From 116b782bb133cc7d00e47fff085d1ebdc69ef40a Mon Sep 17 00:00:00 2001 From: Johan Andersson Date: Thu, 4 Jul 2024 16:11:00 +0200 Subject: [PATCH] Add support for cluster setup YAML (#186) Add setup_yml field to the polaris_aws_exocompute_cluster_attachment resource. --- docs/data-sources/aws_cnp_artifacts.md | 21 ++++-------------- docs/data-sources/aws_cnp_permissions.md | 18 +-------------- docs/guides/changelog.md | 8 +++++++ docs/guides/upgrade_guide_beta.md | 2 ++ docs/resources/aws_account.md | 17 ++++++++++++-- docs/resources/aws_archival_location.md | 2 +- docs/resources/aws_cnp_account.md | 11 ++-------- docs/resources/aws_cnp_account_attachments.md | 2 +- .../resources/aws_cnp_account_trust_policy.md | 12 ++-------- .../aws_exocompute_cluster_attachment.md | 3 ++- .../polaris_aws_cnp_artifacts/data-source.tf | 11 ++-------- .../data-source.tf | 10 +-------- .../resources/polaris_aws_account/resource.tf | 13 +++++++++++ .../polaris_aws_cnp_account/resource.tf | 1 - .../resource.tf | 10 +-------- go.mod | 2 +- go.sum | 4 ++-- .../provider/data_source_aws_cnp_artifacts.go | 4 ---- .../data_source_aws_cnp_permissions.go | 4 ---- internal/provider/names.go | 1 + internal/provider/resource_aws_account.go | 17 +++++++------- .../resource_aws_archival_location.go | 2 +- internal/provider/resource_aws_cnp_account.go | 22 ++++++++----------- .../resource_aws_cnp_account_attachments.go | 9 ++++---- .../resource_aws_cnp_account_trust_policy.go | 10 ++++----- ...ource_aws_exocompute_cluster_attachment.go | 21 ++++++++++++------ .../resource_azure_service_principal.go | 1 - templates/guides/changelog.md.tmpl | 8 +++++++ templates/guides/upgrade_guide_beta.md.tmpl | 2 ++ 29 files changed, 111 insertions(+), 137 deletions(-) diff --git a/docs/data-sources/aws_cnp_artifacts.md b/docs/data-sources/aws_cnp_artifacts.md index 275113f..791e272 100644 --- a/docs/data-sources/aws_cnp_artifacts.md +++ b/docs/data-sources/aws_cnp_artifacts.md @@ -10,8 +10,6 @@ description: |- when specifying the feature set. CLOUDNATIVEARCHIVAL BASIC - Represents the basic set of permissions required to onboard the feature. - CLOUDNATIVEARCHIVAL_ENCRYPTION - BASIC - Represents the basic set of permissions required to onboard the feature.ENCRYPTION - Represents the set of permissions required for encryption operations. CLOUDNATIVEPROTECTION BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level @@ -41,10 +39,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * `BASIC` - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * `BASIC` - Represents the basic set of permissions required to onboard the feature. - * `ENCRYPTION` - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * `BASIC` - Represents the basic set of permissions required to onboard the feature. * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and @@ -104,20 +98,13 @@ data "polaris_aws_cnp_artifacts" "artifacts" { ] } - feature { - name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION" - - permission_groups = [ - "BASIC", - "ENCRYPTION", - ] - } - feature { name = "CLOUD_NATIVE_PROTECTION" permission_groups = [ "BASIC", + "EXPORT_AND_RESTORE", + "FILE_LEVEL_RECOVERY", ] } } @@ -145,5 +132,5 @@ data "polaris_aws_cnp_artifacts" "artifacts" { Required: -- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. -- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups. +- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. +- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups. diff --git a/docs/data-sources/aws_cnp_permissions.md b/docs/data-sources/aws_cnp_permissions.md index a808675..ac2e8cf 100644 --- a/docs/data-sources/aws_cnp_permissions.md +++ b/docs/data-sources/aws_cnp_permissions.md @@ -13,10 +13,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * `BASIC` - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * `BASIC` - Represents the basic set of permissions required to onboard the feature. - * `ENCRYPTION` - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * `BASIC` - Represents the basic set of permissions required to onboard the feature. * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and @@ -57,10 +53,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * `BASIC` - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * `BASIC` - Represents