diff --git a/examples/test-upgrade/v100/ip-whitelist-accestList/v091/main.tf b/examples/test-upgrade/v100/ip-whitelist-accestList/v091/main.tf new file mode 100644 index 0000000000..383743e932 --- /dev/null +++ b/examples/test-upgrade/v100/ip-whitelist-accestList/v091/main.tf @@ -0,0 +1,17 @@ +resource "mongodbatlas_project" "test" { + name = var.project_name + org_id = var.org_id +} + + +resource "mongodbatlas_project_ip_whitelist" "test" { + project_id = mongodbatlas_project.test.id + ip_address = var.ip_address + comment = var.comment +} +output "project_id" { + value = mongodbatlas_project.test.id +} +output "entry" { + value = mongodbatlas_project_ip_whitelist.test.ip_address +} diff --git a/examples/test-upgrade/v100/ip-whitelist-accestList/v091/variables.tf b/examples/test-upgrade/v100/ip-whitelist-accestList/v091/variables.tf new file mode 100644 index 0000000000..3439cb3ac1 --- /dev/null +++ b/examples/test-upgrade/v100/ip-whitelist-accestList/v091/variables.tf @@ -0,0 +1,25 @@ +variable "public_key" { + description = "The public API key for MongoDB Atlas" + default = "" +} +variable "private_key" { + description = "The private API key for MongoDB Atlas" + default = "" +} +variable "project_name" { + description = "Atlas project name" + default = "" +} +variable "org_id" { + description = "The organization ID" + default = "" +} +variable "ip_address" { + description = "IP Address" + default = "" +} +variable "comment" { + description = "Comment" + default = "" +} + diff --git a/examples/test-upgrade/v100/ip-whitelist-accestList/v091/versions.tf b/examples/test-upgrade/v100/ip-whitelist-accestList/v091/versions.tf new file mode 100644 index 0000000000..158ddeb04b --- /dev/null +++ b/examples/test-upgrade/v100/ip-whitelist-accestList/v091/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + mongodbatlas = { + source = "mongodb/mongodbatlas" + version = "0.9.1" + } + } + required_version = ">= 0.15" +} diff --git a/examples/test-upgrade/v100/ip-whitelist-accestList/v100/main.tf b/examples/test-upgrade/v100/ip-whitelist-accestList/v100/main.tf new file mode 100644 index 0000000000..e54e468500 --- /dev/null +++ b/examples/test-upgrade/v100/ip-whitelist-accestList/v100/main.tf @@ -0,0 +1,11 @@ +resource "mongodbatlas_project" "test" { + name = var.project_name + org_id = var.org_id +} + + +resource "mongodbatlas_project_ip_access_list" "test" { + project_id = mongodbatlas_project.test.id + ip_address = var.ip_address + comment = var.comment +} diff --git a/examples/test-upgrade/v100/ip-whitelist-accestList/v100/variables.tf b/examples/test-upgrade/v100/ip-whitelist-accestList/v100/variables.tf new file mode 100644 index 0000000000..3439cb3ac1 --- /dev/null +++ b/examples/test-upgrade/v100/ip-whitelist-accestList/v100/variables.tf @@ -0,0 +1,25 @@ +variable "public_key" { + description = "The public API key for MongoDB Atlas" + default = "" +} +variable "private_key" { + description = "The private API key for MongoDB Atlas" + default = "" +} +variable "project_name" { + description = "Atlas project name" + default = "" +} +variable "org_id" { + description = "The organization ID" + default = "" +} +variable "ip_address" { + description = "IP Address" + default = "" +} +variable "comment" { + description = "Comment" + default = "" +} + diff --git a/examples/test-upgrade/v100/ip-whitelist-accestList/v100/versions.tf b/examples/test-upgrade/v100/ip-whitelist-accestList/v100/versions.tf new file mode 100644 index 0000000000..952cf2256f --- /dev/null +++ b/examples/test-upgrade/v100/ip-whitelist-accestList/v100/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + mongodbatlas = { + source = "mongodb/mongodbatlas" + version = "0.1.0-dev" + } + } + required_version = ">= 0.15" +} diff --git a/go.mod b/go.mod index b35b4267ef..37b621545c 100644 --- a/go.mod +++ b/go.mod @@ -13,5 +13,5 @@ require ( github.com/spf13/cast v1.3.1 github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200518153306-40099de47e37 github.com/terraform-providers/terraform-provider-google v1.20.1-0.20200518165017-1dd21651c496 - go.mongodb.org/atlas v0.8.1-0.20210528214129-330aa9199dbf + go.mongodb.org/atlas v0.8.1-0.20210604212331-3f489d7a4eed ) diff --git a/go.sum b/go.sum index 4534be67f1..a48def6569 100644 --- a/go.sum +++ b/go.sum @@ -767,6 +767,8 @@ go.mongodb.org/atlas v0.7.3-0.20210302081736-7ccf7e1f4351 h1:3NuN2K6VtDuDNfAKX/4 go.mongodb.org/atlas v0.7.3-0.20210302081736-7ccf7e1f4351/go.mod h1:CIaBeO8GLHhtYLw7xSSXsw7N90Z4MFY87Oy9qcPyuEs= go.mongodb.org/atlas v0.8.1-0.20210528214129-330aa9199dbf h1:B9IN5pGOtgtgmx8jjtuP9Gx6PPFWIIKx3AKQKYKcxJM= go.mongodb.org/atlas v0.8.1-0.20210528214129-330aa9199dbf/go.mod h1:MMWDsc2akjTDSG4tVQrxv/82p3QbBnqeELbtTl45sbg= +go.mongodb.org/atlas v0.8.1-0.20210604212331-3f489d7a4eed h1:qPaT/RvfXXKEJ2fTNckgPKoqfg4oLgJFj7exXUM8mUQ= +go.mongodb.org/atlas v0.8.1-0.20210604212331-3f489d7a4eed/go.mod h1:MMWDsc2akjTDSG4tVQrxv/82p3QbBnqeELbtTl45sbg= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= diff --git a/integration-testing/test-upgrades_test.go b/integration-testing/test-upgrades_test.go index 435fe059e3..67b9a290bf 100644 --- a/integration-testing/test-upgrades_test.go +++ b/integration-testing/test-upgrades_test.go @@ -14,7 +14,9 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" ) -const localPluginPath = "TERRAFORM PLUGINS PATH" +var ( + localPluginPath = os.Getenv("TERRATEST_PLUGIN_PATH") +) func TestUpgradeNetworkContainerRegionsGCP(t *testing.T) { t.Parallel() @@ -276,6 +278,65 @@ func TestUpgradePrivateEndpoint(t *testing.T) { } +func TestUpgradeProjectIPWhitelistDeprecation(t *testing.T) { + t.Parallel() + + var ( + orgID = os.Getenv("MONGODB_ATLAS_ORG_ID") + projectName = acctest.RandomWithPrefix("test-acc") + publicKey = os.Getenv("MONGODB_ATLAS_PUBLIC_KEY") + privateKey = os.Getenv("MONGODB_ATLAS_PRIVATE_KEY") + ipAddress = fmt.Sprintf("179.154.226.