From d0d29e6afcbed24b3ff04f0b531fbce9af55dcce Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 27 Aug 2024 20:50:06 +0100 Subject: [PATCH 1/2] add auto-generated documenattion --- docs/resources/encryption_at_rest.md | 81 +++++++++----- .../resource_encryption_at_rest.go | 102 +++++++++++++----- .../tfplugingen/generator_config.yml | 11 ++ .../resources/encryption_at_rest.md.tmpl | 37 +++++++ 4 files changed, 178 insertions(+), 53 deletions(-) create mode 100644 internal/service/encryptionatrest/tfplugingen/generator_config.yml create mode 100644 templates/resources/encryption_at_rest.md.tmpl diff --git a/docs/resources/encryption_at_rest.md b/docs/resources/encryption_at_rest.md index ea85a74fa2..10064434e3 100644 --- a/docs/resources/encryption_at_rest.md +++ b/docs/resources/encryption_at_rest.md @@ -21,7 +21,7 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ -> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. -## Example Usage +## Example Usages ```terraform resource "mongodbatlas_encryption_at_rest" "test" { @@ -106,39 +106,70 @@ resource "mongodbatlas_advanced_cluster" "example_cluster" { ``` -## Argument Reference -* `project_id` - (Required) The unique identifier for the project. + +## Schema -### aws_kms_config -Refer to the example in the [official github repository](https://github.com/mongodb/terraform-provider-mongodbatlas/tree/master/examples) to implement Encryption at Rest -* `enabled` - Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details. -* `customer_master_key_id` - The AWS customer master key used to encrypt and decrypt the MongoDB master keys. -* `region` - The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1 -* `role_id` - ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the `role_id` attribute of the `mongodbatlas_cloud_provider_access` resource. +### Required -### azure_key_vault_config -* `enabled` - Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details. -* `client_id` - The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant. -* `azure_environment` - The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY -* `subscription_id` - The unique identifier associated with an Azure subscription. -* `resource_group_name` - The name of the Azure Resource group that contains an Azure Key Vault. -* `key_vault_name` - The name of an Azure Key Vault containing your key. -* `key_identifier` - The unique identifier of a key in an Azure Key Vault. -* `secret` - The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID. -* `tenant_id` - The unique identifier for an Azure AD tenant within an Azure subscription. +- `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. -### google_cloud_kms_config -* `enabled` - Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details. -* `service_account_key` - String-formatted JSON object containing GCP KMS credentials from your GCP account. -* `key_version_resource_id` - The Key Version Resource ID from your GCP account. +**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. -## Import +### Optional +- `aws_kms_config` (Block List) Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project. (see [below for nested schema](#nestedblock--aws_kms_config)) +- `azure_key_vault_config` (Block List) Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV). (see [below for nested schema](#nestedblock--azure_key_vault_config)) +- `google_cloud_kms_config` (Block List) Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS). (see [below for nested schema](#nestedblock--google_cloud_kms_config)) + +### Read-Only + +- `id` (String) The ID of this resource. + + +### Nested Schema for `aws_kms_config` + +Optional: + +- `access_key_id` (String, Sensitive) Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK). +- `customer_master_key_id` (String, Sensitive) Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys. +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `region` (String) Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts. +- `role_id` (String) Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key. +- `secret_access_key` (String, Sensitive) Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key. + + + +### Nested Schema for `azure_key_vault_config` + +Optional: + +- `azure_environment` (String) Azure environment in which your account credentials reside. +- `client_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant. +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `key_identifier` (String, Sensitive) Web address with a unique key that identifies for your Azure Key Vault. +- `key_vault_name` (String) Unique string that identifies the Azure Key Vault that contains your key. +- `require_private_networking` (Boolean) Enable connection to your Azure Key Vault over private networking. +- `resource_group_name` (String) Name of the Azure resource group that contains your Azure Key Vault. +- `secret` (String, Sensitive) Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data. +- `subscription_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies your Azure subscription. +- `tenant_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription. + + + +### Nested Schema for `google_cloud_kms_config` + +Optional: + +- `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. +- `key_version_resource_id` (String, Sensitive) Resource path that displays the key version resource ID for your Google Cloud KMS. +- `service_account_key` (String, Sensitive) JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object. + +# Import Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. ``` $ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 ``` -For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest.go b/internal/service/encryptionatrest/resource_encryption_at_rest.go index 977664f86b..1dc68017e1 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest.go @@ -100,11 +100,15 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, + Description: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.\n\n**NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.", }, }, Blocks: map[string]schema.Block{ "aws_kms_config": schema.ListNestedBlock{ - Validators: []validator.List{listvalidator.SizeAtMost(1)}, + Description: "Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.", + MarkdownDescription: "Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.", + Validators: []validator.List{listvalidator.SizeAtMost(1)}, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ @@ -113,31 +117,45 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", }, "access_key_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).", + MarkdownDescription: "Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).", }, "secret_access_key": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.", + MarkdownDescription: "Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.", }, "customer_master_key_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.", + MarkdownDescription: "Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.", }, "region": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", + MarkdownDescription: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", }, "role_id": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", + MarkdownDescription: "Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.", }, }, Validators: []validator.Object{validate.AwsKmsConfig()}, }, }, "azure_key_vault_config": schema.ListNestedBlock{ - Validators: []validator.List{listvalidator.SizeAtMost(1)}, + Description: "Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).", + MarkdownDescription: "Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).", + Validators: []validator.List{listvalidator.SizeAtMost(1)}, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ @@ -146,35 +164,53 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", }, "client_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.", }, "azure_environment": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Azure environment in which your account credentials reside.", + MarkdownDescription: "Azure environment in which your account credentials reside.", }, "subscription_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies your Azure subscription.