provider. + +Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project. + +See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/index.html) for more information, including prerequisites and restrictions. + +~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. + +~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management + +-> **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation. + + +-> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. + +## Example Usages + + + +{{ .SchemaMarkdown | trimspace }} + +# Import +Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. + +``` +$ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 +``` + +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file From c839d754da36d5709ec0ff599f9a93b86ed6e681 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Fri, 30 Aug 2024 17:50:19 +0200 Subject: [PATCH 09/20] doc: Include example for new `mongodbatlas_encryption_at_rest_private_endpoint` resource (#2540) * Include example for ear with private endpoint * fix example * adjust readme * Update examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md Co-authored-by: maastha <122359335+maastha@users.noreply.github.com> * Update examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md Co-authored-by: maastha <122359335+maastha@users.noreply.github.com> * add example cli command * make use of variables to make value of resource id more compact --------- Co-authored-by: maastha <122359335+maastha@users.noreply.github.com> --- .../azure/README.md | 59 +++++++++++++++++++ .../azure/main.tf | 46 +++++++++++++++ .../azure/providers.tf | 11 ++++ .../azure/variables.tf | 54 +++++++++++++++++ .../azure/versions.tf | 14 +++++ 5 files changed, 184 insertions(+) create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/main.tf create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/providers.tf create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/variables.tf create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/versions.tf diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md new file mode 100644 index 0000000000..20f1400ef4 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md @@ -0,0 +1,59 @@ +# MongoDB Atlas Provider -- Encryption At Rest using Customer Key Management via Private Network Interfaces (Azure) +This example shows how to configure encryption at rest using Azure with customer managed keys ensuring all communication with Azure Key Vault happens exclusively over Azure Private Link. + +## Dependencies + +* Terraform MongoDB Atlas Provider v1.19.0 minimum +* A MongoDB Atlas account +* Terraform Azure `azapi` provider +* A Microsoft Azure account + +## Usage + +**1\. Provide the appropriate values for the input variables.** + +- `atlas_public_key`: The public API key for MongoDB Atlas +- `atlas_private_key`: The private API key for MongoDB Atlas +- `atlas_project_id`: Atlas Project ID +- `azure_subscription_id`: Azure ID that identifies your Azure subscription +- `azure_client_id`: Azure ID identifies an Azure application associated with your Azure Active Directory tenant +- `azure_client_secret`: Secret associated to the Azure application +- `azure_tenant_id`: Azure ID that identifies the Azure Active Directory tenant within your Azure subscription +- `azure_resource_group_name`: Name of the Azure resource group that contains your Azure Key Vault +- `azure_key_vault_name`: Unique string that identifies the Azure Key Vault that contains your key +- `azure_key_identifier`: Web address with a unique key that identifies for your Azure Key Vault +- `azure_region_name`: Region in which the Encryption At Rest private endpoint is located + + +NOTE: The Azure application (associated to `azure_client_id`) must have at least a Key Vault Contributor role assigned in the corresponding Key Vault. + +**2\. Review the Terraform plan.** + +Execute the following command and ensure you are happy with the plan. + +``` bash +$ terraform plan +``` +This project currently supports the following deployments: + +- Configure encryption at rest in an existing project using a custom Azure Key. Specifies that private networking is required. +- Create a private endpoint for the existing project under a certain Azure region. +- Approve the connection from the Azure Key Vault. This is being done through terraform, but alternatively the private connection can be approved through the Azure UI or CLI. + - CLI example command: `az keyvault private-endpoint-connection approve --approval-description {"OPTIONAL DESCRIPTION"} --resource-group {RG} --vault-name {KEY VAULT NAME} –name {PRIVATE LINK CONNECTION NAME}` + +**3\. Execute the Terraform apply.** + +Now execute the plan to provision the resources. + +``` bash +$ terraform apply +``` + +**4\. Destroy the resources.** + +When you have finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges. + +``` bash +$ terraform destroy +``` + diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/main.tf b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/main.tf new file mode 100644 index 0000000000..636a423013 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/main.tf @@ -0,0 +1,46 @@ +resource "mongodbatlas_encryption_at_rest" "ear" { + project_id = var.atlas_project_id + + azure_key_vault_config { + require_private_networking = true + + enabled = true + azure_environment = "AZURE" + + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id + client_id = var.azure_client_id + secret = var.azure_client_secret + + resource_group_name = var.azure_resource_group_name + key_vault_name = var.azure_key_vault_name + key_identifier = var.azure_key_identifier + } +} + +# Creates private endpoint +resource "mongodbatlas_encryption_at_rest_private_endpoint" "endpoint" { + project_id = mongodbatlas_encryption_at_rest.ear.project_id + cloud_provider = "AZURE" + region_name = var.azure_region_name +} + +locals { + key_vault_resource_id = "/subscriptions/${var.azure_subscription_id}/resourceGroups/${var.azure_resource_group_name}/providers/Microsoft.KeyVault/vaults/${var.azure_key_vault_name}" +} + +# Approves private endpoint connection from Azure Key Vault +resource "azapi_update_resource" "approval" { + type = "Microsoft.KeyVault/Vaults/PrivateEndpointConnections@2023-07-01" + name = mongodbatlas_encryption_at_rest_private_endpoint.endpoint.private_endpoint_connection_name + parent_id = local.key_vault_resource_id + + body = jsonencode({ + properties = { + privateLinkServiceConnectionState = { + description = "Approved via Terraform" + status = "Approved" + } + } + }) +} diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/providers.tf b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/providers.tf new file mode 100644 index 0000000000..432a001a39 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/providers.tf @@ -0,0 +1,11 @@ +provider "mongodbatlas" { + public_key = var.atlas_public_key + private_key = var.atlas_private_key +} + +provider "azapi" { + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id + client_id = var.azure_client_id + client_secret = var.azure_client_secret +} diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/variables.tf b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/variables.tf new file mode 100644 index 0000000000..50a8762fc3 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/variables.tf @@ -0,0 +1,54 @@ +variable "atlas_public_key" { + description = "The public API key for MongoDB Atlas" + type = string +} +variable "atlas_private_key" { + description = "The private API key for MongoDB Atlas" + type = string + sensitive = true +} +variable "atlas_project_id" { + description = "Atlas Project ID" + type = string +} +variable "azure_subscription_id" { + type = string + description = "Azure ID that identifies your Azure subscription" +} + +variable "azure_client_id" { + type = string + description = "Azure ID identifies an Azure application associated with your Azure Active Directory tenant" +} + +variable "azure_client_secret" { + type = string + sensitive = true + description = "Secret associated to the Azure application" +} + +variable "azure_tenant_id" { + type = string + description = "Azure ID that identifies the Azure Active Directory tenant within your Azure subscription" +} + +variable "azure_resource_group_name" { + type = string + description = "Name of the Azure resource group that contains your Azure Key Vault" +} + +variable "azure_key_vault_name" { + type = string + description = "Unique string that identifies the Azure Key Vault that contains your key" +} + +variable "azure_key_identifier" { + type = string + description = "Web address with a unique key that identifies for your Azure Key Vault" +} + +variable "azure_region_name" { + type = string + description = "Region in which the Encryption At Rest private endpoint is located." +} + diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/versions.tf b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/versions.tf new file mode 100644 index 0000000000..c955a31212 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_providers { + mongodbatlas = { + source = "mongodb/mongodbatlas" + version = "~> 1.18" + } + + azapi = { + source = "Azure/azapi" + version = "~> 1.15" + } + } + required_version = ">= 1.0" +} From 9305dd07a5a5882468a4c7484a556ce439582885 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Mon, 2 Sep 2024 09:40:09 +0200 Subject: [PATCH 10/20] feat: Implements new `mongodbatlas_encryption_at_rest_private_endpoints` data source (#2536) * temporary change to cloud provider access and getting latest sdk * implements plural data source * adapted cloud provider access with latest changes from dev preview * fix unit test * adding changelog entry * add changes to verify plural data source in basic test case * doc adjust to cloud_provider attribute --- .changelog/2536.txt | 3 + go.mod | 2 +- go.sum | 2 + internal/common/dsschema/page_request.go | 31 ++++++++ ...rce_cloud_provider_access_authorization.go | 10 ++- .../resource_cloud_provider_access_setup.go | 17 +++- .../data_source.go | 2 +- .../data_source_schema.go | 79 ++++++++++--------- .../encryptionatrestprivateendpoint/model.go | 20 +++-- .../model_test.go | 16 ++-- .../plural_data_source.go | 45 ++++++----- .../pural_data_source_schema.go | 76 +----------------- .../resource.go | 4 +- .../resource_schema.go | 4 +- .../resource_test.go | 14 +++- .../tfplugingen/generator_config.yml | 12 ++- 16 files changed, 179 insertions(+), 158 deletions(-) create mode 100644 .changelog/2536.txt create mode 100644 internal/common/dsschema/page_request.go diff --git a/.changelog/2536.txt b/.changelog/2536.txt new file mode 100644 index 0000000000..c7f1c1323e --- /dev/null +++ b/.changelog/2536.txt @@ -0,0 +1,3 @@ +```release-note:new-datasource +data-source/mongodbatlas_encryption_at_rest_private_endpoints +``` diff --git a/go.mod b/go.mod index e7f9b831f1..42813b6766 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/zclconf/go-cty v1.15.0 go.mongodb.org/atlas v0.36.0 go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 - go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc + go.mongodb.org/atlas-sdk/v20240805001 v20240805001.1.1-0.20240826083604-5148b5e06fe3 go.mongodb.org/realm v0.1.0 ) diff --git a/go.sum b/go.sum index ed0d3c50fe..01da42592d 100644 --- a/go.sum +++ b/go.sum @@ -784,6 +784,8 @@ go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 h1:d/gbYJ+obR0EM/3DZf7+ZM go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0/go.mod h1:O47ZrMMfcWb31wznNIq2PQkkdoFoK0ea2GlmRqGJC2s= go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc h1:ZZOXzXjt9PMOx1tKz76aenAikF6n5f8qvitaarDWJ9Q= go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= +go.mongodb.org/atlas-sdk/v20240805001 v20240805001.1.1-0.20240826083604-5148b5e06fe3 h1:Xru9985dRWbJB1d0bQ4wu5FYGEu9ke3SHNJ2BgJdbNQ= +go.mongodb.org/atlas-sdk/v20240805001 v20240805001.1.1-0.20240826083604-5148b5e06fe3/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M= go.mongodb.org/realm v0.1.0/go.mod h1:4Vj6iy+Puo1TDERcoh4XZ+pjtwbOzPpzqy3Cwe8ZmDM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/internal/common/dsschema/page_request.go b/internal/common/dsschema/page_request.go new file mode 100644 index 0000000000..4195f46104 --- /dev/null +++ b/internal/common/dsschema/page_request.go @@ -0,0 +1,31 @@ +package dsschema + +import ( + "context" + "errors" + "net/http" +) + +type PaginateResponse[T any] interface { + GetResults() []T + GetTotalCount() int +} + +func AllPages[T any](ctx context.Context, listOnPage func(ctx context.Context, pageNum int) (PaginateResponse[T], *http.Response, error)) ([]T, error) { + var results []T + for currentPage := 1; ; currentPage++ { + resp, _, err := listOnPage(ctx, currentPage) + if err != nil { + return nil, err + } + if resp == nil { + return nil, errors.New("no response") + } + currentResults := resp.GetResults() + results = append(results, currentResults...) + if len(currentResults) == 0 || len(results) >= resp.GetTotalCount() { + break + } + } + return results, nil +} diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index 0a0a568687..85feb002ef 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -260,7 +260,7 @@ func resourceCloudProviderAccessAuthorizationStateUpgradeV0(ctx context.Context, } func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.ResourceData, projectID string, targetRole *admin.CloudProviderAccessRole) diag.Diagnostics { - req := &admin.CloudProviderAccessRole{ + req := &admin.CloudProviderAccessRoleRequestUpdate{ ProviderName: targetRole.ProviderName, } @@ -281,11 +281,9 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou roleID = targetRole.GetId() } - var role *admin.CloudProviderAccessRole var err error - for i := 0; i < 3; i++ { - role, _, err = client.CloudProviderAccessApi.AuthorizeCloudProviderAccessRole(ctx, projectID, roleID, req).Execute() + _, _, err = client.CloudProviderAccessApi.AuthorizeCloudProviderAccessRole(ctx, projectID, roleID, req).Execute() if err != nil && strings.Contains(err.Error(), "CANNOT_ASSUME_ROLE") { // aws takes time to update , in case of single path log.Printf("warning issue performing authorize: %s \n", err.Error()) log.Println("retrying") @@ -301,6 +299,10 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou if err != nil { return diag.FromErr(fmt.Errorf("error cloud provider access authorization %s", err)) } + role, _, err := client.CloudProviderAccessApi.GetCloudProviderAccessRole(ctx, projectID, roleID).Execute() + if err != nil { + return diag.FromErr(fmt.Errorf("error cloud provider access authorization read after authorization %s", err)) + } authSchema := roleToSchemaAuthorization(role) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index dd35fc02ec..8d3bd7fa50 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -134,8 +134,9 @@ func resourceCloudProviderAccessSetupCreate(ctx context.Context, d *schema.Resou conn := meta.(*config.MongoDBClient).AtlasV2 - requestParameters := &admin.CloudProviderAccessRole{ - ProviderName: d.Get("provider_name").(string), + providerName := d.Get("provider_name").(string) + requestParameters := &admin.CloudProviderAccessRoleRequest{ + ProviderName: providerName, } if value, ok := d.GetOk("azure_config.0.atlas_azure_app_id"); ok { @@ -150,7 +151,17 @@ func resourceCloudProviderAccessSetupCreate(ctx context.Context, d *schema.Resou requestParameters.SetTenantId(value.(string)) } - role, _, err := conn.CloudProviderAccessApi.CreateCloudProviderAccessRole(ctx, projectID, requestParameters).Execute() + roleCreate, _, err := conn.CloudProviderAccessApi.CreateCloudProviderAccessRole(ctx, projectID, requestParameters).Execute() + if err != nil { + return diag.FromErr(fmt.Errorf(errorCloudProviderAccessCreate, err)) + } + var roleID string + if providerName == constant.AZURE { + roleID = roleCreate.GetId() + } else { + roleID = roleCreate.GetRoleId() + } + role, _, err := conn.CloudProviderAccessApi.GetCloudProviderAccessRole(ctx, projectID, roleID).Execute() if err != nil { return diag.FromErr(fmt.Errorf(errorCloudProviderAccessCreate, err)) } diff --git a/internal/service/encryptionatrestprivateendpoint/data_source.go b/internal/service/encryptionatrestprivateendpoint/data_source.go index 3a2a223653..91d0820cf8 100644 --- a/internal/service/encryptionatrestprivateendpoint/data_source.go +++ b/internal/service/encryptionatrestprivateendpoint/data_source.go @@ -46,5 +46,5 @@ func (d *encryptionAtRestPrivateEndpointDS) Read(ctx context.Context, req dataso return } - resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(endpointModel, projectID))...) + resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(*endpointModel, projectID))...) } diff --git a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go index cf4b2c0df6..a928dcc174 100644 --- a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go @@ -8,42 +8,49 @@ import ( func DataSourceSchema(ctx context.Context) schema.Schema { return schema.Schema{ - Attributes: map[string]schema.Attribute{ - "cloud_provider": schema.StringAttribute{ - Required: true, - Description: "Human-readable label that identifies the cloud provider of the private endpoint.", - MarkdownDescription: "Human-readable label that identifies the cloud provider of the private endpoint.", - }, - "error_message": schema.StringAttribute{ - Computed: true, - Description: "Error message for failures associated with the Encryption At Rest private endpoint.", - MarkdownDescription: "Error message for failures associated with the Encryption At Rest private endpoint.", - }, - "project_id": schema.StringAttribute{ - Required: true, - Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - }, - "id": schema.StringAttribute{ - Required: true, - Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", - }, - "private_endpoint_connection_name": schema.StringAttribute{ - Computed: true, - Description: "Connection name of the Azure Private Endpoint.", - MarkdownDescription: "Connection name of the Azure Private Endpoint.", - }, - "region_name": schema.StringAttribute{ - Computed: true, - Description: "Cloud provider region in which the Encryption At Rest private endpoint is located.", - MarkdownDescription: "Cloud provider region in which the Encryption At Rest private endpoint is located.", - }, - "status": schema.StringAttribute{ - Computed: true, - Description: "State of the Encryption At Rest private endpoint.", - MarkdownDescription: "State of the Encryption At Rest private endpoint.", - }, + Attributes: DSAttributes(true), + } +} + +func DSAttributes(withArguments bool) map[string]schema.Attribute { + return map[string]schema.Attribute{ + "cloud_provider": schema.StringAttribute{ + Required: withArguments, + Computed: !withArguments, + Description: "Label that identifies the cloud provider of the private endpoint.", + MarkdownDescription: "Label that identifies the cloud provider of the private endpoint.", + }, + "error_message": schema.StringAttribute{ + Computed: true, + Description: "Error message for failures associated with the Encryption At Rest private endpoint.", + MarkdownDescription: "Error message for failures associated with the Encryption At Rest private endpoint.", + }, + "project_id": schema.StringAttribute{ + Required: withArguments, + Computed: !withArguments, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + }, + "id": schema.StringAttribute{ + Required: withArguments, + Computed: !withArguments, + Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", + }, + "private_endpoint_connection_name": schema.StringAttribute{ + Computed: true, + Description: "Connection name of the Azure Private Endpoint.", + MarkdownDescription: "Connection name of the Azure Private Endpoint.", + }, + "region_name": schema.StringAttribute{ + Computed: true, + Description: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + MarkdownDescription: "Cloud provider region in which the Encryption At Rest private endpoint is located.", + }, + "status": schema.StringAttribute{ + Computed: true, + Description: "State of the Encryption At Rest private endpoint.", + MarkdownDescription: "State of the Encryption At Rest private endpoint.", }, } } diff --git a/internal/service/encryptionatrestprivateendpoint/model.go b/internal/service/encryptionatrestprivateendpoint/model.go index acc8e385c5..2ed3087a68 100644 --- a/internal/service/encryptionatrestprivateendpoint/model.go +++ b/internal/service/encryptionatrestprivateendpoint/model.go @@ -6,11 +6,8 @@ import ( "go.mongodb.org/atlas-sdk/v20240805001/admin" ) -func NewTFEarPrivateEndpoint(apiResp *admin.EARPrivateEndpoint, projectID string) *TFEarPrivateEndpointModel { - if apiResp == nil { - return nil - } - return &TFEarPrivateEndpointModel{ +func NewTFEarPrivateEndpoint(apiResp admin.EARPrivateEndpoint, projectID string) TFEarPrivateEndpointModel { + return TFEarPrivateEndpointModel{ ProjectID: types.StringValue(projectID), CloudProvider: conversion.StringNullIfEmpty(apiResp.GetCloudProvider()), ErrorMessage: conversion.StringNullIfEmpty(apiResp.GetErrorMessage()), @@ -30,3 +27,16 @@ func NewEarPrivateEndpointReq(tfPlan *TFEarPrivateEndpointModel) *admin.EARPriva RegionName: tfPlan.RegionName.ValueStringPointer(), } } + +func NewTFEarPrivateEndpoints(projectID, cloudProvider string, sdkResults []admin.EARPrivateEndpoint) *TFEncryptionAtRestPrivateEndpointsDSModel { + results := make([]TFEarPrivateEndpointModel, len(sdkResults)) + for i := range sdkResults { + result := NewTFEarPrivateEndpoint(sdkResults[i], projectID) + results[i] = result + } + return &TFEncryptionAtRestPrivateEndpointsDSModel{ + ProjectID: types.StringValue(projectID), + CloudProvider: types.StringValue(cloudProvider), + Results: results, + } +} diff --git a/internal/service/encryptionatrestprivateendpoint/model_test.go b/internal/service/encryptionatrestprivateendpoint/model_test.go index 35c0d08f44..ed265f9ae2 100644 --- a/internal/service/encryptionatrestprivateendpoint/model_test.go +++ b/internal/service/encryptionatrestprivateendpoint/model_test.go @@ -23,14 +23,14 @@ const ( ) type sdkToTFModelTestCase struct { - SDKResp *admin.EARPrivateEndpoint - expectedTFModel *encryptionatrestprivateendpoint.TFEarPrivateEndpointModel + SDKResp admin.EARPrivateEndpoint + expectedTFModel encryptionatrestprivateendpoint.TFEarPrivateEndpointModel } func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { testCases := map[string]sdkToTFModelTestCase{ "Complete SDK response": { - SDKResp: &admin.EARPrivateEndpoint{ + SDKResp: admin.EARPrivateEndpoint{ CloudProvider: admin.PtrString(testCloudProvider), ErrorMessage: admin.PtrString(""), Id: admin.PtrString(testID), @@ -38,7 +38,7 @@ func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { Status: admin.PtrString(testStatus), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedTFModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ + expectedTFModel: encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ CloudProvider: types.StringValue(testCloudProvider), ErrorMessage: types.StringNull(), ID: types.StringValue(testID), @@ -49,7 +49,7 @@ func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { }, }, "Complete SDK response with error message": { - SDKResp: &admin.EARPrivateEndpoint{ + SDKResp: admin.EARPrivateEndpoint{ CloudProvider: admin.PtrString(testCloudProvider), ErrorMessage: admin.PtrString(testErrMsg), Id: admin.PtrString(testID), @@ -57,7 +57,7 @@ func TestEncryptionAtRestPrivateEndpointSDKToTFModel(t *testing.T) { Status: admin.PtrString(testStatus), PrivateEndpointConnectionName: admin.PtrString(testPEConnectionName), }, - expectedTFModel: &encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ + expectedTFModel: encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ CloudProvider: types.StringValue(testCloudProvider), ErrorMessage: types.StringValue(testErrMsg), ID: types.StringValue(testID), @@ -136,7 +136,7 @@ func TestEncryptionAtRestPrivateEndpointPluralDSSDKToTFModel(t *testing.T) { expectedTFModel: &encryptionatrestprivateendpoint.TFEncryptionAtRestPrivateEndpointsDSModel{ CloudProvider: types.StringValue(testCloudProvider), ProjectID: types.StringValue(testProjectID), - Results: []encryptionatrestprivateendpoint.TFEarPrivateEndpointDSModel{ + Results: []encryptionatrestprivateendpoint.TFEarPrivateEndpointModel{ { CloudProvider: types.StringValue(testCloudProvider), ErrorMessage: types.StringNull(), @@ -144,6 +144,7 @@ func TestEncryptionAtRestPrivateEndpointPluralDSSDKToTFModel(t *testing.T) { RegionName: types.StringValue(testRegionName), Status: types.StringValue(testStatus), PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + ProjectID: types.StringValue(testProjectID), }, { CloudProvider: types.StringValue(testCloudProvider), @@ -152,6 +153,7 @@ func TestEncryptionAtRestPrivateEndpointPluralDSSDKToTFModel(t *testing.T) { RegionName: types.StringValue(testRegionName), Status: types.StringValue(testStatus), PrivateEndpointConnectionName: types.StringValue(testPEConnectionName), + ProjectID: types.StringValue(testProjectID), }, }, }, diff --git a/internal/service/encryptionatrestprivateendpoint/plural_data_source.go b/internal/service/encryptionatrestprivateendpoint/plural_data_source.go index c7c7f019e1..779d653138 100644 --- a/internal/service/encryptionatrestprivateendpoint/plural_data_source.go +++ b/internal/service/encryptionatrestprivateendpoint/plural_data_source.go @@ -4,10 +4,12 @@ package encryptionatrestprivateendpoint import ( "context" "fmt" + "net/http" "github.com/hashicorp/terraform-plugin-framework/datasource" - + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/dsschema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" + "go.mongodb.org/atlas-sdk/v20240805001/admin" ) var _ datasource.DataSource = &encryptionAtRestPrivateEndpointsDS{} @@ -30,27 +32,30 @@ func (d *encryptionAtRestPrivateEndpointsDS) Schema(ctx context.Context, req dat } func (d *encryptionAtRestPrivateEndpointsDS) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { - var encryptionAtRestPrivateEndpointsConfig TFEncryptionAtRestPrivateEndpointsDSModel - resp.Diagnostics.Append(req.Config.Get(ctx, &encryptionAtRestPrivateEndpointsConfig)...) + var earPrivateEndpointConfig TFEncryptionAtRestPrivateEndpointsDSModel + resp.Diagnostics.Append(req.Config.Get(ctx, &earPrivateEndpointConfig)...) if resp.Diagnostics.HasError() { return } + projectID := earPrivateEndpointConfig.ProjectID.ValueString() + cloudProvider := earPrivateEndpointConfig.CloudProvider.ValueString() + + connV2 := d.Client.AtlasV2 + + params := admin.GetEncryptionAtRestPrivateEndpointsForCloudProviderApiParams{ + GroupId: projectID, + CloudProvider: cloudProvider, + } - // TODO: make get request to obtain list of results - - // connV2 := d.Client.AtlasV2 - // TODO: GetEncryptionAtRestPrivateEndpointsForCloudProvider returns paginated results - // v, resp, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRestPrivateEndpointsForCloudProvider(ctx, "", "").Execute() - // if err != nil { - // resp.Diagnostics.AddError("error fetching results", err.Error()) - // return - //} - - // TODO: process response into new terraform state - // newEncryptionAtRestPrivateEndpointsModel := NewTFEarPrivateEndpoints("","",conversion.IntPtr(99), v.GetResults()) - // if diags.HasError() { - // resp.Diagnostics.Append(diags...) - // return - // } - // resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoints(ctx))...) + privateEndpoints, err := dsschema.AllPages(ctx, func(ctx context.Context, pageNum int) (dsschema.PaginateResponse[admin.EARPrivateEndpoint], *http.Response, error) { + request := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRestPrivateEndpointsForCloudProviderWithParams(ctx, ¶ms) + request = request.PageNum(pageNum) + return request.Execute() + }) + if err != nil { + resp.Diagnostics.AddError("error fetching results", err.Error()) + return + } + newEarPrivateEndpointsModel := NewTFEarPrivateEndpoints(projectID, cloudProvider, privateEndpoints) + resp.Diagnostics.Append(resp.State.Set(ctx, newEarPrivateEndpointsModel)...) } diff --git a/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go index 9f88d4979a..fe3d734981 100644 --- a/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go @@ -3,12 +3,8 @@ package encryptionatrestprivateendpoint import ( "context" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "github.com/hashicorp/terraform-plugin-framework/datasource/schema" "github.com/hashicorp/terraform-plugin-framework/types" - - "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" ) func PluralDataSourceSchema(ctx context.Context) schema.Schema { @@ -26,38 +22,7 @@ func PluralDataSourceSchema(ctx context.Context) schema.Schema { }, "results": schema.ListNestedAttribute{ NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "cloud_provider": schema.StringAttribute{ - Computed: true, - Description: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", - MarkdownDescription: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", - }, - "error_message": schema.StringAttribute{ - Computed: true, - Description: "Error message for failures associated with the Encryption At Rest private endpoint.", - MarkdownDescription: "Error message for failures associated with the Encryption At Rest private endpoint.", - }, - "id": schema.StringAttribute{ - Computed: true, - Description: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies the Private Endpoint Service.", - }, - "private_endpoint_connection_name": schema.StringAttribute{ - Computed: true, - Description: "Connection name of the Azure Private Endpoint.", - MarkdownDescription: "Connection name of the Azure Private Endpoint.", - }, - "region_name": schema.StringAttribute{ - Computed: true, - Description: "Cloud provider region in which the Encryption At Rest private endpoint is located.", - MarkdownDescription: "Cloud provider region in which the Encryption At Rest private endpoint is located.", - }, - "status": schema.StringAttribute{ - Computed: true, - Description: "State of the Encryption At Rest private endpoint.", - MarkdownDescription: "State of the Encryption At Rest private endpoint.", - }, - }, + Attributes: DSAttributes(true), }, Computed: true, Description: "List of returned documents that MongoDB Cloud providers when completing this request.", @@ -68,40 +33,7 @@ func PluralDataSourceSchema(ctx context.Context) schema.Schema { } type TFEncryptionAtRestPrivateEndpointsDSModel struct { - CloudProvider types.String `tfsdk:"cloud_provider"` - ProjectID types.String `tfsdk:"project_id"` - Results []TFEarPrivateEndpointDSModel `tfsdk:"results"` -} - -type TFEarPrivateEndpointDSModel struct { - CloudProvider types.String `tfsdk:"cloud_provider"` - ErrorMessage types.String `tfsdk:"error_message"` - ID types.String `tfsdk:"id"` - PrivateEndpointConnectionName types.String `tfsdk:"private_endpoint_connection_name"` - RegionName types.String `tfsdk:"region_name"` - Status types.String `tfsdk:"status"` -} - -func NewTFEarPrivateEndpoints(projectID, cloudProvider string, results []admin.EARPrivateEndpoint) *TFEncryptionAtRestPrivateEndpointsDSModel { - return &TFEncryptionAtRestPrivateEndpointsDSModel{ - ProjectID: types.StringValue(projectID), - CloudProvider: types.StringValue(cloudProvider), - Results: NewTFEarPrivateEndpointsDS(results), - } -} - -func NewTFEarPrivateEndpointsDS(endpoints []admin.EARPrivateEndpoint) []TFEarPrivateEndpointDSModel { - results := make([]TFEarPrivateEndpointDSModel, len(endpoints)) - - for i, v := range endpoints { - results[i] = TFEarPrivateEndpointDSModel{ - CloudProvider: conversion.StringNullIfEmpty(v.GetCloudProvider()), - ErrorMessage: conversion.StringNullIfEmpty(v.GetErrorMessage()), - ID: conversion.StringNullIfEmpty(v.GetId()), - RegionName: conversion.StringNullIfEmpty(v.GetRegionName()), - Status: conversion.StringNullIfEmpty(v.GetStatus()), - PrivateEndpointConnectionName: conversion.StringNullIfEmpty(v.GetPrivateEndpointConnectionName()), - } - } - return results + CloudProvider types.String `tfsdk:"cloud_provider"` + ProjectID types.String `tfsdk:"project_id"` + Results []TFEarPrivateEndpointModel `tfsdk:"results"` } diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 48a928d7b1..0a23e9b14d 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -62,7 +62,7 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso return } - privateEndpointModel := NewTFEarPrivateEndpoint(finalResp, projectID) + privateEndpointModel := NewTFEarPrivateEndpoint(*finalResp, projectID) resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) if err := getErrorMsgForFailedStatus(finalResp); err != nil { resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) @@ -91,7 +91,7 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour return } - resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(endpointModel, projectID))...) + resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(*endpointModel, projectID))...) if err := getErrorMsgForFailedStatus(endpointModel); err != nil { resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_schema.go b/internal/service/encryptionatrestprivateendpoint/resource_schema.go index 13a2ef96d3..15fd40ed48 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_schema.go @@ -12,8 +12,8 @@ func ResourceSchema(ctx context.Context) schema.Schema { Attributes: map[string]schema.Attribute{ "cloud_provider": schema.StringAttribute{ Required: true, - Description: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", - MarkdownDescription: "Human-readable label that identifies the cloud provider for the Encryption At Rest private endpoint.", + Description: "Label that identifies the cloud provider for the Encryption At Rest private endpoint.", + MarkdownDescription: "Label that identifies the cloud provider for the Encryption At Rest private endpoint.", }, "error_message": schema.StringAttribute{ Computed: true, diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 1c573467e4..32bccd1b66 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -15,9 +15,10 @@ import ( ) const ( - resourceName = "mongodbatlas_encryption_at_rest_private_endpoint.test" - dataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoint.test" - earResourceName = "mongodbatlas_encryption_at_rest.test" + resourceName = "mongodbatlas_encryption_at_rest_private_endpoint.test" + dataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoint.test" + pluralDataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoints.test" + earResourceName = "mongodbatlas_encryption_at_rest.test" ) func TestAccEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { @@ -133,6 +134,11 @@ func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVaul cloud_provider = mongodbatlas_encryption_at_rest_private_endpoint.test.cloud_provider id = mongodbatlas_encryption_at_rest_private_endpoint.test.id } + + data "mongodbatlas_encryption_at_rest_private_endpoints" "test" { + project_id = mongodbatlas_encryption_at_rest_private_endpoint.test.project_id + cloud_provider = mongodbatlas_encryption_at_rest_private_endpoint.test.cloud_provider + } `, encryptionAtRestConfig, region) } @@ -140,7 +146,7 @@ func checkPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault return acc.CheckRSAndDS( resourceName, admin.PtrString(dataSourceName), - nil, + admin.PtrString(pluralDataSourceName), []string{"id", "private_endpoint_connection_name"}, map[string]string{ "project_id": projectID, diff --git a/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml b/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml index 58d292fc60..ea42a59fa7 100644 --- a/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml +++ b/internal/service/encryptionatrestprivateendpoint/tfplugingen/generator_config.yml @@ -3,6 +3,11 @@ provider: resources: encryption_at_rest_private_endpoint: + schema: + attributes: + overrides: + cloud_provider: + description: Label that identifies the cloud provider of the private endpoint. read: path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} method: GET @@ -15,10 +20,15 @@ resources: data_sources: encryption_at_rest_private_endpoint: + schema: + attributes: + overrides: + cloud_provider: + description: Label that identifies the cloud provider of the private endpoint. read: path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} method: GET # encryption_at_rest_private_endpoints: # read: # path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints - # method: GET \ No newline at end of file + # method: GET From 9275394c20216966b6433fb71f50332296d9a8bd Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Mon, 2 Sep 2024 10:07:38 +0100 Subject: [PATCH 11/20] feat: Implements new `mongodbatlas_encryption_at_rest` singular data source & adds `valid` attribute for cloud provider configs in the resource (#2538) --- .changelog/2538.txt | 7 + internal/provider/provider.go | 1 + .../service/encryptionatrest/data_source.go | 47 +++++ .../encryptionatrest/data_source_schema.go | 184 +++++++++++++++++ .../{model_encryption_at_rest.go => model.go} | 107 ++++++---- ...cryption_at_rest_test.go => model_test.go} | 44 ++--- ...urce_encryption_at_rest.go => resource.go} | 58 ++++-- ...ion_test.go => resource_migration_test.go} | 0 ...ption_at_rest_test.go => resource_test.go} | 185 +++++++++++------- .../tfplugingen/generator_config.yml | 6 + internal/testutil/acc/encryption_at_rest.go | 10 +- 11 files changed, 495 insertions(+), 154 deletions(-) create mode 100644 .changelog/2538.txt create mode 100644 internal/service/encryptionatrest/data_source.go create mode 100644 internal/service/encryptionatrest/data_source_schema.go rename internal/service/encryptionatrest/{model_encryption_at_rest.go => model.go} (50%) rename internal/service/encryptionatrest/{model_encryption_at_rest_test.go => model_test.go} (84%) rename internal/service/encryptionatrest/{resource_encryption_at_rest.go => resource.go} (91%) rename internal/service/encryptionatrest/{resource_encryption_at_rest_migration_test.go => resource_migration_test.go} (100%) rename internal/service/encryptionatrest/{resource_encryption_at_rest_test.go => resource_test.go} (78%) diff --git a/.changelog/2538.txt b/.changelog/2538.txt new file mode 100644 index 0000000000..9127a008da --- /dev/null +++ b/.changelog/2538.txt @@ -0,0 +1,7 @@ +```release-note:new-datasource +data-source/mongodbatlas_encryption_at_rest +``` + +```release-note:enhancement +resource/mongodbatlas_encryption_at_rest: Adds `aws_kms_config.0.valid`, `azure_key_vault_config.0.valid` and `google_cloud_kms_config.0.valid` attribute +``` diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 73ed20a0c1..92cf26cfd2 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -434,6 +434,7 @@ func (p *MongodbtlasProvider) DataSources(context.Context) []func() datasource.D streamconnection.DataSource, streamconnection.PluralDataSource, controlplaneipaddresses.DataSource, + encryptionatrest.DataSource, } previewDataSources := []func() datasource.DataSource{ // Data sources not yet in GA encryptionatrestprivateendpoint.DataSource, diff --git a/internal/service/encryptionatrest/data_source.go b/internal/service/encryptionatrest/data_source.go new file mode 100644 index 0000000000..f0acd090cf --- /dev/null +++ b/internal/service/encryptionatrest/data_source.go @@ -0,0 +1,47 @@ +package encryptionatrest + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + + "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" +) + +var _ datasource.DataSource = &encryptionAtRestDS{} +var _ datasource.DataSourceWithConfigure = &encryptionAtRestDS{} + +func DataSource() datasource.DataSource { + return &encryptionAtRestDS{ + DSCommon: config.DSCommon{ + DataSourceName: encryptionAtRestResourceName, + }, + } +} + +type encryptionAtRestDS struct { + config.DSCommon +} + +func (d *encryptionAtRestDS) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = DataSourceSchema(ctx) +} + +func (d *encryptionAtRestDS) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var earConfig TFEncryptionAtRestDSModel + resp.Diagnostics.Append(req.Config.Get(ctx, &earConfig)...) + if resp.Diagnostics.HasError() { + return + } + + connV2 := d.Client.AtlasV2 + projectID := earConfig.ProjectID.ValueString() + + encryptionResp, _, err := connV2.EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), projectID).Execute() + if err != nil { + resp.Diagnostics.AddError("error fetching resource", err.Error()) + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEncryptionAtRestDSModel(projectID, encryptionResp))...) +} diff --git a/internal/service/encryptionatrest/data_source_schema.go b/internal/service/encryptionatrest/data_source_schema.go new file mode 100644 index 0000000000..4d83bebd53 --- /dev/null +++ b/internal/service/encryptionatrest/data_source_schema.go @@ -0,0 +1,184 @@ +package encryptionatrest + +import ( + "context" + + "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +func DataSourceSchema(ctx context.Context) schema.Schema { + return schema.Schema{ + Attributes: map[string]schema.Attribute{ + "aws_kms_config": schema.SingleNestedAttribute{ + Attributes: map[string]schema.Attribute{ + "access_key_id": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).", + MarkdownDescription: "Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).", + }, + "customer_master_key_id": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.", + MarkdownDescription: "Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.", + }, + "enabled": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + }, + "region": schema.StringAttribute{ + Computed: true, + Description: "Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. + MarkdownDescription: "Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. + }, + "role_id": schema.StringAttribute{ + Computed: true, + Description: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", + }, + "secret_access_key": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.", + MarkdownDescription: "Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.", + }, + "valid": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.", + MarkdownDescription: "Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.", + }, + }, + Computed: true, + Description: "Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.", + MarkdownDescription: "Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.", + }, + "azure_key_vault_config": schema.SingleNestedAttribute{ + Attributes: map[string]schema.Attribute{ + "azure_environment": schema.StringAttribute{ + Computed: true, + Description: "Azure environment in which your account credentials reside.", + MarkdownDescription: "Azure environment in which your account credentials reside.", + }, + "client_id": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.", + }, + "enabled": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + }, + "key_identifier": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Web address with a unique key that identifies for your Azure Key Vault.", + MarkdownDescription: "Web address with a unique key that identifies for your Azure Key Vault.", + }, + "key_vault_name": schema.StringAttribute{ + Computed: true, + Description: "Unique string that identifies the Azure Key Vault that contains your key.", + MarkdownDescription: "Unique string that identifies the Azure Key Vault that contains your key.", + }, + "require_private_networking": schema.BoolAttribute{ + Computed: true, + Description: "Enable connection to your Azure Key Vault over private networking.", + MarkdownDescription: "Enable connection to your Azure Key Vault over private networking.", + }, + "resource_group_name": schema.StringAttribute{ + Computed: true, + Description: "Name of the Azure resource group that contains your Azure Key Vault.", + MarkdownDescription: "Name of the Azure resource group that contains your Azure Key Vault.", + }, + "secret": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.", + MarkdownDescription: "Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.", + }, + "subscription_id": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies your Azure subscription.