the basic set of permissions required to onboard the feature. - * `ENCRYPTION` - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * `BASIC` - Represents the basic set of permissions required to onboard the feature. * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and @@ -100,20 +92,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" { ] } - feature { - name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION" - - permission_groups = [ - "BASIC", - "ENCRYPTION", - ] - } - feature { name = "CLOUD_NATIVE_PROTECTION" permission_groups = [ "BASIC", + "EXPORT_AND_RESTORE", ] } } diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index 5be2b37..5b2ea5d 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -4,6 +4,14 @@ page_title: "Changelog" # Changelog +## v0.9.0-beta.9 +* Add the field `setup_yaml` to the `polaris_aws_exocompute_cluster_attachment` resource. The `setup_yaml` fields + contains K8s specs that can be passed to `kubectl` to establish a connection between the cluster and RSC. + [[docs](../resources/aws_exocompute_cluster_attachment)] +* Fix a bug in the AWS feature removal code that causes removal of the `CLOUD_NATIVE_S3_PROTECTION` feature to fail. +* Improve the code that waits for RSC features to be disabled. The code now checks both the status of the job and the + status of the cloud account. + ## v0.9.0-beta.8 * Improve the documentation for AWS data sources and resources. * Update guides. diff --git a/docs/guides/upgrade_guide_beta.md b/docs/guides/upgrade_guide_beta.md index 62e3a19..45617ba 100644 --- a/docs/guides/upgrade_guide_beta.md +++ b/docs/guides/upgrade_guide_beta.md @@ -30,6 +30,8 @@ The latest beta release introduces changes to the following data sources and res feature, which can be use with the `polaris_azure_permissions` data source signal permissions updates. * `polaris_features` - The data source has been deprecated and replaced with the `features` field of the `polaris_deployment` data source. Note, the `features` field is a set and not a list. +* `polaris_aws_exocompute_cluster_attachment` - New field, `setup_yaml`, which holds the K8s spec which can be passed + to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC. Deprecated fields will be removed in a future release, please migrate your configurations to use the replacement field as soon as possible. diff --git a/docs/resources/aws_account.md b/docs/resources/aws_account.md index 590e432..6612395 100644 --- a/docs/resources/aws_account.md +++ b/docs/resources/aws_account.md @@ -48,6 +48,10 @@ resource "polaris_aws_account" "default" { profile = "default" cloud_native_protection { + permission_groups = [ + "BASIC", + ] + regions = [ "us-east-2", ] @@ -59,6 +63,10 @@ resource "polaris_aws_account" "default" { profile = "default" cloud_native_protection { + permission_groups = [ + "BASIC", + ] + regions = [ "us-east-2", "us-west-2", @@ -66,6 +74,11 @@ resource "polaris_aws_account" "default" { } exocompute { + permission_groups = [ + "BASIC", + "RSC_MANAGED_CLUSTER", + ] + regions = [ "us-west-2", ] @@ -107,7 +120,7 @@ Required: Optional: -- `permission_groups` (Set of String) Permission groups to assign to the Cloud Native Protection feature. +- `permission_groups` (Set of String) Permission groups to assign to the Cloud Native Protection feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY` and `SNAPSHOT_PRIVATE_ACCESS`. Read-Only: @@ -124,7 +137,7 @@ Required: Optional: -- `permission_groups` (Set of String) Permission groups to assign to the Exocompute feature. +- `permission_groups` (Set of String) Permission groups to assign to the Exocompute feature. Possible values are `BASIC`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. Read-Only: diff --git a/docs/resources/aws_archival_location.md b/docs/resources/aws_archival_location.md index 0d1e64f..6a78050 100644 --- a/docs/resources/aws_archival_location.md +++ b/docs/resources/aws_archival_location.md @@ -63,7 +63,7 @@ resource "polaris_aws_archival_location" "archival_location" { ### Optional - `bucket_tags` (Map of String) AWS bucket tags. Each tag will be added to the bucket created by RSC. Changing this forces a new resource to be