INTMDB-803: [Terraform] Create a new Private Endpoint resource and data sources which supports Federated Database Instance and Online Archive (#1182)

Author: andreaangiolillo

examples/aws-privatelink-endpoint/data-federation-online-archive/README.md

@@ -0,0 +1,85 @@
+# Example - Privatelink for Data Federation and Online Archive
+
+Setup private connection to a [Data Federation or Online Archive](https://www.mongodb.com/docs/atlas/data-federation/tutorial/config-private-endpoint/) utilizing [Amazon Virtual Private Cloud (aws vpc)](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html).
+
+
+## Dependencies
+
+* Terraform v0.13
+* An AWS account - provider.aws: version = "~> 4"
+* A MongoDB Atlas account - provider.mongodbatlas: version = "~> 1.10"
+
+## Usage
+
+**1\. Ensure your AWS and MongoDB Atlas credentials are set up.**
+
+This can be done using environment variables:
+
+```bash
+export MONGODB_ATLAS_PUBLIC_KEY="xxxx"
+export MONGODB_ATLAS_PRIVATE_KEY="xxxx"
+```
+
+``` bash
+$ export AWS_SECRET_ACCESS_KEY='your secret key'
+$ export AWS_ACCESS_KEY_ID='your key id'
+```
+
+... or the `~/.aws/credentials` file.
+
+```
+$ cat ~/.aws/credentials
+[default]
+aws_access_key_id = your key id
+aws_secret_access_key = your secret key
+
+```
+... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values, ex:
+```
+access_key   = "<AWS_ACCESS_KEY_ID>"
+secret_key   = "<AWS_SECRET_ACCESS_KEY>"
+public_key   = "<MONGODB_ATLAS_PUBLIC_KEY>"
+private_key  = "<MONGODB_ATLAS_PRIVATE_KEY>"
+project_id   = "<MONGODB_ATLAS_PROJECT_ID>"
+```
+
+**2\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently performs the below deployments:
+
+- MongoDB Atlas Dedicated Cluster - M10
+- AWS Custom VPC, Internet Gateway, Route Tables, Subnets with Public and Private access
+- PrivateLink Connection at MongoDB Atlas
+- Create VPC Endpoint in AWS
+
+**3\. Configure the security group as required.**
+
+The security group in this configuration allows All Traffic access in Inbound and Outbound Rules.
+
+**4\. Execute the Terraform apply.**
+
+Now execute the plan to provision the AWS and Atlas resources.
+
+``` bash
+$ terraform apply
+```
+
+**5\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary charges.
+
+``` bash
+$ terraform destroy
+```
+
+**What's the resource dependency chain?**
+1. `mongodbatlas_project` must exist for any of the following
+2. `aws_vpc_endpoint` is dependent on the `mongodbatlas_privatelink_endpoint`, and its dependencies.
+3. `mongodbatlas_privatelink_endpoint_service` is dependent on `aws_vpc_endpoint` and its dependencies.
+4. `mongodbatlas_privatelink_endpoint_service_data_federation_online_archive` is dependent on the `mongodbatlas_project` and `aws_vpc_endpoint`
+

examples/aws-privatelink-endpoint/data-federation-online-archive/atlas-privatelink.tf

@@ -0,0 +1,12 @@
+resource "mongodbatlas_privatelink_endpoint" "pe_east" {
+  project_id    = var.project_id
+  provider_name = "AWS"
+  region        = "us-east-1"
+}
+
+resource "mongodbatlas_privatelink_endpoint_service_data_federation_online_archive" "test" {
+  project_id    = var.project_id
+  endpoint_id   = aws_vpc_endpoint.vpce_east.id
+  provider_name = "AWS"
+  comment       = "Terraform Acceptance Test"
+}