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies your Azure subscription.", + }, + "tenant_id": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.", + }, + "valid": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether the Azure encryption key can encrypt and decrypt data.", + MarkdownDescription: "Flag that indicates whether the Azure encryption key can encrypt and decrypt data.", + }, + }, + Computed: true, + Description: "Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).", + MarkdownDescription: "Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).", + }, + "google_cloud_kms_config": schema.SingleNestedAttribute{ + Attributes: map[string]schema.Attribute{ + "enabled": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + }, + "key_version_resource_id": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "Resource path that displays the key version resource ID for your Google Cloud KMS.", + MarkdownDescription: "Resource path that displays the key version resource ID for your Google Cloud KMS.", + }, + "service_account_key": schema.StringAttribute{ + Computed: true, + Sensitive: true, + Description: "JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.", + MarkdownDescription: "JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.", + }, + "valid": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.", + MarkdownDescription: "Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.", + }, + }, + Computed: true, + Description: "Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).", + MarkdownDescription: "Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).", + }, + "project_id": schema.StringAttribute{ + Required: true, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + }, + "id": schema.StringAttribute{ + Computed: true, + }, + }, + } +} + +type TFEncryptionAtRestDSModel struct { + AzureKeyVaultConfig *TFAzureKeyVaultConfigModel `tfsdk:"azure_key_vault_config"` + AwsKmsConfig *TFAwsKmsConfigModel `tfsdk:"aws_kms_config"` + GoogleCloudKmsConfig *TFGcpKmsConfigModel `tfsdk:"google_cloud_kms_config"` + ID types.String `tfsdk:"id"` + ProjectID types.String `tfsdk:"project_id"` +} + +func NewTFEncryptionAtRestDSModel(projectID string, encryptionResp *admin.EncryptionAtRest) *TFEncryptionAtRestDSModel { + return &TFEncryptionAtRestDSModel{ + ID: types.StringValue(projectID), + ProjectID: types.StringValue(projectID), + AwsKmsConfig: NewTFAwsKmsConfigItem(encryptionResp.AwsKms), + AzureKeyVaultConfig: NewTFAzureKeyVaultConfigItem(encryptionResp.AzureKeyVault), + GoogleCloudKmsConfig: NewTFGcpKmsConfigItem(encryptionResp.GoogleCloudKms), + } +} diff --git a/internal/service/encryptionatrest/model_encryption_at_rest.go b/internal/service/encryptionatrest/model.go similarity index 50% rename from internal/service/encryptionatrest/model_encryption_at_rest.go rename to internal/service/encryptionatrest/model.go index b192009824..d2e268410f 100644 --- a/internal/service/encryptionatrest/model_encryption_at_rest.go +++ b/internal/service/encryptionatrest/model.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" ) -func NewTfEncryptionAtRestRSModel(ctx context.Context, projectID string, encryptionResp *admin.EncryptionAtRest) *TfEncryptionAtRestRSModel { +func NewTFEncryptionAtRestRSModel(ctx context.Context, projectID string, encryptionResp *admin.EncryptionAtRest) *TfEncryptionAtRestRSModel { return &TfEncryptionAtRestRSModel{ ID: types.StringValue(projectID), ProjectID: types.StringValue(projectID), @@ -20,59 +20,86 @@ func NewTfEncryptionAtRestRSModel(ctx context.Context, projectID string, encrypt } } -func NewTFAwsKmsConfig(ctx context.Context, awsKms *admin.AWSKMSConfiguration) []TfAwsKmsConfigModel { +func NewTFAwsKmsConfig(ctx context.Context, awsKms *admin.AWSKMSConfiguration) []TFAwsKmsConfigModel { if awsKms == nil { - return []TfAwsKmsConfigModel{} + return []TFAwsKmsConfigModel{} } - return []TfAwsKmsConfigModel{ - { - Enabled: types.BoolPointerValue(awsKms.Enabled), - CustomerMasterKeyID: types.StringValue(awsKms.GetCustomerMasterKeyID()), - Region: types.StringValue(awsKms.GetRegion()), - AccessKeyID: conversion.StringNullIfEmpty(awsKms.GetAccessKeyID()), - SecretAccessKey: conversion.StringNullIfEmpty(awsKms.GetSecretAccessKey()), - RoleID: conversion.StringNullIfEmpty(awsKms.GetRoleId()), - }, + return []TFAwsKmsConfigModel{ + *NewTFAwsKmsConfigItem(awsKms), } } -func NewTFAzureKeyVaultConfig(ctx context.Context, az *admin.AzureKeyVault) []TfAzureKeyVaultConfigModel { +func NewTFAzureKeyVaultConfig(ctx context.Context, az *admin.AzureKeyVault) []TFAzureKeyVaultConfigModel { if az == nil { - return []TfAzureKeyVaultConfigModel{} - } - - return []TfAzureKeyVaultConfigModel{ - { - Enabled: types.BoolPointerValue(az.Enabled), - ClientID: types.StringValue(az.GetClientID()), - AzureEnvironment: types.StringValue(az.GetAzureEnvironment()), - SubscriptionID: types.StringValue(az.GetSubscriptionID()), - ResourceGroupName: types.StringValue(az.GetResourceGroupName()), - KeyVaultName: types.StringValue(az.GetKeyVaultName()), - KeyIdentifier: types.StringValue(az.GetKeyIdentifier()), - TenantID: types.StringValue(az.GetTenantID()), - Secret: conversion.StringNullIfEmpty(az.GetSecret()), - RequirePrivateNetworking: types.BoolValue(az.GetRequirePrivateNetworking()), - }, + return []TFAzureKeyVaultConfigModel{} + } + + return []TFAzureKeyVaultConfigModel{ + *NewTFAzureKeyVaultConfigItem(az), + } +} + +func NewTFGcpKmsConfig(ctx context.Context, gcpKms *admin.GoogleCloudKMS) []TFGcpKmsConfigModel { + if gcpKms == nil { + return []TFGcpKmsConfigModel{} + } + + return []TFGcpKmsConfigModel{ + *NewTFGcpKmsConfigItem(gcpKms), + } +} + +func NewTFAwsKmsConfigItem(awsKms *admin.AWSKMSConfiguration) *TFAwsKmsConfigModel { + if awsKms == nil { + return nil + } + + return &TFAwsKmsConfigModel{ + Enabled: types.BoolPointerValue(awsKms.Enabled), + CustomerMasterKeyID: types.StringValue(awsKms.GetCustomerMasterKeyID()), + Region: types.StringValue(awsKms.GetRegion()), + AccessKeyID: conversion.StringNullIfEmpty(awsKms.GetAccessKeyID()), + SecretAccessKey: conversion.StringNullIfEmpty(awsKms.GetSecretAccessKey()), + RoleID: conversion.StringNullIfEmpty(awsKms.GetRoleId()), + Valid: types.BoolPointerValue(awsKms.Valid), + } +} + +func NewTFAzureKeyVaultConfigItem(az *admin.AzureKeyVault) *TFAzureKeyVaultConfigModel { + if az == nil { + return nil + } + + return &TFAzureKeyVaultConfigModel{ + Enabled: types.BoolPointerValue(az.Enabled), + ClientID: types.StringValue(az.GetClientID()), + AzureEnvironment: types.StringValue(az.GetAzureEnvironment()), + SubscriptionID: types.StringValue(az.GetSubscriptionID()), + ResourceGroupName: types.StringValue(az.GetResourceGroupName()), + KeyVaultName: types.StringValue(az.GetKeyVaultName()), + KeyIdentifier: types.StringValue(az.GetKeyIdentifier()), + TenantID: types.StringValue(az.GetTenantID()), + Secret: conversion.StringNullIfEmpty(az.GetSecret()), + RequirePrivateNetworking: types.BoolValue(az.GetRequirePrivateNetworking()), + Valid: types.BoolPointerValue(az.Valid), } } -func NewTFGcpKmsConfig(ctx context.Context, gcpKms *admin.GoogleCloudKMS) []TfGcpKmsConfigModel { +func NewTFGcpKmsConfigItem(gcpKms *admin.GoogleCloudKMS) *TFGcpKmsConfigModel { if gcpKms == nil { - return []TfGcpKmsConfigModel{} + return nil } - return []TfGcpKmsConfigModel{ - { - Enabled: types.BoolPointerValue(gcpKms.Enabled), - KeyVersionResourceID: types.StringValue(gcpKms.GetKeyVersionResourceID()), - ServiceAccountKey: conversion.StringNullIfEmpty(gcpKms.GetServiceAccountKey()), - }, + return &TFGcpKmsConfigModel{ + Enabled: types.BoolPointerValue(gcpKms.Enabled), + KeyVersionResourceID: types.StringValue(gcpKms.GetKeyVersionResourceID()), + ServiceAccountKey: conversion.StringNullIfEmpty(gcpKms.GetServiceAccountKey()), + Valid: types.BoolPointerValue(gcpKms.Valid), } } -func NewAtlasAwsKms(tfAwsKmsConfigSlice []TfAwsKmsConfigModel) *admin.AWSKMSConfiguration { +func NewAtlasAwsKms(tfAwsKmsConfigSlice []TFAwsKmsConfigModel) *admin.AWSKMSConfiguration { if len(tfAwsKmsConfigSlice) == 0 { return &admin.AWSKMSConfiguration{} } @@ -90,7 +117,7 @@ func NewAtlasAwsKms(tfAwsKmsConfigSlice []TfAwsKmsConfigModel) *admin.AWSKMSConf } } -func NewAtlasGcpKms(tfGcpKmsConfigSlice []TfGcpKmsConfigModel) *admin.GoogleCloudKMS { +func NewAtlasGcpKms(tfGcpKmsConfigSlice []TFGcpKmsConfigModel) *admin.GoogleCloudKMS { if len(tfGcpKmsConfigSlice) == 0 { return &admin.GoogleCloudKMS{} } @@ -103,7 +130,7 @@ func NewAtlasGcpKms(tfGcpKmsConfigSlice []TfGcpKmsConfigModel) *admin.GoogleClou } } -func NewAtlasAzureKeyVault(tfAzKeyVaultConfigSlice []TfAzureKeyVaultConfigModel) *admin.AzureKeyVault { +func NewAtlasAzureKeyVault(tfAzKeyVaultConfigSlice []TFAzureKeyVaultConfigModel) *admin.AzureKeyVault { if len(tfAzKeyVaultConfigSlice) == 0 { return &admin.AzureKeyVault{} } diff --git a/internal/service/encryptionatrest/model_encryption_at_rest_test.go b/internal/service/encryptionatrest/model_test.go similarity index 84% rename from internal/service/encryptionatrest/model_encryption_at_rest_test.go rename to internal/service/encryptionatrest/model_test.go index 9569ff635b..eb3fdf6d2e 100644 --- a/internal/service/encryptionatrest/model_encryption_at_rest_test.go +++ b/internal/service/encryptionatrest/model_test.go @@ -39,7 +39,7 @@ var ( SecretAccessKey: &secretAccessKey, RoleId: &roleID, } - TfAwsKmsConfigModel = encryptionatrest.TfAwsKmsConfigModel{ + TfAwsKmsConfigModel = encryptionatrest.TFAwsKmsConfigModel{ Enabled: types.BoolValue(enabled), CustomerMasterKeyID: types.StringValue(customerMasterKeyID), Region: types.StringValue(region), @@ -59,7 +59,7 @@ var ( Secret: &secret, RequirePrivateNetworking: &requirePrivateNetworking, } - TfAzureKeyVaultConfigModel = encryptionatrest.TfAzureKeyVaultConfigModel{ + TfAzureKeyVaultConfigModel = encryptionatrest.TFAzureKeyVaultConfigModel{ Enabled: types.BoolValue(enabled), ClientID: types.StringValue(clientID), AzureEnvironment: types.StringValue(azureEnvironment), @@ -76,7 +76,7 @@ var ( KeyVersionResourceID: &keyVersionResourceID, ServiceAccountKey: &serviceAccountKey, } - TfGcpKmsConfigModel = encryptionatrest.TfGcpKmsConfigModel{ + TfGcpKmsConfigModel = encryptionatrest.TFGcpKmsConfigModel{ Enabled: types.BoolValue(enabled), KeyVersionResourceID: types.StringValue(keyVersionResourceID), ServiceAccountKey: types.StringValue(serviceAccountKey), @@ -100,16 +100,16 @@ func TestNewTfEncryptionAtRestRSModel(t *testing.T) { expectedResult: &encryptionatrest.TfEncryptionAtRestRSModel{ ID: types.StringValue(projectID), ProjectID: types.StringValue(projectID), - AwsKmsConfig: []encryptionatrest.TfAwsKmsConfigModel{TfAwsKmsConfigModel}, - AzureKeyVaultConfig: []encryptionatrest.TfAzureKeyVaultConfigModel{TfAzureKeyVaultConfigModel}, - GoogleCloudKmsConfig: []encryptionatrest.TfGcpKmsConfigModel{TfGcpKmsConfigModel}, + AwsKmsConfig: []encryptionatrest.TFAwsKmsConfigModel{TfAwsKmsConfigModel}, + AzureKeyVaultConfig: []encryptionatrest.TFAzureKeyVaultConfigModel{TfAzureKeyVaultConfigModel}, + GoogleCloudKmsConfig: []encryptionatrest.TFGcpKmsConfigModel{TfGcpKmsConfigModel}, }, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - resultModel := encryptionatrest.NewTfEncryptionAtRestRSModel(context.Background(), projectID, tc.sdkModel) + resultModel := encryptionatrest.NewTFEncryptionAtRestRSModel(context.Background(), projectID, tc.sdkModel) assert.Equal(t, tc.expectedResult, resultModel) }) } @@ -119,19 +119,19 @@ func TestNewTFAwsKmsConfig(t *testing.T) { testCases := []struct { name string sdkModel *admin.AWSKMSConfiguration - expectedResult []encryptionatrest.TfAwsKmsConfigModel + expectedResult []encryptionatrest.TFAwsKmsConfigModel }{ { name: "Success NewTFAwsKmsConfig", sdkModel: AWSKMSConfiguration, - expectedResult: []encryptionatrest.TfAwsKmsConfigModel{ + expectedResult: []encryptionatrest.TFAwsKmsConfigModel{ TfAwsKmsConfigModel, }, }, { name: "Empty sdkModel", sdkModel: nil, - expectedResult: []encryptionatrest.TfAwsKmsConfigModel{}, + expectedResult: []encryptionatrest.TFAwsKmsConfigModel{}, }, } @@ -147,19 +147,19 @@ func TestNewTFAzureKeyVaultConfig(t *testing.T) { testCases := []struct { name string sdkModel *admin.AzureKeyVault - expectedResult []encryptionatrest.TfAzureKeyVaultConfigModel + expectedResult []encryptionatrest.TFAzureKeyVaultConfigModel }{ { name: "Success NewTFAwsKmsConfig", sdkModel: AzureKeyVault, - expectedResult: []encryptionatrest.TfAzureKeyVaultConfigModel{ + expectedResult: []encryptionatrest.TFAzureKeyVaultConfigModel{ TfAzureKeyVaultConfigModel, }, }, { name: "Empty sdkModel", sdkModel: nil, - expectedResult: []encryptionatrest.TfAzureKeyVaultConfigModel{}, + expectedResult: []encryptionatrest.TFAzureKeyVaultConfigModel{}, }, } @@ -175,19 +175,19 @@ func TestNewTFGcpKmsConfig(t *testing.T) { testCases := []struct { name string sdkModel *admin.GoogleCloudKMS - expectedResult []encryptionatrest.TfGcpKmsConfigModel + expectedResult []encryptionatrest.TFGcpKmsConfigModel }{ { name: "Success NewTFGcpKmsConfig", sdkModel: GoogleCloudKMS, - expectedResult: []encryptionatrest.TfGcpKmsConfigModel{ + expectedResult: []encryptionatrest.TFGcpKmsConfigModel{ TfGcpKmsConfigModel, }, }, { name: "Empty sdkModel", sdkModel: nil, - expectedResult: []encryptionatrest.TfGcpKmsConfigModel{}, + expectedResult: []encryptionatrest.TFGcpKmsConfigModel{}, }, } @@ -203,11 +203,11 @@ func TestNewAtlasAwsKms(t *testing.T) { testCases := []struct { name string expectedResult *admin.AWSKMSConfiguration - tfModel []encryptionatrest.TfAwsKmsConfigModel + tfModel []encryptionatrest.TFAwsKmsConfigModel }{ { name: "Success NewAtlasAwsKms", - tfModel: []encryptionatrest.TfAwsKmsConfigModel{TfAwsKmsConfigModel}, + tfModel: []encryptionatrest.TFAwsKmsConfigModel{TfAwsKmsConfigModel}, expectedResult: AWSKMSConfiguration, }, { @@ -229,11 +229,11 @@ func TestNewAtlasGcpKms(t *testing.T) { testCases := []struct { name string expectedResult *admin.GoogleCloudKMS - tfModel []encryptionatrest.TfGcpKmsConfigModel + tfModel []encryptionatrest.TFGcpKmsConfigModel }{ { name: "Success NewAtlasAwsKms", - tfModel: []encryptionatrest.TfGcpKmsConfigModel{TfGcpKmsConfigModel}, + tfModel: []encryptionatrest.TFGcpKmsConfigModel{TfGcpKmsConfigModel}, expectedResult: GoogleCloudKMS, }, { @@ -255,11 +255,11 @@ func TestNewAtlasAzureKeyVault(t *testing.T) { testCases := []struct { name string expectedResult *admin.AzureKeyVault - tfModel []encryptionatrest.TfAzureKeyVaultConfigModel + tfModel []encryptionatrest.TFAzureKeyVaultConfigModel }{ { name: "Success NewAtlasAwsKms", - tfModel: []encryptionatrest.TfAzureKeyVaultConfigModel{TfAzureKeyVaultConfigModel}, + tfModel: []encryptionatrest.TFAzureKeyVaultConfigModel{TfAzureKeyVaultConfigModel}, expectedResult: AzureKeyVault, }, { diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest.go b/internal/service/encryptionatrest/resource.go similarity index 91% rename from internal/service/encryptionatrest/resource_encryption_at_rest.go rename to internal/service/encryptionatrest/resource.go index 08ff5582ea..d8840fe92b 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest.go +++ b/internal/service/encryptionatrest/resource.go @@ -55,20 +55,21 @@ type encryptionAtRestRS struct { type TfEncryptionAtRestRSModel struct { ID types.String `tfsdk:"id"` ProjectID types.String `tfsdk:"project_id"` - AwsKmsConfig []TfAwsKmsConfigModel `tfsdk:"aws_kms_config"` - AzureKeyVaultConfig []TfAzureKeyVaultConfigModel `tfsdk:"azure_key_vault_config"` - GoogleCloudKmsConfig []TfGcpKmsConfigModel `tfsdk:"google_cloud_kms_config"` + AwsKmsConfig []TFAwsKmsConfigModel `tfsdk:"aws_kms_config"` + AzureKeyVaultConfig []TFAzureKeyVaultConfigModel `tfsdk:"azure_key_vault_config"` + GoogleCloudKmsConfig []TFGcpKmsConfigModel `tfsdk:"google_cloud_kms_config"` } -type TfAwsKmsConfigModel struct { +type TFAwsKmsConfigModel struct { AccessKeyID types.String `tfsdk:"access_key_id"` SecretAccessKey types.String `tfsdk:"secret_access_key"` CustomerMasterKeyID types.String `tfsdk:"customer_master_key_id"` Region types.String `tfsdk:"region"` RoleID types.String `tfsdk:"role_id"` Enabled types.Bool `tfsdk:"enabled"` + Valid types.Bool `tfsdk:"valid"` } -type TfAzureKeyVaultConfigModel struct { +type TFAzureKeyVaultConfigModel struct { ClientID types.String `tfsdk:"client_id"` AzureEnvironment types.String `tfsdk:"azure_environment"` SubscriptionID types.String `tfsdk:"subscription_id"` @@ -79,11 +80,13 @@ type TfAzureKeyVaultConfigModel struct { TenantID types.String `tfsdk:"tenant_id"` Enabled types.Bool `tfsdk:"enabled"` RequirePrivateNetworking types.Bool `tfsdk:"require_private_networking"` + Valid types.Bool `tfsdk:"valid"` } -type TfGcpKmsConfigModel struct { +type TFGcpKmsConfigModel struct { ServiceAccountKey types.String `tfsdk:"service_account_key"` KeyVersionResourceID types.String `tfsdk:"key_version_resource_id"` Enabled types.Bool `tfsdk:"enabled"` + Valid types.Bool `tfsdk:"valid"` } func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { @@ -140,14 +143,19 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ }, "region": schema.StringAttribute{ Optional: true, - Description: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. - MarkdownDescription: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. + Description: "Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. + MarkdownDescription: "Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. }, "role_id": schema.StringAttribute{ Optional: true, Description: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", MarkdownDescription: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", }, + "valid": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.", + MarkdownDescription: "Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.", + }, }, Validators: []validator.Object{validate.AwsKmsConfig()}, }, @@ -221,6 +229,11 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ Description: "Enable connection to your Azure Key Vault over private networking.", MarkdownDescription: "Enable connection to your Azure Key Vault over private networking.", }, + "valid": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether the Azure encryption key can encrypt and decrypt data.", + MarkdownDescription: "Flag that indicates whether the Azure encryption key can encrypt and decrypt data.", + }, }, }, }, @@ -251,6 +264,11 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ Description: "Resource path that displays the key version resource ID for your Google Cloud KMS.", MarkdownDescription: "Resource path that displays the key version resource ID for your Google Cloud KMS.", }, + "valid": schema.BoolAttribute{ + Computed: true, + Description: "Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.", + MarkdownDescription: "Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.", + }, }, }, }, @@ -297,7 +315,7 @@ func (r *encryptionAtRestRS) Create(ctx context.Context, req resource.CreateRequ return } - encryptionAtRestPlanNew := NewTfEncryptionAtRestRSModel(ctx, projectID, encryptionResp.(*admin.EncryptionAtRest)) + encryptionAtRestPlanNew := NewTFEncryptionAtRestRSModel(ctx, projectID, encryptionResp.(*admin.EncryptionAtRest)) resetDefaultsFromConfigOrState(ctx, encryptionAtRestPlan, encryptionAtRestPlanNew, encryptionAtRestConfig) // set state to fully populated data @@ -355,7 +373,7 @@ func (r *encryptionAtRestRS) Read(ctx context.Context, req resource.ReadRequest, return } - encryptionAtRestStateNew := NewTfEncryptionAtRestRSModel(ctx, projectID, encryptionResp) + encryptionAtRestStateNew := NewTFEncryptionAtRestRSModel(ctx, projectID, encryptionResp) if isImport { setEmptyArrayForEmptyBlocksReturnedFromImport(encryptionAtRestStateNew) } else { @@ -417,7 +435,7 @@ func (r *encryptionAtRestRS) Update(ctx context.Context, req resource.UpdateRequ return } - encryptionAtRestStateNew := NewTfEncryptionAtRestRSModel(ctx, projectID, encryptionResp) + encryptionAtRestStateNew := NewTFEncryptionAtRestRSModel(ctx, projectID, encryptionResp) resetDefaultsFromConfigOrState(ctx, encryptionAtRestState, encryptionAtRestStateNew, encryptionAtRestConfig) // save updated data into Terraform state @@ -460,15 +478,15 @@ func (r *encryptionAtRestRS) ImportState(ctx context.Context, req resource.Impor resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) } -func hasGcpKmsConfigChanged(gcpKmsConfigsPlan, gcpKmsConfigsState []TfGcpKmsConfigModel) bool { +func hasGcpKmsConfigChanged(gcpKmsConfigsPlan, gcpKmsConfigsState []TFGcpKmsConfigModel) bool { return !reflect.DeepEqual(gcpKmsConfigsPlan, gcpKmsConfigsState) } -func hasAzureKeyVaultConfigChanged(azureKeyVaultConfigPlan, azureKeyVaultConfigState []TfAzureKeyVaultConfigModel) bool { +func hasAzureKeyVaultConfigChanged(azureKeyVaultConfigPlan, azureKeyVaultConfigState []TFAzureKeyVaultConfigModel) bool { return !reflect.DeepEqual(azureKeyVaultConfigPlan, azureKeyVaultConfigState) } -func hasAwsKmsConfigChanged(awsKmsConfigPlan, awsKmsConfigState []TfAwsKmsConfigModel) bool { +func hasAwsKmsConfigChanged(awsKmsConfigPlan, awsKmsConfigState []TFAwsKmsConfigModel) bool { return !reflect.DeepEqual(awsKmsConfigPlan, awsKmsConfigState) } @@ -488,7 +506,7 @@ func resetDefaultsFromConfigOrState(ctx context.Context, encryptionAtRestRSCurre func HandleGcpKmsConfig(ctx context.Context, earRSCurrent, earRSNew, earRSConfig *TfEncryptionAtRestRSModel) { // this is required to avoid unnecessary change detection during plan after migration to Plugin Framework if user didn't set this block if earRSCurrent.GoogleCloudKmsConfig == nil { - earRSNew.GoogleCloudKmsConfig = []TfGcpKmsConfigModel{} + earRSNew.GoogleCloudKmsConfig = []TFGcpKmsConfigModel{} return } @@ -504,7 +522,7 @@ func HandleGcpKmsConfig(ctx context.Context, earRSCurrent, earRSNew, earRSConfig func HandleAwsKmsConfigDefaults(ctx context.Context, currentStateFile, newStateFile, earRSConfig *TfEncryptionAtRestRSModel) { // this is required to avoid unnecessary change detection during plan after migration to Plugin Framework if user didn't set this block if currentStateFile.AwsKmsConfig == nil { - newStateFile.AwsKmsConfig = []TfAwsKmsConfigModel{} + newStateFile.AwsKmsConfig = []TFAwsKmsConfigModel{} return } @@ -525,7 +543,7 @@ func HandleAwsKmsConfigDefaults(ctx context.Context, currentStateFile, newStateF func HandleAzureKeyVaultConfigDefaults(ctx context.Context, earRSCurrent, earRSNew, earRSConfig *TfEncryptionAtRestRSModel) { // this is required to avoid unnecessary change detection during plan after migration to Plugin Framework if user didn't set this block if earRSCurrent.AzureKeyVaultConfig == nil { - earRSNew.AzureKeyVaultConfig = []TfAzureKeyVaultConfigModel{} + earRSNew.AzureKeyVaultConfig = []TFAzureKeyVaultConfigModel{} return } @@ -546,14 +564,14 @@ func HandleAzureKeyVaultConfigDefaults(ctx context.Context, earRSCurrent, earRSN // - the API returns the block TfAzureKeyVaultConfigModel{enable=false} if the user does not provider AZURE KMS func setEmptyArrayForEmptyBlocksReturnedFromImport(newStateFromImport *TfEncryptionAtRestRSModel) { if len(newStateFromImport.AwsKmsConfig) == 1 && !newStateFromImport.AwsKmsConfig[0].Enabled.ValueBool() { - newStateFromImport.AwsKmsConfig = []TfAwsKmsConfigModel{} + newStateFromImport.AwsKmsConfig = []TFAwsKmsConfigModel{} } if len(newStateFromImport.GoogleCloudKmsConfig) == 1 && !newStateFromImport.GoogleCloudKmsConfig[0].Enabled.ValueBool() { - newStateFromImport.GoogleCloudKmsConfig = []TfGcpKmsConfigModel{} + newStateFromImport.GoogleCloudKmsConfig = []TFGcpKmsConfigModel{} } if len(newStateFromImport.AzureKeyVaultConfig) == 1 && !newStateFromImport.AzureKeyVaultConfig[0].Enabled.ValueBool() { - newStateFromImport.AzureKeyVaultConfig = []TfAzureKeyVaultConfigModel{} + newStateFromImport.AzureKeyVaultConfig = []TFAzureKeyVaultConfigModel{} } } diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go similarity index 100% rename from internal/service/encryptionatrest/resource_encryption_at_rest_migration_test.go rename to internal/service/encryptionatrest/resource_migration_test.go diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest_test.go b/internal/service/encryptionatrest/resource_test.go similarity index 78% rename from internal/service/encryptionatrest/resource_encryption_at_rest_test.go rename to internal/service/encryptionatrest/resource_test.go index 65ba3844e4..6483155ab3 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -24,7 +24,8 @@ import ( ) const ( - resourceName = "mongodbatlas_encryption_at_rest.test" + resourceName = "mongodbatlas_encryption_at_rest.test" + datasourceName = "data.mongodbatlas_encryption_at_rest.test" ) func TestAccEncryptionAtRest_basicAWS(t *testing.T) { @@ -39,6 +40,13 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), RoleId: conversion.StringPtr(os.Getenv("AWS_ROLE_ID")), } + awsKmsAttrMap = map[string]string{ + "enabled": "true", + "region": awsKms.GetRegion(), + "role_id": awsKms.GetRoleId(), + "customer_master_key_id": awsKms.GetCustomerMasterKeyID(), + "valid": "true", + } awsKmsUpdated = admin.AWSKMSConfiguration{ Enabled: conversion.Pointer(true), @@ -46,6 +54,13 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), RoleId: conversion.StringPtr(os.Getenv("AWS_ROLE_ID")), } + awsKmsUpdatedAttrMap = map[string]string{ + "enabled": "true", + "region": awsKmsUpdated.GetRegion(), + "role_id": awsKmsUpdated.GetRoleId(), + "customer_master_key_id": awsKmsUpdated.GetCustomerMasterKeyID(), + "valid": "true", + } ) resource.Test(t, resource.TestCase{ @@ -58,12 +73,13 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.role_id", awsKms.GetRoleId()), + testCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + testCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), ), }, { @@ -71,12 +87,13 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKmsUpdated.GetRegion()), - resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.role_id", awsKmsUpdated.GetRoleId()), + testCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + testCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), ), }, { @@ -89,6 +106,20 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { }) } +func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { + return map[string]string{ + "enabled": strconv.FormatBool(az.GetEnabled()), + "azure_environment": az.GetAzureEnvironment(), + "resource_group_name": az.GetResourceGroupName(), + "key_vault_name": az.GetKeyVaultName(), + "client_id": az.GetClientID(), + "key_identifier": az.GetKeyIdentifier(), + "subscription_id": az.GetSubscriptionID(), + "tenant_id": az.GetTenantID(), + "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), + } +} + func TestAccEncryptionAtRest_basicAzure(t *testing.T) { acc.SkipTestForCI(t) // needs Azure configuration @@ -96,28 +127,34 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") azureKeyVault = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), - TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), + Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + RequirePrivateNetworking: conversion.Pointer(false), } + azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) + azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET_UPDATED")), - TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), + Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET_UPDATED")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + RequirePrivateNetworking: conversion.Pointer(false), } + + azureKeyVaultUpdatedAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVaultUpdated) ) resource.Test(t, resource.TestCase{ @@ -130,11 +167,9 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVault.GetAzureEnvironment()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVault.GetResourceGroupName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVault.GetKeyVaultName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.require_private_networking", "false"), + testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), ), }, { @@ -142,11 +177,9 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVaultUpdated.GetAzureEnvironment()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVaultUpdated.GetResourceGroupName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVaultUpdated.GetKeyVaultName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.require_private_networking", "false"), + testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), ), }, { @@ -161,6 +194,12 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { }) } +func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { + checks := acc.AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) + + return resource.ComposeAggregateTestCheckFunc(checks...) +} + func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { acc.SkipTestForCI(t) // needs Azure configuration @@ -180,6 +219,8 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T RequirePrivateNetworking: conversion.Pointer(true), } + azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) + azureKeyVaultUpdated = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), @@ -192,6 +233,8 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), } + + azureKeyVaultUpdatedAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVaultUpdated) ) resource.Test(t, resource.TestCase{ @@ -204,23 +247,21 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVault.GetAzureEnvironment()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVault.GetResourceGroupName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVault.GetKeyVaultName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.require_private_networking", strconv.FormatBool((azureKeyVault.GetRequirePrivateNetworking()))), + testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), ), }, { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVaultUpdated.GetAzureEnvironment()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVaultUpdated.GetResourceGroupName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVaultUpdated.GetKeyVaultName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.require_private_networking", strconv.FormatBool((azureKeyVaultUpdated.GetRequirePrivateNetworking()))), + testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + testCheckResourceAttr(datasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), ), }, { @@ -322,23 +363,23 @@ func TestAccEncryptionAtRestWithRole_basicAWS(t *testing.T) { var ( ServiceAccountKey = types.StringValue("service") - googleCloudConfigWithServiceAccountKey = []encryptionatrest.TfGcpKmsConfigModel{ + googleCloudConfigWithServiceAccountKey = []encryptionatrest.TFGcpKmsConfigModel{ { ServiceAccountKey: ServiceAccountKey, }, } - awsConfigWithRegion = []encryptionatrest.TfAwsKmsConfigModel{ + awsConfigWithRegion = []encryptionatrest.TFAwsKmsConfigModel{ { Region: types.StringValue(region), }, } - awsConfigWithRegionAndSecretAccessKey = []encryptionatrest.TfAwsKmsConfigModel{ + awsConfigWithRegionAndSecretAccessKey = []encryptionatrest.TFAwsKmsConfigModel{ { Region: types.StringValue(region), SecretAccessKey: ServiceAccountKey, }, } - azureConfigWithSecret = []encryptionatrest.TfAzureKeyVaultConfigModel{ + azureConfigWithSecret = []encryptionatrest.TFAzureKeyVaultConfigModel{ { Secret: types.StringValue(secret), }, @@ -361,22 +402,22 @@ func TestHandleGcpKmsConfig(t *testing.T) { GoogleCloudKmsConfig: nil, }, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - GoogleCloudKmsConfig: []encryptionatrest.TfGcpKmsConfigModel{}, + GoogleCloudKmsConfig: []encryptionatrest.TFGcpKmsConfigModel{}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ - GoogleCloudKmsConfig: []encryptionatrest.TfGcpKmsConfigModel{}, + GoogleCloudKmsConfig: []encryptionatrest.TFGcpKmsConfigModel{}, }, }, { name: "Current GoogleCloudKmsConfig not nil, GoogleCloudKmsConfig config is available", earRSCurrent: &encryptionatrest.TfEncryptionAtRestRSModel{ - GoogleCloudKmsConfig: []encryptionatrest.TfGcpKmsConfigModel{}, + GoogleCloudKmsConfig: []encryptionatrest.TFGcpKmsConfigModel{}, }, earRSConfig: &encryptionatrest.TfEncryptionAtRestRSModel{ GoogleCloudKmsConfig: googleCloudConfigWithServiceAccountKey, }, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - GoogleCloudKmsConfig: []encryptionatrest.TfGcpKmsConfigModel{{}}, + GoogleCloudKmsConfig: []encryptionatrest.TFGcpKmsConfigModel{{}}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ GoogleCloudKmsConfig: googleCloudConfigWithServiceAccountKey, @@ -389,7 +430,7 @@ func TestHandleGcpKmsConfig(t *testing.T) { }, earRSConfig: &encryptionatrest.TfEncryptionAtRestRSModel{}, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - GoogleCloudKmsConfig: []encryptionatrest.TfGcpKmsConfigModel{{}}, + GoogleCloudKmsConfig: []encryptionatrest.TFGcpKmsConfigModel{{}}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ GoogleCloudKmsConfig: googleCloudConfigWithServiceAccountKey, @@ -413,22 +454,22 @@ func TestHandleAwsKmsConfigDefaults(t *testing.T) { AwsKmsConfig: nil, }, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - AwsKmsConfig: []encryptionatrest.TfAwsKmsConfigModel{}, + AwsKmsConfig: []encryptionatrest.TFAwsKmsConfigModel{}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ - AwsKmsConfig: []encryptionatrest.TfAwsKmsConfigModel{}, + AwsKmsConfig: []encryptionatrest.TFAwsKmsConfigModel{}, }, }, { name: "Current AwsKmsConfig not nil, AwsKmsConfig config is available", earRSCurrent: &encryptionatrest.TfEncryptionAtRestRSModel{ - AwsKmsConfig: []encryptionatrest.TfAwsKmsConfigModel{}, + AwsKmsConfig: []encryptionatrest.TFAwsKmsConfigModel{}, }, earRSConfig: &encryptionatrest.TfEncryptionAtRestRSModel{ AwsKmsConfig: awsConfigWithRegion, }, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - AwsKmsConfig: []encryptionatrest.TfAwsKmsConfigModel{{}}, + AwsKmsConfig: []encryptionatrest.TFAwsKmsConfigModel{{}}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ AwsKmsConfig: awsConfigWithRegion, @@ -441,7 +482,7 @@ func TestHandleAwsKmsConfigDefaults(t *testing.T) { }, earRSConfig: &encryptionatrest.TfEncryptionAtRestRSModel{}, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - AwsKmsConfig: []encryptionatrest.TfAwsKmsConfigModel{{}}, + AwsKmsConfig: []encryptionatrest.TFAwsKmsConfigModel{{}}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ AwsKmsConfig: awsConfigWithRegionAndSecretAccessKey, @@ -465,22 +506,22 @@ func TestHandleAzureKeyVaultConfigDefaults(t *testing.T) { AzureKeyVaultConfig: nil, }, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - AzureKeyVaultConfig: []encryptionatrest.TfAzureKeyVaultConfigModel{}, + AzureKeyVaultConfig: []encryptionatrest.TFAzureKeyVaultConfigModel{}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ - AzureKeyVaultConfig: []encryptionatrest.TfAzureKeyVaultConfigModel{}, + AzureKeyVaultConfig: []encryptionatrest.TFAzureKeyVaultConfigModel{}, }, }, { name: "Current AzureKeyVaultConfig not nil, AzureKeyVaultConfig config is available", earRSCurrent: &encryptionatrest.TfEncryptionAtRestRSModel{ - AzureKeyVaultConfig: []encryptionatrest.TfAzureKeyVaultConfigModel{}, + AzureKeyVaultConfig: []encryptionatrest.TFAzureKeyVaultConfigModel{}, }, earRSConfig: &encryptionatrest.TfEncryptionAtRestRSModel{ AzureKeyVaultConfig: azureConfigWithSecret, }, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - AzureKeyVaultConfig: []encryptionatrest.TfAzureKeyVaultConfigModel{{}}, + AzureKeyVaultConfig: []encryptionatrest.TFAzureKeyVaultConfigModel{{}}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ AzureKeyVaultConfig: azureConfigWithSecret, @@ -493,7 +534,7 @@ func TestHandleAzureKeyVaultConfigDefaults(t *testing.T) { }, earRSConfig: &encryptionatrest.TfEncryptionAtRestRSModel{}, earRSNew: &encryptionatrest.TfEncryptionAtRestRSModel{ - AzureKeyVaultConfig: []encryptionatrest.TfAzureKeyVaultConfigModel{{}}, + AzureKeyVaultConfig: []encryptionatrest.TFAzureKeyVaultConfigModel{{}}, }, expectedEarResult: &encryptionatrest.TfEncryptionAtRestRSModel{ AzureKeyVaultConfig: azureConfigWithSecret, @@ -591,16 +632,18 @@ func testAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration) string { return fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { - project_id = "%s" + project_id = %[1]q aws_kms_config { - enabled = %t - customer_master_key_id = "%s" - region = "%s" - role_id = "%s" + enabled = %[2]t + customer_master_key_id = %[3]q + region = %[4]q + role_id = %[5]q } } - `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId()) + + %[6]s + `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId(), acc.TestAccDatasourceConfig()) } func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS) string { diff --git a/internal/service/encryptionatrest/tfplugingen/generator_config.yml b/internal/service/encryptionatrest/tfplugingen/generator_config.yml index 08b2657a14..a06b763f03 100644 --- a/internal/service/encryptionatrest/tfplugingen/generator_config.yml +++ b/internal/service/encryptionatrest/tfplugingen/generator_config.yml @@ -6,6 +6,12 @@ resources: create: path: /api/atlas/v2/groups/{groupId}/encryptionAtRest method: PATCH + read: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest + method: GET + +data_sources: + encryption_at_rest: read: path: /api/atlas/v2/groups/{groupId}/encryptionAtRest method: GET \ No newline at end of file diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index f1a2a1308a..579ba98418 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -29,6 +29,14 @@ func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useReq %s } } + + %s `, projectID, *azure.Enabled, azure.GetClientID(), azure.GetAzureEnvironment(), azure.GetSubscriptionID(), azure.GetResourceGroupName(), - azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr) + azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr, TestAccDatasourceConfig()) +} + +func TestAccDatasourceConfig() string { + return `data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id + }` } From 8d3324afd81baaabed20366ff7cdb9b5bb2a7260 Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Tue, 3 Sep 2024 09:20:40 +0100 Subject: [PATCH 12/20] fix: Adds error message handling to `mongodbatlas_encryption_at_rest_private_endpoint` resource (#2544) --- .../resource.go | 46 ++++++++----- .../resource_test.go | 68 ++++++++++++++++++- 2 files changed, 96 insertions(+), 18 deletions(-) diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 0a23e9b14d..12d9c27d95 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -3,21 +3,26 @@ package encryptionatrestprivateendpoint import ( "context" "errors" - "fmt" "net/http" "regexp" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) const ( encryptionAtRestPrivateEndpointName = "encryption_at_rest_private_endpoint" warnUnsupportedOperation = "Operation not supported" - failedStatusErrorMessage = "Private endpoint is in a failed status" + FailedStatusErrorMessageSummary = "Private endpoint is in a failed status" + NonEmptyErrorMessageFieldSummary = "Something went wrong. Please review the `status` field of this resource" + PendingAcceptanceWarnMsgSummary = "Private endpoint may be in PENDING_ACCEPTANCE status" + PendingAcceptanceWarnMsg = "Please ensure to approve the private endpoint connection. If recently approved or deleted the endpoint, please ignore this warning & wait for a few minutes for the status to update." ) var _ resource.ResourceWithConfigure = &encryptionAtRestPrivateEndpointRS{} @@ -64,9 +69,9 @@ func (r *encryptionAtRestPrivateEndpointRS) Create(ctx context.Context, req reso privateEndpointModel := NewTFEarPrivateEndpoint(*finalResp, projectID) resp.Diagnostics.Append(resp.State.Set(ctx, privateEndpointModel)...) - if err := getErrorMsgForFailedStatus(finalResp); err != nil { - resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) - } + + diags := CheckErrorMessageAndStatus(finalResp) + resp.Diagnostics.Append(diags...) } func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { @@ -92,9 +97,9 @@ func (r *encryptionAtRestPrivateEndpointRS) Read(ctx context.Context, req resour } resp.Diagnostics.Append(resp.State.Set(ctx, NewTFEarPrivateEndpoint(*endpointModel, projectID))...) - if err := getErrorMsgForFailedStatus(endpointModel); err != nil { - resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) - } + + diags := CheckErrorMessageAndStatus(endpointModel) + resp.Diagnostics.Append(diags...) } func (r *encryptionAtRestPrivateEndpointRS) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { @@ -122,9 +127,9 @@ func (r *encryptionAtRestPrivateEndpointRS) Delete(ctx context.Context, req reso resp.Diagnostics.AddError("error when waiting for status transition in delete", err.Error()) return } - if err := getErrorMsgForFailedStatus(model); err != nil { - resp.Diagnostics.AddError(failedStatusErrorMessage, err.Error()) - } + + diags := CheckErrorMessageAndStatus(model) + resp.Diagnostics.Append(diags...) } func (r *encryptionAtRestPrivateEndpointRS) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { @@ -154,10 +159,17 @@ func splitEncryptionAtRestPrivateEndpointImportID(id string) (projectID, cloudPr return } -func getErrorMsgForFailedStatus(model *admin.EARPrivateEndpoint) error { - if model.GetStatus() != retrystrategy.RetryStrategyFailedState { - return nil +func CheckErrorMessageAndStatus(model *admin.EARPrivateEndpoint) diag.Diagnostics { + var diags diag.Diagnostics + + switch { + case model.GetStatus() == retrystrategy.RetryStrategyFailedState: + diags = append(diags, diag.NewErrorDiagnostic(FailedStatusErrorMessageSummary, model.GetErrorMessage())) + case model.GetErrorMessage() != "": + diags = append(diags, diag.NewWarningDiagnostic(NonEmptyErrorMessageFieldSummary, model.GetErrorMessage())) + case model.GetStatus() == retrystrategy.RetryStrategyPendingAcceptanceState: + diags = append(diags, diag.NewWarningDiagnostic(PendingAcceptanceWarnMsgSummary, PendingAcceptanceWarnMsg)) } - msg := model.GetErrorMessage() - return fmt.Errorf("detail of error message: %s", msg) + + return diags } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 32bccd1b66..91636e2f24 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -6,12 +6,17 @@ import ( "os" "testing" + "go.mongodb.org/atlas-sdk/v20240805001/admin" + + "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/stretchr/testify/assert" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" + "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" ) const ( @@ -108,6 +113,67 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * }) } +type errMsgTestCase struct { + SDKResp *admin.EARPrivateEndpoint + diags diag.Diagnostics +} + +func TestCheckErrorMessageAndStatus(t *testing.T) { + var defaultDiags diag.Diagnostics + + testCases := map[string]errMsgTestCase{ + "FAILED status with no error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: nil, + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), + }, + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "")), + }, + "FAILED status with error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: admin.PtrString("test err message"), + Status: admin.PtrString(retrystrategy.RetryStrategyFailedState), + }, + diags: append(defaultDiags, diag.NewErrorDiagnostic(encryptionatrestprivateendpoint.FailedStatusErrorMessageSummary, "test err message")), + }, + "non-empty error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: admin.PtrString("private endpoint was rejected"), + Status: admin.PtrString(retrystrategy.RetryStrategyPendingRecreationState), + }, + diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.NonEmptyErrorMessageFieldSummary, "private endpoint was rejected")), + }, + "nil error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: nil, + Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), + }, + diags: defaultDiags, + }, + "empty error_message": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: admin.PtrString(""), + Status: admin.PtrString(retrystrategy.RetryStrategyActiveState), + }, + diags: defaultDiags, + }, + "pending acceptance status": { + SDKResp: &admin.EARPrivateEndpoint{ + ErrorMessage: admin.PtrString(""), + Status: admin.PtrString(retrystrategy.RetryStrategyPendingAcceptanceState), + }, + diags: append(defaultDiags, diag.NewWarningDiagnostic(encryptionatrestprivateendpoint.PendingAcceptanceWarnMsgSummary, encryptionatrestprivateendpoint.PendingAcceptanceWarnMsg)), + }, + } + + for testName, tc := range testCases { + t.Run(testName, func(t *testing.T) { + diags := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) + assert.Equal(t, tc.diags, diags, "diagnostics did not match expected output") + }) + } +} + func importStateIDFunc(resourceName string) resource.ImportStateIdFunc { return func(s *terraform.State) (string, error) { rs, ok := s.RootModule().Resources[resourceName] From 3d92da0eb777fca2e6ef0b7543a108b573415366 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Tue, 3 Sep 2024 18:28:29 +0200 Subject: [PATCH 13/20] doc: Adds documentation for new `encryption_at_rest_private_endpoint` resource and data sources (#2547) * adding documentation for encryption_at_rest_private_endpoint resource and data sources * align generated docs * minor typo fix * Adjust description of project_id to make it more concise * align note stating feature is available by request as defined in general docs --- .github/workflows/code-health.yml | 8 +- GNUmakefile | 6 +- contributing/documentation.md | 2 +- .../encryption_at_rest_private_endpoint.md | 37 ++++++++ .../encryption_at_rest_private_endpoints.md | 45 ++++++++++ .../encryption_at_rest_private_endpoint.md | 88 +++++++++++++++++++ .../azure/plural-data-source.tf | 8 ++ .../azure/singular-data-source.tf | 9 ++ .../data_source_schema.go | 4 +- .../pural_data_source_schema.go | 8 +- .../resource_schema.go | 4 +- scripts/generate-doc.sh | 3 + ...ncryption_at_rest_private_endpoint.md.tmpl | 13 +++ ...cryption_at_rest_private_endpoints.md.tmpl | 13 +++ ...ncryption_at_rest_private_endpoint.md.tmpl | 27 ++++++ 15 files changed, 261 insertions(+), 14 deletions(-) create mode 100644 docs/data-sources/encryption_at_rest_private_endpoint.md create mode 100644 docs/data-sources/encryption_at_rest_private_endpoints.md create mode 100644 docs/resources/encryption_at_rest_private_endpoint.md create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/plural-data-source.tf create mode 100644 examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/singular-data-source.tf create mode 100644 templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl create mode 100644 templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl create mode 100644 templates/resources/encryption_at_rest_private_endpoint.md.tmpl diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index a6930734e1..44b33483ea 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -70,11 +70,13 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - run: make tools # all resources with auto-generated doc must be specified below here - name: Doc for control_plane_ip_addresses - run: export resource_name=control_plane_ip_addresses && make generate-doc + run: make generate-doc resource_name=control_plane_ip_addresses - name: Doc for push_based_log_export - run: export resource_name=push_based_log_export && make generate-doc + run: make generate-doc resource_name=push_based_log_export - name: Doc for search_deployment - run: export resource_name=search_deployment && make generate-doc + run: make generate-doc resource_name=search_deployment + - name: Doc for encryption_at_rest_private_endpoint + run: make generate-doc resource_name=encryption_at_rest_private_endpoint - name: Find mutations id: self_mutation run: |- diff --git a/GNUmakefile b/GNUmakefile index 488873875d..e932b08895 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -123,8 +123,10 @@ scaffold-schemas: .PHONY: generate-doc -generate-doc: ## Generate the resource documentation via tfplugindocs - ./scripts/generate-doc.sh ${resource_name} +# e.g. run: make generate-doc resource_name=search_deployment +# generate the resource documentation via tfplugindocs +generate-doc: + @scripts/generate-doc.sh ${resource_name} .PHONY: update-tf-compatibility-matrix update-tf-compatibility-matrix: ## Update Terraform Compatibility Matrix documentation diff --git a/contributing/documentation.md b/contributing/documentation.md index eaa3d9eae4..6879da6f53 100644 --- a/contributing/documentation.md +++ b/contributing/documentation.md @@ -12,5 +12,5 @@ We autogenerate the documentation of our provider resources and data sources via - Add the resource/data source templates to the [templates](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/templates) folder. See [README.md](https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/templates/README.md) for more info. - Run the Makefile command `generate-doc` ```bash -export resource_name=search_deployment && make generate-doc +make generate-doc resource_name=search_deployment ``` diff --git a/docs/data-sources/encryption_at_rest_private_endpoint.md b/docs/data-sources/encryption_at_rest_private_endpoint.md new file mode 100644 index 0000000000..fc6c00f57f --- /dev/null +++ b/docs/data-sources/encryption_at_rest_private_endpoint.md @@ -0,0 +1,37 @@ +# Data Source: mongodbatlas_encryption_at_rest_private_endpoint + +`mongodbatlas_encryption_at_rest_private_endpoint` describes a private endpoint used for encryption at rest using customer-managed keys. + +## Example Usages + +```terraform +data "mongodbatlas_encryption_at_rest_private_endpoint" "single" { + project_id = var.atlas_project_id + cloud_provider = "AZURE" + id = mongodbatlas_encryption_at_rest_private_endpoint.endpoint.id +} + +output "endpoint_connection_name" { + value = data.mongodbatlas_encryption_at_rest_private_endpoint.single.private_endpoint_connection_name +} +``` + + +## Schema + +### Required + +- `cloud_provider` (String) Label that identifies the cloud provider of the private endpoint. +- `id` (String) Unique 24-hexadecimal digit string that identifies the Private Endpoint Service. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. + +### Read-Only + +- `error_message` (String) Error message for failures associated with the Encryption At Rest private endpoint. +- `private_endpoint_connection_name` (String) Connection name of the Azure Private Endpoint. +- `region_name` (String) Cloud provider region in which the Encryption At Rest private endpoint is located. +- `status` (String) State of the Encryption At Rest private endpoint. + +For more information see: +- [MongoDB Atlas API - Private Endpoint for Encryption at Rest Using Customer Key Management](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRestPrivateEndpoint) Documentation. +- [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/). diff --git a/docs/data-sources/encryption_at_rest_private_endpoints.md b/docs/data-sources/encryption_at_rest_private_endpoints.md new file mode 100644 index 0000000000..f21ba135a2 --- /dev/null +++ b/docs/data-sources/encryption_at_rest_private_endpoints.md @@ -0,0 +1,45 @@ +# Data Source: mongodbatlas_encryption_at_rest_private_endpoints + +`mongodbatlas_encryption_at_rest_private_endpoints` describes private endpoints of a particular cloud provider used for encryption at rest using customer-managed keys. + +## Example Usages + +```terraform +data "mongodbatlas_encryption_at_rest_private_endpoints" "plural" { + project_id = var.atlas_project_id + cloud_provider = "AZURE" +} + +output "number_of_endpoints" { + value = length(data.mongodbatlas_encryption_at_rest_private_endpoints.plural.results) +} +``` + + +## Schema + +### Required + +- `cloud_provider` (String) Human-readable label that identifies the cloud provider for the private endpoints to return. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. + +### Read-Only + +- `results` (Attributes List) List of returned documents that MongoDB Cloud providers when completing this request. (see [below for nested schema](#nestedatt--results)) + + +### Nested Schema for `results` + +Read-Only: + +- `cloud_provider` (String) Label that identifies the cloud provider of the private endpoint. +- `error_message` (String) Error message for failures associated with the Encryption At Rest private endpoint. +- `id` (String) Unique 24-hexadecimal digit string that identifies the Private Endpoint Service. +- `private_endpoint_connection_name` (String) Connection name of the Azure Private Endpoint. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. +- `region_name` (String) Cloud provider region in which the Encryption At Rest private endpoint is located. +- `status` (String) State of the Encryption At Rest private endpoint. + +For more information see: +- [MongoDB Atlas API - Private Endpoint for Encryption at Rest Using Customer Key Management](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRestPrivateEndpointsForCloudProvider) Documentation. +- [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/). diff --git a/docs/resources/encryption_at_rest_private_endpoint.md b/docs/resources/encryption_at_rest_private_endpoint.md new file mode 100644 index 0000000000..a9a9a6ed94 --- /dev/null +++ b/docs/resources/encryption_at_rest_private_endpoint.md @@ -0,0 +1,88 @@ +# Resource: mongodbatlas_encryption_at_rest_private_endpoint + +`mongodbatlas_encryption_at_rest_private_endpoint` provides a resource for managing a private endpoint used for encryption at rest with customer-managed keys. This ensures all traffic between Atlas and customer key management systems take place over private network interfaces. + +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for you Atlas deployments, contact your Account Manager. +Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this resource. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). + +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + +## Example Usages + +### Configuring Atlas Encryption at Rest using Azure Key Vault with Azure Private Link + +```terraform +resource "mongodbatlas_encryption_at_rest" "ear" { + project_id = var.atlas_project_id + + azure_key_vault_config { + require_private_networking = true + + enabled = true + azure_environment = "AZURE" + + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id + client_id = var.azure_client_id + secret = var.azure_client_secret + + resource_group_name = var.azure_resource_group_name + key_vault_name = var.azure_key_vault_name + key_identifier = var.azure_key_identifier + } +} + +# Creates private endpoint +resource "mongodbatlas_encryption_at_rest_private_endpoint" "endpoint" { + project_id = mongodbatlas_encryption_at_rest.ear.project_id + cloud_provider = "AZURE" + region_name = var.azure_region_name +} + +locals { + key_vault_resource_id = "/subscriptions/${var.azure_subscription_id}/resourceGroups/${var.azure_resource_group_name}/providers/Microsoft.KeyVault/vaults/${var.azure_key_vault_name}" +} + +# Approves private endpoint connection from Azure Key Vault +resource "azapi_update_resource" "approval" { + type = "Microsoft.KeyVault/Vaults/PrivateEndpointConnections@2023-07-01" + name = mongodbatlas_encryption_at_rest_private_endpoint.endpoint.private_endpoint_connection_name + parent_id = local.key_vault_resource_id + + body = jsonencode({ + properties = { + privateLinkServiceConnectionState = { + description = "Approved via Terraform" + status = "Approved" + } + } + }) +} +``` + + +## Schema + +### Required + +- `cloud_provider` (String) Label that identifies the cloud provider for the Encryption At Rest private endpoint. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. +- `region_name` (String) Cloud provider region in which the Encryption At Rest private endpoint is located. + +### Read-Only + +- `error_message` (String) Error message for failures associated with the Encryption At Rest private endpoint. +- `id` (String) Unique 24-hexadecimal digit string that identifies the Private Endpoint Service. +- `private_endpoint_connection_name` (String) Connection name of the Azure Private Endpoint. +- `status` (String) State of the Encryption At Rest private endpoint. + +# Import +Encryption At Rest Private Endpoint resource can be imported using the project ID, cloud provider, and private endpoint ID. The format must be `{project_id}-{cloud_provider}-{private_endpoint_id}` e.g. + +``` +$ terraform import mongodbatlas_encryption_at_rest_private_endpoint.test 650972848269185c55f40ca1-AZURE-650972848269185c55f40ca2 +``` + +For more information see: +- [MongoDB Atlas API - Private Endpoint for Encryption at Rest Using Customer Key Management](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRestPrivateEndpoint) Documentation. +- [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/). diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/plural-data-source.tf b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/plural-data-source.tf new file mode 100644 index 0000000000..f2cb36d2dd --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/plural-data-source.tf @@ -0,0 +1,8 @@ +data "mongodbatlas_encryption_at_rest_private_endpoints" "plural" { + project_id = var.atlas_project_id + cloud_provider = "AZURE" +} + +output "number_of_endpoints" { + value = length(data.mongodbatlas_encryption_at_rest_private_endpoints.plural.results) +} diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/singular-data-source.tf b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/singular-data-source.tf new file mode 100644 index 0000000000..f3699a2353 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/singular-data-source.tf @@ -0,0 +1,9 @@ +data "mongodbatlas_encryption_at_rest_private_endpoint" "single" { + project_id = var.atlas_project_id + cloud_provider = "AZURE" + id = mongodbatlas_encryption_at_rest_private_endpoint.endpoint.id +} + +output "endpoint_connection_name" { + value = data.mongodbatlas_encryption_at_rest_private_endpoint.single.private_endpoint_connection_name +} diff --git a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go index a928dcc174..cf4afc4b11 100644 --- a/internal/service/encryptionatrestprivateendpoint/data_source_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/data_source_schema.go @@ -28,8 +28,8 @@ func DSAttributes(withArguments bool) map[string]schema.Attribute { "project_id": schema.StringAttribute{ Required: withArguments, Computed: !withArguments, - Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + Description: "Unique 24-hexadecimal digit string that identifies your project.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project.", }, "id": schema.StringAttribute{ Required: withArguments, diff --git a/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go b/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go index fe3d734981..bacabb9e43 100644 --- a/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/pural_data_source_schema.go @@ -12,17 +12,17 @@ func PluralDataSourceSchema(ctx context.Context) schema.Schema { Attributes: map[string]schema.Attribute{ "cloud_provider": schema.StringAttribute{ Required: true, - Description: "Human-readable label that identifies the cloud provider for the private endpoints to return.", + Description: "Label that identifies the cloud provider for the private endpoints to return.", MarkdownDescription: "Human-readable label that identifies the cloud provider for the private endpoints to return.", }, "project_id": schema.StringAttribute{ Required: true, - Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + Description: "Unique 24-hexadecimal digit string that identifies your project.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project.", }, "results": schema.ListNestedAttribute{ NestedObject: schema.NestedAttributeObject{ - Attributes: DSAttributes(true), + Attributes: DSAttributes(false), }, Computed: true, Description: "List of returned documents that MongoDB Cloud providers when completing this request.", diff --git a/internal/service/encryptionatrestprivateendpoint/resource_schema.go b/internal/service/encryptionatrestprivateendpoint/resource_schema.go index 15fd40ed48..11b85983c3 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_schema.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_schema.go @@ -22,8 +22,8 @@ func ResourceSchema(ctx context.Context) schema.Schema { }, "project_id": schema.StringAttribute{ Required: true, - Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + Description: "Unique 24-hexadecimal digit string that identifies your project.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project.", }, "id": schema.StringAttribute{ Computed: true, diff --git a/scripts/generate-doc.sh b/scripts/generate-doc.sh index 8e2973e6af..9518a1ce54 100755 --- a/scripts/generate-doc.sh +++ b/scripts/generate-doc.sh @@ -67,6 +67,9 @@ if [ ! -f "${TEMPLATE_FOLDER_PATH}/data-sources/${resource_name}s.md.tmpl" ]; th printf "Skipping this check: We assume that the resource does not have a plural data source.\n\n" fi +# ensure preview resource and data sources are also included during generation +export MONGODB_ATLAS_ENABLE_PREVIEW="true" + tfplugindocs generate --tf-version "${TF_VERSION}" --website-source-dir "${TEMPLATE_FOLDER_PATH}" --rendered-website-dir "docs-out" if [ ! -f "docs-out/resources/${resource_name}.md" ]; then diff --git a/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl b/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl new file mode 100644 index 0000000000..b747da07df --- /dev/null +++ b/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl @@ -0,0 +1,13 @@ +# {{.Type}}: {{.Name}} + +`{{.Name}}` describes a private endpoint used for encryption at rest using customer-managed keys. + +## Example Usages + +{{ tffile (printf "examples/%s/azure/singular-data-source.tf" .Name )}} + +{{ .SchemaMarkdown | trimspace }} + +For more information see: +- [MongoDB Atlas API - Private Endpoint for Encryption at Rest Using Customer Key Management](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRestPrivateEndpoint) Documentation. +- [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/). diff --git a/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl b/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl new file mode 100644 index 0000000000..0b161f8f17 --- /dev/null +++ b/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl @@ -0,0 +1,13 @@ +# {{.Type}}: {{.Name}} + +`{{.Name}}` describes private endpoints of a particular cloud provider used for encryption at rest using customer-managed keys. + +## Example Usages + +{{ tffile ("examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/plural-data-source.tf") }} + +{{ .SchemaMarkdown | trimspace }} + +For more information see: +- [MongoDB Atlas API - Private Endpoint for Encryption at Rest Using Customer Key Management](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRestPrivateEndpointsForCloudProvider) Documentation. +- [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/). diff --git a/templates/resources/encryption_at_rest_private_endpoint.md.tmpl b/templates/resources/encryption_at_rest_private_endpoint.md.tmpl new file mode 100644 index 0000000000..767132fd90 --- /dev/null +++ b/templates/resources/encryption_at_rest_private_endpoint.md.tmpl @@ -0,0 +1,27 @@ +# {{.Type}}: {{.Name}} + +`{{.Name}}` provides a resource for managing a private endpoint used for encryption at rest with customer-managed keys. This ensures all traffic between Atlas and customer key management systems take place over private network interfaces. + +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for you Atlas deployments, contact your Account Manager. +Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this resource. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). + +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + +## Example Usages + +### Configuring Atlas Encryption at Rest using Azure Key Vault with Azure Private Link + +{{ tffile (printf "examples/%s/azure/main.tf" .Name )}} + +{{ .SchemaMarkdown | trimspace }} + +# Import +Encryption At Rest Private Endpoint resource can be imported using the project ID, cloud provider, and private endpoint ID. The format must be `{project_id}-{cloud_provider}-{private_endpoint_id}` e.g. + +``` +$ terraform import mongodbatlas_encryption_at_rest_private_endpoint.test 650972848269185c55f40ca1-AZURE-650972848269185c55f40ca2 +``` + +For more information see: +- [MongoDB Atlas API - Private Endpoint for Encryption at Rest Using Customer Key Management](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRestPrivateEndpoint) Documentation. +- [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/). From 4a20878fa81707576c3e38fc229eee2990612431 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Wed, 4 Sep 2024 11:58:11 +0200 Subject: [PATCH 14/20] chore: Adopt latest changes from master into ear private endpoint dev branch to adopt latest SDK (#2549) * test: Reduce instance size and use of provisioned disk iops for test that verifies transition for symmetric to asymmetric configuration (#2503) * doc: Include changelog entries to mention 2 new guides (#2506) * add entry for 2 new guides * add link * chore: Updates examples link in index.md for v1.18.0 release * chore: Updates CHANGELOG.md header for v1.18.0 release * doc: Update Atlas SP db_role_to_execute info. (#2508) * (DOCSP-41590) Updating Atlas SP db_role_to_execute info. * Update docs/resources/stream_connection.md Co-authored-by: kanchana-mongodb <54281287+kanchana-mongodb@users.noreply.github.com> --------- Co-authored-by: kanchana-mongodb <54281287+kanchana-mongodb@users.noreply.github.com> * doc: Contributing Guidelines Updates (#2494) * Contributing Guidelines Updates * Update README.md * Update README.md * Update contributing/README.md Co-authored-by: kyuan-mongodb <78768401+kyuan-mongodb@users.noreply.github.com> --------- Co-authored-by: kyuan-mongodb <78768401+kyuan-mongodb@users.noreply.github.com> * test: Simply migration test checks after 1.18.0 release and adjust version constraint in advanced_cluster examples uing new schema (#2510) * doc: Add references to the terraform modules in the resources documentations (#2513) * add references to the modules in the resources documentations * fix pr comments * chore: Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#2515) Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/setup-terraform/compare/651471c36a6092792c552e8b1bef71e592b462d8...b9cd54a3c349d3f38e8881555d616ced269862dd) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Add mention of support ticket when opening a pull request (#2507) * Add mention of creating support ticket when opening PR * rephrasing to avoid mention of priority * including suggestion * doc: Updates`mongodbatlas_advanced_cluster` ISS migration guide & resource doc with expected 500 error on update (#2525) * chore: Updates mongodbatlas_advanced_cluster tests to expect temporary SERVICE_UNAVAILABLE error when migrating from old to new schema (#2523) * doc: Fixes wordings in the new advanced_cluster sharding guide. (#2524) * chore: Updates examples link in index.md for v1.18.1 release * chore: Updates CHANGELOG.md header for v1.18.1 release * chore: upgrades go SDK from `v20240805001` to `v20240805002` (#2534) * chore: Updates to Go 1.23 (#2535) * update asdf TF version * update to Go 1.23 * update linter * update golang-ci linter * disable Go telemetry * revert TF change * chore: Bump go.mongodb.org/atlas from 0.36.0 to 0.37.0 (#2532) Bumps [go.mongodb.org/atlas](https://github.com/mongodb/go-client-mongodb-atlas) from 0.36.0 to 0.37.0. - [Release notes](https://github.com/mongodb/go-client-mongodb-atlas/releases) - [Changelog](https://github.com/mongodb/go-client-mongodb-atlas/blob/master/CHANGELOG.md) - [Commits](https://github.com/mongodb/go-client-mongodb-atlas/compare/v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: go.mongodb.org/atlas dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump github.com/hashicorp/hcl/v2 from 2.21.0 to 2.22.0 (#2530) Bumps [github.com/hashicorp/hcl/v2](https://github.com/hashicorp/hcl) from 2.21.0 to 2.22.0. - [Release notes](https://github.com/hashicorp/hcl/releases) - [Changelog](https://github.com/hashicorp/hcl/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/hcl/compare/v2.21.0...v2.22.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/hcl/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update asdf TF version to 1.9.5 (#2537) * chore: Changes deprecation message for labels attribute (#2542) * chore: Upgrades go SDK from `v20240805002` to `v20240805003` (#2545) * major version update calling gomajor tool * manual change to reincorporate v20240530005 * reverts temp changes in cloud provider resources, fixes sdk versions in new implementations --------- Signed-off-by: dependabot[bot] Co-authored-by: svc-apix-bot Co-authored-by: lmkerbey-mdb <105309825+lmkerbey-mdb@users.noreply.github.com> Co-authored-by: kanchana-mongodb <54281287+kanchana-mongodb@users.noreply.github.com> Co-authored-by: Zuhair Ahmed Co-authored-by: kyuan-mongodb <78768401+kyuan-mongodb@users.noreply.github.com> Co-authored-by: rubenVB01 <95967197+rubenVB01@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: maastha <122359335+maastha@users.noreply.github.com> Co-authored-by: Marco Suma Co-authored-by: Espen Albert Co-authored-by: Leo Antoli <430982+lantoli@users.noreply.github.com> Co-authored-by: Oriol --- .changelog/2478.txt | 2 +- .changelog/2505.txt | 7 ++ .github/pull_request_template.md | 2 +- .github/workflows/acceptance-tests-runner.yml | 40 ++++----- .github/workflows/code-health.yml | 2 +- .github/workflows/examples.yml | 2 +- .golangci.yml | 2 +- .tool-versions | 4 +- CHANGELOG.md | 11 ++- GNUmakefile | 3 +- README.md | 2 +- contributing/README.md | 2 +- contributing/development-setup.md | 4 +- docs/data-sources/advanced_cluster.md | 2 +- docs/data-sources/advanced_clusters.md | 2 +- docs/guides/1.18.0-upgrade-guide.md | 4 +- .../advanced-cluster-new-sharding-schema.md | 30 ++++--- ...ter-to-advanced-cluster-migration-guide.md | 2 +- docs/index.md | 2 +- docs/resources/advanced_cluster.md | 3 +- docs/resources/encryption_at_rest.md | 2 + docs/resources/privatelink_endpoint.md | 4 +- .../resources/privatelink_endpoint_service.md | 2 + docs/resources/push_based_log_export.md | 2 + docs/resources/stream_connection.md | 2 +- .../asymmetric-sharded-cluster/versions.tf | 2 +- .../global-cluster/versions.tf | 2 +- .../multi-cloud/versions.tf | 2 +- .../tenant-upgrade/main.tf | 4 +- go.mod | 8 +- go.sum | 14 ++- internal/common/constant/deprecation.go | 1 + internal/common/conversion/flatten_expand.go | 2 +- internal/config/client.go | 2 +- .../data_source_accesslist_api_keys.go | 2 +- .../resource_access_list_api_key.go | 2 +- .../data_source_advanced_cluster.go | 2 +- .../data_source_advanced_clusters.go | 4 +- .../advancedcluster/model_advanced_cluster.go | 2 +- .../model_advanced_cluster_test.go | 4 +- .../model_sdk_version_conversion.go | 2 +- .../resource_advanced_cluster.go | 4 +- ...esource_advanced_cluster_migration_test.go | 24 +++-- .../resource_advanced_cluster_test.go | 90 +++++++++++-------- .../advancedcluster/resource_update_logic.go | 2 +- .../resource_update_logic_test.go | 2 +- .../data_source_alert_configuration.go | 2 +- .../data_source_alert_configurations.go | 2 +- .../model_alert_configuration.go | 2 +- .../model_alert_configuration_test.go | 2 +- .../resource_alert_configuration.go | 2 +- .../service/apikey/data_source_api_keys.go | 2 +- internal/service/apikey/resource_api_key.go | 2 +- .../atlasuser/data_source_atlas_user.go | 2 +- .../atlasuser/data_source_atlas_user_test.go | 2 +- .../atlasuser/data_source_atlas_users.go | 2 +- .../atlasuser/data_source_atlas_users_test.go | 2 +- .../service/auditing/resource_auditing.go | 2 +- .../resource_backup_compliance_policy.go | 2 +- .../data_source_cloud_backup_schedule.go | 2 +- .../model_cloud_backup_schedule.go | 2 +- .../model_cloud_backup_schedule_test.go | 2 +- .../model_sdk_version_conversion.go | 2 +- .../resource_cloud_backup_schedule.go | 2 +- .../data_source_cloud_backup_snapshots.go | 2 +- .../model_cloud_backup_snapshot.go | 2 +- .../model_cloud_backup_snapshot_test.go | 2 +- .../resource_cloud_backup_snapshot.go | 2 +- ...ce_cloud_backup_snapshot_export_buckets.go | 2 +- ...rce_cloud_backup_snapshot_export_bucket.go | 2 +- ...ource_cloud_backup_snapshot_export_jobs.go | 2 +- ...source_cloud_backup_snapshot_export_job.go | 2 +- ...urce_cloud_backup_snapshot_restore_jobs.go | 2 +- ...ource_cloud_backup_snapshot_restore_job.go | 2 +- ...rce_cloud_provider_access_authorization.go | 12 ++- .../resource_cloud_provider_access_setup.go | 19 +--- .../service/cluster/data_source_cluster.go | 2 +- .../service/cluster/data_source_clusters.go | 2 +- internal/service/cluster/resource_cluster.go | 2 +- .../resource_cluster_outage_simulation.go | 2 +- .../service/controlplaneipaddresses/model.go | 2 +- .../controlplaneipaddresses/model_test.go | 2 +- .../data_source_custom_db_roles.go | 2 +- .../customdbrole/resource_custom_db_role.go | 2 +- .../resource_custom_db_role_test.go | 2 +- ...ce_custom_dns_configuration_cluster_aws.go | 2 +- .../databaseuser/model_database_user.go | 2 +- .../databaseuser/model_database_user_test.go | 2 +- .../resource_database_user_migration_test.go | 2 +- .../resource_database_user_test.go | 2 +- .../data_source_data_lake_pipeline_run.go | 2 +- .../data_source_data_lake_pipeline_runs.go | 2 +- .../data_source_data_lake_pipelines.go | 2 +- .../resource_data_lake_pipeline.go | 2 +- .../encryptionatrest/data_source_schema.go | 2 +- internal/service/encryptionatrest/model.go | 2 +- .../service/encryptionatrest/model_test.go | 3 +- internal/service/encryptionatrest/resource.go | 3 +- .../resource_migration_test.go | 3 +- .../service/encryptionatrest/resource_test.go | 9 +- .../encryptionatrestprivateendpoint/model.go | 2 +- .../model_test.go | 2 +- .../plural_data_source.go | 2 +- .../resource.go | 2 +- .../resource_test.go | 2 +- .../state_transition.go | 2 +- .../state_transition_test.go | 4 +- ...source_federated_database_instance_test.go | 2 +- ...ata_source_federated_database_instances.go | 2 +- .../resource_federated_database_instance.go | 2 +- .../data_source_federated_query_limits.go | 2 +- .../resource_federated_query_limit.go | 2 +- ...e_federated_settings_identity_providers.go | 2 +- ...el_federated_settings_identity_provider.go | 2 +- ...derated_settings_identity_provider_test.go | 2 +- .../data_source_federated_settings.go | 2 +- ...ource_federated_settings_connected_orgs.go | 2 +- ...model_federated_settings_connected_orgs.go | 2 +- ...ce_federated_settings_org_role_mappings.go | 2 +- ...del_federated_settings_org_role_mapping.go | 2 +- ...rce_federated_settings_org_role_mapping.go | 2 +- .../resource_ldap_configuration.go | 2 +- .../ldapverify/resource_ldap_verify.go | 2 +- .../resource_maintenance_window.go | 2 +- .../data_source_network_containers.go | 2 +- .../resource_network_container.go | 2 +- .../data_source_network_peering.go | 2 +- .../data_source_network_peerings.go | 2 +- .../resource_network_peering.go | 2 +- .../onlinearchive/resource_online_archive.go | 2 +- .../organization/data_source_organizations.go | 2 +- .../organization/resource_organization.go | 2 +- .../resource_organization_test.go | 2 +- .../orginvitation/resource_org_invitation.go | 2 +- ...resource_private_endpoint_regional_mode.go | 2 +- .../resource_privatelink_endpoint.go | 2 +- ...esource_privatelink_endpoint_serverless.go | 2 +- .../resource_privatelink_endpoint_service.go | 2 +- ...service_data_federation_online_archives.go | 2 +- ..._service_data_federation_online_archive.go | 2 +- ...rivatelink_endpoints_service_serverless.go | 2 +- ...privatelink_endpoint_service_serverless.go | 2 +- .../service/project/data_source_project.go | 2 +- .../service/project/data_source_projects.go | 2 +- internal/service/project/model_project.go | 2 +- .../service/project/model_project_test.go | 2 +- internal/service/project/resource_project.go | 2 +- .../resource_project_migration_test.go | 2 +- .../service/project/resource_project_test.go | 4 +- .../data_source_project_api_keys.go | 2 +- .../projectapikey/resource_project_api_key.go | 2 +- .../resource_project_invitation.go | 2 +- .../model_project_ip_access_list.go | 2 +- .../model_project_ip_access_list_test.go | 2 +- .../resource_project_ip_access_list.go | 2 +- internal/service/pushbasedlogexport/model.go | 2 +- .../service/pushbasedlogexport/model_test.go | 2 +- .../service/pushbasedlogexport/resource.go | 2 +- .../pushbasedlogexport/state_transition.go | 2 +- .../state_transition_test.go | 4 +- .../model_search_deployment.go | 2 +- .../model_search_deployment_test.go | 2 +- .../state_transition_search_deployment.go | 2 +- ...state_transition_search_deployment_test.go | 4 +- .../searchindex/data_source_search_indexes.go | 2 +- .../service/searchindex/model_search_index.go | 2 +- .../searchindex/resource_search_index.go | 2 +- .../data_source_serverless_instances.go | 2 +- .../resource_serverless_instance.go | 2 +- .../resource_serverless_instance_test.go | 2 +- ...a_source_cloud_shared_tier_restore_jobs.go | 2 +- .../data_source_shared_tier_snapshots.go | 2 +- .../data_source_stream_connections.go | 2 +- .../data_source_stream_connections_test.go | 2 +- .../model_stream_connection.go | 2 +- .../model_stream_connection_test.go | 2 +- .../data_source_stream_instances.go | 2 +- .../data_source_stream_instances_test.go | 2 +- .../streaminstance/model_stream_instance.go | 2 +- .../model_stream_instance_test.go | 2 +- internal/service/team/data_source_team.go | 2 +- internal/service/team/resource_team.go | 2 +- .../data_source_third_party_integrations.go | 2 +- ...ource_x509_authentication_database_user.go | 2 +- internal/testutil/acc/advanced_cluster.go | 2 +- internal/testutil/acc/atlas.go | 2 +- internal/testutil/acc/cluster.go | 2 +- internal/testutil/acc/config_cluster.go | 2 +- internal/testutil/acc/database_user.go | 2 +- internal/testutil/acc/encryption_at_rest.go | 2 +- internal/testutil/acc/factory.go | 2 +- internal/testutil/acc/project.go | 2 +- internal/testutil/acc/serverless.go | 2 +- scripts/changelog/release-note.tmpl | 2 +- .../resources/push_based_log_export.md.tmpl | 2 + 195 files changed, 347 insertions(+), 313 deletions(-) create mode 100644 .changelog/2505.txt diff --git a/.changelog/2478.txt b/.changelog/2478.txt index 3c80528ff7..7e35be9a8b 100644 --- a/.changelog/2478.txt +++ b/.changelog/2478.txt @@ -3,7 +3,7 @@ resource/mongodbatlas_advanced_cluster: Supports defining cluster shards with in ``` ```release-note:note -resource/mongodbatlas_advanced_cluster: Using this new version impacts the possibility of editing the definition of multi shard clusters in the Atlas UI. This impact is limited to the first weeks of August. +resource/mongodbatlas_advanced_cluster: Using this new version impacts the possibility of editing the definition of multi shard clusters in the Atlas UI. This impact is limited to the first weeks of September. ``` ```release-note:enhancement diff --git a/.changelog/2505.txt b/.changelog/2505.txt new file mode 100644 index 0000000000..f9a5d81b39 --- /dev/null +++ b/.changelog/2505.txt @@ -0,0 +1,7 @@ +```release-note:new-guide +[Migration Guide: Advanced Cluster New Sharding Schema](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/advanced-cluster-new-sharding-schema). This enables Independent Shard Scaling. +``` + +```release-note:new-guide +[Migration Guide: Cluster to Advanced Cluster](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/cluster-to-advanced-cluster-migration-guide) +``` diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 4ce09e6022..4e133f503f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -20,7 +20,7 @@ Link to any related issue(s): - [ ] I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements - [ ] I have added any necessary documentation (if appropriate) - [ ] I have run make fmt and formatted my code -- [ ] If changes include deprecations or removals, I defined an isolated PR with a relevant title as it will be used in the auto-generated changelog. +- [ ] If changes include deprecations or removals I have added appropriate changelog entries. - [ ] If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document. ## Further comments diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index 136c693902..ab7217a453 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -294,7 +294,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -316,7 +316,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -356,7 +356,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -394,7 +394,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -418,7 +418,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -440,7 +440,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -485,7 +485,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -507,7 +507,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -529,7 +529,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -551,7 +551,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -589,7 +589,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -616,7 +616,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -645,7 +645,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -690,7 +690,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -727,7 +727,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -752,7 +752,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -774,7 +774,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -796,7 +796,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -823,7 +823,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false @@ -847,7 +847,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index 44b33483ea..2e953dac84 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -49,7 +49,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 with: - version: v1.59.1 # Also update GOLANGCI_VERSION variable in GNUmakefile when updating this version + version: v1.60.3 # Also update GOLANGCI_VERSION variable in GNUmakefile when updating this version - name: actionlint run: | make tools diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index daa8791a50..a0667e5f6e 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -21,7 +21,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version-file: 'go.mod' - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd with: terraform_version: ${{ vars.TF_VERSION_LATEST }} terraform_wrapper: false diff --git a/.golangci.yml b/.golangci.yml index 7bcb5c94a9..3620dfb765 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -85,7 +85,7 @@ linters: - nakedret - nolintlint - rowserrcheck - - exportloopref + - copyloopvar - staticcheck - stylecheck - typecheck diff --git a/.tool-versions b/.tool-versions index c23da88ab6..46456547b9 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ -golang 1.22.5 -terraform 1.9.2 +golang 1.23.0 +terraform 1.9.5 diff --git a/CHANGELOG.md b/CHANGELOG.md index bc3d437bbf..a8a41dd7b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## (Unreleased) +## 1.18.1 (August 26, 2024) + +## 1.18.0 (August 14, 2024) + BREAKING CHANGES: * data-source/mongodbatlas_cloud_backup_snapshot_export_bucket: Changes `id` attribute from optional to computed only ([#2499](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2499)) @@ -20,7 +24,12 @@ NOTES: * data-source/mongodbatlas_advanced_cluster: Deprecates `replication_specs.#.id`, `replication_specs.#.num_shards`, `disk_size_gb`, `advanced_configuration.0.default_read_concern`, and `advanced_configuration.0.fail_index_key_too_long`. To learn more, see the [1.18.0 Migration Guide](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/1.18.0-upgrade-guide). ([#2420](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2420)) * data-source/mongodbatlas_advanced_clusters: Deprecates `replication_specs.#.id`, `replication_specs.#.num_shards`, `disk_size_gb`, `advanced_configuration.0.default_read_concern`, and `advanced_configuration.0.fail_index_key_too_long`. To learn more, see the [1.18.0 Migration Guide](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/1.18.0-upgrade-guide). ([#2420](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2420)) * resource/mongodbatlas_advanced_cluster: Deprecates `replication_specs.#.id`, `replication_specs.#.num_shards`, `disk_size_gb`, `advanced_configuration.0.default_read_concern`, and `advanced_configuration.0.fail_index_key_too_long`. To learn more, see the [1.18.0 Migration Guide](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/1.18.0-upgrade-guide). ([#2420](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2420)) -* resource/mongodbatlas_advanced_cluster: Using this new version impacts the possibility of editing the definition of multi shard clusters in the Atlas UI. This impact is limited to the first weeks of August. ([#2478](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2478)) +* resource/mongodbatlas_advanced_cluster: Using this new version impacts the possibility of editing the definition of multi shard clusters in the Atlas UI. This impact is limited to the first weeks of September. ([#2478](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2478)) + +FEATURES: + +* **New Guide:** [Migration Guide: Advanced Cluster New Sharding Schema](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/advanced-cluster-new-sharding-schema). This enables Independent Shard Scaling. ([#2505](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2505)) +* **New Guide:** [Migration Guide: Cluster to Advanced Cluster](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/cluster-to-advanced-cluster-migration-guide) ([#2505](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/2505)) ENHANCEMENTS: diff --git a/GNUmakefile b/GNUmakefile index e932b08895..d8739af884 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -18,7 +18,7 @@ GITTAG=$(shell git describe --always --tags) VERSION=$(GITTAG:v%=%) LINKER_FLAGS=-s -w -X 'github.com/mongodb/terraform-provider-mongodbatlas/version.ProviderVersion=${VERSION}' -GOLANGCI_VERSION=v1.59.1 # Also update golangci-lint GH action in code-health.yml when updating this version +GOLANGCI_VERSION=v1.60.3 # Also update golangci-lint GH action in code-health.yml when updating this version export PATH := $(shell go env GOPATH)/bin:$(PATH) export SHELL := env PATH=$(PATH) /bin/bash @@ -74,6 +74,7 @@ lint: .PHONY: tools tools: ## Install dev tools @echo "==> Installing dependencies..." + go telemetry off # disable sending telemetry data, more info: https://go.dev/doc/telemetry go install github.com/icholy/gomajor@latest go install github.com/terraform-linters/tflint@v0.52.0 go install github.com/rhysd/actionlint/cmd/actionlint@latest diff --git a/README.md b/README.md index b665386052..ea50b98e8b 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Feature requests can be submitted at https://feedback.mongodb.com/forums/924145- ## Requirements - [HashiCorp Terraform Version Compatibility Matrix](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs#hashicorp-terraform-versionhttpswwwterraformiodownloadshtml-compatibility-matrix) -- [Go Version](https://golang.org/doc/install) 1.22 (to build the provider plugin) +- [Go Version](https://golang.org/doc/install) 1.23 (to build the provider plugin) ## Using the Provider diff --git a/contributing/README.md b/contributing/README.md index 31a2ca2103..9718e582c0 100644 --- a/contributing/README.md +++ b/contributing/README.md @@ -1,6 +1,6 @@ # Contribution guidelines -Thanks for your interest in contributing to MongoDB Atlas Terraform Provider, the following documents define guidelines necessary to participate in the community. +Thanks for your interest in contributing to MongoDB Atlas Terraform Provider, the following documents define guidelines necessary to participate in the community. Please note that we no longer develop or maintain any resources or data sources we marked as deprecated in our [documentation](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs). - [Development Setup](development-setup.md) - [Development Best Practices](development-best-practices.md) diff --git a/contributing/development-setup.md b/contributing/development-setup.md index e01ca8a79d..ece7da2611 100644 --- a/contributing/development-setup.md +++ b/contributing/development-setup.md @@ -11,7 +11,7 @@ ### Prerequisite Tools - [Git](https://git-scm.com/) -- [Go (at least Go 1.22)](https://golang.org/dl/) +- [Go (at least Go 1.23)](https://golang.org/dl/) ### Environment @@ -51,7 +51,7 @@ For more explained information about plugin override check [Development Override - Make sure that the PR title follows [*Conventional Commits*](https://www.conventionalcommits.org/). - Add comments around your new code that explain what's happening. - Commit and push your changes to your branch then submit a pull request against the `master` branch. -- A repo maintainer will review your pull request. +- A repo maintainer will review your pull request. **Note**: If you have an active [MongoDB Atlas Support](https://www.mongodb.com/services/support/atlas-support-plans) contract, we recommend also creating a support ticket for any questions related to this process. ### Merging a Pull Request Due to security reasons, there are restrictions on how external contributions can be handled, especially concerning the use of repository secrets and running tests from forks. diff --git a/docs/data-sources/advanced_cluster.md b/docs/data-sources/advanced_cluster.md index 12933e4676..9044c4c884 100644 --- a/docs/data-sources/advanced_cluster.md +++ b/docs/data-sources/advanced_cluster.md @@ -35,7 +35,7 @@ data "mongodbatlas_advanced_cluster" "example" { } ``` -## Example using latest sharding schema with independent shard scaling in the cluster +## Example using latest sharding configurations with independent shard scaling in the cluster ```terraform resource "mongodbatlas_advanced_cluster" "example" { diff --git a/docs/data-sources/advanced_clusters.md b/docs/data-sources/advanced_clusters.md index 641e9e2d8e..ee67dd01fd 100644 --- a/docs/data-sources/advanced_clusters.md +++ b/docs/data-sources/advanced_clusters.md @@ -34,7 +34,7 @@ data "mongodbatlas_advanced_clusters" "example" { } ``` -## Example using latest sharding schema with independent shard scaling in the cluster +## Example using latest sharding configurations with independent shard scaling in the cluster ```terraform resource "mongodbatlas_advanced_cluster" "example" { diff --git a/docs/guides/1.18.0-upgrade-guide.md b/docs/guides/1.18.0-upgrade-guide.md index 936e4ac379..99ea9e381e 100644 --- a/docs/guides/1.18.0-upgrade-guide.md +++ b/docs/guides/1.18.0-upgrade-guide.md @@ -4,13 +4,13 @@ page_title: "Upgrade Guide 1.18.0" # MongoDB Atlas Provider 1.18.0: Upgrade and Information Guide -***WARNING:*** For users using the `mongodbatlas_advanced_cluster` resource or data sources, and defining multi sharded clusters, this new version impacts the possibility of editing the definition of these clusters from the Atlas UI. This impact is limited to the first weeks of August 2024. +***WARNING:*** For users using the `mongodbatlas_advanced_cluster` resource or data sources, and defining multi sharded clusters, this new version impacts the possibility of editing the definition of these clusters from the Atlas UI. This impact is limited to the first weeks of September 2024. The Terraform MongoDB Atlas Provider version 1.18.0 has a number of new and exciting features. **New Resources, Data Sources, and Features:** -- You can now scale the instance size and disk IOPS independently for each individual shard for sharded and geo-sharded clusters defined with `mongodbatlas_advanced_cluster`. To learn more, see the [Advanced Cluster New Sharding Schema Migration Guide](advanced-cluster-new-sharding-schema). As part of these changes two new attributes are added: +- You can now scale the instance size and disk IOPS independently for each individual shard for sharded and geo-sharded clusters defined with `mongodbatlas_advanced_cluster`. To learn more, see the [Advanced Cluster New Sharding Configurations Migration Guide](advanced-cluster-new-sharding-schema). As part of these changes two new attributes are added: - Use the `replication_specs.