mongodb · marinsalinas · Sep 13, 2019 · Sep 11, 2019 · Sep 12, 2019 · Sep 13, 2019
@@ -176,9 +176,9 @@ func valRegion(reg interface{}, opt ...string) (string, error) {
 	for _, r := range regions {
 		if strings.EqualFold(string(r), strings.ReplaceAll(region, "-", "_")) {
 			/*
-				We need to check if the option will be similar to network_pering word
+				We need to check if the option will be similar to network_peering word
 				 (this comes in from the same resource) because network_pering resource
-				 has not the standard region name patron "US_EAST_1",
+				 has not the standard region name pattern "US_EAST_1",
 				 instead it needs the following one: "us-east-1".
 			*/
 			if len(opt) > 0 && strings.EqualFold("network_peering", opt[0]) {

@@ -60,7 +60,10 @@ func checkPeeringEnvGCP(t *testing.T) {
 func checkAwsEnv(t *testing.T) {
 	if os.Getenv("AWS_ACCESS_KEY_ID") == "" ||
 		os.Getenv("AWS_SECRET_ACCESS_KEY") == "" ||
-		os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID") == "" {
+		os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID") == "" ||
+		os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID_UPDATED") == "" ||
+		os.Getenv("AWS_ACCESS_KEY_ID_UPDATED") == "" ||
+		os.Getenv("AWS_SECRET_ACCESS_KEY_UPDATED") == "" {
 		t.Fatal("`AWS_ACCESS_KEY_ID`, `AWS_VPC_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_CUSTOMER_MASTER_KEY_ID` must be set for acceptance testing")
 	}
 }
@@ -16,6 +16,7 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource {
 		Create:   resourceMongoDBAtlasEncryptionAtRestCreate,
 		Read:     resourceMongoDBAtlasEncryptionAtRestRead,
 		Delete:   resourceMongoDBAtlasEncryptionAtRestDelete,
+		Update:   resourceMongoDBAtlasEncryptionAtRestUpdate,
 		Importer: &schema.ResourceImporter{},
 		Schema: map[string]*schema.Schema{
 			"project_id": {
@@ -25,34 +26,28 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource {
 			},
 			"aws_kms": {
 				Type:     schema.TypeMap,
-				ForceNew: true,
 				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"enabled": {
 							Type:     schema.TypeBool,
-							ForceNew: true,
 							Required: true,
 						},
 						"access_key_id": {
 							Type:     schema.TypeString,
-							ForceNew: true,
 							Required: true,
 						},
 						"secret_access_key": {
 							Type:      schema.TypeString,
-							ForceNew:  true,
 							Required:  true,
 							Sensitive: true,
 						},
 						"customer_master_key_id": {
 							Type:     schema.TypeString,
-							ForceNew: true,
 							Required: true,
 						},
 						"region": {
 							Type:     schema.TypeString,
-							ForceNew: true,
 							Required: true,
 						},
 					},
@@ -140,19 +135,23 @@ func resourceMongoDBAtlasEncryptionAtRest() *schema.Resource {
 	}
 }
 
+func expandAwsKms(awsKms map[string]interface{}) matlas.AwsKms {
+	awsRegion, _ := valRegion(awsKms["region"])
+	return matlas.AwsKms{
+		Enabled:             pointy.Bool(cast.ToBool(awsKms["enabled"])),
+		AccessKeyID:         awsKms["access_key_id"].(string),
+		SecretAccessKey:     awsKms["secret_access_key"].(string),
+		CustomerMasterKeyID: awsKms["customer_master_key_id"].(string),
+		Region:              awsRegion,
+	}
+}
+
 func resourceMongoDBAtlasEncryptionAtRestCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*matlas.Client)
-	awsRegion, _ := valRegion(d.Get("aws_kms.region"))
 
