Add support for cluster setup YAML (#186)

Add setup_yml field to the polaris_aws_exocompute_cluster_attachment
resource.

docs/data-sources/aws_cnp_artifacts.md

@@ -10,8 +10,6 @@ description: |-
   when specifying the feature set.
   CLOUDNATIVEARCHIVAL
   BASIC - Represents the basic set of permissions required to onboard the feature.
-  CLOUDNATIVEARCHIVAL_ENCRYPTION
-  BASIC - Represents the basic set of permissions required to onboard the feature.ENCRYPTION - Represents the set of permissions required for encryption operations.
   CLOUDNATIVEPROTECTION
   BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and
   restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level
@@ -41,10 +39,6 @@ when specifying the feature set.
 ### CLOUD_NATIVE_ARCHIVAL
   * `BASIC` - Represents the basic set of permissions required to onboard the feature.
 
-### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
-  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
-  * `ENCRYPTION` - Represents the set of permissions required for encryption operations.
-
 ### CLOUD_NATIVE_PROTECTION
   * `BASIC` - Represents the basic set of permissions required to onboard the feature.
   * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -104,20 +98,13 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
     ]
   }
 
-  feature {
-    name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
-
-    permission_groups = [
-      "BASIC",
-      "ENCRYPTION",
-    ]
-  }
-
   feature {
     name = "CLOUD_NATIVE_PROTECTION"
 
     permission_groups = [
       "BASIC",
+      "EXPORT_AND_RESTORE",
+      "FILE_LEVEL_RECOVERY",
     ]
   }
 }
@@ -145,5 +132,5 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
 
 Required:
 
-- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
-- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.
+- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
+- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.

docs/data-sources/aws_cnp_permissions.md

@@ -13,10 +13,6 @@ when specifying the feature set.
 ### CLOUD_NATIVE_ARCHIVAL
   * `BASIC` - Represents the basic set of permissions required to onboard the feature.
 
-### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
-  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
-  * `ENCRYPTION` - Represents the set of permissions required for encryption operations.
-
 ### CLOUD_NATIVE_PROTECTION
  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
  * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -57,10 +53,6 @@ when specifying the feature set.
 ### CLOUD_NATIVE_ARCHIVAL
   * `BASIC` - Represents the basic set of permissions required to onboard the feature.
 
-### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
-  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
-  * `ENCRYPTION` - Represents the set of permissions required for encryption operations.
-
 ### CLOUD_NATIVE_PROTECTION
  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
  * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -100,20 +92,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
     ]
   }
 
-  feature {
-    name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
-
-    permission_groups = [
-      "BASIC",
-      "ENCRYPTION",
-    ]
-  }
-
   feature {
     name = "CLOUD_NATIVE_PROTECTION"
 
     permission_groups = [
       "BASIC",
+      "EXPORT_AND_RESTORE",
     ]
   }
 }

docs/guides/changelog.md

@@ -4,6 +4,14 @@ page_title: "Changelog"
 
 # Changelog
 
+## v0.9.0-beta.9
+* Add the field `setup_yaml` to the `polaris_aws_exocompute_cluster_attachment` resource. The `setup_yaml` fields
+  contains K8s specs that can be passed to `kubectl` to establish a connection between the cluster and RSC.
+  [[docs](../resources/aws_exocompute_cluster_attachment)]
+* Fix a bug in the AWS feature removal code that causes removal of the `CLOUD_NATIVE_S3_PROTECTION` feature to fail.
+* Improve the code that waits for RSC features to be disabled. The code now checks both the status of the job and the
+  status of the cloud account.
+
 ## v0.9.0-beta.8
 * Improve the documentation for AWS data sources and resources.
 * Update guides.

docs/guides/upgrade_guide_beta.md

@@ -30,6 +30,8 @@ The latest beta release introduces changes to the following data sources and res
   feature, which can be use with the `polaris_azure_permissions` data source signal permissions updates.
 * `polaris_features` - The data source has been deprecated and replaced with the `features` field of the
   `polaris_deployment` data source. Note, the `features` field is a set and not a list.
+* `polaris_aws_exocompute_cluster_attachment` - New field, `setup_yaml`, which holds the K8s spec which can be passed
+  to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC.
 