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies your Azure subscription.", }, "resource_group_name": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Name of the Azure resource group that contains your Azure Key Vault.", + MarkdownDescription: "Name of the Azure resource group that contains your Azure Key Vault.", }, "key_vault_name": schema.StringAttribute{ - Optional: true, + Optional: true, + Description: "Unique string that identifies the Azure Key Vault that contains your key.", + MarkdownDescription: "Unique string that identifies the Azure Key Vault that contains your key.", }, "key_identifier": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Web address with a unique key that identifies for your Azure Key Vault.", + MarkdownDescription: "Web address with a unique key that identifies for your Azure Key Vault.", }, "secret": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.", + MarkdownDescription: "Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.", }, "tenant_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.", + MarkdownDescription: "Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.", }, "require_private_networking": schema.BoolAttribute{ Optional: true, @@ -182,12 +218,16 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Enable connection to your Azure Key Vault over private networking.", + MarkdownDescription: "Enable connection to your Azure Key Vault over private networking.", }, }, }, }, "google_cloud_kms_config": schema.ListNestedBlock{ - Validators: []validator.List{listvalidator.SizeAtMost(1)}, + Description: "Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).", + MarkdownDescription: "Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).", + Validators: []validator.List{listvalidator.SizeAtMost(1)}, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "enabled": schema.BoolAttribute{ @@ -196,14 +236,20 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ PlanModifiers: []planmodifier.Bool{ boolplanmodifier.UseStateForUnknown(), }, + Description: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", + MarkdownDescription: "Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`.", }, "service_account_key": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.", + MarkdownDescription: "JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.", }, "key_version_resource_id": schema.StringAttribute{ - Optional: true, - Sensitive: true, + Optional: true, + Sensitive: true, + Description: "Resource path that displays the key version resource ID for your Google Cloud KMS.", + MarkdownDescription: "Resource path that displays the key version resource ID for your Google Cloud KMS.", }, }, }, diff --git a/internal/service/encryptionatrest/tfplugingen/generator_config.yml b/internal/service/encryptionatrest/tfplugingen/generator_config.yml new file mode 100644 index 0000000000..08b2657a14 --- /dev/null +++ b/internal/service/encryptionatrest/tfplugingen/generator_config.yml @@ -0,0 +1,11 @@ +provider: + name: mongodbatlas + +resources: + encryption_at_rest: + create: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest + method: PATCH + read: + path: /api/atlas/v2/groups/{groupId}/encryptionAtRest + method: GET \ No newline at end of file diff --git a/templates/resources/encryption_at_rest.md.tmpl b/templates/resources/encryption_at_rest.md.tmpl new file mode 100644 index 0000000000..947e4450c9 --- /dev/null +++ b/templates/resources/encryption_at_rest.md.tmpl @@ -0,0 +1,37 @@ +# {{.Type}}: {{.Name}} + +`{{.Name}}` allows management of encryption at rest for an Atlas project with one of the following providers: + +[Amazon Web Services Key Management Service](https://docs.atlas.mongodb.com/security-aws-kms/#security-aws-kms) +[Azure Key Vault](https://docs.atlas.mongodb.com/security-azure-kms/#security-azure-kms) +[Google Cloud KMS](https://docs.atlas.mongodb.com/security-gcp-kms/#security-gcp-kms) + +After configuring at least one Encryption at Rest provider for the Atlas project, Project Owners can enable Encryption at Rest for each Atlas cluster for which they require encryption. The Encryption at Rest provider does not have to match the cluster cloud service provider. + +Atlas does not automatically rotate user-managed encryption keys. Defer to your preferred Encryption at Rest provider’s documentation and guidance for best practices on key rotation. Atlas automatically creates a 90-day key rotation alert when you configure Encryption at Rest using your Key Management in an Atlas project. + +See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/index.html) for more information, including prerequisites and restrictions. + +~> **IMPORTANT** Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default. + +~> **IMPORTANT** Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management + +-> **NOTE:** Groups and projects are synonymous terms. You may find `groupId` in the official documentation. + + +-> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. + +## Example Usages + + + +{{ .SchemaMarkdown | trimspace }} + +# Import +Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. + +``` +$ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 +``` + +For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) \ No newline at end of file From 006e81934c12bdad9d029dde9237952cc4428b61 Mon Sep 17 00:00:00 2001 From: Aastha Mahendru Date: Tue, 27 Aug 2024 20:56:05 +0100 Subject: [PATCH 2/2] add documentation --- .../service/encryptionatrest/resource_encryption_at_rest.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/encryptionatrest/resource_encryption_at_rest.go b/internal/service/encryptionatrest/resource_encryption_at_rest.go index 1dc68017e1..08ff5582ea 100644 --- a/internal/service/encryptionatrest/resource_encryption_at_rest.go +++ b/internal/service/encryptionatrest/resource_encryption_at_rest.go @@ -140,8 +140,8 @@ func (r *encryptionAtRestRS) Schema(ctx context.Context, req resource.SchemaRequ }, "region": schema.StringAttribute{ Optional: true, - Description: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", - MarkdownDescription: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", + Description: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. + MarkdownDescription: "Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.", //nolint:lll // reason: auto-generated from Open API spec. }, "role_id": schema.StringAttribute{ Optional: true,