*.zone_id` attribute in the `mongodbatlas_advanced_cluster` resource and data sources to identify the zone of each `replication_specs` object. - Use the `use_replication_spec_per_shard` attribute in the `mongodbatlas_advanced_cluster` data sources to specify whether to obtain `replication_specs` objects for each shard. diff --git a/docs/guides/advanced-cluster-new-sharding-schema.md b/docs/guides/advanced-cluster-new-sharding-schema.md index 26a2ec4480..994cf3aaff 100644 --- a/docs/guides/advanced-cluster-new-sharding-schema.md +++ b/docs/guides/advanced-cluster-new-sharding-schema.md @@ -1,23 +1,23 @@ --- -page_title: "Migration Guide: Advanced Cluster New Sharding Schema" +page_title: "Migration Guide: Advanced Cluster New Sharding Configurations" --- -# Migration Guide: Advanced Cluster New Sharding Schema +# Migration Guide: Advanced Cluster New Sharding Configurations -**Objective**: Use this guide to migrate your existing `advanced_cluster` configurations to the new sharding schema introduced in version 1.18.0. The new sharding schema allows you to scale shards independently. Existing sharding configurations continue to work, although the software issues deprecation messages if you use the legacy schema. +**Objective**: Use this guide to migrate your existing `advanced_cluster` resources to support new sharding configurations introduced in version 1.18.0. The new sharding configurations allow you to scale shards independently. Existing sharding configurations continue to work, but you will receive deprecation messages if you continue to use them. -- [Migration Guide: Advanced Cluster New Sharding Schema](#migration-guide-advanced-cluster-new-sharding-schema) - - [Overview of schema changes](#overview-of-schema-changes) +- [Migration Guide: Advanced Cluster New Sharding Configurations](#migration-guide-advanced-cluster-new-sharding-schema) + - [Changes Overview](#changes-overview) - [Migrate advanced\_cluster type `SHARDED`](#migrate-advanced_cluster-type-sharded) - [Migrate advanced\_cluster type `GEOSHARDED`](#migrate-advanced_cluster-type-geosharded) - [Migrate advanced\_cluster type `REPLICASET`](#migrate-advanced_cluster-type-replicaset) - [Use Independent Shard Scaling](#use-independent-shard-scaling) -## Overview of schema changes +## Changes Overview `replication_specs` attribute now represents each individual cluster's shard with a unique replication spec element. -When you use the new sharding schema, the schema no longer uses the existing attribute `num_shards`, and instead the number of shards are defined by the number of `replication_specs` elements. +When you use the new sharding configurations, it will no longer use the existing attribute `num_shards`, and instead the number of shards are defined by the number of `replication_specs` elements. ### Migrate advanced_cluster type `SHARDED` @@ -46,7 +46,7 @@ resource "mongodbatlas_advanced_cluster" "test" { } ``` -In order to update our configuration to the new schema, we will remove the use of `num_shards` and add a new identical `replication_specs` element for each shard. Note that these 2 changes must be done at the same time. +In order to use our new sharding configurations, we will remove the use of `num_shards` and add a new identical `replication_specs` element for each shard. Note that these 2 changes must be done at the same time. ``` resource "mongodbatlas_advanced_cluster" "test" { @@ -84,6 +84,8 @@ resource "mongodbatlas_advanced_cluster" "test" { This updated configuration will trigger a Terraform update plan. However, the underlying cluster will not face any changes after the `apply` command, as both configurations represent a sharded cluster composed of two shards. +Note: The first time `terraform apply` command is run **after** updating the configuration, you may receive a `500 Internal Server Error (Error code: "SERVICE_UNAVAILABLE")` error. This is a known temporary issue. If you encounter this, please re-run `terraform apply` and this time the update should succeed. + ### Migrate advanced_cluster type `GEOSHARDED` @@ -126,7 +128,7 @@ resource "mongodbatlas_advanced_cluster" "test" { } ``` -In order to update our configuration to the new schema, we will remove the use of `num_shards` and add a new identical `replication_specs` element for each shard. Note that these two changes must be done at the same time. +In order to use our new sharding configurations, we will remove the use of `num_shards` and add a new identical `replication_specs` element for each shard. Note that these two changes must be done at the same time. ``` resource "mongodbatlas_advanced_cluster" "test" { @@ -192,6 +194,8 @@ resource "mongodbatlas_advanced_cluster" "test" { This updated configuration triggers a Terraform update plan. However, the underlying cluster will not face any changes after the `apply` command, as both configurations represent a geo sharded cluster with two zones and two shards in each one. +Note: The first time `terraform apply` command is run **after** updating the configuration, you may receive a `500 Internal Server Error (Error code: "SERVICE_UNAVAILABLE")` error. This is a known temporary issue. If you encounter this, please re-run `terraform apply` and this time the update should succeed. + ### Migrate advanced_cluster type `REPLICASET` @@ -240,7 +244,7 @@ resource "mongodbatlas_advanced_cluster" "test" { } ``` -Once the cluster type is adjusted accordingly, we can proceed to add a new shard using the new schema: +Once the cluster type is adjusted accordingly, we can proceed to add a new shard: ``` resource "mongodbatlas_advanced_cluster" "test" { @@ -274,10 +278,12 @@ resource "mongodbatlas_advanced_cluster" "test" { } ``` +Note: The first time `terraform apply` command is run **after** updating the configuration, you may receive a `500 Internal Server Error (Error code: "SERVICE_UNAVAILABLE")` error. This is a known temporary issue. If you encounter this, please re-run `terraform apply` and this time the update should succeed. + ### Use Independent Shard Scaling -Use the new sharding schema. Each shard must be represented with a unique replication_specs element and `num_shards` must not be used, as illustrated in the following example. +Use the new sharding configurations. Each shard must be represented with a unique `replication_specs` element and `num_shards` must not be used, as illustrated in the following example. ``` resource "mongodbatlas_advanced_cluster" "test" { @@ -347,4 +353,4 @@ resource "mongodbatlas_advanced_cluster" "test" { } ``` --> **NOTE:** For any cluster leveraging the new schema and defining independently scaled shards, users should also update corresponding `mongodbatlas_cloud_backup_schedule` resource & data sources. This involves updating any existing Terraform configurations of the resource to use `copy_settings.#.zone_id` instead of `copy_settings.#.replication_spec_id`. This is needed as `mongodbatlas_advanced_cluster` resource and data source will no longer have `replication_specs.#.id` present when shards are scaled independently. To learn more, review the [1.18.0 Migration Guide](1.18.0-upgrade-guide.md#transition-cloud-backup-schedules-for-clusters-to-use-zones). +-> **NOTE:** For any cluster leveraging the new sharding configurations and defining independently scaled shards, users should also update corresponding `mongodbatlas_cloud_backup_schedule` resource & data sources. This involves updating any existing Terraform configurations of the resource to use `copy_settings.#.zone_id` instead of `copy_settings.#.replication_spec_id`. This is needed as `mongodbatlas_advanced_cluster` resource and data source will no longer have `replication_specs.#.id` present when shards are scaled independently. To learn more, review the [1.18.0 Migration Guide](1.18.0-upgrade-guide.md#transition-cloud-backup-schedules-for-clusters-to-use-zones). diff --git a/docs/guides/cluster-to-advanced-cluster-migration-guide.md b/docs/guides/cluster-to-advanced-cluster-migration-guide.md index 03a3f369a5..ccade2d6dc 100644 --- a/docs/guides/cluster-to-advanced-cluster-migration-guide.md +++ b/docs/guides/cluster-to-advanced-cluster-migration-guide.md @@ -12,7 +12,7 @@ page_title: "Migration Guide: Cluster to Advanced Cluster" 2. Provider Settings: Moved from the top level to the replication spec allowing you to create multi-cloud clusters. 3. Auto Scaling: Moved from the top level to the replication spec allowing you to scale replication specs individually. 4. Backup Configuration: Renamed from `cloud_backup` to `backup_enabled`. -5. See the [Migration Guide: Advanced Cluster New Sharding Schema](advanced-cluster-new-sharding-schema#migration-sharded) for changes to `num_shards` and the new `zone_id`. +5. See the [Migration Guide: Advanced Cluster New Sharding Configurations](advanced-cluster-new-sharding-schema#migration-sharded) for changes to `num_shards` and the new `zone_id`. ### Example 1: Old Configuration (`mongodbatlas_cluster`) diff --git a/docs/index.md b/docs/index.md index 06f666ecc1..b2d5124fc2 100644 --- a/docs/index.md +++ b/docs/index.md @@ -219,7 +219,7 @@ We ship binaries but do not prioritize fixes for the following operating system ## Examples from MongoDB and the Community -We have [example configurations](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.17.6/examples) +We have [example configurations](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/v1.18.1/examples) in our GitHub repo that will help both beginner and more advanced users. Have a good example you've created and want to share? diff --git a/docs/resources/advanced_cluster.md b/docs/resources/advanced_cluster.md index c73c9b48eb..2d2d534ec8 100644 --- a/docs/resources/advanced_cluster.md +++ b/docs/resources/advanced_cluster.md @@ -383,7 +383,7 @@ This parameter defaults to false. * `labels` - (Optional) Set that contains key-value pairs between 1 to 255 characters in length for tagging and categorizing the cluster. See [below](#labels). **DEPRECATED** Use `tags` instead. * `mongo_db_major_version` - (Optional) Version of the cluster to deploy. Atlas supports the following MongoDB versions for M10+ clusters: `4.4`, `5.0`, `6.0` or `7.0`. If omitted, Atlas deploys a cluster that runs MongoDB 7.0. If `replication_specs#.region_configs#.Specs.instance_size`: `M0`, `M2` or `M5`, Atlas deploys MongoDB 4.4. Atlas always deploys the cluster with the latest stable release of the specified version. If you set a value to this parameter and set `version_release_system` `CONTINUOUS`, the resource returns an error. Either clear this parameter or set `version_release_system`: `LTS`. * `pit_enabled` - (Optional) - Flag that indicates if the cluster uses Continuous Cloud Backup. -* `replication_specs` - List of settings that configure your cluster regions. This attribute has one object per shard representing node configurations in each shard. For replica sets there is only one object representing node configurations. If for each replication_spec `num_shards` is configured with a value greater than 1 (using deprecated sharding schema), then each object represents a zone with one or more shards. See [below](#replication_specs) +* `replication_specs` - List of settings that configure your cluster regions. This attribute has one object per shard representing node configurations in each shard. For replica sets there is only one object representing node configurations. If for each replication_spec `num_shards` is configured with a value greater than 1 (using deprecated sharding configurations), then each object represents a zone with one or more shards. See [below](#replication_specs) * `root_cert_type` - (Optional) - Certificate Authority that MongoDB Atlas clusters use. You can specify ISRGROOTX1 (for ISRG Root X1). * `termination_protection_enabled` - Flag that indicates whether termination protection is enabled on the cluster. If set to true, MongoDB Cloud won't delete the cluster. If set to false, MongoDB Cloud will delete the cluster. * `version_release_system` - (Optional) - Release cadence that Atlas uses for this cluster. This parameter defaults to `LTS`. If you set this field to `CONTINUOUS`, you must omit the `mongo_db_major_version` field. Atlas accepts: @@ -693,3 +693,4 @@ See detailed information for arguments and attributes: [MongoDB API Advanced Clu ~> **IMPORTANT:**
• When a cluster is imported, the resulting schema structure will always return the new schema including `replication_specs` per independent shards of the cluster. +
• Note: The first time `terraform apply` command is run **after** updating the configuration of an imported cluster, you may receive a `500 Internal Server Error (Error code: "SERVICE_UNAVAILABLE")` error. This is a known temporary issue. If you encounter this, please re-run `terraform apply` and this time the update should succeed. diff --git a/docs/resources/encryption_at_rest.md b/docs/resources/encryption_at_rest.md index 10064434e3..1b861ba39d 100644 --- a/docs/resources/encryption_at_rest.md +++ b/docs/resources/encryption_at_rest.md @@ -6,6 +6,8 @@ [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) +The [encryption at rest Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/encryption-at-rest/mongodbatlas/latest) makes use of this resource and simplifies its use. + After configuring at least one Encryption at Rest provider for the Atlas project, Project Owners can enable Encryption at Rest for each Atlas cluster for which they require encryption. The Encryption at Rest provider does not have to match the cluster cloud service provider. Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project. diff --git a/docs/resources/privatelink_endpoint.md b/docs/resources/privatelink_endpoint.md index 0b4eb81665..2753926b24 100644 --- a/docs/resources/privatelink_endpoint.md +++ b/docs/resources/privatelink_endpoint.md @@ -2,6 +2,8 @@ `mongodbatlas_privatelink_endpoint` provides a Private Endpoint resource. This represents a [Private Endpoint Service](https://www.mongodb.com/docs/atlas/security-private-endpoint/#private-endpoint-concepts) that can be created in an Atlas project. +The [private link Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/private-endpoint/mongodbatlas/latest) makes use of this resource and simplifies its use. + ~> **IMPORTANT:**You must have one of the following roles to successfully handle the resource: * Organization Owner * Project Owner @@ -79,4 +81,4 @@ Private Endpoint Service can be imported using project ID, private link ID, prov $ terraform import mongodbatlas_privatelink_endpoint.test 1112222b3bf99403840e8934-3242342343112-AWS-us-east-1 ``` -See detailed information for arguments and attributes: [MongoDB API Private Endpoint Service](https://docs.atlas.mongodb.com/reference/api/private-endpoints-service-create-one//) \ No newline at end of file +See detailed information for arguments and attributes: [MongoDB API Private Endpoint Service](https://docs.atlas.mongodb.com/reference/api/private-endpoints-service-create-one/) diff --git a/docs/resources/privatelink_endpoint_service.md b/docs/resources/privatelink_endpoint_service.md index b22f42de3b..1427810101 100644 --- a/docs/resources/privatelink_endpoint_service.md +++ b/docs/resources/privatelink_endpoint_service.md @@ -2,6 +2,8 @@ `mongodbatlas_privatelink_endpoint_service` provides a Private Endpoint Interface Link resource. This represents a Private Endpoint Interface Link, which adds one [Interface Endpoint](https://www.mongodb.com/docs/atlas/security-private-endpoint/#private-endpoint-concepts) to a private endpoint connection in an Atlas project. +The [private link Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/private-endpoint/mongodbatlas/latest) makes use of this resource and simplifies its use. + ~> **IMPORTANT:**You must have one of the following roles to successfully handle the resource: * Organization Owner * Project Owner diff --git a/docs/resources/push_based_log_export.md b/docs/resources/push_based_log_export.md index 5c2f5cb41a..a3ae1e863b 100644 --- a/docs/resources/push_based_log_export.md +++ b/docs/resources/push_based_log_export.md @@ -3,6 +3,8 @@ `mongodbatlas_push_based_log_export` provides a resource for push-based log export feature. The resource lets you configure, enable & disable the project level settings for the push-based log export feature. Using this resource you can continually push logs from mongod, mongos, and audit logs to an Amazon S3 bucket. Atlas exports logs every 5 minutes. +The [push based log export Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/push-based-log-export/mongodbatlas/latest) makes use of this resource and simplifies its use. + ## Example Usages diff --git a/docs/resources/stream_connection.md b/docs/resources/stream_connection.md index 962ca1831f..9fd9d50454 100644 --- a/docs/resources/stream_connection.md +++ b/docs/resources/stream_connection.md @@ -96,7 +96,7 @@ If `type` is of value `Kafka` the following additional arguments are defined: ### DBRoleToExecute -* `role` - The name of the role to use. Can be a built in role or a custom role. +* `role` - The name of the role to use. Value can be `atlasAdmin`, `readWriteAnyDatabase`, or `readAnyDatabase` if `type` is set to `BUILT_IN`, or the name of a user-defined role if `type` is set to `CUSTOM`. * `type` - Type of the DB role. Can be either BUILT_IN or CUSTOM. ## Import diff --git a/examples/mongodbatlas_advanced_cluster/asymmetric-sharded-cluster/versions.tf b/examples/mongodbatlas_advanced_cluster/asymmetric-sharded-cluster/versions.tf index 4f4050928f..9b4be6c14c 100644 --- a/examples/mongodbatlas_advanced_cluster/asymmetric-sharded-cluster/versions.tf +++ b/examples/mongodbatlas_advanced_cluster/asymmetric-sharded-cluster/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { mongodbatlas = { source = "mongodb/mongodbatlas" - version = "~> 1.17" + version = "~> 1.18" } } required_version = ">= 1.0" diff --git a/examples/mongodbatlas_advanced_cluster/global-cluster/versions.tf b/examples/mongodbatlas_advanced_cluster/global-cluster/versions.tf index a8f13589d1..9b4be6c14c 100644 --- a/examples/mongodbatlas_advanced_cluster/global-cluster/versions.tf +++ b/examples/mongodbatlas_advanced_cluster/global-cluster/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { mongodbatlas = { source = "mongodb/mongodbatlas" - version = "~> 1.10.0" + version = "~> 1.18" } } required_version = ">= 1.0" diff --git a/examples/mongodbatlas_advanced_cluster/multi-cloud/versions.tf b/examples/mongodbatlas_advanced_cluster/multi-cloud/versions.tf index a8f13589d1..9b4be6c14c 100644 --- a/examples/mongodbatlas_advanced_cluster/multi-cloud/versions.tf +++ b/examples/mongodbatlas_advanced_cluster/multi-cloud/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { mongodbatlas = { source = "mongodb/mongodbatlas" - version = "~> 1.10.0" + version = "~> 1.18" } } required_version = ">= 1.0" diff --git a/examples/mongodbatlas_advanced_cluster/tenant-upgrade/main.tf b/examples/mongodbatlas_advanced_cluster/tenant-upgrade/main.tf index 3dad9ff507..863eb1b240 100644 --- a/examples/mongodbatlas_advanced_cluster/tenant-upgrade/main.tf +++ b/examples/mongodbatlas_advanced_cluster/tenant-upgrade/main.tf @@ -9,8 +9,6 @@ resource "mongodbatlas_advanced_cluster" "cluster" { cluster_type = "REPLICASET" replication_specs { - num_shards = 1 - region_configs { electable_specs { instance_size = var.provider_instance_size_name @@ -31,4 +29,4 @@ resource "mongodbatlas_advanced_cluster" "cluster" { resource "mongodbatlas_project" "project" { name = "TenantUpgradeTest" org_id = var.atlas_org_id -} \ No newline at end of file +} diff --git a/go.mod b/go.mod index 42813b6766..65e23141f6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/mongodb/terraform-provider-mongodbatlas -go 1.22 +go 1.23 require ( github.com/andygrunwald/go-jira/v2 v2.0.0-20240116150243-50d59fe116d6 @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-changelog v0.0.0-20240318095659-4d68c58a6e7f github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/go-version v1.7.0 - github.com/hashicorp/hcl/v2 v2.21.0 + github.com/hashicorp/hcl/v2 v2.22.0 github.com/hashicorp/terraform-plugin-framework v1.10.0 github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1 github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 @@ -22,9 +22,9 @@ require ( github.com/spf13/cast v1.6.0 github.com/stretchr/testify v1.9.0 github.com/zclconf/go-cty v1.15.0 - go.mongodb.org/atlas v0.36.0 + go.mongodb.org/atlas v0.37.0 go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 - go.mongodb.org/atlas-sdk/v20240805001 v20240805001.1.1-0.20240826083604-5148b5e06fe3 + go.mongodb.org/atlas-sdk/v20240805003 v20240805003.0.0 go.mongodb.org/realm v0.1.0 ) diff --git a/go.sum b/go.sum index 01da42592d..8c698c5820 100644 --- a/go.sum +++ b/go.sum @@ -506,8 +506,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= github.com/hashicorp/hcl/v2 v2.8.2/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY= -github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= -github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= +github.com/hashicorp/hcl/v2 v2.22.0 h1:hkZ3nCtqeJsDhPRFz5EA9iwcG1hNWGePOTw6oyul12M= +github.com/hashicorp/hcl/v2 v2.22.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7 h1:Pc5TCv9mbxFN6UVX0LH6CpQrdTM5YjbVI2w15237Pjk= @@ -778,14 +778,12 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmB github.com/zclconf/go-cty-yaml v1.0.2 h1:dNyg4QLTrv2IfJpm7Wtxi55ed5gLGOlPrZ6kMd51hY0= github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= go.mongodb.org/atlas v0.12.0/go.mod h1:wVCnHcm/7/IfTjEB6K8K35PLG70yGz8BdkRwX0oK9/M= -go.mongodb.org/atlas v0.36.0 h1:m05S3AO7zkl+bcG1qaNsEKBnAqnKx2FDwLooHpIG3j4= -go.mongodb.org/atlas v0.36.0/go.mod h1:nfPldE9dSama6G2IbIzmEza02Ly7yFZjMMVscaM0uEc= +go.mongodb.org/atlas v0.37.0 h1:zQnO1o5+bVP9IotpAYpres4UjMD2F4nwNEFTZhNL4ck= +go.mongodb.org/atlas v0.37.0/go.mod h1:DJYtM+vsEpPEMSkQzJnFHrT0sP7ev6cseZc/GGjJYG8= go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0 h1:d/gbYJ+obR0EM/3DZf7+ZMi2QWISegm3mid7Or708cc= go.mongodb.org/atlas-sdk/v20240530005 v20240530005.0.0/go.mod h1:O47ZrMMfcWb31wznNIq2PQkkdoFoK0ea2GlmRqGJC2s= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc h1:ZZOXzXjt9PMOx1tKz76aenAikF6n5f8qvitaarDWJ9Q= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.0.1-0.20240813143344-1cfe40386cbc/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.1.1-0.20240826083604-5148b5e06fe3 h1:Xru9985dRWbJB1d0bQ4wu5FYGEu9ke3SHNJ2BgJdbNQ= -go.mongodb.org/atlas-sdk/v20240805001 v20240805001.1.1-0.20240826083604-5148b5e06fe3/go.mod h1:0aHEphVfsYbpg3CiEUcXeAU7OVoOFig1tltXdLjYiSQ= +go.mongodb.org/atlas-sdk/v20240805003 v20240805003.0.0 h1:f2PRtW3r9873dGApUXwf/njVT2uWpXtGw9Pg9czMX5I= +go.mongodb.org/atlas-sdk/v20240805003 v20240805003.0.0/go.mod h1:CVDolHhHTrXPPqig+7KKTPu54tIVqsrtmQm4LssNcZ0= go.mongodb.org/realm v0.1.0 h1:zJiXyLaZrznQ+Pz947ziSrDKUep39DO4SfA0Fzx8M4M= go.mongodb.org/realm v0.1.0/go.mod h1:4Vj6iy+Puo1TDERcoh4XZ+pjtwbOzPpzqy3Cwe8ZmDM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/internal/common/constant/deprecation.go b/internal/common/constant/deprecation.go index 9572bcc843..72211322d2 100644 --- a/internal/common/constant/deprecation.go +++ b/internal/common/constant/deprecation.go @@ -5,6 +5,7 @@ const ( DeprecationParamWithReplacement = "This parameter is deprecated. Please transition to %s." DeprecationParamByDate = "This parameter is deprecated and will be removed by %s." DeprecationParamByDateWithReplacement = "This parameter is deprecated and will be removed by %s. Please transition to %s." + DeprecationParamFutureWithReplacement = "This parameter is deprecated and will be removed in the future. Please transition to %s" DeprecationParamByVersion = "This parameter is deprecated and will be removed in version %s." DeprecationResourceByDateWithReplacement = "This resource is deprecated and will be removed in %s. Please transition to %s." DeprecationDataSourceByDateWithReplacement = "This data source is deprecated and will be removed in %s. Please transition to %s." diff --git a/internal/common/conversion/flatten_expand.go b/internal/common/conversion/flatten_expand.go index e97b4450bc..4a36480cda 100644 --- a/internal/common/conversion/flatten_expand.go +++ b/internal/common/conversion/flatten_expand.go @@ -3,7 +3,7 @@ package conversion import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func FlattenLinks(links []admin.Link) []map[string]string { diff --git a/internal/config/client.go b/internal/config/client.go index 8b31a10ccd..dfcec11ba2 100644 --- a/internal/config/client.go +++ b/internal/config/client.go @@ -10,7 +10,7 @@ import ( "time" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" matlasClient "go.mongodb.org/atlas/mongodbatlas" realmAuth "go.mongodb.org/realm/auth" "go.mongodb.org/realm/realm" diff --git a/internal/service/accesslistapikey/data_source_accesslist_api_keys.go b/internal/service/accesslistapikey/data_source_accesslist_api_keys.go index 0ce79a22d4..62effe0dc0 100644 --- a/internal/service/accesslistapikey/data_source_accesslist_api_keys.go +++ b/internal/service/accesslistapikey/data_source_accesslist_api_keys.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/accesslistapikey/resource_access_list_api_key.go b/internal/service/accesslistapikey/resource_access_list_api_key.go index f099ec0e14..a5c4bdc2a9 100644 --- a/internal/service/accesslistapikey/resource_access_list_api_key.go +++ b/internal/service/accesslistapikey/resource_access_list_api_key.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/advancedcluster/data_source_advanced_cluster.go b/internal/service/advancedcluster/data_source_advanced_cluster.go index 082fdc113b..c81b5e3ceb 100644 --- a/internal/service/advancedcluster/data_source_advanced_cluster.go +++ b/internal/service/advancedcluster/data_source_advanced_cluster.go @@ -70,7 +70,7 @@ func DataSource() *schema.Resource { "labels": { Type: schema.TypeSet, Computed: true, - Deprecated: fmt.Sprintf(constant.DeprecationParamByDateWithReplacement, "September 2024", "tags"), + Deprecated: fmt.Sprintf(constant.DeprecationParamFutureWithReplacement, "tags"), Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { diff --git a/internal/service/advancedcluster/data_source_advanced_clusters.go b/internal/service/advancedcluster/data_source_advanced_clusters.go index edd7b3e869..b9e7b1f877 100644 --- a/internal/service/advancedcluster/data_source_advanced_clusters.go +++ b/internal/service/advancedcluster/data_source_advanced_clusters.go @@ -7,7 +7,7 @@ import ( "net/http" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" @@ -83,7 +83,7 @@ func PluralDataSource() *schema.Resource { "labels": { Type: schema.TypeSet, Computed: true, - Deprecated: fmt.Sprintf(constant.DeprecationParamByDateWithReplacement, "September 2024", "tags"), + Deprecated: fmt.Sprintf(constant.DeprecationParamFutureWithReplacement, "tags"), Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { diff --git a/internal/service/advancedcluster/model_advanced_cluster.go b/internal/service/advancedcluster/model_advanced_cluster.go index c02c7d9f03..04bd6f0ec3 100644 --- a/internal/service/advancedcluster/model_advanced_cluster.go +++ b/internal/service/advancedcluster/model_advanced_cluster.go @@ -10,7 +10,7 @@ import ( "strings" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" diff --git a/internal/service/advancedcluster/model_advanced_cluster_test.go b/internal/service/advancedcluster/model_advanced_cluster_test.go index 5f66222a7f..7d39eb45bb 100644 --- a/internal/service/advancedcluster/model_advanced_cluster_test.go +++ b/internal/service/advancedcluster/model_advanced_cluster_test.go @@ -9,8 +9,8 @@ import ( admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/stretchr/testify/assert" diff --git a/internal/service/advancedcluster/model_sdk_version_conversion.go b/internal/service/advancedcluster/model_sdk_version_conversion.go index dcc3559dec..1a85c53309 100644 --- a/internal/service/advancedcluster/model_sdk_version_conversion.go +++ b/internal/service/advancedcluster/model_sdk_version_conversion.go @@ -2,7 +2,7 @@ package advancedcluster import ( admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" ) diff --git a/internal/service/advancedcluster/resource_advanced_cluster.go b/internal/service/advancedcluster/resource_advanced_cluster.go index c18965b4f5..31d71545ad 100644 --- a/internal/service/advancedcluster/resource_advanced_cluster.go +++ b/internal/service/advancedcluster/resource_advanced_cluster.go @@ -13,7 +13,7 @@ import ( "time" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" @@ -126,7 +126,7 @@ func Resource() *schema.Resource { Type: schema.TypeSet, Optional: true, Set: HashFunctionForKeyValuePair, - Deprecated: fmt.Sprintf(constant.DeprecationParamByDateWithReplacement, "September 2024", "tags"), + Deprecated: fmt.Sprintf(constant.DeprecationParamFutureWithReplacement, "tags"), Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { diff --git a/internal/service/advancedcluster/resource_advanced_cluster_migration_test.go b/internal/service/advancedcluster/resource_advanced_cluster_migration_test.go index 79fef52580..69bd1d9db3 100644 --- a/internal/service/advancedcluster/resource_advanced_cluster_migration_test.go +++ b/internal/service/advancedcluster/resource_advanced_cluster_migration_test.go @@ -3,6 +3,7 @@ package advancedcluster_test import ( "fmt" "os" + "regexp" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -15,31 +16,26 @@ import ( const versionBeforeISSRelease = "1.17.6" func TestMigAdvancedCluster_replicaSetAWSProvider(t *testing.T) { - // once 1.18.0 is released we can adjust this to always check new attributes - CLOUDP-266096 - testCase := replicaSetAWSProviderTestCase(t, false) + testCase := replicaSetAWSProviderTestCase(t) mig.CreateAndRunTest(t, &testCase) } func TestMigAdvancedCluster_replicaSetMultiCloud(t *testing.T) { - // once 1.18.0 is released we can adjust this to always check new attributes - CLOUDP-266096 - testCase := replicaSetMultiCloudTestCase(t, false) + testCase := replicaSetMultiCloudTestCase(t) mig.CreateAndRunTest(t, &testCase) } func TestMigAdvancedCluster_singleShardedMultiCloud(t *testing.T) { - // once 1.18.0 is released we can adjust this to always check new attributes - CLOUDP-266096 - testCase := singleShardedMultiCloudTestCase(t, false) + testCase := singleShardedMultiCloudTestCase(t) mig.CreateAndRunTest(t, &testCase) } func TestMigAdvancedCluster_symmetricGeoShardedOldSchema(t *testing.T) { - // once 1.18.0 is released we can adjust this to always check new attributes - CLOUDP-266096 - testCase := symmetricGeoShardedOldSchemaTestCase(t, false) + testCase := symmetricGeoShardedOldSchemaTestCase(t) mig.CreateAndRunTest(t, &testCase) } func TestMigAdvancedCluster_asymmetricShardedNewSchema(t *testing.T) { - acc.SkipTestForCI(t) // latest release does not support ISS, to be adjusted in CLOUDP-266096 testCase := asymmetricShardedNewSchemaTestCase(t) mig.CreateAndRunTest(t, &testCase) } @@ -109,6 +105,11 @@ func TestMigAdvancedCluster_shardedMigrationFromOldToNewSchema(t *testing.T) { Config: configShardedTransitionOldToNewSchema(orgID, projectName, clusterName, false), Check: checkShardedTransitionOldToNewSchema(false), }, + { + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + Config: configShardedTransitionOldToNewSchema(orgID, projectName, clusterName, true), + ExpectError: regexp.MustCompile("SERVICE_UNAVAILABLE"), + }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Config: configShardedTransitionOldToNewSchema(orgID, projectName, clusterName, true), @@ -134,6 +135,11 @@ func TestMigAdvancedCluster_geoShardedMigrationFromOldToNewSchema(t *testing.T) Config: configGeoShardedTransitionOldToNewSchema(orgID, projectName, clusterName, false), Check: checkGeoShardedTransitionOldToNewSchema(false), }, + { + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + Config: configShardedTransitionOldToNewSchema(orgID, projectName, clusterName, true), + ExpectError: regexp.MustCompile("SERVICE_UNAVAILABLE"), + }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Config: configGeoShardedTransitionOldToNewSchema(orgID, projectName, clusterName, true), diff --git a/internal/service/advancedcluster/resource_advanced_cluster_test.go b/internal/service/advancedcluster/resource_advanced_cluster_test.go index 2ef25cc775..beba9619ae 100644 --- a/internal/service/advancedcluster/resource_advanced_cluster_test.go +++ b/internal/service/advancedcluster/resource_advanced_cluster_test.go @@ -8,7 +8,7 @@ import ( "testing" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -54,9 +54,9 @@ func TestAccClusterAdvancedCluster_basicTenant(t *testing.T) { } func TestAccClusterAdvancedCluster_replicaSetAWSProvider(t *testing.T) { - resource.ParallelTest(t, replicaSetAWSProviderTestCase(t, true)) + resource.ParallelTest(t, replicaSetAWSProviderTestCase(t)) } -func replicaSetAWSProviderTestCase(t *testing.T, checkNewAttributes bool) resource.TestCase { +func replicaSetAWSProviderTestCase(t *testing.T) resource.TestCase { t.Helper() var ( projectID = acc.ProjectIDExecution(t) @@ -70,11 +70,11 @@ func replicaSetAWSProviderTestCase(t *testing.T, checkNewAttributes bool) resour Steps: []resource.TestStep{ { Config: configReplicaSetAWSProvider(projectID, clusterName, 60, 3), - Check: checkReplicaSetAWSProvider(projectID, clusterName, 60, 3, checkNewAttributes, checkNewAttributes), + Check: checkReplicaSetAWSProvider(projectID, clusterName, 60, 3, true, true), }, { Config: configReplicaSetAWSProvider(projectID, clusterName, 50, 5), - Check: checkReplicaSetAWSProvider(projectID, clusterName, 50, 5, checkNewAttributes, checkNewAttributes), + Check: checkReplicaSetAWSProvider(projectID, clusterName, 50, 5, true, true), }, { ResourceName: resourceName, @@ -88,9 +88,9 @@ func replicaSetAWSProviderTestCase(t *testing.T, checkNewAttributes bool) resour } func TestAccClusterAdvancedCluster_replicaSetMultiCloud(t *testing.T) { - resource.ParallelTest(t, replicaSetMultiCloudTestCase(t, true)) + resource.ParallelTest(t, replicaSetMultiCloudTestCase(t)) } -func replicaSetMultiCloudTestCase(t *testing.T, verifyExternalID bool) resource.TestCase { +func replicaSetMultiCloudTestCase(t *testing.T) resource.TestCase { t.Helper() var ( orgID = os.Getenv("MONGODB_ATLAS_ORG_ID") @@ -106,11 +106,11 @@ func replicaSetMultiCloudTestCase(t *testing.T, verifyExternalID bool) resource. Steps: []resource.TestStep{ { Config: configReplicaSetMultiCloud(orgID, projectName, clusterName), - Check: checkReplicaSetMultiCloud(clusterName, 3, verifyExternalID), + Check: checkReplicaSetMultiCloud(clusterName, 3), }, { Config: configReplicaSetMultiCloud(orgID, projectName, clusterNameUpdated), - Check: checkReplicaSetMultiCloud(clusterNameUpdated, 3, verifyExternalID), + Check: checkReplicaSetMultiCloud(clusterNameUpdated, 3), }, { ResourceName: resourceName, @@ -124,10 +124,10 @@ func replicaSetMultiCloudTestCase(t *testing.T, verifyExternalID bool) resource. } func TestAccClusterAdvancedCluster_singleShardedMultiCloud(t *testing.T) { - resource.ParallelTest(t, singleShardedMultiCloudTestCase(t, true)) + resource.ParallelTest(t, singleShardedMultiCloudTestCase(t)) } -func singleShardedMultiCloudTestCase(t *testing.T, verifyExternalID bool) resource.TestCase { +func singleShardedMultiCloudTestCase(t *testing.T) resource.TestCase { t.Helper() var ( orgID = os.Getenv("MONGODB_ATLAS_ORG_ID") @@ -143,11 +143,11 @@ func singleShardedMultiCloudTestCase(t *testing.T, verifyExternalID bool) resour Steps: []resource.TestStep{ { Config: configShardedOldSchemaMultiCloud(orgID, projectName, clusterName, 1, "M10"), - Check: checkShardedOldSchemaMultiCloud(clusterName, 1, "M10", verifyExternalID), + Check: checkShardedOldSchemaMultiCloud(clusterName, 1, "M10", true), }, { Config: configShardedOldSchemaMultiCloud(orgID, projectName, clusterNameUpdated, 1, "M10"), - Check: checkShardedOldSchemaMultiCloud(clusterNameUpdated, 1, "M10", verifyExternalID), + Check: checkShardedOldSchemaMultiCloud(clusterNameUpdated, 1, "M10", true), }, { ResourceName: resourceName, @@ -535,10 +535,10 @@ func TestAccClusterAdvancedClusterConfig_symmetricShardedOldSchema(t *testing.T) } func TestAccClusterAdvancedClusterConfig_symmetricGeoShardedOldSchema(t *testing.T) { - resource.ParallelTest(t, symmetricGeoShardedOldSchemaTestCase(t, true)) + resource.ParallelTest(t, symmetricGeoShardedOldSchemaTestCase(t)) } -func symmetricGeoShardedOldSchemaTestCase(t *testing.T, checkNewAttributes bool) resource.TestCase { +func symmetricGeoShardedOldSchemaTestCase(t *testing.T) resource.TestCase { t.Helper() var ( orgID = os.Getenv("MONGODB_ATLAS_ORG_ID") @@ -553,11 +553,11 @@ func symmetricGeoShardedOldSchemaTestCase(t *testing.T, checkNewAttributes bool) Steps: []resource.TestStep{ { Config: configGeoShardedOldSchema(orgID, projectName, clusterName, 2, 2, false), - Check: checkGeoShardedOldSchema(clusterName, 2, 2, checkNewAttributes, false), + Check: checkGeoShardedOldSchema(clusterName, 2, 2, true, false), }, { Config: configGeoShardedOldSchema(orgID, projectName, clusterName, 3, 3, false), - Check: checkGeoShardedOldSchema(clusterName, 3, 3, checkNewAttributes, false), + Check: checkGeoShardedOldSchema(clusterName, 3, 3, true, false), }, }, } @@ -600,16 +600,16 @@ func TestAccClusterAdvancedClusterConfig_symmetricShardedNewSchemaToAsymmetricAd CheckDestroy: acc.CheckDestroyCluster, Steps: []resource.TestStep{ { - Config: configShardedNewSchema(orgID, projectName, clusterName, 50, "M30", "M30", 2000, 2000, false), - Check: checkShardedNewSchema(50, "M30", "M30", "2000", "2000", false, false), + Config: configShardedNewSchema(orgID, projectName, clusterName, 50, "M10", "M10", nil, nil, false), + Check: checkShardedNewSchema(50, "M10", "M10", nil, nil, false, false), }, { - Config: configShardedNewSchema(orgID, projectName, clusterName, 55, "M30", "M40", 2000, 2500, true), - Check: checkShardedNewSchema(55, "M30", "M40", "2000", "2500", true, true), + Config: configShardedNewSchema(orgID, projectName, clusterName, 55, "M10", "M20", nil, nil, true), // add middle replication spec and transition to asymmetric + Check: checkShardedNewSchema(55, "M10", "M20", nil, nil, true, true), }, { - Config: configShardedNewSchema(orgID, projectName, clusterName, 55, "M30", "M40", 2000, 2500, false), // removes middle replication spec - Check: checkShardedNewSchema(55, "M30", "M40", "2000", "2500", true, false), + Config: configShardedNewSchema(orgID, projectName, clusterName, 55, "M10", "M20", nil, nil, false), // removes middle replication spec + Check: checkShardedNewSchema(55, "M10", "M20", nil, nil, true, false), }, }, }) @@ -633,8 +633,8 @@ func asymmetricShardedNewSchemaTestCase(t *testing.T) resource.TestCase { CheckDestroy: acc.CheckDestroyCluster, Steps: []resource.TestStep{ { - Config: configShardedNewSchema(orgID, projectName, clusterName, 50, "M30", "M40", 2000, 2500, false), - Check: checkShardedNewSchema(50, "M30", "M40", "2000", "2500", true, false), + Config: configShardedNewSchema(orgID, projectName, clusterName, 50, "M30", "M40", admin.PtrInt(2000), admin.PtrInt(2500), false), + Check: checkShardedNewSchema(50, "M30", "M40", admin.PtrInt(2000), admin.PtrInt(2500), true, false), }, }, } @@ -1012,7 +1012,7 @@ func configReplicaSetMultiCloud(orgID, projectName, name string) string { `, orgID, projectName, name) } -func checkReplicaSetMultiCloud(name string, regionConfigs int, verifyExternalID bool) resource.TestCheckFunc { +func checkReplicaSetMultiCloud(name string, regionConfigs int) resource.TestCheckFunc { additionalChecks := []resource.TestCheckFunc{ resource.TestCheckResourceAttr(resourceName, "retain_backups_enabled", "false"), resource.TestCheckResourceAttrWith(resourceName, "replication_specs.0.region_configs.#", acc.JSONEquals(strconv.Itoa(regionConfigs))), @@ -1021,9 +1021,7 @@ func checkReplicaSetMultiCloud(name string, regionConfigs int, verifyExternalID resource.TestCheckResourceAttrSet(dataSourcePluralName, "results.#"), resource.TestCheckResourceAttrSet(dataSourcePluralName, "results.0.replication_specs.#"), resource.TestCheckResourceAttrSet(dataSourcePluralName, "results.0.name"), - } - if verifyExternalID { - additionalChecks = append(additionalChecks, resource.TestCheckResourceAttrSet(resourceName, "replication_specs.0.external_id")) + resource.TestCheckResourceAttrSet(resourceName, "replication_specs.0.external_id"), } return checkAggr( []string{"project_id", "replication_specs.