created. -- `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID. +- `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID. Default value is `aws/s3`. - `region` (String) AWS region to store the snapshots in. If not specified, the snapshots will be stored in the same region as the workload. Changing this forces a new resource to be created. - `storage_class` (String) AWS bucket storage class. Possible values are `STANDARD`, `STANDARD_IA`, `ONEZONE_IA`, `GLACIER_INSTANT_RETRIEVAL`, `GLACIER_DEEP_ARCHIVE` and `GLACIER_FLEXIBLE_RETRIEVAL`. Default value is `STANDARD_IA`. diff --git a/docs/resources/aws_cnp_account.md b/docs/resources/aws_cnp_account.md index 158c8d9..0d0ae98 100644 --- a/docs/resources/aws_cnp_account.md +++ b/docs/resources/aws_cnp_account.md @@ -11,8 +11,6 @@ description: |- when specifying the feature set. CLOUDNATIVEARCHIVAL BASIC - Represents the basic set of permissions required to onboard the feature. - CLOUDNATIVEARCHIVAL_ENCRYPTION - BASIC - Represents the basic set of permissions required to onboard the feature.ENCRYPTION - Represents the set of permissions required for encryption operations. CLOUDNATIVEPROTECTION BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level @@ -43,10 +41,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * `BASIC` - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * `BASIC` - Represents the basic set of permissions required to onboard the feature. - * `ENCRYPTION` - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * `BASIC` - Represents the basic set of permissions required to onboard the feature. * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and @@ -95,7 +89,6 @@ resource "polaris_aws_cnp_account" "account" { permission_groups = [ "BASIC", "EXPORT_AND_RESTORE", - "EXPORT_AND_RESTORE", ] } } @@ -145,5 +138,5 @@ resource "polaris_aws_cnp_account" "account" { Required: -- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. -- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups. +- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. +- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups. diff --git a/docs/resources/aws_cnp_account_attachments.md b/docs/resources/aws_cnp_account_attachments.md index 506965d..0945329 100644 --- a/docs/resources/aws_cnp_account_attachments.md +++ b/docs/resources/aws_cnp_account_attachments.md @@ -51,7 +51,7 @@ resource "polaris_aws_cnp_account_attachments" "attachments" { ### Required - `account_id` (String) RSC cloud account ID (UUID). Changing this forces a new resource to be created. -- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. +- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. - `role` (Block Set, Min: 1) Roles to attach to the cloud account. (see [below for nested schema](#nestedblock--role)) ### Optional diff --git a/docs/resources/aws_cnp_account_trust_policy.md b/docs/resources/aws_cnp_account_trust_policy.md index 164ab5d..9aea098 100644 --- a/docs/resources/aws_cnp_account_trust_policy.md +++ b/docs/resources/aws_cnp_account_trust_policy.md @@ -31,20 +31,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" { ] } - feature { - name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION" - - permission_groups = [ - "BASIC", - "ENCRYPTION", - ] - } - feature { name = "CLOUD_NATIVE_PROTECTION" permission_groups = [ "BASIC", + "EXPORT_AND_RESTORE", ] } } @@ -82,7 +74,7 @@ resource "polaris_aws_cnp_account_trust_policy" "trust_policy" { ### Required - `account_id` (String) RSC cloud account ID (UUID). Changing this forces a new resource to be created. -- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created. +- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created. - `role_key` (String) RSC artifact key for the AWS role. ### Optional diff --git a/docs/resources/aws_exocompute_cluster_attachment.md b/docs/resources/aws_exocompute_cluster_attachment.md index 3fbab46..9200655 100644 --- a/docs/resources/aws_exocompute_cluster_attachment.md +++ b/docs/resources/aws_exocompute_cluster_attachment.md @@ -37,5 +37,6 @@ resource "polaris_aws_exocompute_cluster_attachment" "attachment" { ### Read-Only -- `connection_command` (String) Manual cluster connection command. Execute this command inside the EKS cluster to establish a connection between the cluster and