-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migration to mongodbatlas_cloud_provider_access_setup / authorization #451
Comments
Hello @JohnPolansky , thanks for reaching. of course we will need a migration guide. Regarding the procedure, I think there are two missing steps
I mean, in your updated config
This will populate the state with the existing resource values, adding the authorization resource after that it will just try to patch, but it will not show the duplicate error. So the procedure
|
Awesome @leofigy! Thanks so much both for the quick reply and the awesome answer, I'm very happy to report your detailed migration steps worked perfectly in 2 out of 2 of my use-cases. Thank you very much for saving me a bunch of time having to delete and rebuild the mongo clusters. I've gone ahead and closed this ticket as resolved, I would appreciate if you can make sure to get these migration steps in the provider docs, they will save other people a lot of time. |
Internal ticket INTMDB-206 for doc add |
For anyone following - https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/guides/0.9.1-upgrade-guide now has the upgrade guide from 2 apply to 1 apply. |
Terraform CLI and Terraform MongoDB Atlas Provider Version
Terraform Configuration File
Before Config (requires 2 applies)
After Config (single apply)
So I replace the old config with the new config on an existing MongoAtlas Project that had active clusters/data/encryption_at_rest already configured. Now I'm honestly not sure what I expected to happen I suppose I just hoped it would seamless transfer the config over.
However that obviously didn't happen instead I got errors:
Obviously the errors make sense.. it's trying to delete an existing IAM ROLE that is being actively used by a mongo cluster, and trying to create a new one to replace it. So then I thought well maybe I can try and use
import
to "reclaim" the existing role thats how you do other TF objects normally. However again failure (or maybe I'm doing it wrong)So I guess my question by now should be obvious, what are the "migration steps" from using older 2 apply method to the single apply method? Right now the only way I can see it's possible is to completely delete all my clusters so nothing is using the encryption keys, and then apply but as I have several active clusters with active data this isn't very practical.
Lastly I was thinking, assuming my assumptions are correct, that there should be a WARNING on the terraform
cloud_provider_access
page to warn people that migrating between the two different methods requires destructive operations.fingers-crossed I've missed something obvious or you can provide a path forward. Thanks for the help.
John
The text was updated successfully, but these errors were encountered: