feat: Supports configuring BYOK encryption on search nodes #3142
Conversation
|
APIx bot: a message has been sent to Docs Slack channel |
| @@ -151,3 +153,19 @@ func NewAtlasAzureKeyVault(tfAzKeyVaultConfigSlice []TFAzureKeyVaultConfigModel) | |||
| RequirePrivateNetworking: v.RequirePrivateNetworking.ValueBoolPointer(), | |||
| } | |||
| } | |||
|
|
|||
| func NewAtlasEncryptionAtRest(encryptionAtRestPlan, encryptionAtRestState *TfEncryptionAtRestRSModel, atlasEncryptionAtRest *admin.EncryptionAtRest) *admin.EncryptionAtRest { | |||
There was a problem hiding this comment.
missing a unit test here. Not sure if encryptionAtRestPlan.EnabledForSearchNodes.IsUnknown() will be handled as expected?
There was a problem hiding this comment.
This made me think and I changed the approach a bit here: 7f97e3c
API has a default value (false), so we can have the default in TF aswell, and we will never have that as Unknown/Null making this simpler. Let me know what you think
There was a problem hiding this comment.
I like it, this way, removing the attribute will "go back" to the default value and trigger a plan change 👍
| @@ -233,12 +234,27 @@ func TestCheckErrorMessageAndStatus(t *testing.T) { | |||
|
|
|||
| for testName, tc := range testCases { | |||
| t.Run(testName, func(t *testing.T) { | |||
| diags := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) | |||
| // TODO: update before merging to master: diags := encryptionatrestprivateendpoint.CheckErrorMessageAndStatus(tc.SDKResp) | |||
| diags := checkErrorMessageAndStatusPreview(tc.SDKResp) | |||
There was a problem hiding this comment.
temporary change to be able to use the preview. encryptionatrestprivateendpoint is using the latest release and not the preview
| @@ -135,40 +137,3 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) { | |||
| }, | |||
| }) | |||
| } | |||
|
|
|||
| func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) { | |||
There was a problem hiding this comment.
just double checking why this was removed?
There was a problem hiding this comment.
Full context of this test is here. I think it's a good time to remove the test because 1.11.0 was released August 2023, and we already have migration tests that run with the previous released version
* feat: Supports configuring BYOK encryption on search nodes (#3142) * use SDK preview in encryption_at_rest * changelog * Revert "use SDK preview in encryption_at_rest" This reverts commit 609c9dc. * trigger change in EAR * Revert "trigger change in EAR" This reverts commit 15794dd. * Reapply "use SDK preview in encryption_at_rest" This reverts commit 1c2db30. * TEMPORARY: send enabled_for_search_nodes = true * finish resource implementation and tests * data source implementation and test * doc update * default and refactor test * remove old migration test * default value in resource * unit test --------- Co-authored-by: Oriol Arbusi <[email protected]> * feat: Adds `encryption_at_rest_provider` to `mongodbatlas_search_deployment` resource and data source (#3152) * use preview * add encryption_at_rest_provider computed attribute * remove check * dosc * rename files * move adv_cluster config out of resources * fix config * project id * add TODO to version * doc: Updates examples with newly added attributes to `mongodbatlas_search_deployment` and `mongodbatlas_encryption_at_rest` (#3174) * add new attribute to the example * examples updates * nit: end with new line * fix tf validate * todos * PR suggestions + test failure --------- Co-authored-by: Leo Antoli <[email protected]>
Description
Supports configuring BYOK encryption on search nodes. Examples will be done in a follow-up PR. TODOs will be there until changes are available in the latest SDK release (now only available in the preview)
Link to any related issue(s): CLOUDP-296693
Type of change:
Required Checklist:
Further comments