examples/aws-privatelink-endpoint/data-federation-online-archive/aws-vpc.tf

@@ -0,0 +1,57 @@
+resource "aws_vpc_endpoint" "vpce_east" {
+  vpc_id             = aws_vpc.vpc_east.id
+  service_name       = mongodbatlas_privatelink_endpoint.pe_east.endpoint_service_name
+  vpc_endpoint_type  = "Interface"
+  subnet_ids         = [aws_subnet.subnet_east_a.id, aws_subnet.subnet_east_b.id]
+  security_group_ids = [aws_security_group.sg_east.id]
+}
+
+resource "aws_vpc" "vpc_east" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+}
+
+resource "aws_internet_gateway" "ig_east" {
+  vpc_id = aws_vpc.vpc_east.id
+}
+
+resource "aws_route" "route_east" {
+  route_table_id         = aws_vpc.vpc_east.main_route_table_id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.ig_east.id
+}
+
+resource "aws_subnet" "subnet_east_a" {
+  vpc_id                  = aws_vpc.vpc_east.id
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+  availability_zone       = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet_east_b" {
+  vpc_id                  = aws_vpc.vpc_east.id
+  cidr_block              = "10.0.2.0/24"
+  map_public_ip_on_launch = false
+  availability_zone       = "us-east-1b"
+}
+
+resource "aws_security_group" "sg_east" {
+  name_prefix = "default-"
+  description = "Default security group for all instances in vpc"
+  vpc_id      = aws_vpc.vpc_east.id
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0",
+    ]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

examples/aws-privatelink-endpoint/data-federation-online-archive/provider.tf

@@ -0,0 +1,9 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+provider "aws" {
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = "us-east-1"
+}

examples/aws-privatelink-endpoint/data-federation-online-archive/variables.tf

@@ -0,0 +1,15 @@
+variable "public_key" {
+  description = "The public API key for MongoDB Atlas"
+}
+variable "private_key" {
+  description = "The private API key for MongoDB Atlas"
+}
+variable "access_key" {
+  description = "The access key for AWS Account"
+}
+variable "secret_key" {
+  description = "The secret key for AWS Account"
+}
+variable "project_id" {
+  description = "Atlas project ID"
+}

examples/aws-privatelink-endpoint/data-federation-online-archive/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    mongodbatlas = {
+      source = "mongodb/mongodbatlas"
+    }
+  }
+  required_version = ">= 0.13"
+}

mongodbatlas/data_source_mongodbatlas_privatelink_endpoint_service_data_federation_online_archive.go

@@ -0,0 +1,66 @@
+package mongodbatlas
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchive() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchiveRead,
+		Schema: map[string]*schema.Schema{
+			"project_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"endpoint_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"provider_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"comment": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchiveRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*MongoDBClient).Atlas
+	projectID := d.Get("project_id").(string)
+	endopointID := d.Get("endpoint_id").(string)
+
+	privateEndpoint, _, err := conn.DataLakes.GetPrivateLinkEndpoint(context.Background(), projectID, endopointID)
+	if err != nil {
+		return diag.Errorf(errorPrivateEndpointServiceDataFederationOnlineArchiveRead, endopointID, projectID, err)
+	}
+
+	if err := d.Set("comment", privateEndpoint.Comment); err != nil {
+		return diag.Errorf(errorPrivateEndpointServiceDataFederationOnlineArchiveRead, endopointID, projectID, err)
+	}
+
+	if err := d.Set("provider_name", privateEndpoint.Provider); err != nil {
+		return diag.Errorf(errorPrivateEndpointServiceDataFederationOnlineArchiveRead, endopointID, projectID, err)
+	}
+
+	if err := d.Set("type", privateEndpoint.Type); err != nil {
+		return diag.Errorf(errorPrivateEndpointServiceDataFederationOnlineArchiveRead, endopointID, projectID, err)
+	}
+
+	d.SetId(encodeStateID(map[string]string{
+		"project_id":  projectID,
+		"endpoint_id": endopointID,
+	}))
+
+	return nil
+}

mongodbatlas/data_source_mongodbatlas_privatelink_endpoint_service_data_federation_online_archive_test.go