 Deprecated fields will be removed in a future release, please migrate your configurations to use the replacement field
 as soon as possible.

docs/resources/aws_account.md

@@ -48,6 +48,10 @@ resource "polaris_aws_account" "default" {
   profile = "default"
 
   cloud_native_protection {
+    permission_groups = [
+      "BASIC",
+    ]
+
     regions = [
       "us-east-2",
     ]
@@ -59,13 +63,22 @@ resource "polaris_aws_account" "default" {
   profile = "default"
 
   cloud_native_protection {
+    permission_groups = [
+      "BASIC",
+    ]
+
     regions = [
       "us-east-2",
       "us-west-2",
     ]
   }
 
   exocompute {
+    permission_groups = [
+      "BASIC",
+      "RSC_MANAGED_CLUSTER",
+    ]
+
     regions = [
       "us-west-2",
     ]
@@ -107,7 +120,7 @@ Required:
 
 Optional:
 
-- `permission_groups` (Set of String) Permission groups to assign to the Cloud Native Protection feature.
+- `permission_groups` (Set of String) Permission groups to assign to the Cloud Native Protection feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY` and `SNAPSHOT_PRIVATE_ACCESS`.
 
 Read-Only:
 
@@ -124,7 +137,7 @@ Required:
 
 Optional:
 
-- `permission_groups` (Set of String) Permission groups to assign to the Exocompute feature.
+- `permission_groups` (Set of String) Permission groups to assign to the Exocompute feature. Possible values are `BASIC`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`.
 
 Read-Only:
 

docs/resources/aws_archival_location.md

@@ -63,7 +63,7 @@ resource "polaris_aws_archival_location" "archival_location" {
 ### Optional
 
 - `bucket_tags` (Map of String) AWS bucket tags. Each tag will be added to the bucket created by RSC. Changing this forces a new resource to be created.
-- `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID.
+- `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID. Default value is `aws/s3`.
 - `region` (String) AWS region to store the snapshots in. If not specified, the snapshots will be stored in the same region as the workload. Changing this forces a new resource to be created.
 - `storage_class` (String) AWS bucket storage class. Possible values are `STANDARD`, `STANDARD_IA`, `ONEZONE_IA`, `GLACIER_INSTANT_RETRIEVAL`, `GLACIER_DEEP_ARCHIVE` and `GLACIER_FLEXIBLE_RETRIEVAL`. Default value is `STANDARD_IA`.
 

docs/resources/aws_cnp_account.md

@@ -11,8 +11,6 @@ description: |-
   when specifying the feature set.
   CLOUDNATIVEARCHIVAL
   BASIC - Represents the basic set of permissions required to onboard the feature.
-  CLOUDNATIVEARCHIVAL_ENCRYPTION
-  BASIC - Represents the basic set of permissions required to onboard the feature.ENCRYPTION - Represents the set of permissions required for encryption operations.
   CLOUDNATIVEPROTECTION
   BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and
   restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level
@@ -43,10 +41,6 @@ when specifying the feature set.
 ### CLOUD_NATIVE_ARCHIVAL
   * `BASIC` - Represents the basic set of permissions required to onboard the feature.
 
-### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
-  * `BASIC` - Represents the basic set of permissions required to onboard the feature.
-  * `ENCRYPTION` - Represents the set of permissions required for encryption operations.
-
 ### CLOUD_NATIVE_PROTECTION
   * `BASIC` - Represents the basic set of permissions required to onboard the feature.
   * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -95,7 +89,6 @@ resource "polaris_aws_cnp_account" "account" {
     permission_groups = [
       "BASIC",
       "EXPORT_AND_RESTORE",
-      "EXPORT_AND_RESTORE",
     ]
   }
 }
@@ -145,5 +138,5 @@ resource "polaris_aws_cnp_account" "account" {
 
 Required:
 
-- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
-- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.
+- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
+- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.

docs/resources/aws_cnp_account_attachments.md

@@ -51,7 +51,7 @@ resource "polaris_aws_cnp_account_attachments" "attachments" {
 ### Required
 
 - `account_id` (String) RSC cloud account ID (UUID). Changing this forces a new resource to be created.
-- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
+- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
 - `role` (Block Set, Min: 1) Roles to attach to the cloud account. (see [below for nested schema](#nestedblock--role))
 
 ### Optional

docs/resources/aws_cnp_account_trust_policy.md

@@ -31,20 +31,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
     ]
   }
 
-  feature {
-    name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
-
-    permission_groups = [
-      "BASIC",
-      "ENCRYPTION",
-    ]
-  }
-
   feature {
     name = "CLOUD_NATIVE_PROTECTION"
 
     permission_groups = [
       "BASIC",
+      "EXPORT_AND_RESTORE",
     ]
   }
 }
@@ -82,7 +74,7 @@ resource "polaris_aws_cnp_account_trust_policy" "trust_policy" {
 ### Required
 
 - `account_id` (String) RSC cloud account ID (UUID). Changing this forces a new resource to be created.
-- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created.
+- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created.
 - `role_key` (String) RSC artifact key for the AWS role.
 
