INTMDB-154: Deprecation for provider_encrypt_ebs_volume (#403)

* deprecation message for provider_encrypt_ebs_volume

* documentation update about attribute deprecation

* fixing patch request due to the restriction of M10

* Update resource_mongodbatlas_cluster.go

mongodbatlas/resource_mongodbatlas_cluster.go

@@ -168,8 +168,13 @@ func resourceMongoDBAtlasCluster() *schema.Resource {
 				Computed: true,
 			},
 			"provider_encrypt_ebs_volume": {
+				Type:       schema.TypeBool,
+				Optional:   true,
+				Deprecated: "All EBS volumes are encrypted by default, the option to disable encryption has been removed",
+				Computed:   true,
+			},
+			"provider_encrypt_ebs_volume_flag": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"provider_region_name": {
@@ -410,10 +415,6 @@ func resourceMongoDBAtlasClusterCreate(d *schema.ResourceData, meta interface{})
 			return fmt.Errorf("`provider_disk_iops` shouldn't be set when provider name is `GCP` or `AZURE`")
 		}
 
-		if _, ok := d.GetOk("provider_encrypt_ebs_volume"); ok {
-			return fmt.Errorf("`provider_encrypt_ebs_volume` shouldn't be set when provider name is `GCP` or `AZURE`")
-		}
-
 		if _, ok := d.GetOk("provider_volume_type"); ok {
 			return fmt.Errorf("`provider_volume_type` shouldn't be set when provider name is `GCP` or `AZURE`")
 		}
@@ -747,7 +748,6 @@ func resourceMongoDBAtlasClusterUpdate(d *schema.ResourceData, meta interface{})
 
 	// If at least one of the provider settings argument has changed, expand all provider settings
 	if d.HasChange("provider_disk_iops") ||
-		d.HasChange("provider_encrypt_ebs_volume") ||
 		d.HasChange("backing_provider_name") ||
 		d.HasChange("provider_disk_type_name") ||
 		d.HasChange("provider_instance_size_name") ||
@@ -1044,11 +1044,7 @@ func expandProviderSetting(d *schema.ResourceData) (*matlas.ProviderSettings, er
 		if v, ok := d.GetOk("provider_disk_iops"); ok {
 			providerSettings.DiskIOPS = pointy.Int64(cast.ToInt64(v))
 		}
-
 		providerSettings.EncryptEBSVolume = pointy.Bool(true)
-		if encryptEBSVolume, ok := d.GetOkExists("provider_encrypt_ebs_volume"); ok {
-			providerSettings.EncryptEBSVolume = pointy.Bool(cast.ToBool(encryptEBSVolume))
-		}
 	}
 
 	return providerSettings, nil
@@ -1070,8 +1066,8 @@ func flattenProviderSettings(d *schema.ResourceData, settings *matlas.ProviderSe
 	}
 
 	if settings.EncryptEBSVolume != nil {
-		if err := d.Set("provider_encrypt_ebs_volume", *settings.EncryptEBSVolume); err != nil {
-			log.Printf(errorClusterSetting, "provider_encrypt_ebs_volume", clusterName, err)
+		if err := d.Set("provider_encrypt_ebs_volume_flag", *settings.EncryptEBSVolume); err != nil {
+			log.Printf(errorClusterSetting, "provider_encrypt_ebs_volume_flag", clusterName, err)
 		}
 	}
 