@@ -0,0 +1,50 @@
+package mongodbatlas
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+var (
+	dataSourcePrivatelinkEndpointServiceDataFederetionDataArchive = "data.mongodbatlas_privatelink_endpoint_service_data_federation_online_archive.test"
+)
+
+func TestAccDataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchive_basic(t *testing.T) {
+	testCheckPrivateEndpointServiceDataFederationOnlineArchiveRun(t)
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckMongoDBAtlasPrivateEndpointServiceDataFederationOnlineArchiveDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceMongoDBAtlasPrivateEndpointServiceDataFederationOnlineArchiveConfig(projectID, endpointID),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasPrivateEndpointServiceDataFederationOnlineArchiveExists(resourceNamePrivatelinkEdnpointServiceDataFederationOnlineArchive),
+					resource.TestCheckResourceAttr(dataSourcePrivatelinkEndpointServiceDataFederetionDataArchive, "project_id", projectID),
+					resource.TestCheckResourceAttr(dataSourcePrivatelinkEndpointServiceDataFederetionDataArchive, "endpoint_id", endpointID),
+					resource.TestCheckResourceAttrSet(dataSourcePrivatelinkEndpointServiceDataFederetionDataArchive, "comment"),
+					resource.TestCheckResourceAttrSet(dataSourcePrivatelinkEndpointServiceDataFederetionDataArchive, "type"),
+					resource.TestCheckResourceAttrSet(dataSourcePrivatelinkEndpointServiceDataFederetionDataArchive, "provider_name"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceMongoDBAtlasPrivateEndpointServiceDataFederationOnlineArchiveConfig(projectID, endpointID string) string {
+	return fmt.Sprintf(`
+	resource "mongodbatlas_privatelink_endpoint_service_data_federation_online_archive" "test" {
+	  project_id				= %[1]q
+	  endpoint_id				= %[2]q
+	  provider_name				= "AWS"
+	  comment					= "Terraform Acceptance Test"
+	}
+
+	data "mongodbatlas_privatelink_endpoint_service_data_federation_online_archive" "test" {
+		project_id				= mongodbatlas_privatelink_endpoint_service_data_federation_online_archive.test.project_id
+		endpoint_id				= mongodbatlas_privatelink_endpoint_service_data_federation_online_archive.test.endpoint_id
+	}
+	`, projectID, endpointID)
+}

mongodbatlas/data_source_mongodbatlas_privatelink_endpoint_service_data_federation_online_archives.go

@@ -0,0 +1,86 @@
+package mongodbatlas
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	matlas "go.mongodb.org/atlas/mongodbatlas"
+)
+
+const errorPrivateEndpointServiceDataFederationOnlineArchiveList = "error reading Private Endpoings for projectId %s: %s"
+
+func dataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchives() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchivesRead,
+		Schema: map[string]*schema.Schema{
+			"project_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"results": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"endpoint_id": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"provider_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"comment": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceMongoDBAtlasPrivatelinkEndpointServiceDataFederationOnlineArchivesRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*MongoDBClient).Atlas
+	projectID := d.Get("project_id").(string)
+
+	privateEndpoints, _, err := conn.DataLakes.ListPrivateLinkEndpoint(context.Background(), projectID)
+	if err != nil {
+		return diag.Errorf(errorPrivateEndpointServiceDataFederationOnlineArchiveList, projectID, err)
+	}
+
+	if err := d.Set("results", flattenPrivateLinkEndpointDataLakeResponse(privateEndpoints.Results)); err != nil {
+		return diag.FromErr(fmt.Errorf(errorDataLakeSetting, "results", projectID, err))
+	}
+
+	d.SetId(id.UniqueId())
+
+	return nil
+}
+
+func flattenPrivateLinkEndpointDataLakeResponse(atlasPrivateLinkEndpointDataLakes []*matlas.PrivateLinkEndpointDataLake) []map[string]interface{} {
+	if len(atlasPrivateLinkEndpointDataLakes) == 0 {
+		return []map[string]interface{}{}
+	}
+
+	results := make([]map[string]interface{}, len(atlasPrivateLinkEndpointDataLakes))
+
+	for i, atlasPrivateLinkEndpointDataLake := range atlasPrivateLinkEndpointDataLakes {
+		results[i] = map[string]interface{}{
+			"endpoint_id":   atlasPrivateLinkEndpointDataLake.EndpointID,
+			"provider_name": atlasPrivateLinkEndpointDataLake.Provider,
+			"comment":       atlasPrivateLinkEndpointDataLake.Comment,
+			"type":          atlasPrivateLinkEndpointDataLake.Type,
+		}
+	}
+
+	return results
+}