[AV-76500] Support for Private Endpoints for AWS and Azure

l0n3star commented 5 months ago

Jira

AV-76500

Description

New feature to support private endpoints with terraform.

Type of Change

[ ] Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
[X] New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR.
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR.
[ ] This change requires a documentation update
[ ] Documentation fix/enhancement

Manual Testing Approach

How was this change tested and do you have evidence? (REQUIRED: Select at least 1)

[X] Manually tested
[ ] Unit tested
[ ] Acceptance tested
[ ] Unable to test / will not test (Please provide comments in section below)

Testing

Testing enable/disable private endpoint service

// data read

terraform plan
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become
│ incompatible with published releases.
╵
data.couchbase-capella_private_endpoint_service.service_stats: Reading...
data.couchbase-capella_private_endpoint_service.service_stats: Read complete after 0s

Changes to Outputs:
  + service_status = {
      + cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + enabled         = false
      + organization_id = "ffffffff-aaaa-1414-eeee-000000000000"
      + project_id      = "ffffffff-aaaa-1414-eeee-000000000000"
    }

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.

// enable private endpoint service

terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become
│ incompatible with published releases.
╵

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  + create

Terraform will perform the following actions:

  # couchbase-capella_private_endpoint_service.new_service will be created
  + resource "couchbase-capella_private_endpoint_service" "new_service" {
      + cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + enabled         = (known after apply)
      + organization_id = "ffffffff-aaaa-1414-eeee-000000000000"
      + project_id      = "ffffffff-aaaa-1414-eeee-000000000000"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

couchbase-capella_private_endpoint_service.new_service: Creating...
couchbase-capella_private_endpoint_service.new_service: Still creating... [10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [1m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [1m10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [1m20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [1m30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [1m40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [1m50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [2m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [2m10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [2m20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [2m30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [2m40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [2m50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [3m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [3m10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [3m20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [3m30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [3m40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [3m50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [4m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [4m10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [4m20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [4m30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [4m40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [4m50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [5m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [5m10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [5m20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [5m30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [5m40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [5m50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [6m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [6m10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [6m20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [6m30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [6m40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [6m50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still creating... [7m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Creation complete after 7m0s

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

// update not allowed

terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become
│ incompatible with published releases.
╵
couchbase-capella_private_endpoint_service.new_service: Refreshing state...

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # couchbase-capella_private_endpoint_service.new_service will be updated in-place
  ~ resource "couchbase-capella_private_endpoint_service" "new_service" {
      ~ cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000" -> "1234"
      ~ enabled         = true -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

couchbase-capella_private_endpoint_service.new_service: Modifying...
╷
│ Error: No update API for private endpoint service
│
│   with couchbase-capella_private_endpoint_service.new_service,
│   on config.tf line 14, in resource "couchbase-capella_private_endpoint_service" "new_service":
│   14: resource "couchbase-capella_private_endpoint_service" "new_service" {
│
│ No update API for private endpoint service
╵

// disable private endpoint service

terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become
│ incompatible with published releases.
╵
couchbase-capella_private_endpoint_service.new_service: Refreshing state...

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  - destroy

Terraform will perform the following actions:

  # couchbase-capella_private_endpoint_service.new_service will be destroyed
  # (because couchbase-capella_private_endpoint_service.new_service is not in configuration)
  - resource "couchbase-capella_private_endpoint_service" "new_service" {
      - cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000" -> null
      - enabled         = true -> null
      - organization_id = "ffffffff-aaaa-1414-eeee-000000000000" -> null
      - project_id      = "ffffffff-aaaa-1414-eeee-000000000000" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

couchbase-capella_private_endpoint_service.new_service: Destroying...
couchbase-capella_private_endpoint_service.new_service: Still destroying... [10s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still destroying... [20s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still destroying... [30s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still destroying... [40s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still destroying... [50s elapsed]
couchbase-capella_private_endpoint_service.new_service: Still destroying... [1m0s elapsed]
couchbase-capella_private_endpoint_service.new_service: Destruction complete after 1m0s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.