mongodbatlas/resource_mongodbatlas_network_container_test.go

@@ -32,7 +32,7 @@ func TestAccResourceMongoDBAtlasNetworkContainer_basicAWS(t *testing.T) {
 		CheckDestroy: testAccCheckMongoDBAtlasNetworkContainerDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock, providerName),
+				Config: testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock, providerName, "US_EAST_1"),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckMongoDBAtlasNetworkContainerExists(resourceName, &container),
 					testAccCheckMongoDBAtlasNetworkContainerAttributes(&container, providerName),
@@ -42,7 +42,7 @@ func TestAccResourceMongoDBAtlasNetworkContainer_basicAWS(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlockUpdated, providerName),
+				Config: testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlockUpdated, providerName, "US_WEST_2"),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckMongoDBAtlasNetworkContainerExists(resourceName, &container),
 					testAccCheckMongoDBAtlasNetworkContainerAttributes(&container, providerName),
@@ -61,8 +61,8 @@ func TestAccResourceMongoDBAtlasNetworkContainer_basicAzure(t *testing.T) {
 		randInt          = acctest.RandIntRange(0, 255)
 		randIntUpdated   = acctest.RandIntRange(0, 255)
 		resourceName     = "mongodbatlas_network_container.test"
-		cidrBlock        = fmt.Sprintf("10.8.%d.0/24", randInt)
-		cidrBlockUpdated = fmt.Sprintf("10.8.%d.0/24", randIntUpdated)
+		cidrBlock        = fmt.Sprintf("192.168.%d.0/24", randInt)
+		cidrBlockUpdated = fmt.Sprintf("192.168.%d.0/24", randIntUpdated)
 		providerName     = "AZURE"
 		orgID            = os.Getenv("MONGODB_ATLAS_ORG_ID")
 		projectName      = acctest.RandomWithPrefix("test-acc")
@@ -155,7 +155,7 @@ func TestAccResourceMongoDBAtlasNetworkContainer_importBasic(t *testing.T) {
 		CheckDestroy: testAccCheckMongoDBAtlasNetworkContainerDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock, providerName),
+				Config: testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock, providerName, "US_EAST_1"),
 			},
 			{
 				ResourceName:            resourceName,
@@ -232,7 +232,7 @@ func testAccCheckMongoDBAtlasNetworkContainerDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock, providerName string) string {
+func testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock, providerName, region string) string {
 	return fmt.Sprintf(`
 		resource "mongodbatlas_project" "test" {
 			name   = "%s"
@@ -243,9 +243,9 @@ func testAccMongoDBAtlasNetworkContainerConfigAWS(projectName, orgID, cidrBlock,
 			project_id   		 = "${mongodbatlas_project.test.id}"
 			atlas_cidr_block = "%s"
 			provider_name		 = "%s"
-			region_name			 = "US_EAST_1"
+			region_name			 = "%s"
 		}
-	`, projectName, orgID, cidrBlock, providerName)
+	`, projectName, orgID, cidrBlock, providerName, region)
 }
 
 func testAccMongoDBAtlasNetworkContainerConfigAzure(projectName, orgID, cidrBlock, providerName string) string {

website/docs/d/cloud_provider_snapshot_backup_policy.html.markdown

@@ -26,7 +26,6 @@ resource "mongodbatlas_cluster" "my_cluster" {
   provider_instance_size_name = "M10"
   provider_backup_enabled     = true // enable cloud backup snapshots
   provider_disk_iops          = 100
-  provider_encrypt_ebs_volume = false
 }
 
 resource "mongodbatlas_cloud_provider_snapshot_backup_policy" "test" {

website/docs/d/cluster.html.markdown

@@ -40,7 +40,6 @@ resource "mongodbatlas_cluster" "test" {
   provider_name               = "AWS"
   provider_disk_iops          = 300
   provider_volume_type        = "STANDARD"
-  provider_encrypt_ebs_volume = true
   provider_instance_size_name = "M40"
 }
 
@@ -110,7 +109,7 @@ In addition to all arguments above, the following attributes are exported:
 * `backing_provider_name` - Indicates Cloud service provider on which the server for a multi-tenant cluster is provisioned.
 * `provider_disk_iops` - Indicates the maximum input/output operations per second (IOPS) the system can perform. The possible values depend on the selected providerSettings.instanceSizeName and diskSizeGB.
 * `provider_disk_type_name` - Describes Azure disk type of the server’s root volume (Azure Only).
-* `provider_encrypt_ebs_volume` - Indicates whether the Amazon EBS encryption is enabled. This feature encrypts the server’s root volume for both data at rest within the volume and data moving between the volume and the instance.
+* `provider_encrypt_ebs_volume` - **(DEPRECATED)** Indicates whether the Amazon EBS encryption is enabled. This feature encrypts the server’s root volume for both data at rest within the volume and data moving between the volume and the instance. By default this attribute is always enabled, per deprecation process showing the real value at `provider_encrypt_ebs_volume_flag` computed attribute. 
 * `provider_region_name` - Indicates Physical location of your MongoDB cluster. The region you choose can affect network latency for clients accessing your databases.  Requires the Atlas Region name, see the reference list for [AWS](https://docs.atlas.mongodb.com/reference/amazon-aws/), [GCP](https://docs.atlas.mongodb.com/reference/google-gcp/), [Azure](https://docs.atlas.mongodb.com/reference/microsoft-azure/).
 * `provider_volume_type` - Indicates the type of the volume. The possible values are: `STANDARD` and `PROVISIONED`.
 * `replication_factor` - (Deprecated) Number of replica set members. Each member keeps a copy of your databases, providing high availability and data redundancy. The possible values are 3, 5, or 7. The default value is 3.

