Skip to content

INTMDB-133: Examples for encryption at rest with roles #369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Feb 12, 2021
Merged

INTMDB-133: Examples for encryption at rest with roles #369

merged 21 commits into from
Feb 12, 2021

Conversation

coderGo93
Copy link
Contributor

@coderGo93 coderGo93 commented Dec 21, 2020
edited
Loading

Description

To use terratest locally you need to generate the binary first with go install, then plugin will find the binary by following this information Plugin locations otherwise it will get the plugin from terraform registry website.

To run certain test with terratest you can go to directory of integration-testing and run go test -v -run TestTerraformResourceMongoDBAtlasEncryptionAtRestWithRole_basicAWS

Link to any related issue(s):

Type of change:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • Documentation fix/enhancement

Required Checklist:

  • I have signed the MongoDB CLA
  • I have read the Terraform contribution guidelines
  • I have added tests that prove my fix is effective or that my feature works per HashiCorp requirments
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code

Further comments

@coderGo93 coderGo93 self-assigned this Dec 21, 2020
@themantissa
Copy link
Collaborator

@nikhil-mongo would you be able to take a look at this example and review it? It's for the recent add of IAM roles and the upcoming change for new use to go from IAM user to IAM roles.

nikhil-mongo
nikhil-mongo suggested changes Dec 23, 2020
View reviewed changes
Copy link
Collaborator

@nikhil-mongo nikhil-mongo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the attributes for accesskey and secret key

Error: error creating Encryption at Rest: PATCH https://cloud.mongodb.com/api/atlas/v1.0/groups/5dd0f66379358e17e49d6c40/encryptionAtRest: 400 (request "Bad Request") The required attribute accessKeyID was not specified.

  on atlas-encryption.tf line 1, in resource "mongodbatlas_encryption_at_rest" "test":
   1: resource "mongodbatlas_encryption_at_rest" "test" {

atlas-encryption.tf

resource "mongodbatlas_encryption_at_rest" "test" {
  project_id = var.project_id
  aws_kms = {
    access_key_id = var.access_key
    secret_access_key = var.secret_key
    enabled                = true
    customer_master_key_id = var.customer_master_key
    region                 = var.atlas_region
    role_id = var.cpa_role_id
  }
}

@coderGo93
Copy link
Contributor Author

Hi @nikhil-mongo , it seems the error is because is not getting the current "version" aka binary, if you don't indicate to use certain version locally it will get from terraform website which is not updated/released yet, so in order to use locally you need to generate the binary first with go install then specify in tf to use locally hence the commented line with version in versions.tf, I just updated little in the description, let me know if you have more questions/issues.
PD: Terratest is like if you are using terraform commands in terminal kinda different for acceptance test since it can always use the current version(binary) you are developing but for this case is different and it seems more useful with terratest

@nikhil-mongo
Copy link
Collaborator

@coderGo93 I have developed the provider by cloning the master branch and using it from inside ~/.terraform.d/plugins.
I am able to perform all the operations except this second-step, as it is missing the required parameters access_key_id and secret_access_key as per the file resource_mongodbatlas_encryption_at_rest.go line 44-52. I added them to the atlas-encryption.tf and was able to complete the deployment. Please update these and then it is good to go.

@coderGo93
Copy link
Contributor Author

Understood @nikhil-mongo , will add those attributes then, thank you!!

nikhil-mongo
nikhil-mongo suggested changes Dec 28, 2020
View reviewed changes
Copy link
Collaborator

@nikhil-mongo nikhil-mongo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coderGo93 Please run terraform fmt in the second step directory. Rest LGTM.

@themantissa
Copy link
Collaborator

@nikhil-mongo thank you! If you are good can you approve this PR?

nikhil-mongo
nikhil-mongo approved these changes Jan 8, 2021
View reviewed changes
Copy link
Collaborator

@nikhil-mongo nikhil-mongo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

themantissa
themantissa requested changes Jan 8, 2021
View reviewed changes
Copy link
Collaborator

@themantissa themantissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coderGo93 so Nik approved the example in the examples directly but there are 1700+ files in this repo. Can we just do the examples, then do a PR just for the integration-testing add (so if anyone needs the bigger test for IAM they have it) and then ensure there's no provider related code in here (there is currently).

.github/workflows/automated-test.yml Outdated
@@ -19,4 +19,17 @@ jobs:
- name: Test
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this should be in the PR.

@coderGo93 coderGo93 force-pushed the terratest-iam-roles branch from d13dacf to ac4022f Compare February 5, 2021 22:44
@coderGo93 coderGo93 force-pushed the terratest-iam-roles branch from ac4022f to 324b940 Compare February 5, 2021 22:47
@coderGo93 coderGo93 requested a review from themantissa February 5, 2021 22:53
@themantissa themantissa changed the title INTMDB-133: Added terratest for encryption at rest using iam roles INTMDB-133: Examples for encryption at rest with roles Feb 9, 2021
leofigy
leofigy approved these changes Feb 11, 2021
View reviewed changes
Copy link
Contributor

@leofigy leofigy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

themantissa
themantissa approved these changes Feb 12, 2021
View reviewed changes
Copy link
Collaborator

@themantissa themantissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, sorry for the delay on my part!

@coderGo93 coderGo93 added the run-testacc To run acceptance tests label Feb 12, 2021
@coderGo93 coderGo93 merged commit fe57430 into master Feb 12, 2021
@coderGo93 coderGo93 deleted the terratest-iam-roles branch February 12, 2021 03:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@themantissa themantissa themantissa approved these changes

@leofigy leofigy leofigy approved these changes

@nikhil-mongo nikhil-mongo nikhil-mongo approved these changes

@marinsalinas marinsalinas Awaiting requested review from marinsalinas

Assignees

@coderGo93 coderGo93

Labels
run-testacc To run acceptance tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@coderGo93 @themantissa @nikhil-mongo @leofigy