doc: Updates existing documentation for mongodbatlas_encryption_at_rest resource to be auto-generated
#2529
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,7 +21,7 @@ See [Encryption at Rest](https://docs.atlas.mongodb.com/security-kms-encryption/ | |
|
|
||
| -> **IMPORTANT NOTE** To disable the encryption at rest with customer key management for a project all existing clusters in the project must first either have encryption at rest for the provider set to none, e.g. `encryption_at_rest_provider = "NONE"`, or be deleted. | ||
|
|
||
| ## Example Usages | ||
|
|
||
| ```terraform | ||
| resource "mongodbatlas_encryption_at_rest" "test" { | ||
|
|
@@ -106,39 +106,70 @@ resource "mongodbatlas_advanced_cluster" "example_cluster" { | |
|
|
||
| ``` | ||
|
|
||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
|
There was a problem hiding this comment. As per enums for this field in https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRest |
||
| ### Required | ||
|
|
||
| - `project_id` (String) Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access. | ||
|
|
||
| **NOTE**: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `aws_kms_config` (Block List) Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project. (see [below for nested schema](#nestedblock--aws_kms_config)) | ||
| - `azure_key_vault_config` (Block List) Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV). (see [below for nested schema](#nestedblock--azure_key_vault_config)) | ||
| - `google_cloud_kms_config` (Block List) Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS). (see [below for nested schema](#nestedblock--google_cloud_kms_config)) | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The ID of this resource. | ||
|
|
||
| <a id="nestedblock--aws_kms_config"></a> | ||
| ### Nested Schema for `aws_kms_config` | ||
|
|
||
| Optional: | ||
|
|
||
| - `access_key_id` (String, Sensitive) Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK). | ||
| - `customer_master_key_id` (String, Sensitive) Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys. | ||
| - `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. | ||
| - `region` (String) Physical location where MongoDB Cloud deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Cloud deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Cloud creates them as part of the deployment. MongoDB Cloud assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts. | ||
|
There was a problem hiding this comment. Is MongoDB Cloud something specific and distinct from MongoDB Atlas? I think you want to refer to MongoDB Atlas here, and in all other places where this term is used. |
||
| - `role_id` (String) Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key. | ||
| - `secret_access_key` (String, Sensitive) Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key. | ||
|
|
||
|
|
||
| <a id="nestedblock--azure_key_vault_config"></a> | ||
| ### Nested Schema for `azure_key_vault_config` | ||
|
|
||
| Optional: | ||
|
|
||
| - `azure_environment` (String) Azure environment in which your account credentials reside. | ||
| - `client_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant. | ||
| - `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. | ||
|
There was a problem hiding this comment. How about 'Flag that indicates encryption at rest is enabled for the specified project'? |
||
| - `key_identifier` (String, Sensitive) Web address with a unique key that identifies for your Azure Key Vault. | ||
|
There was a problem hiding this comment. It's not clear what "identifies for your Azure Key Vault" is supposed to convey, because of the placement of "for". Given that there is a |
||
| - `key_vault_name` (String) Unique string that identifies the Azure Key Vault that contains your key. | ||
| - `require_private_networking` (Boolean) Enable connection to your Azure Key Vault over private networking. | ||
|
There was a problem hiding this comment. An earlier boolean field was describe as a "flag that . . .". Let's aim for alignment and refer to this as a 'Flag that enables' |
||
| - `resource_group_name` (String) Name of the Azure resource group that contains your Azure Key Vault. | ||
| - `secret` (String, Sensitive) Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (**azureKeyVault.tenantID**). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data. | ||
|
There was a problem hiding this comment. How about 'AKV tenant private data to store as encrypted binary data.' I think the explication of what use-cases are suitable can be dropped. |
||
| - `subscription_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies your Azure subscription. | ||
| - `tenant_id` (String, Sensitive) Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription. | ||
|
|
||
|
|
||
| <a id="nestedblock--google_cloud_kms_config"></a> | ||
| ### Nested Schema for `google_cloud_kms_config` | ||
|
|
||
| Optional: | ||
|
|
||
| - `enabled` (Boolean) Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of `false`. | ||
|
There was a problem hiding this comment. Remove the extraneous space between 'specified' and 'project'. |
||
| - `key_version_resource_id` (String, Sensitive) Resource path that displays the key version resource ID for your Google Cloud KMS. | ||
| - `service_account_key` (String, Sensitive) JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object. | ||
|
There was a problem hiding this comment. . . . as a string, not an object. |
||
|
|
||
| # Import | ||
| Encryption at Rest Settings can be imported using project ID, in the format `project_id`, e.g. | ||
|
|
||
| ``` | ||
| $ terraform import mongodbatlas_encryption_at_rest.example 1112222b3bf99403840e8934 | ||
| ``` | ||
|
|
||
| For more information see: [MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management) | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can add this resource in https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/.github/workflows/code-health.yml#L77 so that we ensure it stays aligned.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that was also my comment :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Discussed offline with @AgustinBettati . I have updated https://jira.mongodb.org/browse/CLOUDP-267668 to ensure we add this check after updating the examples as part of adding the data source for this resource.