%d", acctest.RandIntRange(0, 255)) + comment = fmt.Sprintf("TestAcc for ipAddress (%s)", ipAddress) + ) + // Construct the terraform options with default retryable errors to handle the most common + // retryable errors in terraform testing. + terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + // The path to where our Terraform code is located + TerraformDir: "../examples/test-upgrade/v100/ip-whitelist-accestList/v091", + Vars: map[string]interface{}{ + "project_name": projectName, + "org_id": orgID, + "ip_address": ipAddress, + "public_key": publicKey, + "private_key": privateKey, + "comment": comment, + }, + }) + + // At the end of the test, run `terraform destroy` to clean up any resources that were created. + defer terraform.Destroy(t, terraformOptions) + + // Run `terraform init` and `terraform apply`. Fail the test if there are any errors. + terraform.InitAndApply(t, terraformOptions) + + projectID := terraform.Output(t, terraformOptions, "project_id") + entry := terraform.Output(t, terraformOptions, "entry") + + tempTestFolder := CleanUpState(t, "examples/test-upgrade/v100/ip-whitelist-accestList/v100") + + terraformOptionsSecond := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + // The path to where our Terraform code is located + TerraformDir: tempTestFolder, + Vars: map[string]interface{}{ + "project_name": projectName, + "org_id": orgID, + "ip_address": ipAddress, + "public_key": publicKey, + "private_key": privateKey, + "comment": comment, + }, + }) + + terraform.RunTerraformCommand(t, terraformOptionsSecond, "init", fmt.Sprintf("--plugin-dir=%s", localPluginPath)) + //Remove states + terraform.RunTerraformCommand(t, terraformOptionsSecond, "import", "mongodbatlas_project.test", projectID) + terraform.RunTerraformCommand(t, terraformOptionsSecond, "import", "mongodbatlas_project_ip_access_list.test", fmt.Sprintf("%s-%s", projectID, entry)) + // Run `terraform apply`. Fail the test if there are any errors. + terraform.Plan(t, terraformOptionsSecond) + +} + // This func means that the terraform state will be always clean to avoid error about resource already used func CleanUpState(t *testing.T, path string) string { // Root folder where terraform files should be (relative to the test folder) diff --git a/mongodbatlas/data_source_mongodbatlas_project_ip_whitelist.go b/mongodbatlas/data_source_mongodbatlas_project_ip_whitelist.go deleted file mode 100644 index 6905cef51d..0000000000 --- a/mongodbatlas/data_source_mongodbatlas_project_ip_whitelist.go +++ /dev/null @@ -1,107 +0,0 @@ -package mongodbatlas - -import ( - "bytes" - "context" - "errors" - "fmt" - "net" - - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - matlas "go.mongodb.org/atlas/mongodbatlas" -) - -func dataSourceMongoDBAtlasProjectIPWhitelist() *schema.Resource { - return &schema.Resource{ - Read: dataSourceMongoDBAtlasProjectIPWhitelistRead, - Schema: map[string]*schema.Schema{ - "project_id": { - Type: schema.TypeString, - Required: true, - }, - "cidr_block": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ConflictsWith: []string{"aws_security_group", "ip_address"}, - ValidateFunc: func(i interface{}, k string) (s []string, es []error) { - v, ok := i.(string) - if !ok { - es = append(es, fmt.Errorf("expected type of %s to be string", k)) - return - } - - _, ipnet, err := net.ParseCIDR(v) - if err != nil { - es = append(es, fmt.Errorf("expected %s to contain a valid CIDR, got: %s with err: %s", k, v, err)) - return - } - - if ipnet == nil || v != ipnet.String() { - es = append(es, fmt.Errorf("expected %s to contain a valid network CIDR, expected %s, got %s", k, ipnet, v)) - return - } - return - }, - }, - "ip_address": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ConflictsWith: []string{"aws_security_group", "cidr_block"}, - ValidateFunc: validation.IsIPAddress, - }, - "aws_security_group": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ConflictsWith: []string{"ip_address", "cidr_block"}, - }, - "comment": { - Type: schema.TypeString, - Computed: true, - }, - }, - } -} - -func dataSourceMongoDBAtlasProjectIPWhitelistRead(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*matlas.Client) - projectID := d.Get("project_id").(string) - cidrBlock := d.Get("cidr_block").(string) - ipAddress := d.Get("ip_address").(string) - awsSecurityGroup := d.Get("aws_security_group").(string) - - if cidrBlock == "" && ipAddress == "" && awsSecurityGroup == "" { - return errors.New("cidr_block, ip_address or aws_security_group needs to contain a value") - } - var entry bytes.Buffer - - entry.WriteString(cidrBlock) - entry.WriteString(ipAddress) - entry.WriteString(awsSecurityGroup) - - whitelist, _, err := conn.ProjectIPWhitelist.Get(context.Background(), projectID, entry.String()) - if err != nil { - return fmt.Errorf("error getting whitelist information: %s", err) - } - - if err := d.Set("cidr_block", whitelist.CIDRBlock); err != nil { - return fmt.Errorf("error setting `cidr_block` for Project whitelist: %s", err) - } - if err := d.Set("ip_address", whitelist.IPAddress); err != nil { - return fmt.Errorf("error setting `ip_address` for Project whitelist: %s", err) - } - if err := d.Set("aws_security_group", whitelist.AwsSecurityGroup); err != nil { - return fmt.Errorf("error setting `aws_security_group` for Project whitelist: %s", err) - } - if err := d.Set("comment", whitelist.Comment); err != nil { - return fmt.Errorf("error setting `comment` for Project whitelist: %s", err) - } - - d.SetId(resource.UniqueId()) - - return nil -} diff --git a/mongodbatlas/data_source_mongodbatlas_project_ip_whitelist_test.go b/mongodbatlas/data_source_mongodbatlas_project_ip_whitelist_test.go deleted file mode 100644 index 8f3071923e..0000000000 --- a/mongodbatlas/data_source_mongodbatlas_project_ip_whitelist_test.go +++ /dev/null @@ -1,160 +0,0 @@ -package mongodbatlas - -import ( - "fmt" - "os" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" -) - -func TestAccDataMongoDBAtlasProjectIPWhitelist_SettingIPAddress(t *testing.T) { - resourceName := "mongodbatlas_project_ip_whitelist.test" - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - ipAddress := fmt.Sprintf("179.154.226.