 ### Optional

docs/resources/aws_exocompute_cluster_attachment.md

@@ -37,5 +37,6 @@ resource "polaris_aws_exocompute_cluster_attachment" "attachment" {
 
 ### Read-Only
 
-- `connection_command` (String) Manual cluster connection command. Execute this command inside the EKS cluster to establish a connection between the cluster and RSC.
+- `connection_command` (String) `kubectl` command which can be executed inside the EKS cluster to create a connection between the cluster and RSC. See setup_yaml for an alternative connection method.
 - `id` (String) RSC cluster ID (UUID).
+- `setup_yaml` (String) K8s spec which can be passed to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC. See connection_command for an alternative connection method.

examples/data-sources/polaris_aws_cnp_artifacts/data-source.tf

@@ -29,20 +29,13 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
     ]
   }
 
-  feature {
-    name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
-
-    permission_groups = [
-      "BASIC",
-      "ENCRYPTION",
-    ]
-  }
-
   feature {
     name = "CLOUD_NATIVE_PROTECTION"
 
     permission_groups = [
       "BASIC",
+      "EXPORT_AND_RESTORE",
+      "FILE_LEVEL_RECOVERY",
     ]
   }
 }

examples/data-sources/polaris_aws_cnp_permissions/data-source.tf

@@ -7,20 +7,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
     ]
   }
 
-  feature {
-    name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
-
-    permission_groups = [
-      "BASIC",
-      "ENCRYPTION",
-    ]
-  }
-
   feature {
     name = "CLOUD_NATIVE_PROTECTION"
 
     permission_groups = [
       "BASIC",
+      "EXPORT_AND_RESTORE",
     ]
   }
 }

examples/resources/polaris_aws_account/resource.tf

@@ -3,6 +3,10 @@ resource "polaris_aws_account" "default" {
   profile = "default"
 
   cloud_native_protection {
+    permission_groups = [
+      "BASIC",
+    ]
+
     regions = [
       "us-east-2",
     ]
@@ -14,13 +18,22 @@ resource "polaris_aws_account" "default" {
   profile = "default"
 
   cloud_native_protection {
+    permission_groups = [
+      "BASIC",
+    ]
+
     regions = [
       "us-east-2",
       "us-west-2",
     ]
   }
 
   exocompute {
+    permission_groups = [
+      "BASIC",
+      "RSC_MANAGED_CLUSTER",
+    ]
+
     regions = [
       "us-west-2",
     ]

examples/resources/polaris_aws_cnp_account/resource.tf

@@ -18,7 +18,6 @@ resource "polaris_aws_cnp_account" "account" {
     permission_groups = [
       "BASIC",
       "EXPORT_AND_RESTORE",
-      "EXPORT_AND_RESTORE",
     ]
   }
 }

examples/resources/polaris_aws_cnp_account_trust_policy/resource.tf

@@ -7,20 +7,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
     ]
   }
 
-  feature {
-    name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
-
-    permission_groups = [
-      "BASIC",
-      "ENCRYPTION",
-    ]
-  }
-
   feature {
     name = "CLOUD_NATIVE_PROTECTION"
 
     permission_groups = [
       "BASIC",
+      "EXPORT_AND_RESTORE",
     ]
   }
 }

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.0
-	github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8
+	github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10
 )
 
 require (

go.sum

@@ -412,8 +412,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8 h1:5gjG60RRoxAGPXAL7ECCwy9/mfFbFlSWgnf7+rrgUYI=
-github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8/go.mod h1:670TFQkxTdbsBwEwR/fDT75hfHwPDTTOiLnyZerbqQk=
+github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10 h1:gZ8hJ3L8kaSdfPB10poPSmyMQAbg+S7LDR/Eki1dGBA=
+github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10/go.mod h1:670TFQkxTdbsBwEwR/fDT75hfHwPDTTOiLnyZerbqQk=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=