#", "replication_specs.0.id"}, @@ -1482,7 +1480,7 @@ func checkShardedOldSchemaDiskSizeGBElectableLevel(diskSizeGB int) resource.Test }) } -func configShardedNewSchema(orgID, projectName, name string, diskSizeGB int, firstInstanceSize, lastInstanceSize string, firstDiskIops, lastDiskIops int, includeMiddleSpec bool) string { +func configShardedNewSchema(orgID, projectName, name string, diskSizeGB int, firstInstanceSize, lastInstanceSize string, firstDiskIOPS, lastDiskIOPS *int, includeMiddleSpec bool) string { var thirdReplicationSpec string if includeMiddleSpec { thirdReplicationSpec = fmt.Sprintf(` @@ -1505,6 +1503,20 @@ func configShardedNewSchema(orgID, projectName, name string, diskSizeGB int, fir } `, firstInstanceSize, diskSizeGB) } + var firstDiskIOPSAttrs string + if firstDiskIOPS != nil { + firstDiskIOPSAttrs = fmt.Sprintf(` + disk_iops = %d + ebs_volume_type = "PROVISIONED" + `, *firstDiskIOPS) + } + var lastDiskIOPSAttrs string + if lastDiskIOPS != nil { + lastDiskIOPSAttrs = fmt.Sprintf(` + disk_iops = %d + ebs_volume_type = "PROVISIONED" + `, *lastDiskIOPS) + } return fmt.Sprintf(` resource "mongodbatlas_project" "cluster_project" { org_id = %[1]q @@ -1521,10 +1533,9 @@ func configShardedNewSchema(orgID, projectName, name string, diskSizeGB int, fir region_configs { electable_specs { instance_size = %[4]q - disk_iops = %[6]d - ebs_volume_type = "PROVISIONED" node_count = 3 disk_size_gb = %[9]d + %[6]s } analytics_specs { instance_size = %[4]q @@ -1543,10 +1554,9 @@ func configShardedNewSchema(orgID, projectName, name string, diskSizeGB int, fir region_configs { electable_specs { instance_size = %[5]q - disk_iops = %[7]d - ebs_volume_type = "PROVISIONED" node_count = 3 disk_size_gb = %[9]d + %[7]s } analytics_specs { instance_size = %[5]q @@ -1570,10 +1580,10 @@ func configShardedNewSchema(orgID, projectName, name string, diskSizeGB int, fir project_id = mongodbatlas_advanced_cluster.test.project_id use_replication_spec_per_shard = true } - `, orgID, projectName, name, firstInstanceSize, lastInstanceSize, firstDiskIops, lastDiskIops, thirdReplicationSpec, diskSizeGB) + `, orgID, projectName, name, firstInstanceSize, lastInstanceSize, firstDiskIOPSAttrs, lastDiskIOPSAttrs, thirdReplicationSpec, diskSizeGB) } -func checkShardedNewSchema(diskSizeGB int, firstInstanceSize, lastInstanceSize, firstDiskIops, lastDiskIops string, isAsymmetricCluster, includeMiddleSpec bool) resource.TestCheckFunc { +func checkShardedNewSchema(diskSizeGB int, firstInstanceSize, lastInstanceSize string, firstDiskIops, lastDiskIops *int, isAsymmetricCluster, includeMiddleSpec bool) resource.TestCheckFunc { amtOfReplicationSpecs := 2 if includeMiddleSpec { amtOfReplicationSpecs = 3 @@ -1593,8 +1603,12 @@ func checkShardedNewSchema(diskSizeGB int, firstInstanceSize, lastInstanceSize, fmt.Sprintf("replication_specs.%d.region_configs.0.electable_specs.0.disk_size_gb", lastSpecIndex): fmt.Sprintf("%d", diskSizeGB), "replication_specs.0.region_configs.0.analytics_specs.0.disk_size_gb": fmt.Sprintf("%d", diskSizeGB), fmt.Sprintf("replication_specs.%d.region_configs.0.analytics_specs.0.disk_size_gb", lastSpecIndex): fmt.Sprintf("%d", diskSizeGB), - "replication_specs.0.region_configs.0.electable_specs.0.disk_iops": firstDiskIops, - fmt.Sprintf("replication_specs.%d.region_configs.0.electable_specs.0.disk_iops", lastSpecIndex): lastDiskIops, + } + if firstDiskIops != nil { + clusterChecks["replication_specs.0.region_configs.0.electable_specs.0.disk_iops"] = fmt.Sprintf("%d", *firstDiskIops) + } + if lastDiskIops != nil { + clusterChecks[fmt.Sprintf("replication_specs.%d.region_configs.0.electable_specs.0.disk_iops", lastSpecIndex)] = fmt.Sprintf("%d", *lastDiskIops) } // plural data source checks diff --git a/internal/service/advancedcluster/resource_update_logic.go b/internal/service/advancedcluster/resource_update_logic.go index 146fe729ad..d518494042 100644 --- a/internal/service/advancedcluster/resource_update_logic.go +++ b/internal/service/advancedcluster/resource_update_logic.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func noIDsPopulatedInReplicationSpecs(replicationSpecs *[]admin.ReplicationSpec20240805) bool { diff --git a/internal/service/advancedcluster/resource_update_logic_test.go b/internal/service/advancedcluster/resource_update_logic_test.go index 009e51e55d..f9986b8b13 100644 --- a/internal/service/advancedcluster/resource_update_logic_test.go +++ b/internal/service/advancedcluster/resource_update_logic_test.go @@ -5,7 +5,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/advancedcluster" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestAddIDsToReplicationSpecs(t *testing.T) { diff --git a/internal/service/alertconfiguration/data_source_alert_configuration.go b/internal/service/alertconfiguration/data_source_alert_configuration.go index 8909a10c18..182fcf0099 100644 --- a/internal/service/alertconfiguration/data_source_alert_configuration.go +++ b/internal/service/alertconfiguration/data_source_alert_configuration.go @@ -14,7 +14,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/zclconf/go-cty/cty" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var _ datasource.DataSource = &alertConfigurationDS{} diff --git a/internal/service/alertconfiguration/data_source_alert_configurations.go b/internal/service/alertconfiguration/data_source_alert_configurations.go index f3ab30d2bf..2161f7979c 100644 --- a/internal/service/alertconfiguration/data_source_alert_configurations.go +++ b/internal/service/alertconfiguration/data_source_alert_configurations.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const alertConfigurationsDataSourceName = "alert_configurations" diff --git a/internal/service/alertconfiguration/model_alert_configuration.go b/internal/service/alertconfiguration/model_alert_configuration.go index 2c7e6571e5..4f7fca83cd 100644 --- a/internal/service/alertconfiguration/model_alert_configuration.go +++ b/internal/service/alertconfiguration/model_alert_configuration.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewNotificationList(list []TfNotificationModel) (*[]admin.AlertsNotificationRootForGroup, error) { diff --git a/internal/service/alertconfiguration/model_alert_configuration_test.go b/internal/service/alertconfiguration/model_alert_configuration_test.go index ac63c13e83..0d8704b59f 100644 --- a/internal/service/alertconfiguration/model_alert_configuration_test.go +++ b/internal/service/alertconfiguration/model_alert_configuration_test.go @@ -7,7 +7,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/alertconfiguration" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/alertconfiguration/resource_alert_configuration.go b/internal/service/alertconfiguration/resource_alert_configuration.go index 24080129b6..de1cd6e7c0 100644 --- a/internal/service/alertconfiguration/resource_alert_configuration.go +++ b/internal/service/alertconfiguration/resource_alert_configuration.go @@ -20,7 +20,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/apikey/data_source_api_keys.go b/internal/service/apikey/data_source_api_keys.go index 19744e8f27..4e5cd62812 100644 --- a/internal/service/apikey/data_source_api_keys.go +++ b/internal/service/apikey/data_source_api_keys.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/apikey/resource_api_key.go b/internal/service/apikey/resource_api_key.go index f6731c64d4..c3262f870f 100644 --- a/internal/service/apikey/resource_api_key.go +++ b/internal/service/apikey/resource_api_key.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/atlasuser/data_source_atlas_user.go b/internal/service/atlasuser/data_source_atlas_user.go index 7a662e55e4..27c83e51a7 100644 --- a/internal/service/atlasuser/data_source_atlas_user.go +++ b/internal/service/atlasuser/data_source_atlas_user.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/atlasuser/data_source_atlas_user_test.go b/internal/service/atlasuser/data_source_atlas_user_test.go index 56ace2bf2d..aaa6f397a2 100644 --- a/internal/service/atlasuser/data_source_atlas_user_test.go +++ b/internal/service/atlasuser/data_source_atlas_user_test.go @@ -10,7 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestAccConfigDSAtlasUser_ByUserID(t *testing.T) { diff --git a/internal/service/atlasuser/data_source_atlas_users.go b/internal/service/atlasuser/data_source_atlas_users.go index e036e942b3..a5c8977d51 100644 --- a/internal/service/atlasuser/data_source_atlas_users.go +++ b/internal/service/atlasuser/data_source_atlas_users.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/atlasuser/data_source_atlas_users_test.go b/internal/service/atlasuser/data_source_atlas_users_test.go index af0baf55c4..5a5ba0f55a 100644 --- a/internal/service/atlasuser/data_source_atlas_users_test.go +++ b/internal/service/atlasuser/data_source_atlas_users_test.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/atlasuser" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestAccConfigDSAtlasUsers_ByOrgID(t *testing.T) { diff --git a/internal/service/auditing/resource_auditing.go b/internal/service/auditing/resource_auditing.go index 91cffaf374..3aa3feca46 100644 --- a/internal/service/auditing/resource_auditing.go +++ b/internal/service/auditing/resource_auditing.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/backupcompliancepolicy/resource_backup_compliance_policy.go b/internal/service/backupcompliancepolicy/resource_backup_compliance_policy.go index 39448e2024..c63ed964d5 100644 --- a/internal/service/backupcompliancepolicy/resource_backup_compliance_policy.go +++ b/internal/service/backupcompliancepolicy/resource_backup_compliance_policy.go @@ -8,7 +8,7 @@ import ( "net/http" "strings" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/internal/service/cloudbackupschedule/data_source_cloud_backup_schedule.go b/internal/service/cloudbackupschedule/data_source_cloud_backup_schedule.go index 25510ef617..809d939922 100644 --- a/internal/service/cloudbackupschedule/data_source_cloud_backup_schedule.go +++ b/internal/service/cloudbackupschedule/data_source_cloud_backup_schedule.go @@ -8,7 +8,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/cloudbackupschedule/model_cloud_backup_schedule.go b/internal/service/cloudbackupschedule/model_cloud_backup_schedule.go index bd8747afee..b7013bda55 100644 --- a/internal/service/cloudbackupschedule/model_cloud_backup_schedule.go +++ b/internal/service/cloudbackupschedule/model_cloud_backup_schedule.go @@ -2,7 +2,7 @@ package cloudbackupschedule import ( admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func FlattenPolicyItem(items []admin.DiskBackupApiPolicyItem, frequencyType string) []map[string]any { diff --git a/internal/service/cloudbackupschedule/model_cloud_backup_schedule_test.go b/internal/service/cloudbackupschedule/model_cloud_backup_schedule_test.go index 50304e7d5b..e573361dee 100644 --- a/internal/service/cloudbackupschedule/model_cloud_backup_schedule_test.go +++ b/internal/service/cloudbackupschedule/model_cloud_backup_schedule_test.go @@ -6,7 +6,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/cloudbackupschedule" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestFlattenPolicyItem(t *testing.T) { diff --git a/internal/service/cloudbackupschedule/model_sdk_version_conversion.go b/internal/service/cloudbackupschedule/model_sdk_version_conversion.go index 7f156507d0..5e59dd3c3b 100644 --- a/internal/service/cloudbackupschedule/model_sdk_version_conversion.go +++ b/internal/service/cloudbackupschedule/model_sdk_version_conversion.go @@ -2,7 +2,7 @@ package cloudbackupschedule import ( admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) // Conversions from one SDK model version to another are used to avoid duplicating our flatten/expand conversion functions. diff --git a/internal/service/cloudbackupschedule/resource_cloud_backup_schedule.go b/internal/service/cloudbackupschedule/resource_cloud_backup_schedule.go index c67cc55b20..f4720df14c 100644 --- a/internal/service/cloudbackupschedule/resource_cloud_backup_schedule.go +++ b/internal/service/cloudbackupschedule/resource_cloud_backup_schedule.go @@ -14,7 +14,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/spf13/cast" admin20240530 "go.mongodb.org/atlas-sdk/v20240530005/admin" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/cloudbackupsnapshot/data_source_cloud_backup_snapshots.go b/internal/service/cloudbackupsnapshot/data_source_cloud_backup_snapshots.go index bf5283b9b2..ad0fd6f71c 100644 --- a/internal/service/cloudbackupsnapshot/data_source_cloud_backup_snapshots.go +++ b/internal/service/cloudbackupsnapshot/data_source_cloud_backup_snapshots.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot.go b/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot.go index 2f852f50de..8bcae4e545 100644 --- a/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot.go +++ b/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot.go @@ -4,7 +4,7 @@ import ( "errors" "regexp" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func SplitSnapshotImportID(id string) (*admin.GetReplicaSetBackupApiParams, error) { diff --git a/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot_test.go b/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot_test.go index 8e2df8d6af..32bad1804a 100644 --- a/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot_test.go +++ b/internal/service/cloudbackupsnapshot/model_cloud_backup_snapshot_test.go @@ -5,7 +5,7 @@ import ( "testing" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/cloudbackupsnapshot" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestSplitSnapshotImportID(t *testing.T) { diff --git a/internal/service/cloudbackupsnapshot/resource_cloud_backup_snapshot.go b/internal/service/cloudbackupsnapshot/resource_cloud_backup_snapshot.go index 172f1ad22c..e8bb360817 100644 --- a/internal/service/cloudbackupsnapshot/resource_cloud_backup_snapshot.go +++ b/internal/service/cloudbackupsnapshot/resource_cloud_backup_snapshot.go @@ -14,7 +14,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/cluster" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshotexportbucket/data_source_cloud_backup_snapshot_export_buckets.go b/internal/service/cloudbackupsnapshotexportbucket/data_source_cloud_backup_snapshot_export_buckets.go index 7b6b5b19f3..c8d5354ad2 100644 --- a/internal/service/cloudbackupsnapshotexportbucket/data_source_cloud_backup_snapshot_export_buckets.go +++ b/internal/service/cloudbackupsnapshotexportbucket/data_source_cloud_backup_snapshot_export_buckets.go @@ -7,7 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshotexportbucket/resource_cloud_backup_snapshot_export_bucket.go b/internal/service/cloudbackupsnapshotexportbucket/resource_cloud_backup_snapshot_export_bucket.go index cfb2fc4f74..e53fe51012 100644 --- a/internal/service/cloudbackupsnapshotexportbucket/resource_cloud_backup_snapshot_export_bucket.go +++ b/internal/service/cloudbackupsnapshotexportbucket/resource_cloud_backup_snapshot_export_bucket.go @@ -14,7 +14,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshotexportjob/data_source_cloud_backup_snapshot_export_jobs.go b/internal/service/cloudbackupsnapshotexportjob/data_source_cloud_backup_snapshot_export_jobs.go index a29f13d3a6..2f915200ee 100644 --- a/internal/service/cloudbackupsnapshotexportjob/data_source_cloud_backup_snapshot_export_jobs.go +++ b/internal/service/cloudbackupsnapshotexportjob/data_source_cloud_backup_snapshot_export_jobs.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshotexportjob/resource_cloud_backup_snapshot_export_job.go b/internal/service/cloudbackupsnapshotexportjob/resource_cloud_backup_snapshot_export_job.go index 8fe4a0d7a3..063909512b 100644 --- a/internal/service/cloudbackupsnapshotexportjob/resource_cloud_backup_snapshot_export_job.go +++ b/internal/service/cloudbackupsnapshotexportjob/resource_cloud_backup_snapshot_export_job.go @@ -11,7 +11,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshotrestorejob/data_source_cloud_backup_snapshot_restore_jobs.go b/internal/service/cloudbackupsnapshotrestorejob/data_source_cloud_backup_snapshot_restore_jobs.go index 4cfe052d43..3cc07c2eba 100644 --- a/internal/service/cloudbackupsnapshotrestorejob/data_source_cloud_backup_snapshot_restore_jobs.go +++ b/internal/service/cloudbackupsnapshotrestorejob/data_source_cloud_backup_snapshot_restore_jobs.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/cloudbackupsnapshotrestorejob/resource_cloud_backup_snapshot_restore_job.go b/internal/service/cloudbackupsnapshotrestorejob/resource_cloud_backup_snapshot_restore_job.go index 56a3a776d5..6700299b70 100644 --- a/internal/service/cloudbackupsnapshotrestorejob/resource_cloud_backup_snapshot_restore_job.go +++ b/internal/service/cloudbackupsnapshotrestorejob/resource_cloud_backup_snapshot_restore_job.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go index 85feb002ef..f1164f6170 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_authorization.go @@ -12,7 +12,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) /* @@ -260,7 +260,7 @@ func resourceCloudProviderAccessAuthorizationStateUpgradeV0(ctx context.Context, } func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.ResourceData, projectID string, targetRole *admin.CloudProviderAccessRole) diag.Diagnostics { - req := &admin.CloudProviderAccessRoleRequestUpdate{ + req := &admin.CloudProviderAccessRole{ ProviderName: targetRole.ProviderName, } @@ -281,9 +281,11 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou roleID = targetRole.GetId() } + var role *admin.CloudProviderAccessRole var err error + for i := 0; i < 3; i++ { - _, _, err = client.CloudProviderAccessApi.AuthorizeCloudProviderAccessRole(ctx, projectID, roleID, req).Execute() + role, _, err = client.CloudProviderAccessApi.AuthorizeCloudProviderAccessRole(ctx, projectID, roleID, req).Execute() if err != nil && strings.Contains(err.Error(), "CANNOT_ASSUME_ROLE") { // aws takes time to update , in case of single path log.Printf("warning issue performing authorize: %s \n", err.Error()) log.Println("retrying") @@ -299,10 +301,6 @@ func authorizeRole(ctx context.Context, client *admin.APIClient, d *schema.Resou if err != nil { return diag.FromErr(fmt.Errorf("error cloud provider access authorization %s", err)) } - role, _, err := client.CloudProviderAccessApi.GetCloudProviderAccessRole(ctx, projectID, roleID).Execute() - if err != nil { - return diag.FromErr(fmt.Errorf("error cloud provider access authorization read after authorization %s", err)) - } authSchema := roleToSchemaAuthorization(role) diff --git a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go index 8d3bd7fa50..a593195062 100644 --- a/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go +++ b/internal/service/cloudprovideraccess/resource_cloud_provider_access_setup.go @@ -6,7 +6,7 @@ import ( "net/http" "regexp" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -134,9 +134,8 @@ func resourceCloudProviderAccessSetupCreate(ctx context.Context, d *schema.Resou conn := meta.(*config.MongoDBClient).AtlasV2 - providerName := d.Get("provider_name").(string) - requestParameters := &admin.CloudProviderAccessRoleRequest{ - ProviderName: providerName, + requestParameters := &admin.CloudProviderAccessRole{ + ProviderName: d.Get("provider_name").(string), } if value, ok := d.GetOk("azure_config.0.atlas_azure_app_id"); ok { @@ -151,17 +150,7 @@ func resourceCloudProviderAccessSetupCreate(ctx context.Context, d *schema.Resou requestParameters.SetTenantId(value.(string)) } - roleCreate, _, err := conn.CloudProviderAccessApi.CreateCloudProviderAccessRole(ctx, projectID, requestParameters).Execute() - if err != nil { - return diag.FromErr(fmt.Errorf(errorCloudProviderAccessCreate, err)) - } - var roleID string - if providerName == constant.AZURE { - roleID = roleCreate.GetId() - } else { - roleID = roleCreate.GetRoleId() - } - role, _, err := conn.CloudProviderAccessApi.GetCloudProviderAccessRole(ctx, projectID, roleID).Execute() + role, _, err := conn.CloudProviderAccessApi.CreateCloudProviderAccessRole(ctx, projectID, requestParameters).Execute() if err != nil { return diag.FromErr(fmt.Errorf(errorCloudProviderAccessCreate, err)) } diff --git a/internal/service/cluster/data_source_cluster.go b/internal/service/cluster/data_source_cluster.go index 82026a53aa..32b995875c 100644 --- a/internal/service/cluster/data_source_cluster.go +++ b/internal/service/cluster/data_source_cluster.go @@ -289,7 +289,7 @@ func DataSource() *schema.Resource { "labels": { Type: schema.TypeSet, Computed: true, - Deprecated: fmt.Sprintf(constant.DeprecationParamByDateWithReplacement, "September 2024", "tags"), + Deprecated: fmt.Sprintf(constant.DeprecationParamFutureWithReplacement, "tags"), Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { diff --git a/internal/service/cluster/data_source_clusters.go b/internal/service/cluster/data_source_clusters.go index ac63ed3e27..c5e8ac10da 100644 --- a/internal/service/cluster/data_source_clusters.go +++ b/internal/service/cluster/data_source_clusters.go @@ -292,7 +292,7 @@ func PluralDataSource() *schema.Resource { "labels": { Type: schema.TypeSet, Computed: true, - Deprecated: fmt.Sprintf(constant.DeprecationParamByDateWithReplacement, "September 2024", "tags"), + Deprecated: fmt.Sprintf(constant.DeprecationParamFutureWithReplacement, "tags"), Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { diff --git a/internal/service/cluster/resource_cluster.go b/internal/service/cluster/resource_cluster.go index 01a63dc42f..41f38f4da2 100644 --- a/internal/service/cluster/resource_cluster.go +++ b/internal/service/cluster/resource_cluster.go @@ -314,7 +314,7 @@ func Resource() *schema.Resource { Type: schema.TypeSet, Optional: true, Set: advancedcluster.HashFunctionForKeyValuePair, - Deprecated: fmt.Sprintf(constant.DeprecationParamByDateWithReplacement, "September 2024", "tags"), + Deprecated: fmt.Sprintf(constant.DeprecationParamFutureWithReplacement, "tags"), Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { diff --git a/internal/service/clusteroutagesimulation/resource_cluster_outage_simulation.go b/internal/service/clusteroutagesimulation/resource_cluster_outage_simulation.go index d9271a7baa..6a943eab52 100644 --- a/internal/service/clusteroutagesimulation/resource_cluster_outage_simulation.go +++ b/internal/service/clusteroutagesimulation/resource_cluster_outage_simulation.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/controlplaneipaddresses/model.go b/internal/service/controlplaneipaddresses/model.go index e70ec902c0..a50fee8946 100644 --- a/internal/service/controlplaneipaddresses/model.go +++ b/internal/service/controlplaneipaddresses/model.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewTFControlPlaneIPAddresses(ctx context.Context, apiResp *admin.ControlPlaneIPAddresses) (*TFControlPlaneIpAddressesModel, diag.Diagnostics) { diff --git a/internal/service/controlplaneipaddresses/model_test.go b/internal/service/controlplaneipaddresses/model_test.go index 7a4e2f48ea..5c627b5120 100644 --- a/internal/service/controlplaneipaddresses/model_test.go +++ b/internal/service/controlplaneipaddresses/model_test.go @@ -9,7 +9,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/controlplaneipaddresses" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) type sdkToTFModelTestCase struct { diff --git a/internal/service/customdbrole/data_source_custom_db_roles.go b/internal/service/customdbrole/data_source_custom_db_roles.go index 3f7492bbc7..dfe78c2b79 100644 --- a/internal/service/customdbrole/data_source_custom_db_roles.go +++ b/internal/service/customdbrole/data_source_custom_db_roles.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/customdbrole/resource_custom_db_role.go b/internal/service/customdbrole/resource_custom_db_role.go index 4043f34be5..239ecd3fde 100644 --- a/internal/service/customdbrole/resource_custom_db_role.go +++ b/internal/service/customdbrole/resource_custom_db_role.go @@ -17,7 +17,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/spf13/cast" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/customdbrole/resource_custom_db_role_test.go b/internal/service/customdbrole/resource_custom_db_role_test.go index 8e9360f71f..02809cfba5 100644 --- a/internal/service/customdbrole/resource_custom_db_role_test.go +++ b/internal/service/customdbrole/resource_custom_db_role_test.go @@ -11,7 +11,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" "github.com/spf13/cast" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const resourceName = "mongodbatlas_custom_db_role.test" diff --git a/internal/service/customdnsconfigurationclusteraws/resource_custom_dns_configuration_cluster_aws.go b/internal/service/customdnsconfigurationclusteraws/resource_custom_dns_configuration_cluster_aws.go index 8fea87b8d2..488fa9bef5 100644 --- a/internal/service/customdnsconfigurationclusteraws/resource_custom_dns_configuration_cluster_aws.go +++ b/internal/service/customdnsconfigurationclusteraws/resource_custom_dns_configuration_cluster_aws.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/databaseuser/model_database_user.go b/internal/service/databaseuser/model_database_user.go index a27b018149..90c31d0bd9 100644 --- a/internal/service/databaseuser/model_database_user.go +++ b/internal/service/databaseuser/model_database_user.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewMongoDBDatabaseUser(ctx context.Context, statePasswordValue types.String, dbUserModel *TfDatabaseUserModel) (*admin.CloudDatabaseUser, diag.Diagnostics) { diff --git a/internal/service/databaseuser/model_database_user_test.go b/internal/service/databaseuser/model_database_user_test.go index c829481f22..0b0d5602a0 100644 --- a/internal/service/databaseuser/model_database_user_test.go +++ b/internal/service/databaseuser/model_database_user_test.go @@ -9,7 +9,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/databaseuser" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var ( diff --git a/internal/service/databaseuser/resource_database_user_migration_test.go b/internal/service/databaseuser/resource_database_user_migration_test.go index 6d37e4c860..3716139021 100644 --- a/internal/service/databaseuser/resource_database_user_migration_test.go +++ b/internal/service/databaseuser/resource_database_user_migration_test.go @@ -3,7 +3,7 @@ package databaseuser_test import ( "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" diff --git a/internal/service/databaseuser/resource_database_user_test.go b/internal/service/databaseuser/resource_database_user_test.go index 1e614f5ec4..8281fe67fd 100644 --- a/internal/service/databaseuser/resource_database_user_test.go +++ b/internal/service/databaseuser/resource_database_user_test.go @@ -11,7 +11,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/databaseuser" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/datalakepipeline/data_source_data_lake_pipeline_run.go b/internal/service/datalakepipeline/data_source_data_lake_pipeline_run.go index 25bdf48651..04a5da68a6 100644 --- a/internal/service/datalakepipeline/data_source_data_lake_pipeline_run.go +++ b/internal/service/datalakepipeline/data_source_data_lake_pipeline_run.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const errorDataLakePipelineRunRead = "error reading MongoDB Atlas DataLake Run (%s): %s" diff --git a/internal/service/datalakepipeline/data_source_data_lake_pipeline_runs.go b/internal/service/datalakepipeline/data_source_data_lake_pipeline_runs.go index c11ba3ae90..9c357fec0f 100644 --- a/internal/service/datalakepipeline/data_source_data_lake_pipeline_runs.go +++ b/internal/service/datalakepipeline/data_source_data_lake_pipeline_runs.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const errorDataLakePipelineRunList = "error reading MongoDB Atlas DataLake Runs (%s): %s" diff --git a/internal/service/datalakepipeline/data_source_data_lake_pipelines.go b/internal/service/datalakepipeline/data_source_data_lake_pipelines.go index fb4dfffbe9..1846c35428 100644 --- a/internal/service/datalakepipeline/data_source_data_lake_pipelines.go +++ b/internal/service/datalakepipeline/data_source_data_lake_pipelines.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const errorDataLakePipelineList = "error creating MongoDB Atlas DataLake Pipelines: %s" diff --git a/internal/service/datalakepipeline/resource_data_lake_pipeline.go b/internal/service/datalakepipeline/resource_data_lake_pipeline.go index dcb97f9268..0420997a30 100644 --- a/internal/service/datalakepipeline/resource_data_lake_pipeline.go +++ b/internal/service/datalakepipeline/resource_data_lake_pipeline.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/encryptionatrest/data_source_schema.go b/internal/service/encryptionatrest/data_source_schema.go index 4d83bebd53..2c3c5e8267 100644 --- a/internal/service/encryptionatrest/data_source_schema.go +++ b/internal/service/encryptionatrest/data_source_schema.go @@ -3,7 +3,7 @@ package encryptionatrest import ( "context" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/datasource/schema" "github.com/hashicorp/terraform-plugin-framework/types" diff --git a/internal/service/encryptionatrest/model.go b/internal/service/encryptionatrest/model.go index d2e268410f..3a3fddbce7 100644 --- a/internal/service/encryptionatrest/model.go +++ b/internal/service/encryptionatrest/model.go @@ -3,7 +3,7 @@ package encryptionatrest import ( "context" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/types" diff --git a/internal/service/encryptionatrest/model_test.go b/internal/service/encryptionatrest/model_test.go index eb3fdf6d2e..0d78ad05ad 100644 --- a/internal/service/encryptionatrest/model_test.go +++ b/internal/service/encryptionatrest/model_test.go @@ -4,12 +4,11 @@ import ( "context" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "github.com/hashicorp/terraform-plugin-framework/types" "github.com/stretchr/testify/assert" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var ( diff --git a/internal/service/encryptionatrest/resource.go b/internal/service/encryptionatrest/resource.go index d8840fe92b..0370d0af3c 100644 --- a/internal/service/encryptionatrest/resource.go +++ b/internal/service/encryptionatrest/resource.go @@ -9,8 +9,6 @@ import ( "reflect" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" @@ -27,6 +25,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/validate" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/project" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index 671cc702a9..e2e2ab2ec7 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -5,14 +5,13 @@ import ( "os" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestMigEncryptionAtRest_basicAWS(t *testing.T) { diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 6483155ab3..c175313c03 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -8,19 +8,18 @@ import ( "strconv" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" - "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" ) const ( diff --git a/internal/service/encryptionatrestprivateendpoint/model.go b/internal/service/encryptionatrestprivateendpoint/model.go index 2ed3087a68..a509b18c84 100644 --- a/internal/service/encryptionatrestprivateendpoint/model.go +++ b/internal/service/encryptionatrestprivateendpoint/model.go @@ -3,7 +3,7 @@ package encryptionatrestprivateendpoint import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewTFEarPrivateEndpoint(apiResp admin.EARPrivateEndpoint, projectID string) TFEarPrivateEndpointModel { diff --git a/internal/service/encryptionatrestprivateendpoint/model_test.go b/internal/service/encryptionatrestprivateendpoint/model_test.go index ed265f9ae2..33a13cc4e8 100644 --- a/internal/service/encryptionatrestprivateendpoint/model_test.go +++ b/internal/service/encryptionatrestprivateendpoint/model_test.go @@ -3,7 +3,7 @@ package encryptionatrestprivateendpoint_test import ( "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/stretchr/testify/assert" diff --git a/internal/service/encryptionatrestprivateendpoint/plural_data_source.go b/internal/service/encryptionatrestprivateendpoint/plural_data_source.go index 779d653138..77caf87394 100644 --- a/internal/service/encryptionatrestprivateendpoint/plural_data_source.go +++ b/internal/service/encryptionatrestprivateendpoint/plural_data_source.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/datasource" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/dsschema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var _ datasource.DataSource = &encryptionAtRestPrivateEndpointsDS{} diff --git a/internal/service/encryptionatrestprivateendpoint/resource.go b/internal/service/encryptionatrestprivateendpoint/resource.go index 12d9c27d95..01940d51ef 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource.go +++ b/internal/service/encryptionatrestprivateendpoint/resource.go @@ -6,7 +6,7 @@ import ( "net/http" "regexp" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 91636e2f24..15c0f432eb 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -6,7 +6,7 @@ import ( "os" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-testing/helper/resource" diff --git a/internal/service/encryptionatrestprivateendpoint/state_transition.go b/internal/service/encryptionatrestprivateendpoint/state_transition.go index 26aaba312f..73bb5e1f20 100644 --- a/internal/service/encryptionatrestprivateendpoint/state_transition.go +++ b/internal/service/encryptionatrestprivateendpoint/state_transition.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/encryptionatrestprivateendpoint/state_transition_test.go b/internal/service/encryptionatrestprivateendpoint/state_transition_test.go index 8cd5792811..f06308b48c 100644 --- a/internal/service/encryptionatrestprivateendpoint/state_transition_test.go +++ b/internal/service/encryptionatrestprivateendpoint/state_transition_test.go @@ -13,8 +13,8 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrestprivateendpoint" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" ) type testCase struct { diff --git a/internal/service/federateddatabaseinstance/data_source_federated_database_instance_test.go b/internal/service/federateddatabaseinstance/data_source_federated_database_instance_test.go index 1f91f587f2..70c22fd762 100644 --- a/internal/service/federateddatabaseinstance/data_source_federated_database_instance_test.go +++ b/internal/service/federateddatabaseinstance/data_source_federated_database_instance_test.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestAccFederatedDatabaseInstanceDS_s3Bucket(t *testing.T) { diff --git a/internal/service/federateddatabaseinstance/data_source_federated_database_instances.go b/internal/service/federateddatabaseinstance/data_source_federated_database_instances.go index aa29744694..78f37148ca 100644 --- a/internal/service/federateddatabaseinstance/data_source_federated_database_instances.go +++ b/internal/service/federateddatabaseinstance/data_source_federated_database_instances.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" diff --git a/internal/service/federateddatabaseinstance/resource_federated_database_instance.go b/internal/service/federateddatabaseinstance/resource_federated_database_instance.go index 647b7629a8..9dde38f38f 100644 --- a/internal/service/federateddatabaseinstance/resource_federated_database_instance.go +++ b/internal/service/federateddatabaseinstance/resource_federated_database_instance.go @@ -7,7 +7,7 @@ import ( "net/http" "strings" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/internal/service/federatedquerylimit/data_source_federated_query_limits.go b/internal/service/federatedquerylimit/data_source_federated_query_limits.go index c270ed8c99..7886c003ae 100644 --- a/internal/service/federatedquerylimit/data_source_federated_query_limits.go +++ b/internal/service/federatedquerylimit/data_source_federated_query_limits.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/federatedquerylimit/resource_federated_query_limit.go b/internal/service/federatedquerylimit/resource_federated_query_limit.go index 9e8c744a26..02f2c778c9 100644 --- a/internal/service/federatedquerylimit/resource_federated_query_limit.go +++ b/internal/service/federatedquerylimit/resource_federated_query_limit.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/federatedsettingsidentityprovider/data_source_federated_settings_identity_providers.go b/internal/service/federatedsettingsidentityprovider/data_source_federated_settings_identity_providers.go index a393063e14..d29e30d07d 100644 --- a/internal/service/federatedsettingsidentityprovider/data_source_federated_settings_identity_providers.go +++ b/internal/service/federatedsettingsidentityprovider/data_source_federated_settings_identity_providers.go @@ -5,7 +5,7 @@ import ( "errors" "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider.go b/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider.go index a307e73983..9fe7309679 100644 --- a/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider.go +++ b/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider.go @@ -4,7 +4,7 @@ import ( "sort" "strings" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" diff --git a/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider_test.go b/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider_test.go index a1505b9d89..c6d031a19b 100644 --- a/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider_test.go +++ b/internal/service/federatedsettingsidentityprovider/model_federated_settings_identity_provider_test.go @@ -4,7 +4,7 @@ import ( "testing" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/stretchr/testify/assert" diff --git a/internal/service/federatedsettingsorgconfig/data_source_federated_settings.go b/internal/service/federatedsettingsorgconfig/data_source_federated_settings.go index e930171af6..9bb62d1314 100644 --- a/internal/service/federatedsettingsorgconfig/data_source_federated_settings.go +++ b/internal/service/federatedsettingsorgconfig/data_source_federated_settings.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func DataSourceSettings() *schema.Resource { diff --git a/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs.go b/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs.go index 0aca97e00f..a07b937981 100644 --- a/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs.go +++ b/internal/service/federatedsettingsorgconfig/data_source_federated_settings_connected_orgs.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/federatedsettingsorgconfig/model_federated_settings_connected_orgs.go b/internal/service/federatedsettingsorgconfig/model_federated_settings_connected_orgs.go index d9a8ab937d..c52b653185 100644 --- a/internal/service/federatedsettingsorgconfig/model_federated_settings_connected_orgs.go +++ b/internal/service/federatedsettingsorgconfig/model_federated_settings_connected_orgs.go @@ -4,7 +4,7 @@ import ( "sort" "strings" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) type roleMappingsByGroupName []admin.AuthFederationRoleMapping diff --git a/internal/service/federatedsettingsorgrolemapping/data_source_federated_settings_org_role_mappings.go b/internal/service/federatedsettingsorgrolemapping/data_source_federated_settings_org_role_mappings.go index ae8241e996..bd383db6fc 100644 --- a/internal/service/federatedsettingsorgrolemapping/data_source_federated_settings_org_role_mappings.go +++ b/internal/service/federatedsettingsorgrolemapping/data_source_federated_settings_org_role_mappings.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/federatedsettingsorgrolemapping/model_federated_settings_org_role_mapping.go b/internal/service/federatedsettingsorgrolemapping/model_federated_settings_org_role_mapping.go index 5a0208f843..3a5f2bffc6 100644 --- a/internal/service/federatedsettingsorgrolemapping/model_federated_settings_org_role_mapping.go +++ b/internal/service/federatedsettingsorgrolemapping/model_federated_settings_org_role_mapping.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) type mRoleAssignment []admin.RoleAssignment diff --git a/internal/service/federatedsettingsorgrolemapping/resource_federated_settings_org_role_mapping.go b/internal/service/federatedsettingsorgrolemapping/resource_federated_settings_org_role_mapping.go index fb5512dd1d..1f0282aa08 100644 --- a/internal/service/federatedsettingsorgrolemapping/resource_federated_settings_org_role_mapping.go +++ b/internal/service/federatedsettingsorgrolemapping/resource_federated_settings_org_role_mapping.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/ldapconfiguration/resource_ldap_configuration.go b/internal/service/ldapconfiguration/resource_ldap_configuration.go index 9182281009..191f89e92e 100644 --- a/internal/service/ldapconfiguration/resource_ldap_configuration.go +++ b/internal/service/ldapconfiguration/resource_ldap_configuration.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/ldapverify/resource_ldap_verify.go b/internal/service/ldapverify/resource_ldap_verify.go index e199c63e97..3e485ab487 100644 --- a/internal/service/ldapverify/resource_ldap_verify.go +++ b/internal/service/ldapverify/resource_ldap_verify.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/maintenancewindow/resource_maintenance_window.go b/internal/service/maintenancewindow/resource_maintenance_window.go index ca60b6cce1..7e0ba44162 100644 --- a/internal/service/maintenancewindow/resource_maintenance_window.go +++ b/internal/service/maintenancewindow/resource_maintenance_window.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/spf13/cast" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/networkcontainer/data_source_network_containers.go b/internal/service/networkcontainer/data_source_network_containers.go index ad5218c2cf..ece872b189 100644 --- a/internal/service/networkcontainer/data_source_network_containers.go +++ b/internal/service/networkcontainer/data_source_network_containers.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/networkcontainer/resource_network_container.go b/internal/service/networkcontainer/resource_network_container.go index e404ff7df1..b597e8fb77 100644 --- a/internal/service/networkcontainer/resource_network_container.go +++ b/internal/service/networkcontainer/resource_network_container.go @@ -17,7 +17,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/spf13/cast" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/networkpeering/data_source_network_peering.go b/internal/service/networkpeering/data_source_network_peering.go index f596831578..b8dfc33259 100644 --- a/internal/service/networkpeering/data_source_network_peering.go +++ b/internal/service/networkpeering/data_source_network_peering.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func DataSource() *schema.Resource { diff --git a/internal/service/networkpeering/data_source_network_peerings.go b/internal/service/networkpeering/data_source_network_peerings.go index 5412234217..97ef2598e6 100644 --- a/internal/service/networkpeering/data_source_network_peerings.go +++ b/internal/service/networkpeering/data_source_network_peerings.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/networkpeering/resource_network_peering.go b/internal/service/networkpeering/resource_network_peering.go index 23efb04908..42b417bc5a 100644 --- a/internal/service/networkpeering/resource_network_peering.go +++ b/internal/service/networkpeering/resource_network_peering.go @@ -16,7 +16,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/networkcontainer" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/onlinearchive/resource_online_archive.go b/internal/service/onlinearchive/resource_online_archive.go index d93371f089..96bdded486 100644 --- a/internal/service/onlinearchive/resource_online_archive.go +++ b/internal/service/onlinearchive/resource_online_archive.go @@ -15,7 +15,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/organization/data_source_organizations.go b/internal/service/organization/data_source_organizations.go index 484dab350a..4eda3355cb 100644 --- a/internal/service/organization/data_source_organizations.go +++ b/internal/service/organization/data_source_organizations.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" diff --git a/internal/service/organization/resource_organization.go b/internal/service/organization/resource_organization.go index dbeaa71c81..b8d0ae473c 100644 --- a/internal/service/organization/resource_organization.go +++ b/internal/service/organization/resource_organization.go @@ -6,7 +6,7 @@ import ( "log" "net/http" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/internal/service/organization/resource_organization_test.go b/internal/service/organization/resource_organization_test.go index 7b65af7ec8..3103cc900e 100644 --- a/internal/service/organization/resource_organization_test.go +++ b/internal/service/organization/resource_organization_test.go @@ -7,7 +7,7 @@ import ( "regexp" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" diff --git a/internal/service/orginvitation/resource_org_invitation.go b/internal/service/orginvitation/resource_org_invitation.go index bcdc8c7c16..fc7269e84d 100644 --- a/internal/service/orginvitation/resource_org_invitation.go +++ b/internal/service/orginvitation/resource_org_invitation.go @@ -10,7 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/privateendpointregionalmode/resource_private_endpoint_regional_mode.go b/internal/service/privateendpointregionalmode/resource_private_endpoint_regional_mode.go index af79008157..622410d3aa 100644 --- a/internal/service/privateendpointregionalmode/resource_private_endpoint_regional_mode.go +++ b/internal/service/privateendpointregionalmode/resource_private_endpoint_regional_mode.