Skip to content

feat: Support configuring BYOK encryption on search nodes #3199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 4, 2025
Merged

feat: Support configuring BYOK encryption on search nodes #3199

merged 9 commits into from
Apr 4, 2025

Conversation

oarbusi
Copy link
Collaborator

@oarbusi oarbusi commented Mar 24, 2025

Description

Support configuring BYOK encryption on search nodes:

  • Adds enabled_for_search_nodes attribute to mongodbatlas_encryption_at_rest resource and data source
  • Adds encryption_at_rest_provider computed attribute to mongodbatlas_search_deployment resource and data source

Link to any related issue(s): CLOUDP-296693

Type of change:

  • Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
  • New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR. A migration guide must be created or updated if the new feature will go in a major version.
  • Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR. A migration guide must be created or updated.
  • This change requires a documentation update
  • Documentation fix/enhancement

Required Checklist:

  • I have signed the MongoDB CLA
  • I have read the contributing guides
  • I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
  • I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code
  • If changes include deprecations or removals I have added appropriate changelog entries.
  • If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

lantoli and others added 5 commits March 12, 2025 14:42
@lantoli @oarbusi
feat: Supports configuring BYOK encryption on search nodes (#3142)
2fc6af3 
* use SDK preview in encryption_at_rest

* changelog

* Revert "use SDK preview in encryption_at_rest"

This reverts commit 609c9dc.

* trigger change in EAR

* Revert "trigger change in EAR"

This reverts commit 15794dd.

* Reapply "use SDK preview in encryption_at_rest"

This reverts commit 1c2db30.

* TEMPORARY: send enabled_for_search_nodes = true

* finish resource implementation and tests

* data source implementation and test

* doc update

* default and refactor test

* remove old migration test

* default value in resource

* unit test

---------

Co-authored-by: Oriol Arbusi <[email protected]>
@oarbusi
Merge branch 'master' into CLOUDP-296693-dev-byok
2fec1bc
@oarbusi
Merge branch 'master' into CLOUDP-296693-dev-byok
40588f8
@oarbusi
feat: Adds encryption_at_rest_provider to `mongodbatlas_search_depl…
4806d29 
…oyment` resource and data source (#3152)

* use preview

* add encryption_at_rest_provider computed attribute

* remove check

* dosc

* rename files

* move adv_cluster config out of resources

* fix config

* project id

* add TODO to version
@oarbusi
doc: Updates examples with newly added attributes to `mongodbatlas_se…
b6a76db 
…arch_deployment` and `mongodbatlas_encryption_at_rest` (#3174)

* add new attribute to the example

* examples updates

* nit: end with new line

* fix tf validate
@github-actions GitHub Actions
Copy link
Contributor

This PR has gone 7 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 7 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!

@github-actions github-actions bot added the stale label Mar 30, 2025
@oarbusi oarbusi added not_stale Not stale issue or PR and removed stale labels Mar 31, 2025
@oarbusi oarbusi marked this pull request as ready for review April 4, 2025 10:59
@oarbusi oarbusi requested review from a team as code owners April 4, 2025 10:59
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 4, 2025

APIx bot: a message has been sent to Docs Slack channel

maastha
maastha approved these changes Apr 4, 2025
View reviewed changes
Copy link
Collaborator

@maastha maastha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, left some comments and questions

internal/service/encryptionatrest/resource_migration_test.go
@@ -135,40 +136,3 @@ func TestMigEncryptionAtRest_basicGCP(t *testing.T) {
},
})
}

func TestMigEncryptionAtRest_basicAWS_from_v1_11_0(t *testing.T) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[q] why is this no longer required?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discussed here, let me know if there is any other concern

@oarbusi
Copy link
Collaborator Author

oarbusi commented Apr 4, 2025

only failing test in encryption due to the same reasons it fails in master branch (CANNOT_DISABLE_ENCRYPTION_AT_REST_REQUIRE_PRIVATE_NETWORKING_WHILE_PRIVATE_ENDPOINTS_EXIST)

@oarbusi oarbusi merged commit 584f6fb into master Apr 4, 2025
39 of 40 checks passed
svc-apix-Bot added a commit that referenced this pull request Apr 4, 2025
@svc-apix-Bot
chore: Updates CHANGELOG.md for #3199
b202323
lantoli added a commit that referenced this pull request Apr 4, 2025
@lantoli
Merge branch 'master' into remove_lint_exceptions
567812f 
* master:
  feat: Support configuring BYOK encryption on search nodes (#3199)
  chore: Updates Atlas Go SDK (#3235)

# Conflicts:
#	internal/testutil/acc/advanced_cluster.go
@EspenAlbert EspenAlbert mentioned this pull request Apr 8, 2025
Merged
13 tasks
lantoli added a commit that referenced this pull request Apr 8, 2025
@lantoli
Merge branch 'master' into remove_lint_exceptions
891c570 
* master:
  chore: Updates org_clean_test.go to delete stream instances & private endpoint services (#3252)
  chore: Updates organization.md `skip_default_alerts_settings` note format (#3246)
  doc: Update guidelines for external contributors to squash commits (#3243)
  chore: Updates CHANGELOG.md for #3199
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maastha maastha maastha approved these changes

Assignees
No one assigned
Labels
enhancement not_stale Not stale issue or PR skip-changelog-check
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oarbusi @maastha @lantoli