RSC. +- `connection_command` (String) `kubectl` command which can be executed inside the EKS cluster to create a connection between the cluster and RSC. See setup_yaml for an alternative connection method. - `id` (String) RSC cluster ID (UUID). +- `setup_yaml` (String) K8s spec which can be passed to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC. See connection_command for an alternative connection method. diff --git a/examples/data-sources/polaris_aws_cnp_artifacts/data-source.tf b/examples/data-sources/polaris_aws_cnp_artifacts/data-source.tf index b10be22..f4173b6 100644 --- a/examples/data-sources/polaris_aws_cnp_artifacts/data-source.tf +++ b/examples/data-sources/polaris_aws_cnp_artifacts/data-source.tf @@ -29,20 +29,13 @@ data "polaris_aws_cnp_artifacts" "artifacts" { ] } - feature { - name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION" - - permission_groups = [ - "BASIC", - "ENCRYPTION", - ] - } - feature { name = "CLOUD_NATIVE_PROTECTION" permission_groups = [ "BASIC", + "EXPORT_AND_RESTORE", + "FILE_LEVEL_RECOVERY", ] } } diff --git a/examples/data-sources/polaris_aws_cnp_permissions/data-source.tf b/examples/data-sources/polaris_aws_cnp_permissions/data-source.tf index 7f14ff0..c0d9388 100644 --- a/examples/data-sources/polaris_aws_cnp_permissions/data-source.tf +++ b/examples/data-sources/polaris_aws_cnp_permissions/data-source.tf @@ -7,20 +7,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" { ] } - feature { - name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION" - - permission_groups = [ - "BASIC", - "ENCRYPTION", - ] - } - feature { name = "CLOUD_NATIVE_PROTECTION" permission_groups = [ "BASIC", + "EXPORT_AND_RESTORE", ] } } diff --git a/examples/resources/polaris_aws_account/resource.tf b/examples/resources/polaris_aws_account/resource.tf index 3673b53..0d80f9e 100644 --- a/examples/resources/polaris_aws_account/resource.tf +++ b/examples/resources/polaris_aws_account/resource.tf @@ -3,6 +3,10 @@ resource "polaris_aws_account" "default" { profile = "default" cloud_native_protection { + permission_groups = [ + "BASIC", + ] + regions = [ "us-east-2", ] @@ -14,6 +18,10 @@ resource "polaris_aws_account" "default" { profile = "default" cloud_native_protection { + permission_groups = [ + "BASIC", + ] + regions = [ "us-east-2", "us-west-2", @@ -21,6 +29,11 @@ resource "polaris_aws_account" "default" { } exocompute { + permission_groups = [ + "BASIC", + "RSC_MANAGED_CLUSTER", + ] + regions = [ "us-west-2", ] diff --git a/examples/resources/polaris_aws_cnp_account/resource.tf b/examples/resources/polaris_aws_cnp_account/resource.tf index 4c8ad56..7d09c92 100644 --- a/examples/resources/polaris_aws_cnp_account/resource.tf +++ b/examples/resources/polaris_aws_cnp_account/resource.tf @@ -18,7 +18,6 @@ resource "polaris_aws_cnp_account" "account" { permission_groups = [ "BASIC", "EXPORT_AND_RESTORE", - "EXPORT_AND_RESTORE", ] } } diff --git a/examples/resources/polaris_aws_cnp_account_trust_policy/resource.tf b/examples/resources/polaris_aws_cnp_account_trust_policy/resource.tf index ff1ef75..0da4dbd 100644 --- a/examples/resources/polaris_aws_cnp_account_trust_policy/resource.tf +++ b/examples/resources/polaris_aws_cnp_account_trust_policy/resource.tf @@ -7,20 +7,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" { ] } - feature { - name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION" - - permission_groups = [ - "BASIC", - "ENCRYPTION", - ] - } - feature { name = "CLOUD_NATIVE_PROTECTION" permission_groups = [ "BASIC", + "EXPORT_AND_RESTORE", ] } } diff --git a/go.mod b/go.mod index 552f9ad..40db697 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/terraform-plugin-docs v0.16.