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/advancedcluster" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) type permCtxKey string diff --git a/internal/service/privatelinkendpoint/resource_privatelink_endpoint.go b/internal/service/privatelinkendpoint/resource_privatelink_endpoint.go index 261638f6a8..196b97a219 100644 --- a/internal/service/privatelinkendpoint/resource_privatelink_endpoint.go +++ b/internal/service/privatelinkendpoint/resource_privatelink_endpoint.go @@ -15,7 +15,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/privatelinkendpointserverless/resource_privatelink_endpoint_serverless.go b/internal/service/privatelinkendpointserverless/resource_privatelink_endpoint_serverless.go index cf58e60062..c5a3e106d3 100644 --- a/internal/service/privatelinkendpointserverless/resource_privatelink_endpoint_serverless.go +++ b/internal/service/privatelinkendpointserverless/resource_privatelink_endpoint_serverless.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" diff --git a/internal/service/privatelinkendpointservice/resource_privatelink_endpoint_service.go b/internal/service/privatelinkendpointservice/resource_privatelink_endpoint_service.go index 1de1317e79..b2ab84162b 100644 --- a/internal/service/privatelinkendpointservice/resource_privatelink_endpoint_service.go +++ b/internal/service/privatelinkendpointservice/resource_privatelink_endpoint_service.go @@ -16,7 +16,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/advancedcluster" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/privatelinkendpointservicedatafederationonlinearchive/data_source_privatelink_endpoint_service_data_federation_online_archives.go b/internal/service/privatelinkendpointservicedatafederationonlinearchive/data_source_privatelink_endpoint_service_data_federation_online_archives.go index e7df9475d4..f4166db1d6 100644 --- a/internal/service/privatelinkendpointservicedatafederationonlinearchive/data_source_privatelink_endpoint_service_data_federation_online_archives.go +++ b/internal/service/privatelinkendpointservicedatafederationonlinearchive/data_source_privatelink_endpoint_service_data_federation_online_archives.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/datalakepipeline" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const errorPrivateEndpointServiceDataFederationOnlineArchiveList = "error reading Private Endpoings for projectId %s: %s" diff --git a/internal/service/privatelinkendpointservicedatafederationonlinearchive/resource_privatelink_endpoint_service_data_federation_online_archive.go b/internal/service/privatelinkendpointservicedatafederationonlinearchive/resource_privatelink_endpoint_service_data_federation_online_archive.go index 0ae4f26ef8..2479acd3d0 100644 --- a/internal/service/privatelinkendpointservicedatafederationonlinearchive/resource_privatelink_endpoint_service_data_federation_online_archive.go +++ b/internal/service/privatelinkendpointservicedatafederationonlinearchive/resource_privatelink_endpoint_service_data_federation_online_archive.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/internal/service/privatelinkendpointserviceserverless/data_source_privatelink_endpoints_service_serverless.go b/internal/service/privatelinkendpointserviceserverless/data_source_privatelink_endpoints_service_serverless.go index c162674bb5..d296549603 100644 --- a/internal/service/privatelinkendpointserviceserverless/data_source_privatelink_endpoints_service_serverless.go +++ b/internal/service/privatelinkendpointserviceserverless/data_source_privatelink_endpoints_service_serverless.go @@ -7,7 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/privatelinkendpointserviceserverless/resource_privatelink_endpoint_service_serverless.go b/internal/service/privatelinkendpointserviceserverless/resource_privatelink_endpoint_service_serverless.go index 4f87ceecfc..b2bf1fc489 100644 --- a/internal/service/privatelinkendpointserviceserverless/resource_privatelink_endpoint_service_serverless.go +++ b/internal/service/privatelinkendpointserviceserverless/resource_privatelink_endpoint_service_serverless.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" diff --git a/internal/service/project/data_source_project.go b/internal/service/project/data_source_project.go index 30bd51cdf8..085455f9dc 100644 --- a/internal/service/project/data_source_project.go +++ b/internal/service/project/data_source_project.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/datasource" diff --git a/internal/service/project/data_source_projects.go b/internal/service/project/data_source_projects.go index e2d17eb7a4..ce18dbdf39 100644 --- a/internal/service/project/data_source_projects.go +++ b/internal/service/project/data_source_projects.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const projectsDataSourceName = "projects" diff --git a/internal/service/project/model_project.go b/internal/service/project/model_project.go index 2a1ffd8e3b..349cf824bf 100644 --- a/internal/service/project/model_project.go +++ b/internal/service/project/model_project.go @@ -3,7 +3,7 @@ package project import ( "context" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/diag" diff --git a/internal/service/project/model_project_test.go b/internal/service/project/model_project_test.go index ec139f2309..4a8a0a3928 100644 --- a/internal/service/project/model_project_test.go +++ b/internal/service/project/model_project_test.go @@ -4,7 +4,7 @@ import ( "context" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/types" diff --git a/internal/service/project/resource_project.go b/internal/service/project/resource_project.go index bc7671807d..e826dacc07 100644 --- a/internal/service/project/resource_project.go +++ b/internal/service/project/resource_project.go @@ -9,7 +9,7 @@ import ( "sort" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/path" diff --git a/internal/service/project/resource_project_migration_test.go b/internal/service/project/resource_project_migration_test.go index 76b5042f63..a6f48dde23 100644 --- a/internal/service/project/resource_project_migration_test.go +++ b/internal/service/project/resource_project_migration_test.go @@ -7,7 +7,7 @@ import ( "strings" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" diff --git a/internal/service/project/resource_project_test.go b/internal/service/project/resource_project_test.go index ef63f2852b..a4819cbde4 100644 --- a/internal/service/project/resource_project_test.go +++ b/internal/service/project/resource_project_test.go @@ -11,8 +11,8 @@ import ( "strings" "testing" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" diff --git a/internal/service/projectapikey/data_source_project_api_keys.go b/internal/service/projectapikey/data_source_project_api_keys.go index 55af1f551b..5b8e143c37 100644 --- a/internal/service/projectapikey/data_source_project_api_keys.go +++ b/internal/service/projectapikey/data_source_project_api_keys.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/projectapikey/resource_project_api_key.go b/internal/service/projectapikey/resource_project_api_key.go index f4a6b12c1d..f6bf7d3757 100644 --- a/internal/service/projectapikey/resource_project_api_key.go +++ b/internal/service/projectapikey/resource_project_api_key.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/projectinvitation/resource_project_invitation.go b/internal/service/projectinvitation/resource_project_invitation.go index 8ca1b7c199..37557b3f09 100644 --- a/internal/service/projectinvitation/resource_project_invitation.go +++ b/internal/service/projectinvitation/resource_project_invitation.go @@ -11,7 +11,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func Resource() *schema.Resource { diff --git a/internal/service/projectipaccesslist/model_project_ip_access_list.go b/internal/service/projectipaccesslist/model_project_ip_access_list.go index 12c7bae998..5c1c7076fd 100644 --- a/internal/service/projectipaccesslist/model_project_ip_access_list.go +++ b/internal/service/projectipaccesslist/model_project_ip_access_list.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewMongoDBProjectIPAccessList(projectIPAccessListModel *TfProjectIPAccessListModel) *[]admin.NetworkPermissionEntry { diff --git a/internal/service/projectipaccesslist/model_project_ip_access_list_test.go b/internal/service/projectipaccesslist/model_project_ip_access_list_test.go index e51f4a4787..a506d05713 100644 --- a/internal/service/projectipaccesslist/model_project_ip_access_list_test.go +++ b/internal/service/projectipaccesslist/model_project_ip_access_list_test.go @@ -9,7 +9,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/projectipaccesslist" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var ( diff --git a/internal/service/projectipaccesslist/resource_project_ip_access_list.go b/internal/service/projectipaccesslist/resource_project_ip_access_list.go index 144d587ce1..8be3c3bf8d 100644 --- a/internal/service/projectipaccesslist/resource_project_ip_access_list.go +++ b/internal/service/projectipaccesslist/resource_project_ip_access_list.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" diff --git a/internal/service/pushbasedlogexport/model.go b/internal/service/pushbasedlogexport/model.go index 0238196c0b..3c2106b7fd 100644 --- a/internal/service/pushbasedlogexport/model.go +++ b/internal/service/pushbasedlogexport/model.go @@ -3,7 +3,7 @@ package pushbasedlogexport import ( "context" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts" "github.com/hashicorp/terraform-plugin-framework/diag" diff --git a/internal/service/pushbasedlogexport/model_test.go b/internal/service/pushbasedlogexport/model_test.go index c0523a6c00..a967e3dd7c 100644 --- a/internal/service/pushbasedlogexport/model_test.go +++ b/internal/service/pushbasedlogexport/model_test.go @@ -5,7 +5,7 @@ import ( "testing" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts" "github.com/hashicorp/terraform-plugin-framework/types" diff --git a/internal/service/pushbasedlogexport/resource.go b/internal/service/pushbasedlogexport/resource.go index dfebae9189..dc35ad1c5a 100644 --- a/internal/service/pushbasedlogexport/resource.go +++ b/internal/service/pushbasedlogexport/resource.go @@ -7,7 +7,7 @@ import ( "slices" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" diff --git a/internal/service/pushbasedlogexport/state_transition.go b/internal/service/pushbasedlogexport/state_transition.go index e8c1283339..84f5c23c2e 100644 --- a/internal/service/pushbasedlogexport/state_transition.go +++ b/internal/service/pushbasedlogexport/state_transition.go @@ -5,7 +5,7 @@ import ( "errors" "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" diff --git a/internal/service/pushbasedlogexport/state_transition_test.go b/internal/service/pushbasedlogexport/state_transition_test.go index d49f0757b3..20d725bfdb 100644 --- a/internal/service/pushbasedlogexport/state_transition_test.go +++ b/internal/service/pushbasedlogexport/state_transition_test.go @@ -7,8 +7,8 @@ import ( "testing" "time" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" diff --git a/internal/service/searchdeployment/model_search_deployment.go b/internal/service/searchdeployment/model_search_deployment.go index 8548aacf19..90c6fcaa5b 100644 --- a/internal/service/searchdeployment/model_search_deployment.go +++ b/internal/service/searchdeployment/model_search_deployment.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewSearchDeploymentReq(ctx context.Context, searchDeploymentPlan *TFSearchDeploymentRSModel) admin.ApiSearchDeploymentRequest { diff --git a/internal/service/searchdeployment/model_search_deployment_test.go b/internal/service/searchdeployment/model_search_deployment_test.go index e82b8a6ff7..716be9b7d7 100644 --- a/internal/service/searchdeployment/model_search_deployment_test.go +++ b/internal/service/searchdeployment/model_search_deployment_test.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-framework/types/basetypes" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/searchdeployment" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) type sdkToTFModelTestCase struct { diff --git a/internal/service/searchdeployment/state_transition_search_deployment.go b/internal/service/searchdeployment/state_transition_search_deployment.go index 98c992be4c..5da0158914 100644 --- a/internal/service/searchdeployment/state_transition_search_deployment.go +++ b/internal/service/searchdeployment/state_transition_search_deployment.go @@ -10,7 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const SearchDeploymentDoesNotExistsError = "ATLAS_SEARCH_DEPLOYMENT_DOES_NOT_EXIST" diff --git a/internal/service/searchdeployment/state_transition_search_deployment_test.go b/internal/service/searchdeployment/state_transition_search_deployment_test.go index a004a1e4eb..8024a56771 100644 --- a/internal/service/searchdeployment/state_transition_search_deployment_test.go +++ b/internal/service/searchdeployment/state_transition_search_deployment_test.go @@ -12,8 +12,8 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/searchdeployment" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "go.mongodb.org/atlas-sdk/v20240805001/admin" - "go.mongodb.org/atlas-sdk/v20240805001/mockadmin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" ) var ( diff --git a/internal/service/searchindex/data_source_search_indexes.go b/internal/service/searchindex/data_source_search_indexes.go index d3bd55bc8f..951fc6fc25 100644 --- a/internal/service/searchindex/data_source_search_indexes.go +++ b/internal/service/searchindex/data_source_search_indexes.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/searchindex/model_search_index.go b/internal/service/searchindex/model_search_index.go index 40f7fb4d8c..16227ea7ae 100644 --- a/internal/service/searchindex/model_search_index.go +++ b/internal/service/searchindex/model_search_index.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func flattenSearchIndexSynonyms(synonyms []admin.SearchSynonymMappingDefinition) []map[string]any { diff --git a/internal/service/searchindex/resource_search_index.go b/internal/service/searchindex/resource_search_index.go index 559202413b..f36233f052 100644 --- a/internal/service/searchindex/resource_search_index.go +++ b/internal/service/searchindex/resource_search_index.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/serverlessinstance/data_source_serverless_instances.go b/internal/service/serverlessinstance/data_source_serverless_instances.go index 52f089258e..b2aacc74a5 100644 --- a/internal/service/serverlessinstance/data_source_serverless_instances.go +++ b/internal/service/serverlessinstance/data_source_serverless_instances.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/serverlessinstance/resource_serverless_instance.go b/internal/service/serverlessinstance/resource_serverless_instance.go index 828a7eaa03..c89b9b1abf 100644 --- a/internal/service/serverlessinstance/resource_serverless_instance.go +++ b/internal/service/serverlessinstance/resource_serverless_instance.go @@ -15,7 +15,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/advancedcluster" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/serverlessinstance/resource_serverless_instance_test.go b/internal/service/serverlessinstance/resource_serverless_instance_test.go index a527d70629..c7b92a7102 100644 --- a/internal/service/serverlessinstance/resource_serverless_instance_test.go +++ b/internal/service/serverlessinstance/resource_serverless_instance_test.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/sharedtier/data_source_cloud_shared_tier_restore_jobs.go b/internal/service/sharedtier/data_source_cloud_shared_tier_restore_jobs.go index 112ecf1086..d6b4ce47fa 100644 --- a/internal/service/sharedtier/data_source_cloud_shared_tier_restore_jobs.go +++ b/internal/service/sharedtier/data_source_cloud_shared_tier_restore_jobs.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" diff --git a/internal/service/sharedtier/data_source_shared_tier_snapshots.go b/internal/service/sharedtier/data_source_shared_tier_snapshots.go index 7654136b99..716577d600 100644 --- a/internal/service/sharedtier/data_source_shared_tier_snapshots.go +++ b/internal/service/sharedtier/data_source_shared_tier_snapshots.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" diff --git a/internal/service/streamconnection/data_source_stream_connections.go b/internal/service/streamconnection/data_source_stream_connections.go index 3800fc1052..3ac0eb0228 100644 --- a/internal/service/streamconnection/data_source_stream_connections.go +++ b/internal/service/streamconnection/data_source_stream_connections.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/dsschema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var _ datasource.DataSource = &streamConnectionsDS{} diff --git a/internal/service/streamconnection/data_source_stream_connections_test.go b/internal/service/streamconnection/data_source_stream_connections_test.go index 47af9736cc..e3685654b8 100644 --- a/internal/service/streamconnection/data_source_stream_connections_test.go +++ b/internal/service/streamconnection/data_source_stream_connections_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestAccStreamDSStreamConnections_basic(t *testing.T) { diff --git a/internal/service/streamconnection/model_stream_connection.go b/internal/service/streamconnection/model_stream_connection.go index 142efd7146..bfff03b0d2 100644 --- a/internal/service/streamconnection/model_stream_connection.go +++ b/internal/service/streamconnection/model_stream_connection.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types/basetypes" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewStreamConnectionReq(ctx context.Context, plan *TFStreamConnectionModel) (*admin.StreamsConnection, diag.Diagnostics) { diff --git a/internal/service/streamconnection/model_stream_connection_test.go b/internal/service/streamconnection/model_stream_connection_test.go index c60e122983..bf8de03933 100644 --- a/internal/service/streamconnection/model_stream_connection_test.go +++ b/internal/service/streamconnection/model_stream_connection_test.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/streamconnection" "github.com/stretchr/testify/assert" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/streaminstance/data_source_stream_instances.go b/internal/service/streaminstance/data_source_stream_instances.go index 898ffc3ae3..4159388c6d 100644 --- a/internal/service/streaminstance/data_source_stream_instances.go +++ b/internal/service/streaminstance/data_source_stream_instances.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/dsschema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var _ datasource.DataSource = &streamInstancesDS{} diff --git a/internal/service/streaminstance/data_source_stream_instances_test.go b/internal/service/streaminstance/data_source_stream_instances_test.go index 37b952ad9b..94dc32f21f 100644 --- a/internal/service/streaminstance/data_source_stream_instances_test.go +++ b/internal/service/streaminstance/data_source_stream_instances_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestAccStreamDSStreamInstances_basic(t *testing.T) { diff --git a/internal/service/streaminstance/model_stream_instance.go b/internal/service/streaminstance/model_stream_instance.go index e11f7f3c06..f8b4c4d7f4 100644 --- a/internal/service/streaminstance/model_stream_instance.go +++ b/internal/service/streaminstance/model_stream_instance.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types/basetypes" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func NewStreamInstanceCreateReq(ctx context.Context, plan *TFStreamInstanceModel) (*admin.StreamsTenant, diag.Diagnostics) { diff --git a/internal/service/streaminstance/model_stream_instance_test.go b/internal/service/streaminstance/model_stream_instance_test.go index 94d69cb194..3e9ed8b95e 100644 --- a/internal/service/streaminstance/model_stream_instance_test.go +++ b/internal/service/streaminstance/model_stream_instance_test.go @@ -7,7 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/streaminstance" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/team/data_source_team.go b/internal/service/team/data_source_team.go index 6ac8288b76..889d4b09bb 100644 --- a/internal/service/team/data_source_team.go +++ b/internal/service/team/data_source_team.go @@ -11,7 +11,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func DataSource() *schema.Resource { diff --git a/internal/service/team/resource_team.go b/internal/service/team/resource_team.go index 3fd175f037..a824e6d189 100644 --- a/internal/service/team/resource_team.go +++ b/internal/service/team/resource_team.go @@ -15,7 +15,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/service/thirdpartyintegration/data_source_third_party_integrations.go b/internal/service/thirdpartyintegration/data_source_third_party_integrations.go index a4d5fcca9f..2ad05b6331 100644 --- a/internal/service/thirdpartyintegration/data_source_third_party_integrations.go +++ b/internal/service/thirdpartyintegration/data_source_third_party_integrations.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func PluralDataSource() *schema.Resource { diff --git a/internal/service/x509authenticationdatabaseuser/resource_x509_authentication_database_user.go b/internal/service/x509authenticationdatabaseuser/resource_x509_authentication_database_user.go index 0044516409..35dccf6a41 100644 --- a/internal/service/x509authenticationdatabaseuser/resource_x509_authentication_database_user.go +++ b/internal/service/x509authenticationdatabaseuser/resource_x509_authentication_database_user.go @@ -11,7 +11,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/spf13/cast" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/testutil/acc/advanced_cluster.go b/internal/testutil/acc/advanced_cluster.go index 95897cef6d..4e250af483 100644 --- a/internal/testutil/acc/advanced_cluster.go +++ b/internal/testutil/acc/advanced_cluster.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) var ( diff --git a/internal/testutil/acc/atlas.go b/internal/testutil/acc/atlas.go index f75fde0ee5..18ac6d7aac 100644 --- a/internal/testutil/acc/atlas.go +++ b/internal/testutil/acc/atlas.go @@ -10,7 +10,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/advancedcluster" "github.com/stretchr/testify/require" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func createProject(tb testing.TB, name string) string { diff --git a/internal/testutil/acc/cluster.go b/internal/testutil/acc/cluster.go index 615a5430a1..00a29a0fe8 100644 --- a/internal/testutil/acc/cluster.go +++ b/internal/testutil/acc/cluster.go @@ -7,7 +7,7 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/constant" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) // ClusterRequest contains configuration for a cluster where all fields are optional and AddDefaults is used for required fields. diff --git a/internal/testutil/acc/config_cluster.go b/internal/testutil/acc/config_cluster.go index c21501224d..9a34521bc3 100644 --- a/internal/testutil/acc/config_cluster.go +++ b/internal/testutil/acc/config_cluster.go @@ -7,7 +7,7 @@ import ( "github.com/hashicorp/hcl/v2/hclwrite" "github.com/zclconf/go-cty/cty" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func ClusterDatasourceHcl(req *ClusterRequest) (configStr, clusterName, resourceName string, err error) { diff --git a/internal/testutil/acc/database_user.go b/internal/testutil/acc/database_user.go index 4189186e73..60778b4637 100644 --- a/internal/testutil/acc/database_user.go +++ b/internal/testutil/acc/database_user.go @@ -3,7 +3,7 @@ package acc import ( "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func ConfigDatabaseUserBasic(projectID, username, roleName, keyLabel, valueLabel string) string { diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index 579ba98418..30880cf99a 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -3,7 +3,7 @@ package acc import ( "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking bool) string { diff --git a/internal/testutil/acc/factory.go b/internal/testutil/acc/factory.go index 669d82b929..43a0e6028f 100644 --- a/internal/testutil/acc/factory.go +++ b/internal/testutil/acc/factory.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-plugin-go/tfprotov6" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/provider" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( diff --git a/internal/testutil/acc/project.go b/internal/testutil/acc/project.go index 1f4b1bbe35..3d8435fed4 100644 --- a/internal/testutil/acc/project.go +++ b/internal/testutil/acc/project.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func CheckDestroyProject(s *terraform.State) error { diff --git a/internal/testutil/acc/serverless.go b/internal/testutil/acc/serverless.go index 0453b5af57..114d8aadf6 100644 --- a/internal/testutil/acc/serverless.go +++ b/internal/testutil/acc/serverless.go @@ -3,7 +3,7 @@ package acc import ( "fmt" - "go.mongodb.org/atlas-sdk/v20240805001/admin" + "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func ConfigServerlessInstance(projectID, name string, ignoreConnectionStrings bool, autoIndexing *bool, tags []admin.ResourceTag) string { diff --git a/scripts/changelog/release-note.tmpl b/scripts/changelog/release-note.tmpl index 78ae791587..e9c9271a6c 100644 --- a/scripts/changelog/release-note.tmpl +++ b/scripts/changelog/release-note.tmpl @@ -4,7 +4,7 @@ {{- else if eq "new-datasource" .Type -}} * **New Data Source:** `{{.Body}}` ([#{{- .Issue -}}](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/{{- .Issue -}})) {{- else if eq "new-guide" .Type -}} -* **New Guide:** `{{.Body}}` ([#{{- .Issue -}}](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/{{- .Issue -}})) +* **New Guide:** {{.Body}} ([#{{- .Issue -}}](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/{{- .Issue -}})) {{- else -}} * {{.Body}} ([#{{- .Issue -}}](https://github.com/mongodb/terraform-provider-mongodbatlas/pull/{{- .Issue -}})) {{- end -}} diff --git a/templates/resources/push_based_log_export.md.tmpl b/templates/resources/push_based_log_export.md.tmpl index aadfb9d954..53f17c8e32 100644 --- a/templates/resources/push_based_log_export.md.tmpl +++ b/templates/resources/push_based_log_export.md.tmpl @@ -3,6 +3,8 @@ `{{.Name}}` provides a resource for push-based log export feature. The resource lets you configure, enable & disable the project level settings for the push-based log export feature. Using this resource you can continually push logs from mongod, mongos, and audit logs to an Amazon S3 bucket. Atlas exports logs every 5 minutes. +The [push based log export Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/push-based-log-export/mongodbatlas/latest) makes use of this resource and simplifies its use. + ## Example Usages From e99d7d5b94c3c6c596718b060387bc394c620ed3 Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Wed, 4 Sep 2024 14:43:05 +0100 Subject: [PATCH 15/20] doc: Adds documentation & examples for `mongodbatlas_encryption_at_rest` singular data source (#2543) --- .github/workflows/code-health.yml | 2 + docs/data-sources/encryption_at_rest.md | 190 ++++++++++++++++++ docs/resources/encryption_at_rest.md | 152 ++++++++------ .../aws/atlas-cluster/main.tf | 10 +- .../azure/README.md | 54 +++++ .../azure/main.tf | 25 +++ .../azure/providers.tf | 5 + .../azure/variables.tf | 50 +++++ .../azure/versions.tf | 9 + .../encryptionatrest/data_source_schema.go | 4 +- internal/service/encryptionatrest/resource.go | 7 +- .../data-sources/encryption_at_rest.md.tmpl | 57 ++++++ .../resources/encryption_at_rest.md.tmpl | 33 +++ 13 files changed, 535 insertions(+), 63 deletions(-) create mode 100644 docs/data-sources/encryption_at_rest.md create mode 100644 examples/mongodbatlas_encryption_at_rest/azure/README.md create mode 100644 examples/mongodbatlas_encryption_at_rest/azure/main.tf create mode 100644 examples/mongodbatlas_encryption_at_rest/azure/providers.tf create mode 100644 examples/mongodbatlas_encryption_at_rest/azure/variables.tf create mode 100644 examples/mongodbatlas_encryption_at_rest/azure/versions.tf create mode 100644 templates/data-sources/encryption_at_rest.md.tmpl diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index 2e953dac84..78a0072ab5 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -75,6 +75,8 @@ jobs: run: make generate-doc resource_name=push_based_log_export - name: Doc for search_deployment run: make generate-doc resource_name=search_deployment + - name: Doc for encryption_at_rest + run: make generate-doc resource_name=encryption_at_rest - name: Doc for encryption_at_rest_private_endpoint run: make generate-doc resource_name=encryption_at_rest_private_endpoint - name: Find mutations diff --git a/docs/data-sources/encryption_at_rest.md b/docs/data-sources/encryption_at_rest.md new file mode 100644 index 0000000000..a58b44a094 --- /dev/null +++ b/docs/data-sources/encryption_at_rest.md @@ -0,0 +1,190 @@ +# Data Source: mongodbatlas_encryption_at_rest + +`mongodbatlas_encryption_at_rest` describes encryption at rest configuration for an Atlas project with one of the following providers: + +[Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) +[Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) +[Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) + + +~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. + +~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management + +-> **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation. + + +## Example Usages + +### Configuring encryption at rest using customer key management in AWS +```terraform +resource "mongodbatlas_cloud_provider_access_setup" "setup_only" { + project_id = var.atlas_project_id + provider_name = "AWS" +} + +resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" { + project_id = var.atlas_project_id + role_id = mongodbatlas_cloud_provider_access_setup.setup_only.role_id + + aws { + iam_assumed_role_arn = aws_iam_role.test_role.arn + } +} + +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + aws_kms_config { + enabled = true + customer_master_key_id = aws_kms_key.kms_key.id + region = var.atlas_region + role_id = mongodbatlas_cloud_provider_access_authorization.auth_role.role_id + } +} + +resource "mongodbatlas_advanced_cluster" "cluster" { + project_id = mongodbatlas_encryption_at_rest.test.project_id + name = "MyCluster" + cluster_type = "REPLICASET" + backup_enabled = true + encryption_at_rest_provider = "AWS" + + replication_specs { + region_configs { + priority = 7 + provider_name = "AWS" + region_name = "US_EAST_1" + electable_specs { + instance_size = "M10" + node_count = 3 + } + } + } +} + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_aws_kms_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.aws_kms_config.valid +} +``` + +### Configuring encryption at rest using customer key management in Azure +```terraform +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + azure_key_vault_config { + enabled = true + azure_environment = "AZURE" + + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id + client_id = var.azure_client_id + secret = var.azure_client_secret + + resource_group_name = var.azure_resource_group_name + key_vault_name = var.azure_key_vault_name + key_identifier = var.azure_key_identifier + } +} + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_azure_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.azure_key_vault_config.valid +} +``` + +-> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. + +### Configuring encryption at rest using customer key management in GCP +```terraform +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + google_cloud_kms_config { + enabled = true + service_account_key = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}" + key_version_resource_id = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1" + } +} + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_gcp_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.google_cloud_kms_config.valid +} +``` + + +## Schema + +### Required + +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. + +### Read-Only + +- `aws_kms_config` (Attributes) Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project. (see [below for nested schema](#nestedatt--aws_kms_config)) +- `azure_key_vault_config` (Attributes) Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV). (see [below for nested schema](#nestedatt--azure_key_vault_config)) +- `google_cloud_kms_config` (Attributes) Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS). (see [below for nested schema](#nestedatt--google_cloud_kms_config)) +- `id` (String) The ID of this resource. + + +### Nested Schema for `aws_kms_config` + +Read-Only: + +- `access_key_id` (String, Sensitive) Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK). +- `customer_master_key_id` (String, Sensitive) Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys. +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `region` (String) Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts. +- `role_id` (String) Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key. +- `secret_access_key` (String, Sensitive) Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key. +- `valid` (Boolean) Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data. + + + +### Nested Schema for `azure_key_vault_config` + +Read-Only: + +- `azure_environment` (String) Azure environment in which your account credentials reside. +- `client_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant. +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `key_identifier` (String, Sensitive) Web address with a unique key that identifies for your Azure Key Vault. +- `key_vault_name` (String) Unique string that identifies the Azure Key Vault that contains your key. +- `require_private_networking` (Boolean) Enable connection to your Azure Key Vault over private networking. +- `resource_group_name` (String) Name of the Azure resource group that contains your Azure Key Vault. +- `secret` (String, Sensitive) Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data. +- `subscription_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies your Azure subscription. +- `tenant_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription. +- `valid` (Boolean) Flag that indicates whether the Azure encryption key can encrypt and decrypt data. + + + +### Nested Schema for `google_cloud_kms_config` + +Read-Only: + +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `key_version_resource_id` (String, Sensitive) Resource path that displays the key version resource ID for your Google Cloud KMS. +- `service_account_key` (String, Sensitive) JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object. +- `valid` (Boolean) Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data. + +# Import +Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. + +``` +$ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 +``` + +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file diff --git a/docs/resources/encryption_at_rest.md b/docs/resources/encryption_at_rest.md index 1b861ba39d..e88e45fdba 100644 --- a/docs/resources/encryption_at_rest.md +++ b/docs/resources/encryption_at_rest.md @@ -25,38 +25,65 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ ## Example Usages +### Configuring encryption at rest using customer key management in AWS +The configuration of encryption at rest with customer key management, `mongodbatlas_encryption_at_rest`, needs to be completed before a cluster is created in the project. Force this wait by using an implicit dependency via `project_id` as shown in the example below. + ```terraform +resource "mongodbatlas_cloud_provider_access_setup" "setup_only" { + project_id = var.atlas_project_id + provider_name = "AWS" +} + +resource "mongodbatlas_cloud_provider_access_authorization" "auth_role" { + project_id = var.atlas_project_id + role_id = mongodbatlas_cloud_provider_access_setup.setup_only.role_id + + aws { + iam_assumed_role_arn = aws_iam_role.test_role.arn + } +} + resource "mongodbatlas_encryption_at_rest" "test" { - project_id = "" + project_id = var.atlas_project_id aws_kms_config { enabled = true - customer_master_key_id = "5ce83906-6563-46b7-8045-11c20e3a5766" - region = "US_EAST_1" - role_id = "60815e2fe01a49138a928ebb" + customer_master_key_id = aws_kms_key.kms_key.id + region = var.atlas_region + role_id = mongodbatlas_cloud_provider_access_authorization.auth_role.role_id } +} - azure_key_vault_config { - enabled = true - client_id = "g54f9e2-89e3-40fd-8188-EXAMPLEID" - azure_environment = "AZURE" - subscription_id = "0ec944e3-g725-44f9-a147-EXAMPLEID" - resource_group_name = "ExampleRGName" - key_vault_name = "EXAMPLEKeyVault" - key_identifier = "https://EXAMPLEKeyVault.vault.azure.net/keys/EXAMPLEKey/d891821e3d364e9eb88fbd3d11807b86" - secret = "EXAMPLESECRET" - tenant_id = "e8e4b6ba-ff32-4c88-a9af-EXAMPLEID" - } +resource "mongodbatlas_advanced_cluster" "cluster" { + project_id = mongodbatlas_encryption_at_rest.test.project_id + name = "MyCluster" + cluster_type = "REPLICASET" + backup_enabled = true + encryption_at_rest_provider = "AWS" - google_cloud_kms_config { - enabled = true - service_account_key = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}" - key_version_resource_id = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1" + replication_specs { + region_configs { + priority = 7 + provider_name = "AWS" + region_name = "US_EAST_1" + electable_specs { + instance_size = "M10" + node_count = 3 + } + } } } + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_aws_kms_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.aws_kms_config.valid +} ``` -**NOTE** if using the two resources path for cloud provider access, `cloud_provider_access_setup` and `cloud_provider_access_authorization`, you may need to define a `depends_on` statement for these two resources, because terraform is not able to infer the dependency. +**NOTE** If using the two resources path for cloud provider access, `cloud_provider_access_setup` and `cloud_provider_access_authorization`, you may need to define a `depends_on` statement for these two resources, because terraform is not able to infer the dependency. ```terraform resource "mongodbatlas_encryption_at_rest" "default" { @@ -65,58 +92,57 @@ resource "mongodbatlas_encryption_at_rest" "default" { } ``` -## Example: Configuring encryption at rest using customer key management in Azure and then creating a cluster - -The configuration of encryption at rest with customer key management, `mongodbatlas_encryption_at_rest`, needs to be completed before a cluster is created in the project. Force this wait by using an implicit dependency via `project_id` as shown in the example below. - +### Configuring encryption at rest using customer key management in Azure ```terraform -resource "mongodbatlas_encryption_at_rest" "example" { - project_id = "" +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id azure_key_vault_config { - enabled = true - client_id = "g54f9e2-89e3-40fd-8188-EXAMPLEID" - azure_environment = "AZURE" - subscription_id = "0ec944e3-g725-44f9-a147-EXAMPLEID" - resource_group_name = "ExampleRGName" - key_vault_name = "EXAMPLEKeyVault" - key_identifier = "https://EXAMPLEKeyVault.vault.azure.net/keys/EXAMPLEKey/d891821e3d364e9eb88fbd3d11807b86" - secret = "EXAMPLESECRET" - tenant_id = "e8e4b6ba-ff32-4c88-a9af-EXAMPLEID" - } -} + enabled = true + azure_environment = "AZURE" -resource "mongodbatlas_advanced_cluster" "example_cluster" { - project_id = mongodbatlas_encryption_at_rest.example.project_id - name = "CLUSTER NAME" - cluster_type = "REPLICASET" - backup_enabled = true - encryption_at_rest_provider = "AZURE" + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id + client_id = var.azure_client_id + secret = var.azure_client_secret - replication_specs { - region_configs { - priority = 7 - provider_name = "AZURE" - region_name = "REGION" - electable_specs { - instance_size = "M10" - node_count = 3 - } - } + resource_group_name = var.azure_resource_group_name + key_vault_name = var.azure_key_vault_name + key_identifier = var.azure_key_identifier } } +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_azure_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.azure_key_vault_config.valid +} ``` +-> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. + + +### Configuring encryption at rest using customer key management in GCP +```terraform +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + google_cloud_kms_config { + enabled = true + service_account_key = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}" + key_version_resource_id = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1" + } +} +``` ## Schema ### Required -- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. - -**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. ### Optional @@ -136,10 +162,14 @@ Optional: - `access_key_id` (String, Sensitive) Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK). - `customer_master_key_id` (String, Sensitive) Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys. - `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. -- `region` (String) Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts. +- `region` (String) Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts. - `role_id` (String) Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key. - `secret_access_key` (String, Sensitive) Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key. +Read-Only: + +- `valid` (Boolean) Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data. + ### Nested Schema for `azure_key_vault_config` @@ -157,6 +187,10 @@ Optional: - `subscription_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies your Azure subscription. - `tenant_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription. +Read-Only: + +- `valid` (Boolean) Flag that indicates whether the Azure encryption key can encrypt and decrypt data. + ### Nested Schema for `google_cloud_kms_config` @@ -167,6 +201,10 @@ Optional: - `key_version_resource_id` (String, Sensitive) Resource path that displays the key version resource ID for your Google Cloud KMS. - `service_account_key` (String, Sensitive) JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object. +Read-Only: + +- `valid` (Boolean) Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data. + # Import Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. diff --git a/examples/mongodbatlas_encryption_at_rest/aws/atlas-cluster/main.tf b/examples/mongodbatlas_encryption_at_rest/aws/atlas-cluster/main.tf index fb4b6d9826..e07e46e1e4 100644 --- a/examples/mongodbatlas_encryption_at_rest/aws/atlas-cluster/main.tf +++ b/examples/mongodbatlas_encryption_at_rest/aws/atlas-cluster/main.tf @@ -24,7 +24,7 @@ resource "mongodbatlas_encryption_at_rest" "test" { } resource "mongodbatlas_advanced_cluster" "cluster" { - project_id = var.atlas_project_id + project_id = mongodbatlas_encryption_at_rest.test.project_id name = "MyCluster" cluster_type = "REPLICASET" backup_enabled = true @@ -42,3 +42,11 @@ resource "mongodbatlas_advanced_cluster" "cluster" { } } } + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_aws_kms_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.aws_kms_config.valid +} diff --git a/examples/mongodbatlas_encryption_at_rest/azure/README.md b/examples/mongodbatlas_encryption_at_rest/azure/README.md new file mode 100644 index 0000000000..c8dd523c24 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest/azure/README.md @@ -0,0 +1,54 @@ +# MongoDB Atlas Provider -- Encryption At Rest using Customer Key Management with Azure +This example shows how to configure encryption at rest with customer managed keys with Azure Key Vault. + +Note: It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. + +## Dependencies + +* Terraform MongoDB Atlas Provider +* A MongoDB Atlas account +* A Microsoft Azure account + +## Usage + +**1\. Provide the appropriate values for the input variables.