// import state

terraform import couchbase-capella_private_endpoint_service.new_service \
cluster_id=ffffffff-aaaa-1414-eeee-000000000000,project_id=ffffffff-aaaa-1414-eeee-000000000000,organization_id=ffffffff-aaaa-1414-eeee-000000000000
couchbase-capella_private_endpoint_service.new_service: Importing from ID "cluster_id=ffffffff-aaaa-1414-eeee-000000000000,project_id=ffffffff-aaaa-1414-eeee-000000000000,organization_id=ffffffff-aaaa-1414-eeee-000000000000"...
couchbase-capella_private_endpoint_service.new_service: Import prepared!
  Prepared couchbase-capella_private_endpoint_service for import
couchbase-capella_private_endpoint_service.new_service: Refreshing state...
2024-06-03T21:08:59.649-0700 [WARN]  Provider "registry.terraform.io/couchbasecloud/couchbase-capella" produced an unexpected new value for couchbase-capella_private_endpoint_service.new_service during refresh.
      - .enabled: was null, but now cty.False
      - .organization_id: was null, but now cty.StringVal("ffffffff-aaaa-1414-eeee-000000000000")
      - .project_id: was null, but now cty.StringVal("ffffffff-aaaa-1414-eeee-000000000000")
      - .cluster_id: was cty.StringVal("cluster_id=ffffffff-aaaa-1414-eeee-000000000000,project_id=ffffffff-aaaa-1414-eeee-000000000000,organization_id=ffffffff-aaaa-1414-eeee-000000000000"), but now cty.StringVal("ffffffff-aaaa-1414-eeee-000000000000")

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Test accept/reject private endpoint

// accept private endpoint

terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵
data.couchbase-capella_private_endpoints.list_endpoints: Reading...
data.couchbase-capella_private_endpoints.list_endpoints: Read complete after 1s

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # couchbase-capella_private_endpoints.accept_endpoint will be created
  + resource "couchbase-capella_private_endpoints" "accept_endpoint" {
      + cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + endpoint_id     = "vpce-7"
      + organization_id = "ffffffff-aaaa-1414-eeee-000000000000"
      + project_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + status          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + list_endpoints = {
      + cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + data            = [
          + {
              + id     = "vpce-1"
              + status = "rejected"
            },
          + {
              + id     = "vpce-2"
              + status = "rejected"
            },
          + {
              + id     = "vpce-3"
              + status = "rejected"
            },
          + {
              + id     = "vpce-4"
              + status = "rejected"
            },
          + {
              + id     = "vpce-5"
              + status = "rejected"
            },
          + {
              + id     = "vpce-6"
              + status = "rejected"
            },
        ]
      + organization_id = "ffffffff-aaaa-1414-eeee-000000000000"
      + project_id      = "ffffffff-aaaa-1414-eeee-000000000000"
    }

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

couchbase-capella_private_endpoints.accept_endpoint: Creating...
couchbase-capella_private_endpoints.accept_endpoint: Creation complete after 1s

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

list_endpoints = {
  "cluster_id" = "ffffffff-aaaa-1414-eeee-000000000000"
  "data" = tolist([
    {
      "id" = "vpce-1"
      "status" = "rejected"
    },
    {
      "id" = "vpce-2"
      "status" = "rejected"
    },
    {
      "id" = "vpce-3"
      "status" = "rejected"
    },
    {
      "id" = "vpce-4"
      "status" = "rejected"
    },
    {
      "id" = "vpce-5"
      "status" = "rejected"
    },
    {
      "id" = "vpce-6"
      "status" = "rejected"
    },
  ])
  "organization_id" = "ffffffff-aaaa-1414-eeee-000000000000"
  "project_id" = "ffffffff-aaaa-1414-eeee-000000000000"
}

// reject private endpoint

terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵
couchbase-capella_private_endpoints.accept_endpoint: Refreshing state...