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.0 - github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8 + github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10 ) require ( diff --git a/go.sum b/go.sum index 98571e1..a7fe578 100644 --- a/go.sum +++ b/go.sum @@ -412,8 +412,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8 h1:5gjG60RRoxAGPXAL7ECCwy9/mfFbFlSWgnf7+rrgUYI= -github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8/go.mod h1:670TFQkxTdbsBwEwR/fDT75hfHwPDTTOiLnyZerbqQk= +github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10 h1:gZ8hJ3L8kaSdfPB10poPSmyMQAbg+S7LDR/Eki1dGBA= +github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10/go.mod h1:670TFQkxTdbsBwEwR/fDT75hfHwPDTTOiLnyZerbqQk= github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= diff --git a/internal/provider/data_source_aws_cnp_artifacts.go b/internal/provider/data_source_aws_cnp_artifacts.go index 67b9063..25141f3 100644 --- a/internal/provider/data_source_aws_cnp_artifacts.go +++ b/internal/provider/data_source_aws_cnp_artifacts.go @@ -44,10 +44,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. - * ´ENCRYPTION´ - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. * ´EXPORT_AND_RESTORE´ - Represents the set of permissions required for export and diff --git a/internal/provider/data_source_aws_cnp_permissions.go b/internal/provider/data_source_aws_cnp_permissions.go index 957c13c..c5c7088 100644 --- a/internal/provider/data_source_aws_cnp_permissions.go +++ b/internal/provider/data_source_aws_cnp_permissions.go @@ -44,10 +44,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. - * ´ENCRYPTION´ - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. * ´EXPORT_AND_RESTORE´ - Represents the set of permissions required for export and diff --git a/internal/provider/names.go b/internal/provider/names.go index 7e593e3..9f32d48 100644 --- a/internal/provider/names.go +++ b/internal/provider/names.go @@ -106,6 +106,7 @@ const ( keySnappableType = "snappable_type" keySQLDBProtection = "sql_db_protection" keySQLMIProtection = "sql_mi_protection" + keySetupYAML = "setup_yaml" keyStackARN = "stack_arn" keyStatus = "status" keyStorageAccountNamePrefix = "storage_account_name_prefix" diff --git a/internal/provider/resource_aws_account.go b/internal/provider/resource_aws_account.go index 66dca63..a2f374f 100644 --- a/internal/provider/resource_aws_account.go +++ b/internal/provider/resource_aws_account.go @@ -84,12 +84,13 @@ func resourceAwsAccount() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - "BASIC", "ENCRYPTION", "EXPORT_AND_RESTORE", "EXPORT_AND_RESTORE", - "SNAPSHOT_PRIVATE_ACCESS", "PRIVATE_ENDPOINT", "RSC_MANAGED_CLUSTER", + "BASIC", "EXPORT_AND_RESTORE", "FILE_LEVEL_RECOVERY", "SNAPSHOT_PRIVATE_ACCESS", }, false), }, - Optional: true, - Description: "Permission groups to assign to the Cloud Native Protection feature.", + Optional: true, + Description: "Permission groups to assign to the Cloud Native Protection feature. " + + "Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY` and " + + "`SNAPSHOT_PRIVATE_ACCESS`.", }, keyRegions: { Type: schema.TypeSet, @@ -132,12 +133,12 @@ func resourceAwsAccount() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - "BASIC", "ENCRYPTION", "EXPORT_AND_RESTORE", "EXPORT_AND_RESTORE", - "SNAPSHOT_PRIVATE_ACCESS", "PRIVATE_ENDPOINT", "RSC_MANAGED_CLUSTER", + "BASIC", "PRIVATE_ENDPOINT", "RSC_MANAGED_CLUSTER", }, false), }, - Optional: true, - Description: "Permission groups to assign to the Exocompute feature.", + Optional: true, + Description: "Permission groups to assign to the Exocompute feature. Possible values " + + "are `BASIC`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`.", }, keyRegions: { Type: schema.TypeSet, diff --git a/internal/provider/resource_aws_archival_location.go b/internal/provider/resource_aws_archival_location.go index 1fb4248..46848af 100644 --- a/internal/provider/resource_aws_archival_location.go +++ b/internal/provider/resource_aws_archival_location.go @@ -101,7 +101,7 @@ func resourceAwsArchivalLocation() *schema.Resource { Optional: true, Sensitive: true, Default: "aws/s3", - Description: "AWS KMS master key alias/ID.", + Description: "AWS KMS master key alias/ID. Default value is `aws/s3`.", ValidateFunc: validation.StringIsNotWhiteSpace, }, keyLocationTemplate: { diff --git a/internal/provider/resource_aws_cnp_account.go b/internal/provider/resource_aws_cnp_account.go index 6862a79..247cb9d 100644 --- a/internal/provider/resource_aws_cnp_account.go +++ b/internal/provider/resource_aws_cnp_account.go @@ -46,10 +46,6 @@ when specifying the feature set. ### CLOUD_NATIVE_ARCHIVAL * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. -### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION - * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. - * ´ENCRYPTION´ - Represents the set of permissions required for encryption operations. - ### CLOUD_NATIVE_PROTECTION * ´BASIC´ - Represents the basic set of permissions required to onboard the feature. * ´EXPORT_AND_RESTORE´ - Represents the set of permissions required for export and @@ -398,11 +394,10 @@ func featureResource() *schema.Resource { Type: schema.TypeString, Required: true, Description: "RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, " + - "`CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, " + - "`EXOCOMPUTE` and `RDS_PROTECTION`.", + "`CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.", ValidateFunc: validation.StringInSlice([]string{ - "CLOUD_NATIVE_ARCHIVAL", "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_PROTECTION", - "CLOUD_NATIVE_S3_PROTECTION", "EXOCOMPUTE", "RDS_PROTECTION", + "CLOUD_NATIVE_ARCHIVAL", "CLOUD_NATIVE_PROTECTION", "CLOUD_NATIVE_S3_PROTECTION", "EXOCOMPUTE", + "RDS_PROTECTION", }, false), }, keyPermissionGroups: { @@ -410,14 +405,15 @@ func featureResource() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - "BASIC", "ENCRYPTION", "EXPORT_AND_RESTORE", "EXPORT_AND_RESTORE", - "SNAPSHOT_PRIVATE_ACCESS", "PRIVATE_ENDPOINT", "RSC_MANAGED_CLUSTER", + "BASIC", "EXPORT_AND_RESTORE", "FILE_LEVEL_RECOVERY", "SNAPSHOT_PRIVATE_ACCESS", + "PRIVATE_ENDPOINT", "RSC_MANAGED_CLUSTER", }, false), }, Required: true, - Description: "RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, " + - "`EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. " + - "For backwards compatibility, `[]` is interpreted as all applicable permission groups.", + Description: "RSC permission groups for the feature. Possible values are `BASIC`, " + + "`EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` " + + "and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable " + + "permission groups.", }, }, } diff --git a/internal/provider/resource_aws_cnp_account_attachments.go b/internal/provider/resource_aws_cnp_account_attachments.go index 2240d42..0423b8b 100644 --- a/internal/provider/resource_aws_cnp_account_attachments.go +++ b/internal/provider/resource_aws_cnp_account_attachments.go @@ -68,15 +68,14 @@ func resourceAwsCnpAccountAttachments() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - "CLOUD_NATIVE_ARCHIVAL", "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_PROTECTION", - "CLOUD_NATIVE_S3_PROTECTION", "EXOCOMPUTE", "RDS_PROTECTION", + "CLOUD_NATIVE_ARCHIVAL", "CLOUD_NATIVE_PROTECTION", "CLOUD_NATIVE_S3_PROTECTION", + "EXOCOMPUTE", "RDS_PROTECTION", }, false), }, MinItems: 1, Required: true, - Description: "RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, " + - "`CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, " + - "`EXOCOMPUTE` and `RDS_PROTECTION`.", + Description: "RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, " + + "`CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.", }, keyInstanceProfile: { Type: schema.TypeSet, diff --git a/internal/provider/resource_aws_cnp_account_trust_policy.go b/internal/provider/resource_aws_cnp_account_trust_policy.go index 8a41254..f514099 100644 --- a/internal/provider/resource_aws_cnp_account_trust_policy.go +++ b/internal/provider/resource_aws_cnp_account_trust_policy.go @@ -77,16 +77,16 @@ func resourceAwsCnpAccountTrustPolicy() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ - "CLOUD_NATIVE_ARCHIVAL", "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_PROTECTION", - "CLOUD_NATIVE_S3_PROTECTION", "EXOCOMPUTE", "RDS_PROTECTION", + "CLOUD_NATIVE_ARCHIVAL", "CLOUD_NATIVE_PROTECTION", "CLOUD_NATIVE_S3_PROTECTION", + "EXOCOMPUTE", "RDS_PROTECTION", }, false), }, MinItems: 1, Required: true, ForceNew: true, - Description: "RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, " + - "`CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, " + - "`EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created.", + Description: "RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, " + + "`CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new " + + "resource to be created.", }, keyPolicy: { Type: schema.TypeString, diff --git a/internal/provider/resource_aws_exocompute_cluster_attachment.go b/internal/provider/resource_aws_exocompute_cluster_attachment.go