 	encryptionAtRestReq := &matlas.EncryptionAtRest{
 		GroupID: d.Get("project_id").(string),
-		AwsKms: matlas.AwsKms{
-			Enabled:             pointy.Bool(cast.ToBool(d.Get("aws_kms.enabled"))),
-			AccessKeyID:         d.Get("aws_kms.access_key_id").(string),
-			SecretAccessKey:     d.Get("aws_kms.secret_access_key").(string),
-			CustomerMasterKeyID: d.Get("aws_kms.customer_master_key_id").(string),
-			Region:              awsRegion,
-		},
+		AwsKms:  expandAwsKms(d.Get("aws_kms").(map[string]interface{})),
 		AzureKeyVault: matlas.AzureKeyVault{
 			Enabled:           pointy.Bool(cast.ToBool(d.Get("azure_key_vault.enabled"))),
 			ClientID:          d.Get("azure_key_vault.client_id").(string),
@@ -200,3 +199,28 @@ func resourceMongoDBAtlasEncryptionAtRestDelete(d *schema.ResourceData, meta int
 	}
 	return nil
 }
+
+func resourceMongoDBAtlasEncryptionAtRestUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*matlas.Client)
+	projectID := d.Id()
+
+	encrypt, _, err := conn.EncryptionsAtRest.Get(context.Background(), projectID)
+
+	if err != nil {
+		return fmt.Errorf("error getting encryption at rest information: %s", err)
+	}
+
+	if d.HasChange("aws_kms") {
+		encrypt.AwsKms = expandAwsKms(d.Get("aws_kms").(map[string]interface{}))
+	}
+
+	encrypt.GroupID = projectID
+
+	_, _, err = conn.EncryptionsAtRest.Create(context.Background(), encrypt)
+
+	if err != nil {
+		return fmt.Errorf("error updating encryption at rest (%s): %s", projectID, err)
+	}
+
+	return resourceMongoDBAtlasEncryptionAtRestRead(d, meta)
+}
@@ -28,6 +28,14 @@ func TestAccResourceMongoDBAtlasEncryptionAtRest_basicAWS(t *testing.T) {
 		Region:              os.Getenv("AWS_REGION"),
 	}
 
+	awsKmsUpdated := matlas.AwsKms{
+		Enabled:             pointy.Bool(true),
+		AccessKeyID:         os.Getenv("AWS_ACCESS_KEY_ID_UPDATED"),
+		SecretAccessKey:     os.Getenv("AWS_SECRET_ACCESS_KEY_UPDATED"),
+		CustomerMasterKeyID: os.Getenv("AWS_CUSTOMER_MASTER_KEY_ID_UPDATED"),
+		Region:              os.Getenv("AWS_REGION_UPDATED"),
+	}
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); checkAwsEnv(t) },
 		Providers:    testAccProviders,
@@ -46,6 +54,19 @@ func TestAccResourceMongoDBAtlasEncryptionAtRest_basicAWS(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "aws_kms.region", awsKms.Region),
 				),
 			},
+			{
+				Config: testAccMongoDBAtlasEncryptionAtRestConfigAwsKms(&awsKmsUpdated),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasEncryptionAtRestExists(resourceName, &encryptionAtRest),
+					testAccCheckMongoDBAtlasEncryptionAtRestAttributes(&encryptionAtRest, pointy.Bool(true)),
+					resource.TestCheckResourceAttr(resourceName, "project_id", projectID),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.enabled", cast.ToString(awsKmsUpdated.Enabled)),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.access_key_id", awsKmsUpdated.AccessKeyID),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.secret_access_key", awsKmsUpdated.SecretAccessKey),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.customer_master_key_id", awsKmsUpdated.CustomerMasterKeyID),
+					resource.TestCheckResourceAttr(resourceName, "aws_kms.region", awsKmsUpdated.Region),
+				),
+			},
 		},
 	})
 }

@@ -175,16 +175,20 @@ func resourceMongoDBAtlasProjectIPWhitelistImportState(d *schema.ResourceData, m
 		entries = append(entries, entry)
 	})
 
+	if err := d.Set("project_id", d.Id()); err != nil {
+		log.Printf("[WARN] Error setting project_id for (%s): %s", d.Id(), err)
+		return []*schema.ResourceData{d}, err
+	}
+	if err := d.Set("whitelist", flattenProjectIPWhitelist(whitelist)); err != nil {
+		log.Printf("[WARN] Error setting whitelist for (%s): %s", d.Id(), err)
+		return []*schema.ResourceData{d}, err
+	}
+
 	d.SetId(encodeStateID(map[string]string{
 		"project_id": d.Id(),
 		"entries":    strings.Join(entries, ","),
 	}))
 
-	if err := d.Set("whitelist", flattenProjectIPWhitelist(whitelist)); err != nil {
-		log.Printf("[WARN] Error setting project_id for (%s): %s", d.Id(), err)
-		return []*schema.ResourceData{d}, err
-	}
-
 	return []*schema.ResourceData{d}, nil
 }
 

@@ -54,7 +54,7 @@
 
                 <li<%= sidebar_current("docs-mongodbatlas-resource") %>>
                   <a href="#">Resources</a>
-                  <ul class="nav">
+                  <ul class="nav nav-visible">
                     <li<%= sidebar_current("docs-mongodbatlas-resource-database-user") %>>
                         <a href="/docs/providers/mongodbatlas/r/database_user.html">mongodbatlas_database_user</a>
                     </li>