** + +- `atlas_public_key`: The public API key for MongoDB Atlas +- `atlas_private_key`: The private API key for MongoDB Atlas +- `atlas_project_id`: Atlas Project ID +- `azure_subscription_id`: Azure ID that identifies your Azure subscription +- `azure_client_id`: Azure ID identifies an Azure application associated with your Azure Active Directory tenant +- `azure_client_secret`: Secret associated to the Azure application +- `azure_tenant_id`: Azure ID that identifies the Azure Active Directory tenant within your Azure subscription +- `azure_resource_group_name`: Name of the Azure resource group that contains your Azure Key Vault +- `azure_key_vault_name`: Unique string that identifies the Azure Key Vault that contains your key +- `azure_key_identifier`: Web address with a unique key that identifies for your Azure Key Vault + + +**2\. Review the Terraform plan.** + +Execute the following command and ensure you are happy with the plan. + +``` bash +$ terraform plan +``` +This project currently supports the following deployments: + +- Configure encryption at rest in an existing project using a custom Azure Key. + +**3\. Execute the Terraform apply.** + +Now execute the plan to provision the resources. + +``` bash +$ terraform apply +``` + +**4\. Destroy the resources.** + +When you have finished your testing, ensure you destroy the resources to avoid unnecessary Atlas charges. + +``` bash +$ terraform destroy +``` + diff --git a/examples/mongodbatlas_encryption_at_rest/azure/main.tf b/examples/mongodbatlas_encryption_at_rest/azure/main.tf new file mode 100644 index 0000000000..2323df7241 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest/azure/main.tf @@ -0,0 +1,25 @@ +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + azure_key_vault_config { + enabled = true + azure_environment = "AZURE" + + tenant_id = var.azure_tenant_id + subscription_id = var.azure_subscription_id + client_id = var.azure_client_id + secret = var.azure_client_secret + + resource_group_name = var.azure_resource_group_name + key_vault_name = var.azure_key_vault_name + key_identifier = var.azure_key_identifier + } +} + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_azure_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.azure_key_vault_config.valid +} diff --git a/examples/mongodbatlas_encryption_at_rest/azure/providers.tf b/examples/mongodbatlas_encryption_at_rest/azure/providers.tf new file mode 100644 index 0000000000..6fc0d099e0 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest/azure/providers.tf @@ -0,0 +1,5 @@ +provider "mongodbatlas" { + public_key = var.atlas_public_key + private_key = var.atlas_private_key +} + diff --git a/examples/mongodbatlas_encryption_at_rest/azure/variables.tf b/examples/mongodbatlas_encryption_at_rest/azure/variables.tf new file mode 100644 index 0000000000..d4b94a39b5 --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest/azure/variables.tf @@ -0,0 +1,50 @@ +variable "atlas_public_key" { + description = "The public API key for MongoDB Atlas" + type = string +} +variable "atlas_private_key" { + description = "The private API key for MongoDB Atlas" + type = string + sensitive = true +} +variable "atlas_project_id" { + description = "Atlas Project ID" + type = string +} +variable "azure_subscription_id" { + type = string + description = "Azure ID that identifies your Azure subscription" +} + +variable "azure_client_id" { + type = string + description = "Azure ID identifies an Azure application associated with your Azure Active Directory tenant" +} + +variable "azure_client_secret" { + type = string + sensitive = true + description = "Secret associated to the Azure application" +} + +variable "azure_tenant_id" { + type = string + description = "Azure ID that identifies the Azure Active Directory tenant within your Azure subscription" +} + +variable "azure_resource_group_name" { + type = string + description = "Name of the Azure resource group that contains your Azure Key Vault" +} + +variable "azure_key_vault_name" { + type = string + description = "Unique string that identifies the Azure Key Vault that contains your key" +} + +variable "azure_key_identifier" { + type = string + description = "Web address with a unique key that identifies for your Azure Key Vault" +} + + diff --git a/examples/mongodbatlas_encryption_at_rest/azure/versions.tf b/examples/mongodbatlas_encryption_at_rest/azure/versions.tf new file mode 100644 index 0000000000..9b4be6c14c --- /dev/null +++ b/examples/mongodbatlas_encryption_at_rest/azure/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + mongodbatlas = { + source = "mongodb/mongodbatlas" + version = "~> 1.18" + } + } + required_version = ">= 1.0" +} diff --git a/internal/service/encryptionatrest/data_source_schema.go b/internal/service/encryptionatrest/data_source_schema.go index 2c3c5e8267..540fc59159 100644 --- a/internal/service/encryptionatrest/data_source_schema.go +++ b/internal/service/encryptionatrest/data_source_schema.go @@ -155,8 +155,8 @@ func DataSourceSchema(ctx context.Context) schema.Schema { }, "project_id": schema.StringAttribute{ Required: true, - Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + Description: "Unique 24-hexadecimal digit string that identifies your project.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project.", }, "id": schema.StringAttribute{ Computed: true, diff --git a/internal/service/encryptionatrest/resource.go b/internal/service/encryptionatrest/resource.go index 0370d0af3c..7a82d2bc69 100644 --- a/internal/service/encryptionatrest/resource.go +++ b/internal/service/encryptionatrest/resource.go @@ -9,6 +9,8 @@ import ( "reflect" "time" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" @@ -25,7 +27,6 @@ import ( "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/validate" "github.com/mongodb/terraform-provider-mongodbatlas/internal/config" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/project" - "go.mongodb.org/atlas-sdk/v20240805003/admin" ) const ( @@ -102,8 +103,8 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, - Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", - MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + Description: "Unique 24-hexadecimal digit string that identifies your project.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project.", }, }, Blocks: map[string]schema.Block{ diff --git a/templates/data-sources/encryption_at_rest.md.tmpl b/templates/data-sources/encryption_at_rest.md.tmpl new file mode 100644 index 0000000000..2e7124e16e --- /dev/null +++ b/templates/data-sources/encryption_at_rest.md.tmpl @@ -0,0 +1,57 @@ +# {{.Type}}: {{.Name}} + +`{{.Name}}` describes encryption at rest configuration for an Atlas project with one of the following providers: + +[Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) +[Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) +[Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) + + +~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. + +~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management + +-> **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation. + + +## Example Usages + +### Configuring encryption at rest using customer key management in AWS +{{ tffile (printf "examples/%s/aws/atlas-cluster/main.tf" .Name )}} + +### Configuring encryption at rest using customer key management in Azure +{{ tffile (printf "examples/%s/azure/main.tf" .Name )}} + +-> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. + +### Configuring encryption at rest using customer key management in GCP +```terraform +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + google_cloud_kms_config { + enabled = true + service_account_key = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}" + key_version_resource_id = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1" + } +} + +data "mongodbatlas_encryption_at_rest" "test" { + project_id = mongodbatlas_encryption_at_rest.test.project_id +} + +output "is_gcp_encryption_at_rest_valid" { + value = data.mongodbatlas_encryption_at_rest.test.google_cloud_kms_config.valid +} +``` + +{{ .SchemaMarkdown | trimspace }} + +# Import +Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. + +``` +$ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 +``` + +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file diff --git a/templates/resources/encryption_at_rest.md.tmpl b/templates/resources/encryption_at_rest.md.tmpl index 947e4450c9..a01b48e279 100644 --- a/templates/resources/encryption_at_rest.md.tmpl +++ b/templates/resources/encryption_at_rest.md.tmpl @@ -6,6 +6,8 @@ [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) +The [encryption at rest Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/encryption-at-rest/mongodbatlas/latest) makes use of this resource and simplifies its use. + After configuring at least one Encryption at Rest provider for the Atlas project, Project Owners can enable Encryption at Rest for each Atlas cluster for which they require encryption. The Encryption at Rest provider does not have to match the cluster cloud service provider. Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project. @@ -23,7 +25,38 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ ## Example Usages +### Configuring encryption at rest using customer key management in AWS +The configuration of encryption at rest with customer key management, `mongodbatlas_encryption_at_rest`, needs to be completed before a cluster is created in the project. Force this wait by using an implicit dependency via `project_id` as shown in the example below. + +{{ tffile (printf "examples/%s/aws/atlas-cluster/main.tf" .Name )}} + +**NOTE** If using the two resources path for cloud provider access, `cloud_provider_access_setup` and `cloud_provider_access_authorization`, you may need to define a `depends_on` statement for these two resources, because terraform is not able to infer the dependency. + +```terraform +resource "mongodbatlas_encryption_at_rest" "default" { + (...) + depends_on = [mongodbatlas_cloud_provider_access_setup., mongodbatlas_cloud_provider_access_authorization.] +} +``` + +### Configuring encryption at rest using customer key management in Azure +{{ tffile (printf "examples/%s/azure/main.tf" .Name )}} + +-> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. + +### Configuring encryption at rest using customer key management in GCP +```terraform +resource "mongodbatlas_encryption_at_rest" "test" { + project_id = var.atlas_project_id + + google_cloud_kms_config { + enabled = true + service_account_key = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}" + key_version_resource_id = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1" + } +} +``` {{ .SchemaMarkdown | trimspace }} From 2eb7cdb8036a6f25d2339ed86dea20f98ab93dc7 Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Thu, 5 Sep 2024 10:00:19 +0100 Subject: [PATCH 16/20] chore: Enables `mongodbatlas_encryption_at_rest` (Azure) tests to run in CI (#2551) --- .github/workflows/acceptance-tests-runner.yml | 40 ++- .github/workflows/acceptance-tests.yml | 9 + contributing/development-setup.md | 5 +- .../resource_migration_test.go | 65 +++-- .../service/encryptionatrest/resource_test.go | 255 +++++------------- .../resource_test.go | 101 ++++++- internal/testutil/acc/encryption_at_rest.go | 82 +++++- internal/testutil/acc/pre_check.go | 24 +- 8 files changed, 334 insertions(+), 247 deletions(-) diff --git a/.github/workflows/acceptance-tests-runner.yml b/.github/workflows/acceptance-tests-runner.yml index ab7217a453..72a5f7bffa 100644 --- a/.github/workflows/acceptance-tests-runner.yml +++ b/.github/workflows/acceptance-tests-runner.yml @@ -86,6 +86,15 @@ on: mongodb_atlas_federated_settings_associated_domain: type: string required: true + mongodb_atlas_project_ear_pe_id: + type: string + required: true + mongodb_atlas_enable_preview: + type: string + required: true + azure_private_endpoint_region: + type: string + required: true secrets: # all secrets are passed explicitly in this workflow mongodb_atlas_public_key: required: true @@ -135,6 +144,18 @@ on: required: true azure_vnet_name_updated: required: true + azure_client_id: + required: true + azure_key_vault_name: + required: true + azure_key_identifier: + required: true + azure_key_vault_name_updated: + required: true + azure_key_identifier_updated: + required: true + azure_app_secret: + required: true env: TF_ACC: 1 @@ -238,7 +259,8 @@ jobs: data_lake: - 'internal/service/datalakepipeline/*.go' encryption: - - 'internal/service/encryptionatrest/*.go' + - 'internal/service/encryptionatrest/*.go' + - 'internal/service/encryptionatrestprivateendpoint/*.go' event_trigger: - 'internal/service/eventtrigger/*.go' federated: @@ -514,7 +536,21 @@ jobs: - name: Acceptance Tests env: MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }} - ACCTEST_PACKAGES: ./internal/service/encryptionatrest + ACCTEST_PACKAGES: | + ./internal/service/encryptionatrest + ./internal/service/encryptionatrestprivateendpoint + MONGODB_ATLAS_PROJECT_EAR_PE_ID: ${{ inputs.mongodb_atlas_project_ear_pe_id }} + AZURE_PRIVATE_ENDPOINT_REGION: ${{ inputs.azure_private_endpoint_region }} + AZURE_CLIENT_ID: ${{ secrets.azure_client_id }} + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }} + AZURE_TENANT_ID: ${{ vars.azure_tenant_id }} + AZURE_APP_SECRET: ${{ secrets.azure_app_secret }} + AZURE_KEY_VAULT_NAME: ${{ secrets.azure_key_vault_name }} + AZURE_KEY_IDENTIFIER: ${{ secrets.azure_key_identifier }} + AZURE_KEY_VAULT_NAME_UPDATED: ${{ secrets.azure_key_vault_name_updated }} + AZURE_KEY_IDENTIFIER_UPDATED: ${{ secrets.azure_key_identifier_updated }} + MONGODB_ATLAS_ENABLE_PREVIEW: ${{ inputs.mongodb_atlas_enable_preview }} run: make testacc event_trigger: diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index e02fd08675..e15be2a2c4 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -77,6 +77,12 @@ jobs: azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azure_vnet_name: ${{ secrets.AZURE_VNET_NAME }} azure_vnet_name_updated: ${{ secrets.AZURE_VNET_NAME_UPDATED }} + azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} + azure_key_vault_name: ${{ secrets.AZURE_KEY_VAULT_NAME }} + azure_key_identifier: ${{ secrets.AZURE_KEY_IDENTIFIER }} + azure_key_vault_name_updated: ${{ secrets.AZURE_KEY_VAULT_NAME_UPDATED }} + azure_key_identifier_updated: ${{ secrets.AZURE_KEY_IDENTIFIER_UPDATED }} + azure_app_secret: ${{ secrets.AZURE_APP_SECRET }} with: terraform_version: ${{ inputs.terraform_version || vars.TF_VERSION_LATEST }} @@ -104,3 +110,6 @@ jobs: mongodb_atlas_gov_org_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_ORG_ID_QA || vars.MONGODB_ATLAS_GOV_ORG_ID_DEV }} mongodb_atlas_gov_project_owner_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_QA || vars.MONGODB_ATLAS_GOV_PROJECT_OWNER_ID_DEV }} mongodb_atlas_federated_settings_associated_domain: ${{ vars.MONGODB_ATLAS_FEDERATED_SETTINGS_ASSOCIATED_DOMAIN }} + mongodb_atlas_project_ear_pe_id: ${{ inputs.atlas_cloud_env == 'qa' && vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID_QA || vars.MONGODB_ATLAS_PROJECT_EAR_PE_ID_DEV }} + mongodb_atlas_enable_preview: ${{ vars.MONGODB_ATLAS_ENABLE_PREVIEW }} + azure_private_endpoint_region: ${{ vars.AZURE_PRIVATE_ENDPOINT_REGION }} diff --git a/contributing/development-setup.md b/contributing/development-setup.md index ece7da2611..7d34219be7 100644 --- a/contributing/development-setup.md +++ b/contributing/development-setup.md @@ -218,15 +218,12 @@ You must also configure the following environment variables before running the t export AZURE_CLIENT_ID= export AZURE_SUBSCRIPTION_ID= export AZURE_RESOURCE_GROUP_NAME= - export AZURE_SECRET= + export AZURE_APP_SECRET= export AZURE_KEY_VAULT_NAME= export AZURE_KEY_IDENTIFIER= export AZURE_TENANT_ID= export AZURE_DIRECTORY_ID= - export AZURE_CLIENT_ID_UPDATED= - export AZURE_RESOURCE_GROUP_NAME_UPDATED= - export AZURE_SECRET_UPDATED= export AZURE_KEY_VAULT_NAME_UPDATED= export AZURE_KEY_IDENTIFIER_UPDATED= ``` diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index e2e2ab2ec7..befa429c35 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -3,15 +3,17 @@ package encryptionatrest_test import ( "fmt" "os" + "strconv" "testing" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/mig" - "go.mongodb.org/atlas-sdk/v20240805003/admin" ) func TestMigEncryptionAtRest_basicAWS(t *testing.T) { @@ -31,13 +33,13 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), @@ -46,7 +48,7 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -78,7 +80,7 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProvidersWithAWS(), @@ -89,7 +91,7 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), @@ -106,11 +108,9 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { } func TestMigEncryptionAtRest_basicAzure(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration - var ( resourceName = "mongodbatlas_encryption_at_rest.test" - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = acc.ProjectIDExecution(t) azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -120,30 +120,38 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } + + attrMap = map[string]string{ + "enabled": strconv.FormatBool(azureKeyVault.GetEnabled()), + "azure_environment": azureKeyVault.GetAzureEnvironment(), + "resource_group_name": azureKeyVault.GetResourceGroupName(), + "key_vault_name": azureKeyVault.GetKeyVaultName(), + "client_id": azureKeyVault.GetClientID(), + "key_identifier": azureKeyVault.GetKeyIdentifier(), + "subscription_id": azureKeyVault.GetSubscriptionID(), + "tenant_id": azureKeyVault.GetTenantID(), + } ) resource.Test(t, resource.TestCase{ - PreCheck: func() { mig.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + PreCheck: func() { mig.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.azure_environment", azureKeyVault.GetAzureEnvironment()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.resource_group_name", azureKeyVault.GetResourceGroupName()), - resource.TestCheckResourceAttr(resourceName, "azure_key_vault_config.0.key_vault_name", azureKeyVault.GetKeyVaultName()), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap), ), }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -171,20 +179,21 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckGPCEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), + resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), ), }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), @@ -215,13 +224,13 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { ExternalProviders: acc.ExternalProvidersWithAWS("1.11.0"), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), @@ -230,7 +239,7 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { }, { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ acc.DebugPlan(), diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index c175313c03..1510a0a424 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -5,21 +5,20 @@ import ( "errors" "fmt" "os" - "strconv" "testing" + "go.mongodb.org/atlas-sdk/v20240805003/admin" + "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" + "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/conversion" "github.com/mongodb/terraform-provider-mongodbatlas/internal/common/retrystrategy" "github.com/mongodb/terraform-provider-mongodbatlas/internal/service/encryptionatrest" "github.com/mongodb/terraform-provider-mongodbatlas/internal/testutil/acc" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "go.mongodb.org/atlas-sdk/v20240805003/admin" - "go.mongodb.org/atlas-sdk/v20240805003/mockadmin" ) const ( @@ -65,39 +64,39 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKmsUpdated), + Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), ), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, }, @@ -105,25 +104,9 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { }) } -func convertToAzureKeyVaultAttrMap(az *admin.AzureKeyVault) map[string]string { - return map[string]string{ - "enabled": strconv.FormatBool(az.GetEnabled()), - "azure_environment": az.GetAzureEnvironment(), - "resource_group_name": az.GetResourceGroupName(), - "key_vault_name": az.GetKeyVaultName(), - "client_id": az.GetClientID(), - "key_identifier": az.GetKeyIdentifier(), - "subscription_id": az.GetSubscriptionID(), - "tenant_id": az.GetTenantID(), - "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), - } -} - func TestAccEncryptionAtRest_basicAzure(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration - var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = acc.ProjectIDExecution(t) azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -133,139 +116,57 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) + azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET_UPDATED")), - TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), - RequirePrivateNetworking: conversion.Pointer(false), - } - - azureKeyVaultUpdatedAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVaultUpdated) - ) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, - ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, - Steps: []resource.TestStep{ - { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), - resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), - ), - }, - { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), - resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), - ), - }, - { - ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), - ImportState: true, - ImportStateVerify: true, - // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API - ImportStateVerifyIgnore: []string{"azure_key_vault_config.0.secret"}, - }, - }, - }) -} - -func testCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { - checks := acc.AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) - - return resource.ComposeAggregateTestCheckFunc(checks...) -} - -func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration - - var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") - - azureKeyVault = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), AzureEnvironment: conversion.StringPtr("AZURE"), SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), - KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), - KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), - TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), - RequirePrivateNetworking: conversion.Pointer(true), - } - - azureKeyVaultAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVault) - - azureKeyVaultUpdated = admin.AzureKeyVault{ - Enabled: conversion.Pointer(true), - ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID_UPDATED")), - AzureEnvironment: conversion.StringPtr("AZURE"), - SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), - ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET_UPDATED")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultUpdatedAttrMap = convertToAzureKeyVaultAttrMap(&azureKeyVaultUpdated) + azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVaultUpdated) ) resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t); acc.PreCheckPreviewFlag(t) }, + PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), - + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), ), }, { - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true), + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - testCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), - + acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - testCheckResourceAttr(datasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), + acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), ), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API @@ -297,27 +198,41 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckGPCEnv(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), + resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.enabled", "true"), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.valid", "true"), + resource.TestCheckResourceAttrSet(datasourceName, "google_cloud_kms_config.key_version_resource_id"), ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKmsUpdated), + Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), + resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), + + resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.enabled", "true"), + resource.TestCheckResourceAttr(datasourceName, "google_cloud_kms_config.valid", "true"), + resource.TestCheckResourceAttrSet(datasourceName, "google_cloud_kms_config.key_version_resource_id"), ), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, // "google_cloud_kms_config.0.service_account_key" is a sensitive value not returned by the API @@ -345,14 +260,14 @@ func TestAccEncryptionAtRestWithRole_basicAWS(t *testing.T) { PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, ExternalProviders: acc.ExternalProvidersOnlyAWS(), ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: testAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, Steps: []resource.TestStep{ { Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), }, { ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, }, @@ -595,41 +510,8 @@ func TestResourceMongoDBAtlasEncryptionAtRestCreateRefreshFunc(t *testing.T) { } } -func testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return fmt.Errorf("not found: %s", resourceName) - } - if rs.Primary.ID == "" { - return fmt.Errorf("no ID is set") - } - if _, _, err := acc.ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute(); err == nil { - return nil - } - return fmt.Errorf("encryptionAtRest (%s) does not exist", rs.Primary.ID) - } -} - -func testAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { - for _, rs := range s.RootModule().Resources { - if rs.Type != "mongodbatlas_encryption_at_rest" { - continue - } - res, _, err := acc.ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute() - if err != nil || - (*res.AwsKms.Enabled != false && - *res.AzureKeyVault.Enabled != false && - *res.GoogleCloudKms.Enabled != false) { - return fmt.Errorf("encryptionAtRest (%s) still exists: err: %s", rs.Primary.ID, err) - } - } - - return nil -} - -func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration) string { - return fmt.Sprintf(` +func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration, useDatasource bool) string { + config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = %[1]q @@ -640,13 +522,16 @@ func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admi role_id = %[5]q } } + `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId()) - %[6]s - `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId(), acc.TestAccDatasourceConfig()) + if useDatasource { + return fmt.Sprintf(`%s %s`, config, acc.TestAccDatasourceConfig()) + } + return config } -func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS) string { - return fmt.Sprintf(` +func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS, useDatasource bool) string { + config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = "%s" @@ -657,6 +542,11 @@ func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, g } } `, projectID, *google.Enabled, google.GetServiceAccountKey(), google.GetKeyVersionResourceID()) + + if useDatasource { + return fmt.Sprintf(`%s %s`, config, acc.TestAccDatasourceConfig()) + } + return config } func testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName string, awsEar *admin.AWSKMSConfiguration) string { @@ -745,14 +635,3 @@ resource "mongodbatlas_encryption_at_rest" "test" { } `, awsEar.GetEnabled(), awsEar.GetRegion(), awsEar.GetCustomerMasterKeyID()) } - -func testAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { - return func(s *terraform.State) (string, error) { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return "", fmt.Errorf("not found: %s", resourceName) - } - - return rs.Primary.ID, nil - } -} diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index 15c0f432eb..b379839f75 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -24,17 +24,17 @@ const ( dataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoint.test" pluralDataSourceName = "data.mongodbatlas_encryption_at_rest_private_endpoints.test" earResourceName = "mongodbatlas_encryption_at_rest.test" + earDatasourceName = "data.mongodbatlas_encryption_at_rest.test" ) func TestAccEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { - resource.ParallelTest(t, *basicTestCase(t)) + resource.Test(t, *basicTestCase(t)) } func basicTestCase(tb testing.TB) *resource.TestCase { tb.Helper() - acc.SkipTestForCI(tb) // needs Azure configuration var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") azureKeyVault = &admin.AzureKeyVault{ Enabled: conversion.Pointer(true), RequirePrivateNetworking: conversion.Pointer(true), @@ -44,14 +44,14 @@ func basicTestCase(tb testing.TB) *resource.TestCase { ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") ) return &resource.TestCase{ - PreCheck: func() { acc.PreCheck(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb); acc.PreCheckPreviewFlag(tb) }, + PreCheck: func() { acc.PreCheckBasic(tb); acc.PreCheckEncryptionAtRestEnvAzure(tb); acc.PreCheckPreviewFlag(tb) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: checkDestroy, Steps: []resource.TestStep{ @@ -71,9 +71,8 @@ func basicTestCase(tb testing.TB) *resource.TestCase { } func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t *testing.T) { - acc.SkipTestForCI(t) // needs Azure configuration var ( - projectID = os.Getenv("MONGODB_ATLAS_PROJECT_ID") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") azureKeyVault = &admin.AzureKeyVault{ Enabled: conversion.Pointer(true), RequirePrivateNetworking: conversion.Pointer(true), @@ -83,19 +82,19 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), - Secret: conversion.StringPtr(os.Getenv("AZURE_SECRET")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), } region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") ) - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acc.PreCheck(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, CheckDestroy: checkDestroy, Steps: []resource.TestStep{ { - Config: acc.ConfigEARAzureKeyVault(projectID, azureKeyVault, false), + Config: acc.ConfigEARAzureKeyVault(projectID, azureKeyVault, false, true), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.enabled", "true"), resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.require_private_networking", "false"), @@ -113,6 +112,84 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * }) } +func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T) { + var ( + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") + + azureKeyVault = admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + RequirePrivateNetworking: conversion.Pointer(true), + } + + azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVault) + + azureKeyVaultUpdated = admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + AzureEnvironment: conversion.StringPtr("AZURE"), + SubscriptionID: conversion.StringPtr(os.Getenv("AZURE_SUBSCRIPTION_ID")), + ResourceGroupName: conversion.StringPtr(os.Getenv("AZURE_RESOURCE_GROUP_NAME")), + KeyVaultName: conversion.StringPtr(os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED")), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + RequirePrivateNetworking: conversion.Pointer(false), + } + + azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVaultUpdated) + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + acc.PreCheckEncryptionAtRestPrivateEndpoint(t) + acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) + acc.PreCheckPreviewFlag(t) + }, + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + Steps: []resource.TestStep{ + { + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true, true), + Check: resource.ComposeAggregateTestCheckFunc( + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(earResourceName), + resource.TestCheckResourceAttr(earResourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + + resource.TestCheckResourceAttr(earDatasourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earDatasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), + ), + }, + { + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true, true), + Check: resource.ComposeAggregateTestCheckFunc( + acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(earResourceName), + resource.TestCheckResourceAttr(earResourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + + resource.TestCheckResourceAttr(earDatasourceName, "project_id", projectID), + acc.TestEncryptionAtRestCheckResourceAttr(earDatasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), + ), + }, + { + ResourceName: earResourceName, + ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(earResourceName), + ImportState: true, + ImportStateVerify: true, + // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API + ImportStateVerifyIgnore: []string{"azure_key_vault_config.0.secret"}, + }, + }, + }) +} + type errMsgTestCase struct { SDKResp *admin.EARPrivateEndpoint diags diag.Diagnostics @@ -185,7 +262,7 @@ func importStateIDFunc(resourceName string) resource.ImportStateIdFunc { } func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault, region string) string { - encryptionAtRestConfig := acc.ConfigEARAzureKeyVault(projectID, azure, true) + encryptionAtRestConfig := acc.ConfigEARAzureKeyVault(projectID, azure, true, true) return fmt.Sprintf(` %[1]s diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index 30880cf99a..ae0aa1e400 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -1,18 +1,23 @@ package acc import ( + "context" "fmt" + "strconv" "go.mongodb.org/atlas-sdk/v20240805003/admin" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/terraform" ) -func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking bool) string { +func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useRequirePrivateNetworking, useDatasource bool) string { var requirePrivateNetworkingAttr string if useRequirePrivateNetworking { requirePrivateNetworkingAttr = fmt.Sprintf("require_private_networking = %t", azure.GetRequirePrivateNetworking()) } - return fmt.Sprintf(` + config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = "%s" @@ -29,10 +34,13 @@ func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useReq %s } } - - %s `, projectID, *azure.Enabled, azure.GetClientID(), azure.GetAzureEnvironment(), azure.GetSubscriptionID(), azure.GetResourceGroupName(), - azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr, TestAccDatasourceConfig()) + azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr) + + if useDatasource { + return fmt.Sprintf(`%s %s`, config, TestAccDatasourceConfig()) + } + return config } func TestAccDatasourceConfig() string { @@ -40,3 +48,67 @@ func TestAccDatasourceConfig() string { project_id = mongodbatlas_encryption_at_rest.test.project_id }` } + +func TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("not found: %s", resourceName) + } + if rs.Primary.ID == "" { + return fmt.Errorf("no ID is set") + } + if _, _, err := ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute(); err == nil { + return nil + } + return fmt.Errorf("encryptionAtRest (%s) does not exist", rs.Primary.ID) + } +} + +func ConvertToAzureKeyVaultEncryptionAtRestAttrMap(az *admin.AzureKeyVault) map[string]string { + return map[string]string{ + "enabled": strconv.FormatBool(az.GetEnabled()), + "azure_environment": az.GetAzureEnvironment(), + "resource_group_name": az.GetResourceGroupName(), + "key_vault_name": az.GetKeyVaultName(), + "client_id": az.GetClientID(), + "key_identifier": az.GetKeyIdentifier(), + "subscription_id": az.GetSubscriptionID(), + "tenant_id": az.GetTenantID(), + "require_private_networking": strconv.FormatBool(az.GetRequirePrivateNetworking()), + } +} + +func TestEncryptionAtRestCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { + checks := AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) + + return resource.ComposeAggregateTestCheckFunc(checks...) +} + +func TestAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "mongodbatlas_encryption_at_rest" { + continue + } + res, _, err := ConnV2().EncryptionAtRestUsingCustomerKeyManagementApi.GetEncryptionAtRest(context.Background(), rs.Primary.ID).Execute() + if err != nil || + (res.AwsKms.GetEnabled() || + res.AzureKeyVault.GetEnabled() || + res.GoogleCloudKms.GetEnabled()) { + return fmt.Errorf("encryptionAtRest (%s) still exists: err: %s", rs.Primary.ID, err) + } + } + + return nil +} + +func TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { + return func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return "", fmt.Errorf("not found: %s", resourceName) + } + + return rs.Primary.ID, nil + } +} diff --git a/internal/testutil/acc/pre_check.go b/internal/testutil/acc/pre_check.go index 92ab1e5978..74e9dedff2 100644 --- a/internal/testutil/acc/pre_check.go +++ b/internal/testutil/acc/pre_check.go @@ -28,6 +28,16 @@ func PreCheck(tb testing.TB) { } } +func PreCheckEncryptionAtRestPrivateEndpoint(tb testing.TB) { + tb.Helper() + if os.Getenv("MONGODB_ATLAS_PUBLIC_KEY") == "" || + os.Getenv("MONGODB_ATLAS_PRIVATE_KEY") == "" || + os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") == "" || + os.Getenv("MONGODB_ATLAS_ORG_ID") == "" { + tb.Fatal("`MONGODB_ATLAS_PUBLIC_KEY`, `MONGODB_ATLAS_PRIVATE_KEY`, `MONGODB_ATLAS_PROJECT_EAR_PE_ID` and `MONGODB_ATLAS_ORG_ID` must be set for acceptance testing") + } +} + func PreCheckCert(tb testing.TB) { tb.Helper() if os.Getenv("MONGODB_ATLAS_PUBLIC_KEY") == "" || @@ -138,12 +148,12 @@ func PreCheckEncryptionAtRestEnvAzure(tb testing.TB) { if os.Getenv("AZURE_CLIENT_ID") == "" || os.Getenv("AZURE_SUBSCRIPTION_ID") == "" || os.Getenv("AZURE_RESOURCE_GROUP_NAME") == "" || - os.Getenv("AZURE_SECRET") == "" || + os.Getenv("AZURE_APP_SECRET") == "" || os.Getenv("AZURE_KEY_VAULT_NAME") == "" || os.Getenv("AZURE_KEY_IDENTIFIER") == "" || os.Getenv("AZURE_TENANT_ID") == "" { tb.Fatal(`'AZURE_CLIENT_ID', 'AZURE_SUBSCRIPTION_ID', - 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_SECRET', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) + 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_APP_SECRET', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) } } @@ -151,13 +161,11 @@ func PreCheckEncryptionAtRestEnvAzureWithUpdate(tb testing.TB) { tb.Helper() PreCheckEncryptionAtRestEnvAzure(tb) - if os.Getenv("AZURE_CLIENT_ID_UPDATED") == "" || - os.Getenv("AZURE_RESOURCE_GROUP_NAME_UPDATED") == "" || - os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || + if os.Getenv("AZURE_KEY_VAULT_NAME_UPDATED") == "" || os.Getenv("AZURE_KEY_IDENTIFIER_UPDATED") == "" { - tb.Fatal(`'AZURE_CLIENT_ID','AZURE_CLIENT_ID_UPDATED', 'AZURE_SUBSCRIPTION_ID', - 'AZURE_RESOURCE_GROUP_NAME','AZURE_RESOURCE_GROUP_NAME_UPDATED', 'AZURE_SECRET', - 'AZURE_SECRET_UPDATED', 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', 'AZURE_KEY_VAULT_NAME_UPDATED', + tb.Fatal(`'AZURE_CLIENT_ID', 'AZURE_SUBSCRIPTION_ID', + 'AZURE_RESOURCE_GROUP_NAME', 'AZURE_APP_SECRET', + , 'AZURE_KEY_VAULT_NAME', 'AZURE_KEY_IDENTIFIER', 'AZURE_KEY_VAULT_NAME_UPDATED', 'AZURE_KEY_IDENTIFIER_UPDATED', and 'AZURE_TENANT_ID' must be set for Encryption At Rest acceptance testing`) } } From ba95eed318757f41af6ae5ebbfc48288d113fdf3 Mon Sep 17 00:00:00 2001 From: maastha <122359335+maastha@users.noreply.github.com> Date: Fri, 6 Sep 2024 10:40:58 +0100 Subject: [PATCH 17/20] chore: Adds `mongodbatlas_encryption_at_rest_private_endpoint` acceptance test using azapi to approve private endpoint & check ACTIVE status (#2558) --- .../resource_migration_test.go | 79 ++++-------- .../service/encryptionatrest/resource_test.go | 64 ++++----- .../resource_migration_test.go | 2 +- .../resource_test.go | 121 +++++++++++++++--- internal/testutil/acc/encryption_at_rest.go | 14 +- internal/testutil/acc/provider.go | 27 ++++ 6 files changed, 194 insertions(+), 113 deletions(-) diff --git a/internal/service/encryptionatrest/resource_migration_test.go b/internal/service/encryptionatrest/resource_migration_test.go index befa429c35..095dd099f7 100644 --- a/internal/service/encryptionatrest/resource_migration_test.go +++ b/internal/service/encryptionatrest/resource_migration_test.go @@ -29,33 +29,25 @@ func TestMigEncryptionAtRest_basicAWS(t *testing.T) { Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), RoleId: conversion.StringPtr(os.Getenv("AWS_ROLE_ID")), } + useDatasource = mig.IsProviderVersionAtLeast("1.19.0") // data source introduced in this version ) resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 + Config: configAwsKms(projectID, &awsKms, useDatasource), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.role_id", awsKms.GetRoleId()), ), }, - { - ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), - ConfigPlanChecks: resource.ConfigPlanChecks{ - PreApply: []plancheck.PlanCheck{ - acc.DebugPlan(), - plancheck.ExpectEmptyPlan(), - }, - }, - }, + mig.TestStepCheckEmptyPlan(configAwsKms(projectID, &awsKms, useDatasource)), }, }) } @@ -80,7 +72,7 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProvidersWithAWS(), @@ -91,7 +83,7 @@ func TestMigEncryptionAtRest_withRole_basicAWS(t *testing.T) { ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), @@ -134,31 +126,24 @@ func TestMigEncryptionAtRest_basicAzure(t *testing.T) { "subscription_id": azureKeyVault.GetSubscriptionID(), "tenant_id": azureKeyVault.GetTenantID(), } + + useDatasource = mig.IsProviderVersionAtLeast("1.19.0") // data source introduced in this version ) resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t) }, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), // not using data source as it was introduced in 1.19.0 + Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, useDatasource), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap), + acc.EARCheckResourceAttr(resourceName, "azure_key_vault_config.0", attrMap), ), }, - { - ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, false), - ConfigPlanChecks: resource.ConfigPlanChecks{ - PreApply: []plancheck.PlanCheck{ - acc.DebugPlan(), - plancheck.ExpectEmptyPlan(), - }, - }, - }, + mig.TestStepCheckEmptyPlan(acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, useDatasource)), }, }) } @@ -175,32 +160,24 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) { ServiceAccountKey: conversion.StringPtr(os.Getenv("GCP_SERVICE_ACCOUNT_KEY")), KeyVersionResourceID: conversion.StringPtr(os.Getenv("GCP_KEY_VERSION_RESOURCE_ID")), } + useDatasource = mig.IsProviderVersionAtLeast("1.19.0") // data source introduced in this version ) resource.Test(t, resource.TestCase{ PreCheck: func() { mig.PreCheck(t); acc.PreCheckGPCEnv(t) }, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { ExternalProviders: mig.ExternalProviders(), - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), // not using data source as it was introduced in 1.19.0 + Config: configGoogleCloudKms(projectID, &googleCloudKms, useDatasource), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), resource.TestCheckResourceAttrSet(resourceName, "google_cloud_kms_config.0.key_version_resource_id"), ), }, - { - ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, false), - ConfigPlanChecks: resource.ConfigPlanChecks{ - PreApply: []plancheck.PlanCheck{ - acc.DebugPlan(), - plancheck.ExpectEmptyPlan(), - }, - }, - }, + mig.TestStepCheckEmptyPlan(configGoogleCloudKms(projectID, &googleCloudKms, useDatasource)), }, }) } @@ -220,33 +197,25 @@ func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { Region: conversion.StringPtr(conversion.AWSRegionToMongoDBRegion(os.Getenv("AWS_REGION"))), RoleId: conversion.StringPtr(os.Getenv("AWS_ROLE_ID")), } + useDatasource = mig.IsProviderVersionAtLeast("1.19.0") // data source introduced in this version ) resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { ExternalProviders: acc.ExternalProvidersWithAWS("1.11.0"), - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), // not using data source as it was introduced in 1.19.0 + Config: configAwsKms(projectID, &awsKms, useDatasource), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.region", awsKms.GetRegion()), resource.TestCheckResourceAttr(resourceName, "aws_kms_config.0.role_id", awsKms.GetRoleId()), ), }, - { - ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, false), - ConfigPlanChecks: resource.ConfigPlanChecks{ - PreApply: []plancheck.PlanCheck{ - acc.DebugPlan(), - plancheck.ExpectEmptyPlan(), - }, - }, - }, + mig.TestStepCheckEmptyPlan(configAwsKms(projectID, &awsKms, useDatasource)), }, }) } diff --git a/internal/service/encryptionatrest/resource_test.go b/internal/service/encryptionatrest/resource_test.go index 1510a0a424..4e306227e0 100644 --- a/internal/service/encryptionatrest/resource_test.go +++ b/internal/service/encryptionatrest/resource_test.go @@ -64,39 +64,39 @@ func TestAccEncryptionAtRest_basicAWS(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKms, true), + Config: configAwsKms(projectID, &awsKms, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), + acc.EARCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), + acc.EARCheckResourceAttr(datasourceName, "aws_kms_config.", awsKmsAttrMap), ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID, &awsKmsUpdated, true), + Config: configAwsKms(projectID, &awsKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), + acc.EARCheckResourceAttr(resourceName, "aws_kms_config.0", awsKmsUpdatedAttrMap), resource.TestCheckNoResourceAttr(resourceName, "azure_key_vault_config.