website/docs/d/clusters.html.markdown

@@ -40,7 +40,6 @@ resource "mongodbatlas_cluster" "test" {
   provider_name               = "AWS"
   provider_disk_iops          = 300
   provider_volume_type        = "STANDARD"
-  provider_encrypt_ebs_volume = true
   provider_instance_size_name = "M40"
 }
 
@@ -111,7 +110,7 @@ In addition to all arguments above, the following attributes are exported:
 * `backing_provider_name` - Indicates Cloud service provider on which the server for a multi-tenant cluster is provisioned.
 * `provider_disk_iops` - Indicates the maximum input/output operations per second (IOPS) the system can perform. The possible values depend on the selected providerSettings.instanceSizeName and diskSizeGB.
 * `provider_disk_type_name` - Describes Azure disk type of the server’s root volume (Azure Only).
-* `provider_encrypt_ebs_volume` - Indicates whether the Amazon EBS encryption is enabled. This feature encrypts the server’s root volume for both data at rest within the volume and data moving between the volume and the instance.
+* `provider_encrypt_ebs_volume` - **(DEPRECATED)** Indicates whether the Amazon EBS encryption is enabled. This feature encrypts the server’s root volume for both data at rest within the volume and data moving between the volume and the instance. By default this attribute is always enabled, per deprecation process showing the real value at `provider_encrypt_ebs_volume_flag` computed attribute. 
 * `provider_region_name` - Indicates Physical location of your MongoDB cluster. The region you choose can affect network latency for clients accessing your databases. Requires the Atlas Region name, see the reference list for [AWS](https://docs.atlas.mongodb.com/reference/amazon-aws/), [GCP](https://docs.atlas.mongodb.com/reference/google-gcp/), [Azure](https://docs.atlas.mongodb.com/reference/microsoft-azure/).
 * `provider_volume_type` - Indicates the type of the volume. The possible values are: `STANDARD` and `PROVISIONED`.
 * `provider_auto_scaling_compute_min_instance_size` - (Optional) Minimum instance size to which your cluster can automatically scale.

website/docs/r/cloud_provider_snapshot.html.markdown

@@ -27,7 +27,6 @@ On-demand snapshots happen immediately, unlike scheduled snapshots which occur a
     provider_instance_size_name = "M10"
     provider_backup_enabled     = true   // enable cloud backup snapshots
     provider_disk_iops          = 100
-    provider_encrypt_ebs_volume = false
   }
 
   resource "mongodbatlas_cloud_provider_snapshot" "test" {

website/docs/r/cloud_provider_snapshot_backup_policy.html.markdown

@@ -29,7 +29,6 @@ resource "mongodbatlas_cluster" "my_cluster" {
   provider_instance_size_name = "M10"
   provider_backup_enabled     = true // must be enabled in order to use cloud_provider_snapshot_backup_policy resource
   provider_disk_iops          = 100
-  provider_encrypt_ebs_volume = false
 }
 
 resource "mongodbatlas_cloud_provider_snapshot_backup_policy" "test" {
@@ -96,7 +95,6 @@ resource "mongodbatlas_cluster" "my_cluster" {
   provider_instance_size_name = "M10"
   provider_backup_enabled     = true // must be enabled in order to use cloud_provider_snapshot_backup_policy resource
   provider_disk_iops          = 100
-  provider_encrypt_ebs_volume = false
 }
 