%d", acctest.RandIntRange(0, 255)) - comment := fmt.Sprintf("TestAcc for ipAddress (%s)", ipAddress) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataMongoDBAtlasProjectIPWhitelistConfigSettingIPAddress(projectID, ipAddress, comment), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "ip_address"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "ip_address", ipAddress), - resource.TestCheckResourceAttr(resourceName, "comment", comment), - ), - }, - }, - }) -} - -func TestAccDataMongoDBAtlasProjectIPWhitelist_SettingCIDRBlock(t *testing.T) { - resourceName := "mongodbatlas_project_ip_whitelist.test" - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - cidrBlock := fmt.Sprintf("179.154.226.%d/32", acctest.RandIntRange(0, 255)) - comment := fmt.Sprintf("TestAcc for cidrBlock (%s)", cidrBlock) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataMongoDBAtlasProjectIPWhitelistConfigSettingCIDRBlock(projectID, cidrBlock, comment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "cidr_block"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "cidr_block", cidrBlock), - resource.TestCheckResourceAttr(resourceName, "comment", comment), - ), - }, - }, - }) -} - -func TestAccDataMongoDBAtlasProjectIPWhitelist_SettingAWSSecurityGroup(t *testing.T) { - SkipTestExtCred(t) - resourceName := "mongodbatlas_project_ip_whitelist.test" - vpcID := os.Getenv("AWS_VPC_ID") - vpcCIDRBlock := os.Getenv("AWS_VPC_CIDR_BLOCK") - awsAccountID := os.Getenv("AWS_ACCOUNT_ID") - awsRegion := os.Getenv("AWS_REGION") - providerName := "AWS" - - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - awsSGroup := os.Getenv("AWS_SECURITY_GROUP_ID") - comment := fmt.Sprintf("TestAcc for awsSecurityGroup (%s)", awsSGroup) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccDataMongoDBAtlasProjectIPWhitelistConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "aws_security_group"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "aws_security_group", awsSGroup), - resource.TestCheckResourceAttr(resourceName, "comment", comment), - ), - }, - }, - }) -} - -func testAccDataMongoDBAtlasProjectIPWhitelistConfigSettingIPAddress(projectID, ipAddress, comment string) string { - return fmt.Sprintf(` - resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "%s" - ip_address = "%s" - comment = "%s" - } - - data "mongodbatlas_project_ip_whitelist" "test" { - project_id = mongodbatlas_project_ip_whitelist.test.project_id - ip_address = mongodbatlas_project_ip_whitelist.test.ip_address - } - `, projectID, ipAddress, comment) -} - -func testAccDataMongoDBAtlasProjectIPWhitelistConfigSettingCIDRBlock(projectID, cidrBlock, comment string) string { - return fmt.Sprintf(` - resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "%s" - cidr_block = "%s" - comment = "%s" - } - data "mongodbatlas_project_ip_whitelist" "test" { - project_id = mongodbatlas_project_ip_whitelist.test.project_id - cidr_block = mongodbatlas_project_ip_whitelist.test.cidr_block - } - `, projectID, cidrBlock, comment) -} - -func testAccDataMongoDBAtlasProjectIPWhitelistConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment string) string { - return fmt.Sprintf(` - resource "mongodbatlas_network_container" "test" { - project_id = "%[1]s" - atlas_cidr_block = "192.168.208.0/21" - provider_name = "%[2]s" - region_name = "%[6]s" - } - - resource "mongodbatlas_network_peering" "test" { - accepter_region_name = lower(replace("%[6]s", "_", "-")) - project_id = "%[1]s" - container_id = mongodbatlas_network_container.test.container_id - provider_name = "%[2]s" - route_table_cidr_block = "%[5]s" - vpc_id = "%[3]s" - aws_account_id = "%[4]s" - } - - resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "%[1]s" - aws_security_group = "%[7]s" - comment = "%[8]s" - - depends_on = ["mongodbatlas_network_peering.test"] - } - - data "mongodbatlas_project_ip_whitelist" "test" { - project_id = mongodbatlas_project_ip_whitelist.test.project_id - aws_security_group = mongodbatlas_project_ip_whitelist.test.aws_security_group - } - `, projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment) -} diff --git a/mongodbatlas/provider.go b/mongodbatlas/provider.go index 92e5c3a063..18fc6c583e 100644 --- a/mongodbatlas/provider.go +++ b/mongodbatlas/provider.go @@ -45,7 +45,6 @@ func Provider() terraform.ResourceProvider { "mongodbatlas_database_users": dataSourceMongoDBAtlasDatabaseUsers(), "mongodbatlas_project": dataSourceMongoDBAtlasProject(), "mongodbatlas_projects": dataSourceMongoDBAtlasProjects(), - "mongodbatlas_project_ip_whitelist": dataSourceMongoDBAtlasProjectIPWhitelist(), "mongodbatlas_cluster": dataSourceMongoDBAtlasCluster(), "mongodbatlas_clusters": dataSourceMongoDBAtlasClusters(), "mongodbatlas_cloud_provider_snapshot": dataSourceMongoDBAtlasCloudProviderSnapshot(), @@ -83,7 +82,6 @@ func Provider() terraform.ResourceProvider { ResourcesMap: map[string]*schema.Resource{ "mongodbatlas_custom_db_role": resourceMongoDBAtlasCustomDBRole(), "mongodbatlas_database_user": resourceMongoDBAtlasDatabaseUser(), - "mongodbatlas_project_ip_whitelist": resourceMongoDBAtlasProjectIPWhitelist(), "mongodbatlas_project": resourceMongoDBAtlasProject(), "mongodbatlas_cluster": resourceMongoDBAtlasCluster(), "mongodbatlas_cloud_provider_snapshot": resourceMongoDBAtlasCloudProviderSnapshot(), diff --git a/mongodbatlas/resource_mongodbatlas_global_cluster_config_test.go b/mongodbatlas/resource_mongodbatlas_global_cluster_config_test.go index 4a847d5c9d..bfdfd4a663 100644 --- a/mongodbatlas/resource_mongodbatlas_global_cluster_config_test.go +++ b/mongodbatlas/resource_mongodbatlas_global_cluster_config_test.go @@ -83,7 +83,7 @@ func TestAccResourceMongoDBAtlasGlobalCluster_importBasic(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckMongoDBAtlasProjectIPWhitelistDestroy, + CheckDestroy: testAccCheckMongoDBAtlasProjectIPAccessListDestroy, Steps: []resource.TestStep{ { Config: testAccMongoDBAtlasGlobalClusterConfig(projectID, name, "false"), diff --git a/mongodbatlas/resource_mongodbatlas_project_ip_whitelist.go b/mongodbatlas/resource_mongodbatlas_project_ip_whitelist.go deleted file mode 100644 index 875e05f9d4..0000000000 --- a/mongodbatlas/resource_mongodbatlas_project_ip_whitelist.go +++ /dev/null @@ -1,279 +0,0 @@ -package mongodbatlas - -import ( - "context" - "errors" - "fmt" - "log" - "net" - "strings" - "time" - - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - matlas "go.mongodb.org/atlas/mongodbatlas" -) - -const ( - errorWhitelistCreate = "error creating Project IP Whitelist information: %s" - errorWhitelistRead = "error getting Project IP Whitelist information: %s" - // errorWhitelistUpdate = "error updating Project IP Whitelist information: %s" - errorWhitelistDelete = "error deleting Project IP Whitelist information: %s" - errorWhitelistSetting = "error setting `%s` for Project IP Whitelist (%s): %s" -) - -func resourceMongoDBAtlasProjectIPWhitelist() *schema.Resource { - return &schema.Resource{ - Create: resourceMongoDBAtlasProjectIPWhitelistCreate, - Read: resourceMongoDBAtlasProjectIPWhitelistRead, - Delete: resourceMongoDBAtlasProjectIPWhitelistDelete, - Importer: &schema.ResourceImporter{ - State: resourceMongoDBAtlasIPWhitelistImportState, - }, - Schema: map[string]*schema.Schema{ - "project_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - }, - "cidr_block": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - ConflictsWith: []string{"aws_security_group", "ip_address"}, - ValidateFunc: func(i interface{}, k string) (s []string, es []error) { - v, ok := i.(string) - if !ok { - es = append(es, fmt.Errorf("expected type of %s to be string", k)) - return - } - - _, ipnet, err := net.ParseCIDR(v) - if err != nil { - es = append(es, fmt.Errorf("expected %s to contain a valid CIDR, got: %s with err: %s", k, v, err)) - return - } - - if ipnet == nil || v != ipnet.String() { - es = append(es, fmt.Errorf("expected %s to contain a valid network CIDR, expected %s, got %s", k, ipnet, v)) - return - } - return - }, - }, - "ip_address": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - ConflictsWith: []string{"aws_security_group", "cidr_block"}, - ValidateFunc: validation.IsIPAddress, - }, - // You must configure VPC peering for your project before you can whitelist an AWS security group. - "aws_security_group": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - ConflictsWith: []string{"ip_address", "cidr_block"}, - }, - "comment": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - ValidateFunc: validation.NoZeroValues, - }, - }, - Timeouts: &schema.ResourceTimeout{ - Read: schema.DefaultTimeout(45 * time.Minute), - Delete: schema.DefaultTimeout(45 * time.Minute), - }, - } -} - -func resourceMongoDBAtlasProjectIPWhitelistCreate(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*matlas.Client) - projectID := d.Get("project_id").(string) - cidrBlock := d.Get("cidr_block").(string) - ipAddress := d.Get("ip_address").(string) - awsSecurityGroup := d.Get("aws_security_group").(string) - - if cidrBlock == "" && ipAddress == "" && awsSecurityGroup == "" { - return errors.New("cidr_block, ip_address or aws_security_group needs to contain a value") - } - - stateConf := &resource.StateChangeConf{ - Pending: []string{"pending"}, - Target: []string{"created", "failed"}, - Refresh: func() (interface{}, string, error) { - whitelist, _, err := conn.ProjectIPWhitelist.Create(context.Background(), projectID, []*matlas.ProjectIPWhitelist{ - { - AwsSecurityGroup: awsSecurityGroup, - CIDRBlock: cidrBlock, - IPAddress: ipAddress, - Comment: d.Get("comment").(string), - }, - }) - if err != nil { - if strings.Contains(fmt.Sprint(err), "Unexpected error") || - strings.Contains(fmt.Sprint(err), "UNEXPECTED_ERROR") || - strings.Contains(fmt.Sprint(err), "500") { - return nil, "pending", nil - } - return nil, "failed", fmt.Errorf(errorWhitelistCreate, err) - } - - if len(whitelist) > 0 { - whiteListEntry := ipAddress - if cidrBlock != "" { - whiteListEntry = cidrBlock - } - - for _, entry := range whitelist { - if entry.IPAddress == whiteListEntry || entry.CIDRBlock == whiteListEntry { - return whitelist, "created", nil - } - } - return nil, "pending", nil - } - - return whitelist, "created", nil - }, - Timeout: 45 * time.Minute, - Delay: 4 * time.Second, - MinTimeout: 2 * time.Second, - } - - // Wait, catching any errors - _, err := stateConf.WaitForState() - if err != nil { - return fmt.Errorf(errorWhitelistCreate, err) - } - - var entry string - - switch { - case cidrBlock != "": - entry = cidrBlock - case ipAddress != "": - entry = ipAddress - default: - entry = awsSecurityGroup - } - - d.SetId(encodeStateID(map[string]string{ - "project_id": projectID, - "entry": entry, - })) - - return resourceMongoDBAtlasProjectIPWhitelistRead(d, meta) -} - -func resourceMongoDBAtlasProjectIPWhitelistRead(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*matlas.Client) - ids := decodeStateID(d.Id()) - - return resource.Retry(2*time.Minute, func() *resource.RetryError { - whitelist, _, err := conn.ProjectIPWhitelist.Get(context.Background(), ids["project_id"], ids["entry"]) - if err != nil { - switch { - case strings.Contains(fmt.Sprint(err), "500"): - return resource.RetryableError(err) - case strings.Contains(fmt.Sprint(err), "404"): - if !d.IsNewResource() { - d.SetId("") - return nil - } - return resource.RetryableError(err) - default: - return resource.NonRetryableError(fmt.Errorf(errorWhitelistRead, err)) - } - } - - if whitelist != nil { - if err := d.Set("aws_security_group", whitelist.AwsSecurityGroup); err != nil { - return resource.NonRetryableError(fmt.Errorf(errorWhitelistSetting, "aws_security_group", ids["project_id"], err)) - } - - if err := d.Set("cidr_block", whitelist.CIDRBlock); err != nil { - return resource.NonRetryableError(fmt.Errorf(errorWhitelistSetting, "cidr_block", ids["project_id"], err)) - } - - if err := d.Set("ip_address", whitelist.IPAddress); err != nil { - return resource.NonRetryableError(fmt.Errorf(errorWhitelistSetting, "ip_address", ids["project_id"], err)) - } - - if err := d.Set("comment", whitelist.Comment); err != nil { - return resource.NonRetryableError(fmt.Errorf(errorWhitelistSetting, "comment", ids["project_id"], err)) - } - } - - return nil - }) -} - -func resourceMongoDBAtlasProjectIPWhitelistDelete(d *schema.ResourceData, meta interface{}) error { - // Get the client connection. - conn := meta.