index 2363e6f..a7049c7 100644 --- a/internal/provider/resource_aws_exocompute_cluster_attachment.go +++ b/internal/provider/resource_aws_exocompute_cluster_attachment.go @@ -61,8 +61,8 @@ func resourceAwsExocomputeClusterAttachment() *schema.Resource { keyConnectionCommand: { Type: schema.TypeString, Computed: true, - Description: "Manual cluster connection command. Execute this command inside the EKS cluster to " + - "establish a connection between the cluster and RSC.", + Description: "`kubectl` command which can be executed inside the EKS cluster to create a connection " + + "between the cluster and RSC. See " + keySetupYAML + " for an alternative connection method.", }, keyExocomputeID: { Type: schema.TypeString, @@ -72,6 +72,13 @@ func resourceAwsExocomputeClusterAttachment() *schema.Resource { "created.", ValidateFunc: validation.IsUUID, }, + keySetupYAML: { + Type: schema.TypeString, + Computed: true, + Description: "K8s spec which can be passed to `kubectl apply` inside the EKS cluster to create a " + + "connection between the cluster and RSC. See " + keyConnectionCommand + " for an alternative " + + "connection method.", + }, keyTokenRefresh: { Type: schema.TypeInt, Optional: true, @@ -96,13 +103,14 @@ func awsCreateAwsExocomputeClusterAttachment(ctx context.Context, d *schema.Reso } clusterName := d.Get(keyClusterName).(string) - // Request cluster attachment. - clusterID, cmd, err := aws.Wrap(client).AddClusterToExocomputeConfig(ctx, configID, clusterName) + clusterID, kubectlCmd, setupYAML, err := aws.Wrap(client).AddClusterToExocomputeConfig(ctx, configID, clusterName) if err != nil { return diag.FromErr(err) } - - if err := d.Set(keyConnectionCommand, cmd); err != nil { + if err := d.Set(keyConnectionCommand, kubectlCmd); err != nil { + return diag.FromErr(err) + } + if err := d.Set(keySetupYAML, setupYAML); err != nil { return diag.FromErr(err) } @@ -115,7 +123,6 @@ func awsReadAwsExocomputeClusterAttachment(ctx context.Context, d *schema.Resour // There is no way to read the state of the cluster attachment without // updating the token. - return nil } diff --git a/internal/provider/resource_azure_service_principal.go b/internal/provider/resource_azure_service_principal.go index 8f39f62..6ea0289 100644 --- a/internal/provider/resource_azure_service_principal.go +++ b/internal/provider/resource_azure_service_principal.go @@ -1,5 +1,4 @@ // Copyright 2021 Rubrik, Inc. -// Copyright 2021 Rubrik, Inc. // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index 5be2b37..5b2ea5d 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -4,6 +4,14 @@ page_title: "Changelog" # Changelog +## v0.9.0-beta.9 +* Add the field `setup_yaml` to the `polaris_aws_exocompute_cluster_attachment` resource. The `setup_yaml` fields + contains K8s specs that can be passed to `kubectl` to establish a connection between the cluster and RSC. + [[docs](../resources/aws_exocompute_cluster_attachment)] +* Fix a bug in the AWS feature removal code that causes removal of the `CLOUD_NATIVE_S3_PROTECTION` feature to fail. +* Improve the code that waits for RSC features to be disabled. The code now checks both the status of the job and the + status of the cloud account. + ## v0.9.0-beta.8 * Improve the documentation for AWS data sources and resources. * Update guides. diff --git a/templates/guides/upgrade_guide_beta.md.tmpl b/templates/guides/upgrade_guide_beta.md.tmpl index 62e3a19..45617ba 100644 --- a/templates/guides/upgrade_guide_beta.md.tmpl +++ b/templates/guides/upgrade_guide_beta.md.tmpl @@ -30,6 +30,8 @@ The latest beta release introduces changes to the following data sources and res feature, which can be use with the `polaris_azure_permissions` data source signal permissions updates. * `polaris_features` - The data source has been deprecated and replaced with the `features` field of the `polaris_deployment` data source. Note, the `features` field is a set and not a list. +* `polaris_aws_exocompute_cluster_attachment` - New field, `setup_yaml`, which holds the K8s spec which can be passed + to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC. Deprecated fields will be removed in a future release, please migrate your configurations to use the replacement field as soon as possible.