 resource "mongodbatlas_cloud_provider_snapshot_backup_policy" "test" {
@@ -165,7 +163,6 @@ resource "mongodbatlas_cluster" "my_cluster" {
   provider_instance_size_name = "M10"
   provider_backup_enabled     = true // must be enabled in order to use cloud_provider_snapshot_backup_policy resource
   provider_disk_iops          = 100
-  provider_encrypt_ebs_volume = false
 }
 
 resource "mongodbatlas_cloud_provider_snapshot_backup_policy" "test" {

website/docs/r/cloud_provider_snapshot_restore_job.html.markdown

@@ -35,7 +35,6 @@ description: |-
     provider_instance_size_name = "M10"
     provider_backup_enabled     = true   // enable cloud backup snapshots
     provider_disk_iops          = 100
-    provider_encrypt_ebs_volume = false
   }
 
   resource "mongodbatlas_cloud_provider_snapshot" "test" {
@@ -72,7 +71,6 @@ description: |-
     provider_instance_size_name = "M10"
     provider_backup_enabled     = true   // enable cloud backup snapshots
     provider_disk_iops          = 100
-    provider_encrypt_ebs_volume = false
   }
 
   resource "mongodbatlas_cloud_provider_snapshot" "test" {

website/docs/r/cluster.html.markdown

@@ -47,7 +47,6 @@ resource "mongodbatlas_cluster" "cluster-test" {
   disk_size_gb                = 100
   provider_disk_iops          = 300
   provider_volume_type        = "STANDARD"
-  provider_encrypt_ebs_volume = true
   provider_instance_size_name = "M40"
 }
 ```
@@ -305,7 +304,7 @@ But in order to explicitly change `provider_instance_size_name` comment the `lif
 
 * `provider_disk_iops` - (Optional) The maximum input/output operations per second (IOPS) the system can perform. The possible values depend on the selected `provider_instance_size_name` and `disk_size_gb`.
 * `provider_disk_type_name` - (Optional - Azure Only) Azure disk type of the server’s root volume. If omitted, Atlas uses the default disk type for the selected providerSettings.instanceSizeName.  Example disk types and associated storage sizes: P4 - 32GB, P6 - 64GB, P10 - 128GB, P15 - 256GB, P20 - 512GB, P30 - 1024GB, P40 - 2048GB, P50 - 4095GB.  More information and the most update to date disk types/storage sizes can be located at https://docs.atlas.mongodb.com/reference/api/clusters-create-one/.
-* `provider_encrypt_ebs_volume` - (Optional - AWS ONLY) The default value is true.  Flag that indicates whether the Amazon EBS encryption feature encrypts the host's root volume for both data at rest within the volume and for data moving between the volume and the cluster. Note: This setting is always enabled for clusters with local NVMe SSDs. **Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default.**.
+* `provider_encrypt_ebs_volume` - **(Deprecated) The Flag is always true.** Flag that indicates whether the Amazon EBS encryption feature encrypts the host's root volume for both data at rest within the volume and for data moving between the volume and the cluster. Note: This setting is always enabled for clusters with local NVMe SSDs. **Atlas encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest, by default.**.
 * `provider_region_name` - (Optional) Physical location of your MongoDB cluster. The region you choose can affect network latency for clients accessing your databases.  Requires the **Atlas region name**, see the reference list for [AWS](https://docs.atlas.mongodb.com/reference/amazon-aws/), [GCP](https://docs.atlas.mongodb.com/reference/google-gcp/), [Azure](https://docs.atlas.mongodb.com/reference/microsoft-azure/).
     Do not specify this field when creating a multi-region cluster using the replicationSpec document or a Global Cluster with the replicationSpecs array.
 * `provider_volume_type` - (AWS - Optional) The type of the volume. The possible values are: `STANDARD` and `PROVISIONED`.  `PROVISIONED` required if setting IOPS higher than the default instance IOPS.

website/docs/r/global_cluster_config.html.markdown

@@ -89,7 +89,6 @@ resource "mongodbatlas_cluster" "cluster-test" {
   provider_name               = "AWS"
   disk_size_gb                = 100
   provider_disk_iops          = 300
-  provider_encrypt_ebs_volume = false
   provider_instance_size_name = "M40"
   provider_region_name        = "US_EAST_1"
 }