(*matlas.Client) - ids := decodeStateID(d.Id()) - - return resource.Retry(5*time.Minute, func() *resource.RetryError { - _, err := conn.ProjectIPWhitelist.Delete(context.Background(), ids["project_id"], ids["entry"]) - if err != nil { - if strings.Contains(fmt.Sprint(err), "500") || - strings.Contains(fmt.Sprint(err), "Unexpected error") || - strings.Contains(fmt.Sprint(err), "UNEXPECTED_ERROR") { - return resource.RetryableError(err) - } - - return resource.NonRetryableError(fmt.Errorf(errorWhitelistDelete, err)) - } - - entry, _, err := conn.ProjectIPWhitelist.Get(context.Background(), ids["project_id"], ids["entry"]) - if err != nil { - if strings.Contains(fmt.Sprint(err), "404") || - strings.Contains(fmt.Sprint(err), "ATLAS_WHITELIST_NOT_FOUND") { - return nil - } - - return resource.RetryableError(err) - } - - if entry != nil { - return resource.RetryableError(fmt.Errorf(errorWhitelistDelete, "Whitelist still exists")) - } - - return nil - }) -} - -func resourceMongoDBAtlasIPWhitelistImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - conn := meta.(*matlas.Client) - - parts := strings.SplitN(d.Id(), "-", 2) - if len(parts) != 2 { - return nil, errors.New("import format error: to import a peer, use the format {project_id}-{whitelist_entry}") - } - - projectID := parts[0] - entry := parts[1] - - _, _, err := conn.ProjectIPWhitelist.Get(context.Background(), projectID, entry) - if err != nil { - return nil, fmt.Errorf("couldn't import entry whitelist %s in project %s, error: %s", entry, projectID, err) - } - - if err := d.Set("project_id", projectID); err != nil { - log.Printf("[WARN] Error setting project_id for (%s): %s", projectID, err) - } - - d.SetId(encodeStateID(map[string]string{ - "project_id": projectID, - "entry": entry, - })) - - return []*schema.ResourceData{d}, nil -} diff --git a/mongodbatlas/resource_mongodbatlas_project_ip_whitelist_test.go b/mongodbatlas/resource_mongodbatlas_project_ip_whitelist_test.go deleted file mode 100644 index a6fe9a26da..0000000000 --- a/mongodbatlas/resource_mongodbatlas_project_ip_whitelist_test.go +++ /dev/null @@ -1,362 +0,0 @@ -package mongodbatlas - -import ( - "context" - "fmt" - "os" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/terraform" - matlas "go.mongodb.org/atlas/mongodbatlas" -) - -func TestAccResourceMongoDBAtlasProjectIPWhitelist_SettingIPAddress(t *testing.T) { - resourceName := "mongodbatlas_project_ip_whitelist.test" - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - ipAddress := fmt.Sprintf("179.154.226.%d", acctest.RandIntRange(0, 255)) - comment := fmt.Sprintf("TestAcc for ipAddress (%s)", ipAddress) - - updatedIPAddress := fmt.Sprintf("179.154.228.%d", acctest.RandIntRange(0, 255)) - updatedComment := fmt.Sprintf("TestAcc for ipAddress updated (%s)", updatedIPAddress) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckMongoDBAtlasProjectIPWhitelistDestroy, - Steps: []resource.TestStep{ - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingIPAddress(projectID, ipAddress, comment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "ip_address"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "ip_address", ipAddress), - resource.TestCheckResourceAttr(resourceName, "comment", comment), - ), - }, - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingIPAddress(projectID, updatedIPAddress, updatedComment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "ip_address"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "ip_address", updatedIPAddress), - resource.TestCheckResourceAttr(resourceName, "comment", updatedComment), - ), - }, - }, - }) -} - -func TestAccResourceMongoDBAtlasProjectIPWhitelist_SettingCIDRBlock(t *testing.T) { - resourceName := "mongodbatlas_project_ip_whitelist.test" - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - cidrBlock := fmt.Sprintf("179.154.226.%d/32", acctest.RandIntRange(0, 255)) - comment := fmt.Sprintf("TestAcc for cidrBlock (%s)", cidrBlock) - - updatedCIDRBlock := fmt.Sprintf("179.154.228.%d/32", acctest.RandIntRange(0, 255)) - updatedComment := fmt.Sprintf("TestAcc for cidrBlock updated (%s)", updatedCIDRBlock) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckMongoDBAtlasProjectIPWhitelistDestroy, - Steps: []resource.TestStep{ - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingCIDRBlock(projectID, cidrBlock, comment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "cidr_block"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "cidr_block", cidrBlock), - resource.TestCheckResourceAttr(resourceName, "comment", comment), - ), - }, - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingCIDRBlock(projectID, updatedCIDRBlock, updatedComment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "cidr_block"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "cidr_block", updatedCIDRBlock), - resource.TestCheckResourceAttr(resourceName, "comment", updatedComment), - ), - }, - }, - }) -} - -func TestAccResourceMongoDBAtlasProjectIPWhitelist_SettingAWSSecurityGroup(t *testing.T) { - SkipTestExtCred(t) - resourceName := "mongodbatlas_project_ip_whitelist.test" - vpcID := os.Getenv("AWS_VPC_ID") - vpcCIDRBlock := os.Getenv("AWS_VPC_CIDR_BLOCK") - awsAccountID := os.Getenv("AWS_ACCOUNT_ID") - awsRegion := os.Getenv("AWS_REGION") - providerName := "AWS" - - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - awsSGroup := "sg-0026348ec11780bd1" - comment := fmt.Sprintf("TestAcc for awsSecurityGroup (%s)", awsSGroup) - - updatedAWSSgroup := "sg-0026348ec11780bd2" - updatedComment := fmt.Sprintf("TestAcc for awsSecurityGroup updated (%s)", updatedAWSSgroup) - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckMongoDBAtlasProjectIPWhitelistDestroy, - Steps: []resource.TestStep{ - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "aws_security_group"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "aws_security_group", awsSGroup), - resource.TestCheckResourceAttr(resourceName, "comment", comment), - ), - }, - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, updatedAWSSgroup, updatedComment), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "project_id"), - resource.TestCheckResourceAttrSet(resourceName, "aws_security_group"), - resource.TestCheckResourceAttrSet(resourceName, "comment"), - - resource.TestCheckResourceAttr(resourceName, "project_id", projectID), - resource.TestCheckResourceAttr(resourceName, "aws_security_group", updatedAWSSgroup), - resource.TestCheckResourceAttr(resourceName, "comment", updatedComment), - ), - }, - }, - }) -} - -func TestAccResourceMongoDBAtlasProjectIPWhitelist_SettingMultiple(t *testing.T) { - resourceName := "mongodbatlas_project_ip_whitelist.test_%d" - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - - whitelist := make([]map[string]string, 0) - - for i := 0; i < 20; i++ { - entry := make(map[string]string) - entryName := "" - ipAddr := "" - - if i%2 == 0 { - entryName = "cidr_block" - entry["cidr_block"] = fmt.Sprintf("%d.2.3.%d/32", i, acctest.RandIntRange(0, 255)) - ipAddr = entry["cidr_block"] - } else { - entryName = "ip_address" - entry["ip_address"] = fmt.Sprintf("%d.2.3.%d", i, acctest.RandIntRange(0, 255)) - ipAddr = entry["ip_address"] - } - entry["comment"] = fmt.Sprintf("TestAcc for %s (%s)", entryName, ipAddr) - - whitelist = append(whitelist, entry) - } - //TODO: make testAccCheckMongoDBAtlasProjectIPWhitelistExists dynamic - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckMongoDBAtlasProjectIPWhitelistDestroy, - Steps: []resource.TestStep{ - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingMultiple(projectID, whitelist, false), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(fmt.Sprintf(resourceName, 0)), - testAccCheckMongoDBAtlasProjectIPWhitelistExists(fmt.Sprintf(resourceName, 1)), - testAccCheckMongoDBAtlasProjectIPWhitelistExists(fmt.Sprintf(resourceName, 2)), - ), - }, - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingMultiple(projectID, whitelist, true), - Check: resource.ComposeTestCheckFunc( - testAccCheckMongoDBAtlasProjectIPWhitelistExists(fmt.Sprintf(resourceName, 0)), - testAccCheckMongoDBAtlasProjectIPWhitelistExists(fmt.Sprintf(resourceName, 1)), - testAccCheckMongoDBAtlasProjectIPWhitelistExists(fmt.Sprintf(resourceName, 2)), - ), - }, - }, - }) -} - -func TestAccResourceMongoDBAtlasProjectIPWhitelist_importBasic(t *testing.T) { - projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID") - ipAddress := fmt.Sprintf("179.154.226.%d", acctest.RandIntRange(0, 255)) - comment := fmt.Sprintf("TestAcc for ipaddres (%s)", ipAddress) - resourceName := "mongodbatlas_project_ip_whitelist.test" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckMongoDBAtlasProjectIPWhitelistDestroy, - Steps: []resource.TestStep{ - { - Config: testAccMongoDBAtlasProjectIPWhitelistConfigSettingIPAddress(projectID, ipAddress, comment), - }, - { - ResourceName: resourceName, - ImportStateIdFunc: testAccCheckMongoDBAtlasProjectIPWhitelistImportStateIDFunc(resourceName), - ImportState: true, - ImportStateVerify: true, - }, - }, - }) -} - -func testAccCheckMongoDBAtlasProjectIPWhitelistExists(resourceName string) resource.TestCheckFunc { - return func(s *terraform.State) error { - conn := testAccProvider.Meta().(*matlas.Client) - - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return fmt.Errorf("not found: %s", resourceName) - } - - if rs.Primary.ID == "" { - return fmt.Errorf("no ID is set") - } - - ids := decodeStateID(rs.Primary.ID) - - _, _, err := conn.ProjectIPWhitelist.Get(context.Background(), ids["project_id"], ids["entry"]) - if err != nil { - return fmt.Errorf("project ip whitelist entry (%s) does not exist", ids["entry"]) - } - - return nil - } -} - -func testAccCheckMongoDBAtlasProjectIPWhitelistDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*matlas.Client) - - for _, rs := range s.RootModule().Resources { - if rs.Type != "mongodbatlas_project_ip_whitelist" { - continue - } - - ids := decodeStateID(rs.Primary.ID) - - _, _, err := conn.ProjectIPWhitelist.Get(context.Background(), ids["project_id"], ids["entry"]) - if err == nil { - return fmt.Errorf("project ip whitelist entry (%s) still exists", ids["entry"]) - } - } - - return nil -} - -func testAccCheckMongoDBAtlasProjectIPWhitelistImportStateIDFunc(resourceName string) resource.ImportStateIdFunc { - return func(s *terraform.State) (string, error) { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return "", fmt.Errorf("not found: %s", resourceName) - } - - ids := decodeStateID(rs.Primary.ID) - - return fmt.Sprintf("%s-%s", ids["project_id"], ids["entry"]), nil - } -} - -func testAccMongoDBAtlasProjectIPWhitelistConfigSettingIPAddress(projectID, ipAddress, comment string) string { - return fmt.Sprintf(` - resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "%s" - ip_address = "%s" - comment = "%s" - } - `, projectID, ipAddress, comment) -} - -func testAccMongoDBAtlasProjectIPWhitelistConfigSettingCIDRBlock(projectID, cidrBlock, comment string) string { - return fmt.Sprintf(` - resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "%s" - cidr_block = "%s" - comment = "%s" - } - `, projectID, cidrBlock, comment) -} - -func testAccMongoDBAtlasProjectIPWhitelistConfigSettingAWSSecurityGroup(projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment string) string { - return fmt.Sprintf(` - resource "mongodbatlas_network_container" "test" { - project_id = "%[1]s" - atlas_cidr_block = "192.168.208.0/21" - provider_name = "%[2]s" - region_name = "%[6]s" - } - - resource "mongodbatlas_network_peering" "test" { - accepter_region_name = "us-east-1" - project_id = "%[1]s" - container_id = mongodbatlas_network_container.test.container_id - provider_name = "%[2]s" - route_table_cidr_block = "%[5]s" - vpc_id = "%[3]s" - aws_account_id = "%[4]s" - } - - resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "%[1]s" - aws_security_group = "%[7]s" - comment = "%[8]s" - - depends_on = ["mongodbatlas_network_peering.test"] - } - `, projectID, providerName, vpcID, awsAccountID, vpcCIDRBlock, awsRegion, awsSGroup, comment) -} - -func testAccMongoDBAtlasProjectIPWhitelistConfigSettingMultiple(projectID string, whitelist []map[string]string, isUpdate bool) string { - config := "" - - for i, entry := range whitelist { - comment := entry["comment"] - - if isUpdate { - comment = entry["comment"] + " update" - } - - if cidr, ok := entry["cidr_block"]; ok { - config += fmt.Sprintf(` - resource "mongodbatlas_project_ip_whitelist" "test_%d" { - project_id = "%s" - cidr_block = "%s" - comment = "%s" - } - `, i, projectID, cidr, comment) - } else { - config += fmt.Sprintf(` - resource "mongodbatlas_project_ip_whitelist" "test_%d" { - project_id = "%s" - ip_address = "%s" - comment = "%s" - } - `, i, projectID, entry["ip_address"], comment) - } - } - return config -} diff --git a/website/docs/d/project_ip_whitelist.html.markdown b/website/docs/d/project_ip_whitelist.html.markdown deleted file mode 100644 index dd4cbf0939..0000000000 --- a/website/docs/d/project_ip_whitelist.html.markdown +++ /dev/null @@ -1,100 +0,0 @@ ---- -layout: "mongodbatlas" -page_title: "MongoDB Atlas: project_ip_whitelist" -sidebar_current: "docs-mongodbatlas-datasource-project-ip-whitelist" -description: |- - Provides an IP Whitelist resource. ---- - -# mongodbatlas_project_ip_whitelist - -`mongodbatlas_project_ip_whitelist` describes an IP Whitelist entry resource. The whitelist grants access from IPs, CIDRs or AWS Security Groups (if VPC Peering is enabled) to clusters within the Project. - --> **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation. - -~> **IMPORTANT:** -When you remove an entry from the whitelist, existing connections from the removed address(es) may remain open for a variable amount of time. How much time passes before Atlas closes the connection depends on several factors, including how the connection was established, the particular behavior of the application or driver using the address, and the connection protocol (e.g., TCP or UDP). This is particularly important to consider when changing an existing IP address or CIDR block as they cannot be updated via the Provider (comments can however), hence a change will force the destruction and recreation of entries. - - -## Example Usage - -### Using CIDR Block -```hcl -resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "" - cidr_block = "1.2.3.4/32" - comment = "cidr block for tf acc testing" -} - -data "mongodbatlas_project_ip_whitelist" "test" { - project_id = mongodbatlas_project_ip_whitelist.test.project_id - cidr_block = mongodbatlas_project_ip_whitelist.test.cidr_block -} -``` - -### Using IP Address -```hcl -resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "" - ip_address = "2.3.4.5" - comment = "ip address for tf acc testing" -} - -data "mongodbatlas_project_ip_whitelist" "test" { - project_id = mongodbatlas_project_ip_whitelist.test.project_id - ip_address = mongodbatlas_project_ip_whitelist.test.ip_address -} -``` - -### Using an AWS Security Group -```hcl -resource "mongodbatlas_network_container" "test" { - project_id = "" - atlas_cidr_block = "192.168.208.0/21" - provider_name = "AWS" - region_name = "US_EAST_1" -} - -resource "mongodbatlas_network_peering" "test" { - project_id = "" - container_id = mongodbatlas_network_container.test.container_id - accepter_region_name = "us-east-1" - provider_name = "AWS" - route_table_cidr_block = "172.31.0.0/16" - vpc_id = "vpc-0d93d6f69f1578bd8" - aws_account_id = "232589400519" -} - -resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "" - aws_security_group = "sg-0026348ec11780bd1" - comment = "TestAcc for awsSecurityGroup" - - depends_on = [mongodbatlas_network_peering.test] -} - -data "mongodbatlas_project_ip_whitelist" "test" { - project_id = mongodbatlas_project_ip_whitelist.test.project_id - aws_security_group = mongodbatlas_project_ip_whitelist.test.aws_security_group -} -``` - -~> **IMPORTANT:** In order to use AWS Security Group(s) VPC Peering must be enabled like in the above example. - -## Argument Reference - -* `project_id` - (Required) The ID of the project in which to add the whitelist entry. -* `aws_security_group` - (Optional) ID of the whitelisted AWS security group. Mutually exclusive with `cidr_block` and `ip_address`. -* `cidr_block` - (Optional) Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with `aws_security_group` and `ip_address`. -* `ip_address` - (Optional) Whitelisted IP address. Mutually exclusive with `aws_security_group` and `cidr_block`. - --> **NOTE:** One of the following attributes must set: `aws_security_group`, `cidr_block` or `ip_address`. - -## Attributes Reference - -In addition to all arguments above, the following attributes are exported: - -* `id` - Unique identifier used by Terraform for internal management and can be used to import. -* `comment` - Comment to add to the whitelist entry. - -For more information see: [MongoDB Atlas API Reference.](https://docs.atlas.mongodb.com/reference/api/whitelist/) diff --git a/website/docs/guides/1.0.0-upgrade-guide.html.markdown b/website/docs/guides/1.0.0-upgrade-guide.html.markdown new file mode 100644 index 0000000000..6a7661abe5 --- /dev/null +++ b/website/docs/guides/1.0.0-upgrade-guide.html.markdown @@ -0,0 +1,51 @@ +--- +layout: "mongodbatlas" +page_title: "MongoDB Atlas Provider 1.0.0: Upgrade and Information Guide" +sidebar_current: "docs-mongodbatlas-guides-100-upgrade-guide" +description: |- + MongoDB Atlas Provider 0.1.0: Upgrade and Information Guide +--- + +# MongoDB Atlas Provider 1.0.0: Upgrade and Information Guide + +## End of Life and removal of Project IP Whitelist and import with Project IP Access List + +To upgrade from v0.9.1 to v1.0.0 with the existing resources `mongodbatlas_project_ip_whitelist` +perform the following steps + +1. Remove your existing `mongodbatlas_project_ip_whitelist` resources from terraform state + **NOTE** before doing any terraform state change please do a backup + +```bash +$ terraform state rm mongodbatlas_project_ip_whitelist.test +``` + +2. Change the version of provider to the v1.0.0 + +3. Perform an import from your existing `mongodbatlas_project_ip_whitelist` to `mongodbatlas_project_ip_access_list` +```bash + terraform import mongodbatlas_project_ip_access_list.test - +``` + +4. Do a terraform plan (no changes detected) + +```bash +terraform plan + +(...) + + +No changes. Your infrastructure matches the configuration. + +Terraform has compared your real infrastructure against your configuration and found no differences, +so no changes are needed. +``` +**NOTE** Doc links for [mongodbatlas_project_ip_access_list](https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/resources/project_ip_access_list) + +### Helpful Links + +* [Report bugs](https://github.com/mongodb/terraform-provider-mongodbatlas/issues) + +* [Request Features](https://feedback.mongodb.com/forums/924145-atlas?category_id=370723) + +* [Contact Support](https://docs.atlas.mongodb.com/support/) covered by MongoDB Atlas support plans, Developer and above. \ No newline at end of file diff --git a/website/docs/r/project_ip_whitelist.html.markdown b/website/docs/r/project_ip_whitelist.html.markdown deleted file mode 100644 index eaf734c783..0000000000 --- a/website/docs/r/project_ip_whitelist.html.markdown +++ /dev/null @@ -1,95 +0,0 @@ ---- -layout: "mongodbatlas" -page_title: "MongoDB Atlas: project_ip_whitelist" -sidebar_current: "docs-mongodbatlas-resource-project-ip-whitelist" -description: |- - Provides an IP Whitelist resource. ---- - -# mongodbatlas_project_ip_whitelist DEPRECATED - -`mongodbatlas_project_ip_whitelist` provides an IP Whitelist entry resource. The whitelist grants access from IPs, CIDRs or AWS Security Groups (if VPC Peering is enabled) to clusters within the Project. - -~> **IMPORTANT:** -Recently we have made changes to modernize the terminology we use in Atlas. The term “Whitelist” has been deprecated in favor of “Access List”. The Project IP whitelist resource has been deprecated and will be disabled in June 2021. Please move to using the [Project IP Access List](https://tf-registry.herokuapp.com/providers/mongodb/mongodbatlas/latest/docs/resources/project_ip_access_list) resource before June 2021. - --> **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation.ß - -~> **IMPORTANT:** -When you remove an entry from the whitelist, existing connections from the removed address(es) may remain open for a variable amount of time. How much time passes before Atlas closes the connection depends on several factors, including how the connection was established, the particular behavior of the application or driver using the address, and the connection protocol (e.g., TCP or UDP). This is particularly important to consider when changing an existing IP address or CIDR block as they cannot be updated via the Provider (comments can however), hence a change will force the destruction and recreation of entries. - -## Example Usage - -### Using CIDR Block -```hcl -resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "" - cidr_block = "1.2.3.4/32" - comment = "cidr block for tf acc testing" -} -``` - -### Using IP Address -```hcl -resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "" - ip_address = "2.3.4.5" - comment = "ip address for tf acc testing" -} -``` - -### Using an AWS Security Group -```hcl -resource "mongodbatlas_network_container" "test" { - project_id = "" - atlas_cidr_block = "192.168.208.0/21" - provider_name = "AWS" - region_name = "US_EAST_1" -} - -resource "mongodbatlas_network_peering" "test" { - project_id = "" - container_id = mongodbatlas_network_container.test.container_id - accepter_region_name = "us-east-1" - provider_name = "AWS" - route_table_cidr_block = "172.31.0.0/16" - vpc_id = "vpc-0d93d6f69f1578bd8" - aws_account_id = "232589400519" -} - -resource "mongodbatlas_project_ip_whitelist" "test" { - project_id = "" - aws_security_group = "sg-0026348ec11780bd1" - comment = "TestAcc for awsSecurityGroup" - - depends_on = [mongodbatlas_network_peering.test] -} -``` - -~> **IMPORTANT:** In order to use AWS Security Group(s) VPC Peering must be enabled like above example. - -## Argument Reference - -* `project_id` - (Required) The ID of the project in which to add the whitelist entry. -* `aws_security_group` - (Optional) ID of the whitelisted AWS security group. Mutually exclusive with `cidr_block` and `ip_address`. -* `cidr_block` - (Optional) Whitelist entry in Classless Inter-Domain Routing (CIDR) notation. Mutually exclusive with `aws_security_group` and `ip_address`. -* `ip_address` - (Optional) Whitelisted IP address. Mutually exclusive with `aws_security_group` and `cidr_block`. -* `comment` - (Optional) Comment to add to the whitelist entry. - --> **NOTE:** One of the following attributes must set: `aws_security_group`, `cidr_block` or `ip_address`. - -## Attributes Reference - -In addition to all arguments above, the following attributes are exported: - -* `id` - Unique identifier used for terraform for internal manages and can be used to import. - -## Import - -IP Whitelist entries can be imported using the `project_id` and `cidr_block` or `ip_address`, e.g. - -``` -$ terraform import mongodbatlas_project_ip_whitelist.test 5d0f1f74cf09a29120e123cd-10.242.88.0/21 -``` - -For more information see: [MongoDB Atlas API Reference.](https://docs.atlas.mongodb.com/reference/api/whitelist/)