#"), resource.TestCheckNoResourceAttr(resourceName, "google_cloud_kms_config.#"), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), + acc.EARCheckResourceAttr(datasourceName, "aws_kms_config", awsKmsUpdatedAttrMap), ), }, { ResourceName: resourceName, - ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.EARImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, }, @@ -121,7 +121,7 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVault) + azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEARAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -136,37 +136,37 @@ func TestAccEncryptionAtRest_basicAzure(t *testing.T) { RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVaultUpdated) + azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEARAttrMap(&azureKeyVaultUpdated) ) resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzureWithUpdate(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, false, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + acc.EARCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), + acc.EARCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), ), }, { Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, false, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + acc.EARCheckResourceAttr(resourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), resource.TestCheckResourceAttr(datasourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), + acc.EARCheckResourceAttr(datasourceName, "azure_key_vault_config", azureKeyVaultUpdatedAttrMap), ), }, { ResourceName: resourceName, - ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.EARImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API @@ -198,12 +198,12 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { acc.PreCheck(t); acc.PreCheckGPCEnv(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKms, true), + Config: configGoogleCloudKms(projectID, &googleCloudKms, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), @@ -216,9 +216,9 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { ), }, { - Config: testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID, &googleCloudKmsUpdated, true), + Config: configGoogleCloudKms(projectID, &googleCloudKmsUpdated, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName), + acc.CheckEARExists(resourceName), resource.TestCheckResourceAttr(resourceName, "project_id", projectID), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "google_cloud_kms_config.0.valid", "true"), @@ -232,7 +232,7 @@ func TestAccEncryptionAtRest_basicGCP(t *testing.T) { }, { ResourceName: resourceName, - ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.EARImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, // "google_cloud_kms_config.0.service_account_key" is a sensitive value not returned by the API @@ -260,14 +260,14 @@ func TestAccEncryptionAtRestWithRole_basicAWS(t *testing.T) { PreCheck: func() { acc.PreCheck(t); acc.PreCheckAwsEnv(t) }, ExternalProviders: acc.ExternalProvidersOnlyAWS(), ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKmsWithRole(projectID, awsIAMRoleName, awsIAMRolePolicyName, awsKeyName, &awsKms), }, { ResourceName: resourceName, - ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName), + ImportStateIdFunc: acc.EARImportStateIDFunc(resourceName), ImportState: true, ImportStateVerify: true, }, @@ -510,7 +510,7 @@ func TestResourceMongoDBAtlasEncryptionAtRestCreateRefreshFunc(t *testing.T) { } } -func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admin.AWSKMSConfiguration, useDatasource bool) string { +func configAwsKms(projectID string, aws *admin.AWSKMSConfiguration, useDatasource bool) string { config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = %[1]q @@ -525,12 +525,12 @@ func testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(projectID string, aws *admi `, projectID, aws.GetEnabled(), aws.GetCustomerMasterKeyID(), aws.GetRegion(), aws.GetRoleId()) if useDatasource { - return fmt.Sprintf(`%s %s`, config, acc.TestAccDatasourceConfig()) + return fmt.Sprintf(`%s %s`, config, acc.EARDatasourceConfig()) } return config } -func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS, useDatasource bool) string { +func configGoogleCloudKms(projectID string, google *admin.GoogleCloudKMS, useDatasource bool) string { config := fmt.Sprintf(` resource "mongodbatlas_encryption_at_rest" "test" { project_id = "%s" @@ -544,7 +544,7 @@ func testAccMongoDBAtlasEncryptionAtRestConfigGoogleCloudKms(projectID string, g `, projectID, *google.Enabled, google.GetServiceAccountKey(), google.GetKeyVersionResourceID()) if useDatasource { - return fmt.Sprintf(`%s %s`, config, acc.TestAccDatasourceConfig()) + return fmt.Sprintf(`%s %s`, config, acc.EARDatasourceConfig()) } return config } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go b/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go index 256bfc93c3..2c84e1248c 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_migration_test.go @@ -9,5 +9,5 @@ import ( func TestMigEncryptionAtRestPrivateEndpoint_basic(t *testing.T) { mig.SkipIfVersionBelow(t, "1.19.0") testCase := basicTestCase(t) - mig.CreateAndRunTest(t, testCase) + mig.CreateAndRunTestNonParallel(t, testCase) } diff --git a/internal/service/encryptionatrestprivateendpoint/resource_test.go b/internal/service/encryptionatrestprivateendpoint/resource_test.go index b379839f75..3626cef384 100644 --- a/internal/service/encryptionatrestprivateendpoint/resource_test.go +++ b/internal/service/encryptionatrestprivateendpoint/resource_test.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "testing" + "time" "go.mongodb.org/atlas-sdk/v20240805003/admin" @@ -56,11 +57,11 @@ func basicTestCase(tb testing.TB) *resource.TestCase { CheckDestroy: checkDestroy, Steps: []resource.TestStep{ { - Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), - Check: checkPrivateEndpointAzureBasic(projectID, azureKeyVault, region), + Config: configAzureBasic(projectID, azureKeyVault, region, false), + Check: checkAzureBasic(projectID, azureKeyVault, region, false), }, { - Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), + Config: configAzureBasic(projectID, azureKeyVault, region, false), ResourceName: resourceName, ImportStateIdFunc: importStateIDFunc(resourceName), ImportState: true, @@ -70,6 +71,53 @@ func basicTestCase(tb testing.TB) *resource.TestCase { } } +func TestAccEncryptionAtRestPrivateEndpoint_approveEndpointWithAzureProvider(t *testing.T) { + acc.SkipTestForCI(t) // uses azure/azapi Terraform provider which can log sensitive information in CI like Azure subscriptionID used in parent_id of the resource + + var ( + subscriptionID = os.Getenv("AZURE_SUBSCRIPTION_ID") + resourceGroupName = os.Getenv("AZURE_RESOURCE_GROUP_NAME") + projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") + keyVaultName = os.Getenv("AZURE_KEY_VAULT_NAME") + azureKeyVault = &admin.AzureKeyVault{ + Enabled: conversion.Pointer(true), + RequirePrivateNetworking: conversion.Pointer(true), + AzureEnvironment: conversion.StringPtr("AZURE"), + ClientID: conversion.StringPtr(os.Getenv("AZURE_CLIENT_ID")), + SubscriptionID: conversion.StringPtr(subscriptionID), + ResourceGroupName: conversion.StringPtr(resourceGroupName), + KeyVaultName: conversion.StringPtr(keyVaultName), + KeyIdentifier: conversion.StringPtr(os.Getenv("AZURE_KEY_IDENTIFIER")), + Secret: conversion.StringPtr(os.Getenv("AZURE_APP_SECRET")), + TenantID: conversion.StringPtr(os.Getenv("AZURE_TENANT_ID")), + } + region = os.Getenv("AZURE_PRIVATE_ENDPOINT_REGION") + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.PreCheckBasic(t); acc.PreCheckEncryptionAtRestEnvAzure(t); acc.PreCheckPreviewFlag(t) }, + ExternalProviders: acc.ExternalProvidersOnlyAzapi(), + ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, + CheckDestroy: checkDestroy, + Steps: []resource.TestStep{ + { + Config: configAzureBasic(projectID, azureKeyVault, region, false), + Check: checkAzureBasic(projectID, azureKeyVault, region, false), + }, + { + Config: configAzureBasic(projectID, azureKeyVault, region, true), + }, + { + PreConfig: waitForStatusUpdate, + RefreshState: true, + Check: resource.ComposeAggregateTestCheckFunc( + checkAzureBasic(projectID, azureKeyVault, region, true), + ), + }, + }, + }) +} + func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t *testing.T) { var ( projectID = os.Getenv("MONGODB_ATLAS_PROJECT_EAR_PE_ID") @@ -101,7 +149,7 @@ func TestAccEncryptionAtRestPrivateEndpoint_transitionPublicToPrivateNetwork(t * ), }, { - Config: configPrivateEndpointAzureBasic(projectID, azureKeyVault, region), + Config: configAzureBasic(projectID, azureKeyVault, region, false), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr(earResourceName, "azure_key_vault_config.0.require_private_networking", "true"), resource.TestCheckResourceAttrSet(resourceName, "id"), @@ -129,7 +177,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T RequirePrivateNetworking: conversion.Pointer(true), } - azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVault) + azureKeyVaultAttrMap = acc.ConvertToAzureKeyVaultEARAttrMap(&azureKeyVault) azureKeyVaultUpdated = admin.AzureKeyVault{ Enabled: conversion.Pointer(true), @@ -144,7 +192,7 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T RequirePrivateNetworking: conversion.Pointer(false), } - azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEncryptionAtRestAttrMap(&azureKeyVaultUpdated) + azureKeyVaultUpdatedAttrMap = acc.ConvertToAzureKeyVaultEARAttrMap(&azureKeyVaultUpdated) ) resource.Test(t, resource.TestCase{ @@ -154,33 +202,33 @@ func TestAccEncryptionAtRest_azure_requirePrivateNetworking_preview(t *testing.T acc.PreCheckPreviewFlag(t) }, ProtoV6ProviderFactories: acc.TestAccProviderV6Factories, - CheckDestroy: acc.TestAccCheckMongoDBAtlasEncryptionAtRestDestroy, + CheckDestroy: acc.EARDestroy, Steps: []resource.TestStep{ { Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVault, true, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(earResourceName), + acc.CheckEARExists(earResourceName), resource.TestCheckResourceAttr(earResourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), + acc.EARCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultAttrMap), resource.TestCheckResourceAttr(earDatasourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(earDatasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), + acc.EARCheckResourceAttr(earDatasourceName, "azure_key_vault_config", azureKeyVaultAttrMap), ), }, { Config: acc.ConfigEARAzureKeyVault(projectID, &azureKeyVaultUpdated, true, true), Check: resource.ComposeAggregateTestCheckFunc( - acc.TestAccCheckMongoDBAtlasEncryptionAtRestExists(earResourceName), + acc.CheckEARExists(earResourceName), resource.TestCheckResourceAttr(earResourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), + acc.EARCheckResourceAttr(earResourceName, "azure_key_vault_config.0", azureKeyVaultUpdatedAttrMap), resource.TestCheckResourceAttr(earDatasourceName, "project_id", projectID), - acc.TestEncryptionAtRestCheckResourceAttr(earDatasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), + acc.EARCheckResourceAttr(earDatasourceName, "azure_key_vault_config.", azureKeyVaultUpdatedAttrMap), ), }, { ResourceName: earResourceName, - ImportStateIdFunc: acc.TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(earResourceName), + ImportStateIdFunc: acc.EARImportStateIDFunc(earResourceName), ImportState: true, ImportStateVerify: true, // "azure_key_vault_config.0.secret" is a sensitive value not returned by the API @@ -261,9 +309,9 @@ func importStateIDFunc(resourceName string) resource.ImportStateIdFunc { } } -func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault, region string) string { +func configAzureBasic(projectID string, azure *admin.AzureKeyVault, region string, approveWithAzapi bool) string { encryptionAtRestConfig := acc.ConfigEARAzureKeyVault(projectID, azure, true, true) - return fmt.Sprintf(` + config := fmt.Sprintf(` %[1]s resource "mongodbatlas_encryption_at_rest_private_endpoint" "test" { @@ -282,10 +330,43 @@ func configPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVaul project_id = mongodbatlas_encryption_at_rest_private_endpoint.test.project_id cloud_provider = mongodbatlas_encryption_at_rest_private_endpoint.test.cloud_provider } + `, encryptionAtRestConfig, region) + + if approveWithAzapi { + azKeyVaultResourceID := fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.KeyVault/vaults/%s", azure.GetSubscriptionID(), azure.GetResourceGroupName(), azure.GetKeyVaultName()) + + return fmt.Sprintf(` + %[1]s + + %[2]s + + resource "azapi_update_resource" "approval" { + type = "Microsoft.KeyVault/Vaults/PrivateEndpointConnections@2023-07-01" + name = mongodbatlas_encryption_at_rest_private_endpoint.test.private_endpoint_connection_name + parent_id = %[3]q + + body = jsonencode({ + properties = { + privateLinkServiceConnectionState = { + description = "Approved via Terraform" + status = "Approved" + } + } + }) + } + `, config, acc.ConfigAzapiProvider(azure.GetSubscriptionID(), azure.GetClientID(), azure.GetSecret(), azure.GetTenantID()), azKeyVaultResourceID) + } + + return config } -func checkPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault, region string) resource.TestCheckFunc { +func checkAzureBasic(projectID string, azure *admin.AzureKeyVault, region string, expectApproved bool) resource.TestCheckFunc { + expectedStatus := retrystrategy.RetryStrategyPendingAcceptanceState + if expectApproved { + expectedStatus = retrystrategy.RetryStrategyActiveState + } + return acc.CheckRSAndDS( resourceName, admin.PtrString(dataSourceName), @@ -293,7 +374,7 @@ func checkPrivateEndpointAzureBasic(projectID string, azure *admin.AzureKeyVault []string{"id", "private_endpoint_connection_name"}, map[string]string{ "project_id": projectID, - "status": retrystrategy.RetryStrategyPendingAcceptanceState, + "status": expectedStatus, "region_name": region, "cloud_provider": *azure.AzureEnvironment, }) @@ -314,3 +395,7 @@ func checkDestroy(state *terraform.State) error { } return nil } + +func waitForStatusUpdate() { + time.Sleep(4 * time.Minute) +} diff --git a/internal/testutil/acc/encryption_at_rest.go b/internal/testutil/acc/encryption_at_rest.go index ae0aa1e400..7de444a95f 100644 --- a/internal/testutil/acc/encryption_at_rest.go +++ b/internal/testutil/acc/encryption_at_rest.go @@ -38,18 +38,18 @@ func ConfigEARAzureKeyVault(projectID string, azure *admin.AzureKeyVault, useReq azure.GetKeyVaultName(), azure.GetKeyIdentifier(), azure.GetSecret(), azure.GetTenantID(), requirePrivateNetworkingAttr) if useDatasource { - return fmt.Sprintf(`%s %s`, config, TestAccDatasourceConfig()) + return fmt.Sprintf(`%s %s`, config, EARDatasourceConfig()) } return config } -func TestAccDatasourceConfig() string { +func EARDatasourceConfig() string { return `data "mongodbatlas_encryption_at_rest" "test" { project_id = mongodbatlas_encryption_at_rest.test.project_id }` } -func TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName string) resource.TestCheckFunc { +func CheckEARExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] if !ok { @@ -65,7 +65,7 @@ func TestAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName string) resourc } } -func ConvertToAzureKeyVaultEncryptionAtRestAttrMap(az *admin.AzureKeyVault) map[string]string { +func ConvertToAzureKeyVaultEARAttrMap(az *admin.AzureKeyVault) map[string]string { return map[string]string{ "enabled": strconv.FormatBool(az.GetEnabled()), "azure_environment": az.GetAzureEnvironment(), @@ -79,13 +79,13 @@ func ConvertToAzureKeyVaultEncryptionAtRestAttrMap(az *admin.AzureKeyVault) map[ } } -func TestEncryptionAtRestCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { +func EARCheckResourceAttr(resourceName, prefix string, attrsMap map[string]string) resource.TestCheckFunc { checks := AddAttrChecksPrefix(resourceName, []resource.TestCheckFunc{}, attrsMap, prefix) return resource.ComposeAggregateTestCheckFunc(checks...) } -func TestAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { +func EARDestroy(s *terraform.State) error { for _, rs := range s.RootModule().Resources { if rs.Type != "mongodbatlas_encryption_at_rest" { continue @@ -102,7 +102,7 @@ func TestAccCheckMongoDBAtlasEncryptionAtRestDestroy(s *terraform.State) error { return nil } -func TestAccCheckMongoDBAtlasEncryptionAtRestImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { +func EARImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { return func(s *terraform.State) (string, error) { rs, ok := s.RootModule().Resources[resourceName] if !ok { diff --git a/internal/testutil/acc/provider.go b/internal/testutil/acc/provider.go index 3c57702afd..b7770257c1 100644 --- a/internal/testutil/acc/provider.go +++ b/internal/testutil/acc/provider.go @@ -8,6 +8,7 @@ import ( ) const AwsProviderVersion = "5.1.0" +const azapiProviderVersion = "1.15.0" func ExternalProviders(versionAtlasProvider string) map[string]resource.ExternalProvider { return map[string]resource.ExternalProvider{ @@ -28,6 +29,12 @@ func ExternalProvidersOnlyAWS() map[string]resource.ExternalProvider { } } +func ExternalProvidersOnlyAzapi() map[string]resource.ExternalProvider { + return map[string]resource.ExternalProvider{ + "azapi": *providerAzapi(), + } +} + func providerAtlas(versionAtlasProvider string) *resource.ExternalProvider { return &resource.ExternalProvider{ VersionConstraint: versionAtlasProvider, @@ -42,6 +49,13 @@ func providerAWS() *resource.ExternalProvider { } } +func providerAzapi() *resource.ExternalProvider { + return &resource.ExternalProvider{ + VersionConstraint: azapiProviderVersion, + Source: "Azure/azapi", + } +} + // configProvider creates a new provider with credentials explicit in config. // // This can be used when you want credentials different from the default env-vars. @@ -61,3 +75,16 @@ provider %[1]q { func ConfigGovProvider() string { return configProvider(os.Getenv("MONGODB_ATLAS_GOV_PUBLIC_KEY"), os.Getenv("MONGODB_ATLAS_GOV_PRIVATE_KEY"), os.Getenv("MONGODB_ATLAS_GOV_BASE_URL")) } + +// configAzapiProvider creates a new azure/azapi provider with credentials explicit in config. +// This will authorize the provider for a client +func ConfigAzapiProvider(subscriptionID, clientID, clientSecret, tenantID string) string { + return fmt.Sprintf(` +provider "azapi" { + subscription_id = %[1]q + client_id = %[2]q + client_secret = %[3]q + tenant_id = %[4]q +} +`, subscriptionID, clientID, clientSecret, tenantID) +} From eab27cfc3433fd9a91a8b9381fa8911e300f03c2 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Fri, 6 Sep 2024 18:53:40 +0200 Subject: [PATCH 18/20] doc: Add user journey considerations in current resource and example documentation (#2559) * minor typo fix * improve initial description in ear * adjust ear docs with mention of azure private link * private link doc adjustments * improve example * improve example * add mention in ear examples about policies * add note on update operation * link adjustments and add header for handling existing clusters * add note on private endpoint * add note in data sources * Update docs/resources/encryption_at_rest_private_endpoint.md Co-authored-by: maastha <122359335+maastha@users.noreply.github.com> * add clarification of preview flag for data sources --------- Co-authored-by: maastha <122359335+maastha@users.noreply.github.com> --- .../encryption_at_rest_private_endpoint.md | 5 ++++ .../encryption_at_rest_private_endpoints.md | 5 ++++ docs/resources/encryption_at_rest.md | 27 ++++++++++------- .../encryption_at_rest_private_endpoint.md | 10 +++++-- .../azure/README.md | 3 ++ .../azure/README.md | 30 ++++++++++++++----- ...ncryption_at_rest_private_endpoint.md.tmpl | 5 ++++ ...cryption_at_rest_private_endpoints.md.tmpl | 5 ++++ .../resources/encryption_at_rest.md.tmpl | 27 ++++++++++------- ...ncryption_at_rest_private_endpoint.md.tmpl | 10 +++++-- 10 files changed, 95 insertions(+), 32 deletions(-) diff --git a/docs/data-sources/encryption_at_rest_private_endpoint.md b/docs/data-sources/encryption_at_rest_private_endpoint.md index fc6c00f57f..3cd1f2e29e 100644 --- a/docs/data-sources/encryption_at_rest_private_endpoint.md +++ b/docs/data-sources/encryption_at_rest_private_endpoint.md @@ -2,8 +2,13 @@ `mongodbatlas_encryption_at_rest_private_endpoint` describes a private endpoint used for encryption at rest using customer-managed keys. +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. +Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). + ## Example Usages +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + ```terraform data "mongodbatlas_encryption_at_rest_private_endpoint" "single" { project_id = var.atlas_project_id diff --git a/docs/data-sources/encryption_at_rest_private_endpoints.md b/docs/data-sources/encryption_at_rest_private_endpoints.md index f21ba135a2..96f3fd17b0 100644 --- a/docs/data-sources/encryption_at_rest_private_endpoints.md +++ b/docs/data-sources/encryption_at_rest_private_endpoints.md @@ -2,8 +2,13 @@ `mongodbatlas_encryption_at_rest_private_endpoints` describes private endpoints of a particular cloud provider used for encryption at rest using customer-managed keys. +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. +Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). + ## Example Usages +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + ```terraform data "mongodbatlas_encryption_at_rest_private_endpoints" "plural" { project_id = var.atlas_project_id diff --git a/docs/resources/encryption_at_rest.md b/docs/resources/encryption_at_rest.md index e88e45fdba..b0bb5ee03e 100644 --- a/docs/resources/encryption_at_rest.md +++ b/docs/resources/encryption_at_rest.md @@ -1,14 +1,11 @@ # Resource: mongodbatlas_encryption_at_rest -`mongodbatlas_encryption_at_rest` allows management of encryption at rest for an Atlas project with one of the following providers: +`mongodbatlas_encryption_at_rest` allows management of Encryption at Rest for an Atlas project using Customer Key Management configuration. The following providers are supported: +- [Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) +- [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) +- [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) -[Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) -[Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) -[Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) - -The [encryption at rest Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/encryption-at-rest/mongodbatlas/latest) makes use of this resource and simplifies its use. - -After configuring at least one Encryption at Rest provider for the Atlas project, Project Owners can enable Encryption at Rest for each Atlas cluster for which they require encryption. The Encryption at Rest provider does not have to match the cluster cloud service provider. +The [encryption at rest Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/encryption-at-rest/mongodbatlas/latest) makes use of this resource and simplifies its use. It is currently limited to AWS KMS. Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project. @@ -23,6 +20,13 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ -> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. +## Enabling Encryption at Rest for existing Atlas cluster + +After configuring at least one key management provider for an Atlas project, Project Owners can enable customer key management for each Atlas cluster for which they require encryption. For clusters defined in terraform, the [`encryption_at_rest_provider` attribute](advanced_cluster#encryption_at_rest_provider) can be used in both `mongodbatlas_advanced_cluster` and `mongodbatlas_cluster` resources. The key management provider does not have to match the cluster cloud service provider. + +Please reference [Enable Customer Key Management for an Atlas Cluster](https://www.mongodb.com/docs/atlas/security-kms-encryption/#enable-customer-key-management-for-an-service-cluster) documentation for additional considerations. + + ## Example Usages ### Configuring encryption at rest using customer key management in AWS @@ -121,7 +125,10 @@ output "is_azure_encryption_at_rest_valid" { } ``` --> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. +#### Manage Customer Keys with Azure Key Vault Over Private Endpoints +It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. This requires enabling `azure_key_vault_config.require_private_networking` attribute, together with the configuration of `mongodbatlas_encryption_at_rest_private_endpoint` resource. + +Please review [`mongodbatlas_encryption_at_rest_private_endpoint` resource documentation](encryption_at_rest_private_endpoint) and [complete example](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure) for details on this functionality. ### Configuring encryption at rest using customer key management in GCP @@ -212,4 +219,4 @@ Encryption at Rest Settings can be imported using project ID, in the format `pro $ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 ``` -For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) diff --git a/docs/resources/encryption_at_rest_private_endpoint.md b/docs/resources/encryption_at_rest_private_endpoint.md index a9a9a6ed94..3e3e068d12 100644 --- a/docs/resources/encryption_at_rest_private_endpoint.md +++ b/docs/resources/encryption_at_rest_private_endpoint.md @@ -2,15 +2,21 @@ `mongodbatlas_encryption_at_rest_private_endpoint` provides a resource for managing a private endpoint used for encryption at rest with customer-managed keys. This ensures all traffic between Atlas and customer key management systems take place over private network interfaces. -~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for you Atlas deployments, contact your Account Manager. +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this resource. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). --> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. +-> **NOTE:** As a prerequisite to configuring a private endpoint for Azure Key Vault, the corresponding [`mongodbatlas_encryption_at_rest`](encryption_at_rest) resource has to be adjust by configuring [`azure_key_vault_config.require_private_networking`](encryption_at_rest#require_private_networking) to true. This attribute should be updated in place, ensuring the customer-managed keys encryption is never disabled. + +-> **NOTE:** This resource does not support update operations. To modify values of a private endpoint the existing resource must be deleted and a new one can be created with the modified values. ## Example Usages +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + ### Configuring Atlas Encryption at Rest using Azure Key Vault with Azure Private Link +Make sure to reference the [complete example section](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure) for detailed steps and considerations. + ```terraform resource "mongodbatlas_encryption_at_rest" "ear" { project_id = var.atlas_project_id diff --git a/examples/mongodbatlas_encryption_at_rest/azure/README.md b/examples/mongodbatlas_encryption_at_rest/azure/README.md index c8dd523c24..512a16d281 100644 --- a/examples/mongodbatlas_encryption_at_rest/azure/README.md +++ b/examples/mongodbatlas_encryption_at_rest/azure/README.md @@ -24,6 +24,9 @@ Note: It is possible to configure Atlas Encryption at Rest to communicate with A - `azure_key_vault_name`: Unique string that identifies the Azure Key Vault that contains your key - `azure_key_identifier`: Web address with a unique key that identifies for your Azure Key Vault +**NOTE**: The Azure application (associated to `azure_client_id`) must have the following permissions associated to the Azure Key Vault (`azure_key_vault_name`): +- GET (Key Management Operation), ENCRYPT (Cryptographic Operation) and DECRYPT (Cryptographic Operation) policy permissions. +- A `Key Vault Reader` role. **2\. Review the Terraform plan.** diff --git a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md index 20f1400ef4..727ec3b95b 100644 --- a/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md +++ b/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/README.md @@ -1,4 +1,4 @@ -# MongoDB Atlas Provider -- Encryption At Rest using Customer Key Management via Private Network Interfaces (Azure) +# MongoDB Atlas Provider - Encryption At Rest using Customer Key Management via Private Network Interfaces (Azure) This example shows how to configure encryption at rest using Azure with customer managed keys ensuring all communication with Azure Key Vault happens exclusively over Azure Private Link. ## Dependencies @@ -10,7 +10,19 @@ This example shows how to configure encryption at rest using Azure with customer ## Usage -**1\. Provide the appropriate values for the input variables.** +**1\. Ensure that Encryption At Rest Azure Key Vault Private Endpoint feature is available for your project.** + +The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. + +**2\. Enable `MONGODB_ATLAS_ENABLE_PREVIEW` flag.** + +This step is needed to make use of the `mongodbatlas_encryption_at_rest_private_endpoint` resource. + +``` +export MONGODB_ATLAS_ENABLE_PREVIEW="true" +``` + +**3\. Provide the appropriate values for the input variables.** - `atlas_public_key`: The public API key for MongoDB Atlas - `atlas_private_key`: The private API key for MongoDB Atlas @@ -25,20 +37,22 @@ This example shows how to configure encryption at rest using Azure with customer - `azure_region_name`: Region in which the Encryption At Rest private endpoint is located -NOTE: The Azure application (associated to `azure_client_id`) must have at least a Key Vault Contributor role assigned in the corresponding Key Vault. +**NOTE**: The Azure application (associated to `azure_client_id`) must have the following permissions associated to the Azure Key Vault (`azure_key_vault_name`): +- GET (Key Management Operation), ENCRYPT (Cryptographic Operation) and DECRYPT (Cryptographic Operation) policy permissions. +- A `Key Vault Reader` role. -**2\. Review the Terraform plan.** +**4\. Review the Terraform plan.** Execute the following command and ensure you are happy with the plan. ``` bash $ terraform plan ``` -This project currently supports the following deployments: +This project will execute the following changes to acheive a successful Azure Private Link for customer managed keys: -- Configure encryption at rest in an existing project using a custom Azure Key. Specifies that private networking is required. -- Create a private endpoint for the existing project under a certain Azure region. -- Approve the connection from the Azure Key Vault. This is being done through terraform, but alternatively the private connection can be approved through the Azure UI or CLI. +- Configure encryption at rest in an existing project using a custom Azure Key. For successful private networking configuration, the `requires_private_networking` attribute in `mongodbatlas_encryption_at_rest` is set to true. +- Create a private endpoint for the existing project under a certain Azure region using `mongodbatlas_encryption_at_rest_private_endpoint`. +- Approve the connection from the Azure Key Vault. This is being done through terraform with the `azapi_update_resource` resource. Alternatively, the private connection can be approved through the Azure UI or CLI. - CLI example command: `az keyvault private-endpoint-connection approve --approval-description {"OPTIONAL DESCRIPTION"} --resource-group {RG} --vault-name {KEY VAULT NAME} –name {PRIVATE LINK CONNECTION NAME}` **3\. Execute the Terraform apply.** diff --git a/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl b/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl index b747da07df..74675e1338 100644 --- a/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl +++ b/templates/data-sources/encryption_at_rest_private_endpoint.md.tmpl @@ -2,8 +2,13 @@ `{{.Name}}` describes a private endpoint used for encryption at rest using customer-managed keys. +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. +Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). + ## Example Usages +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + {{ tffile (printf "examples/%s/azure/singular-data-source.tf" .Name )}} {{ .SchemaMarkdown | trimspace }} diff --git a/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl b/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl index 0b161f8f17..701736d56a 100644 --- a/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl +++ b/templates/data-sources/encryption_at_rest_private_endpoints.md.tmpl @@ -2,8 +2,13 @@ `{{.Name}}` describes private endpoints of a particular cloud provider used for encryption at rest using customer-managed keys. +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. +Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this data source. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). + ## Example Usages +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + {{ tffile ("examples/mongodbatlas_encryption_at_rest_private_endpoint/azure/plural-data-source.tf") }} {{ .SchemaMarkdown | trimspace }} diff --git a/templates/resources/encryption_at_rest.md.tmpl b/templates/resources/encryption_at_rest.md.tmpl index a01b48e279..bff149fca3 100644 --- a/templates/resources/encryption_at_rest.md.tmpl +++ b/templates/resources/encryption_at_rest.md.tmpl @@ -1,14 +1,11 @@ # {{.Type}}: {{.Name}} -`{{.Name}}` allows management of encryption at rest for an Atlas project with one of the following providers: +`{{.Name}}` allows management of Encryption at Rest for an Atlas project using Customer Key Management configuration. The following providers are supported: +- [Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) +- [Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) +- [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) -[Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) -[Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) -[Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) - -The [encryption at rest Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/encryption-at-rest/mongodbatlas/latest) makes use of this resource and simplifies its use. - -After configuring at least one Encryption at Rest provider for the Atlas project, Project Owners can enable Encryption at Rest for each Atlas cluster for which they require encryption. The Encryption at Rest provider does not have to match the cluster cloud service provider. +The [encryption at rest Terraform module](https://registry.terraform.io/modules/terraform-mongodbatlas-modules/encryption-at-rest/mongodbatlas/latest) makes use of this resource and simplifies its use. It is currently limited to AWS KMS. Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project. @@ -23,6 +20,13 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ -> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. +## Enabling Encryption at Rest for existing Atlas cluster + +After configuring at least one key management provider for an Atlas project, Project Owners can enable customer key management for each Atlas cluster for which they require encryption. For clusters defined in terraform, the [`encryption_at_rest_provider` attribute](advanced_cluster#encryption_at_rest_provider) can be used in both `mongodbatlas_advanced_cluster` and `mongodbatlas_cluster` resources. The key management provider does not have to match the cluster cloud service provider. + +Please reference [Enable Customer Key Management for an Atlas Cluster](https://www.mongodb.com/docs/atlas/security-kms-encryption/#enable-customer-key-management-for-an-service-cluster) documentation for additional considerations. + + ## Example Usages ### Configuring encryption at rest using customer key management in AWS @@ -42,7 +46,10 @@ resource "mongodbatlas_encryption_at_rest" "default" { ### Configuring encryption at rest using customer key management in Azure {{ tffile (printf "examples/%s/azure/main.tf" .Name )}} --> **NOTE:** It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review `mongodbatlas_encryption_at_rest_private_endpoint` resource for details. +#### Manage Customer Keys with Azure Key Vault Over Private Endpoints +It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. This requires enabling `azure_key_vault_config.require_private_networking` attribute, together with the configuration of `mongodbatlas_encryption_at_rest_private_endpoint` resource. + +Please review [`mongodbatlas_encryption_at_rest_private_endpoint` resource documentation](encryption_at_rest_private_endpoint) and [complete example](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure) for details on this functionality. ### Configuring encryption at rest using customer key management in GCP @@ -67,4 +74,4 @@ Encryption at Rest Settings can be imported using project ID, in the format `pro $ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 ``` -For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) diff --git a/templates/resources/encryption_at_rest_private_endpoint.md.tmpl b/templates/resources/encryption_at_rest_private_endpoint.md.tmpl index 767132fd90..4867ee2014 100644 --- a/templates/resources/encryption_at_rest_private_endpoint.md.tmpl +++ b/templates/resources/encryption_at_rest_private_endpoint.md.tmpl @@ -2,15 +2,21 @@ `{{.Name}}` provides a resource for managing a private endpoint used for encryption at rest with customer-managed keys. This ensures all traffic between Atlas and customer key management systems take place over private network interfaces. -~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for you Atlas deployments, contact your Account Manager. +~> **IMPORTANT** The Encryption at Rest using Azure Key Vault over Private Endpoints feature is available by request. To request this functionality for your Atlas deployments, contact your Account Manager. Additionally, you'll need to set the environment variable `MONGODB_ATLAS_ENABLE_PREVIEW=true` to use this resource. To learn more about existing limitations, see the [Manage Customer Keys with Azure Key Vault Over Private Endpoints](https://www.mongodb.com/docs/atlas/security/azure-kms-over-private-endpoint/#manage-customer-keys-with-azure-key-vault-over-private-endpoints). --> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. +-> **NOTE:** As a prerequisite to configuring a private endpoint for Azure Key Vault, the corresponding [`mongodbatlas_encryption_at_rest`](encryption_at_rest) resource has to be adjust by configuring [`azure_key_vault_config.require_private_networking`](encryption_at_rest#require_private_networking) to true. This attribute should be updated in place, ensuring the customer-managed keys encryption is never disabled. + +-> **NOTE:** This resource does not support update operations. To modify values of a private endpoint the existing resource must be deleted and a new one can be created with the modified values. ## Example Usages +-> **NOTE:** Only Azure Key Vault with Azure Private Link is supported at this time. + ### Configuring Atlas Encryption at Rest using Azure Key Vault with Azure Private Link +Make sure to reference the [complete example section](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples/mongodbatlas_encryption_at_rest_private_endpoint/azure) for detailed steps and considerations. + {{ tffile (printf "examples/%s/azure/main.tf" .Name )}} {{ .SchemaMarkdown | trimspace }} From 75d5807a684fb95fe3b541f58653c83b3642b53d Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 9 Sep 2024 11:15:23 +0100 Subject: [PATCH 19/20] update project_ip_addresses action --- .github/workflows/code-health.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index ac449f113c..652ecacdc4 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -80,7 +80,7 @@ jobs: - name: Doc for encryption_at_rest_private_endpoint run: make generate-doc resource_name=encryption_at_rest_private_endpoint - name: Doc for project_ip_addresses - run: export resource_name=project_ip_addresses && make generate-doc + run: make generate-doc resource_name=project_ip_addresses - name: Find mutations id: self_mutation run: |- From e1b801f09bd8abdb1e4ad49eebb4e87e22fff234 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Mon, 9 Sep 2024 17:52:15 +0100 Subject: [PATCH 20/20] address doc comment --- docs/data-sources/encryption_at_rest.md | 2 +- docs/resources/encryption_at_rest.md | 2 +- templates/data-sources/encryption_at_rest.md.tmpl | 2 +- templates/resources/encryption_at_rest.md.tmpl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/data-sources/encryption_at_rest.md b/docs/data-sources/encryption_at_rest.md index a58b44a094..d5f2e240a9 100644 --- a/docs/data-sources/encryption_at_rest.md +++ b/docs/data-sources/encryption_at_rest.md @@ -7,7 +7,7 @@ [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) -~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. +~> **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes. ~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management diff --git a/docs/resources/encryption_at_rest.md b/docs/resources/encryption_at_rest.md index b0bb5ee03e..dbf92fbc65 100644 --- a/docs/resources/encryption_at_rest.md +++ b/docs/resources/encryption_at_rest.md @@ -11,7 +11,7 @@ Atlas does not automatically rotate user-managed encryption keys. Defer to your See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/index.html) for more information, including prerequisites and restrictions. -~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. +~> **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes. ~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management diff --git a/templates/data-sources/encryption_at_rest.md.tmpl b/templates/data-sources/encryption_at_rest.md.tmpl index 2e7124e16e..3e1831e49c 100644 --- a/templates/data-sources/encryption_at_rest.md.tmpl +++ b/templates/data-sources/encryption_at_rest.md.tmpl @@ -7,7 +7,7 @@ [Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) -~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. +~> **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes. ~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management diff --git a/templates/resources/encryption_at_rest.md.tmpl b/templates/resources/encryption_at_rest.md.tmpl index bff149fca3..4a3d08c67e 100644 --- a/templates/resources/encryption_at_rest.md.tmpl +++ b/templates/resources/encryption_at_rest.md.tmpl @@ -11,7 +11,7 @@ Atlas does not automatically rotate user-managed encryption keys. Defer to your See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/index.html) for more information, including prerequisites and restrictions. -~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. +~> **IMPORTANT** By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes. ~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management