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # couchbase-capella_private_endpoints.accept_endpoint will be destroyed
  # (because couchbase-capella_private_endpoints.accept_endpoint is not in configuration)
  - resource "couchbase-capella_private_endpoints" "accept_endpoint" {
      - cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000" -> null
      - endpoint_id     = "vpce-7" -> null
      - organization_id = "ffffffff-aaaa-1414-eeee-000000000000" -> null
      - project_id      = "ffffffff-aaaa-1414-eeee-000000000000" -> null
      - status          = "linked" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  - list_endpoints = {
      - cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      - data            = [
          - {
              - id     = "vpce-1"
              - status = "rejected"
            },
          - {
              - id     = "vpce-2"
              - status = "rejected"
            },
          - {
              - id     = "vpce-3"
              - status = "rejected"
            },
          - {
              - id     = "vpce-4"
              - status = "rejected"
            },
          - {
              - id     = "vpce-5"
              - status = "rejected"
            },
          - {
              - id     = "6"
              - status = "rejected"
            },
        ]
      - organization_id = "ffffffff-aaaa-1414-eeee-000000000000"
      - project_id      = "ffffffff-aaaa-1414-eeee-000000000000"
    } -> null

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

couchbase-capella_private_endpoints.accept_endpoint: Destroying...
couchbase-capella_private_endpoints.accept_endpoint: Destruction complete after 1s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.

// import private endpoint

terraform import couchbase-capella_private_endpoints.accept_endpoint endpoint_id=vpce-0436fa01d5dfc31bc,organization_id=e59b0b4f-7892-4fd9-a924-45fa02c64ee4,project_id=944c7063-8513-48a9-bad0-30b4a7abd621,cluster_id=d11ac280-aa64-4c5b-94b8-90398b7a28cd
couchbase-capella_private_endpoints.accept_endpoint: Importing from ID "endpoint_id=vpce-0436fa01d5dfc31bc,organization_id=e59b0b4f-7892-4fd9-a924-45fa02c64ee4,project_id=944c7063-8513-48a9-bad0-30b4a7abd621,cluster_id=d11ac280-aa64-4c5b-94b8-90398b7a28cd"...
couchbase-capella_private_endpoints.accept_endpoint: Import prepared!
  Prepared couchbase-capella_private_endpoints for import
couchbase-capella_private_endpoints.accept_endpoint: Refreshing state...

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Test get private endpoint CLI command for specific CSP

// get aws private endpoint command

terraform apply
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵
data.couchbase-capella_aws_private_endpoint_command.aws_command: Reading...
data.couchbase-capella_aws_private_endpoint_command.aws_command: Read complete after 1s

Changes to Outputs:
  + aws_command = {
      + cluster_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + command         = "aws ec2 create-vpc-endpoint --vpc-id vpc-1234 --region us-east-1 --service-name com.amazonaws.vpce.us-east-1.vpce-svc-1234 --vpc-endpoint-type Interface --subnet-ids subnet-1234"
      + organization_id = "ffffffff-aaaa-1414-eeee-000000000000"
      + project_id      = "ffffffff-aaaa-1414-eeee-000000000000"
      + subnet_ids      = [
          + "subnet-1234",
        ]
      + vpc_id          = "vpc-1234"
    }

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

aws_command = {
  "cluster_id" = "ffffffff-aaaa-1414-eeee-000000000000"
  "command" = "aws ec2 create-vpc-endpoint --vpc-id vpc-1234 --region us-east-1 --service-name com.amazonaws.vpce.us-east-1.vpce-svc-1234 --vpc-endpoint-type Interface --subnet-ids subnet-1234"
  "organization_id" = "ffffffff-aaaa-1414-eeee-000000000000"
  "project_id" = "ffffffff-aaaa-1414-eeee-000000000000"
  "subnet_ids" = toset([
    "subnet-1234",
  ])
  "vpc_id" = "vpc-1234"
}

// get azure private endpoint command

terraform plan
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - couchbasecloud/couchbase-capella in /Users/$USER/GolandProjects/terraform-provider-couchbase-capella/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵
data.couchbase-capella_azure_private_endpoint_command.azure_command: Reading...
data.couchbase-capella_azure_private_endpoint_command.azure_command: Read complete after 2s

Changes to Outputs:
  + azure_command = {
      + cluster_id          = "ffffffff-aaaa-1414-eeee-000000000000"
      + command             = <<-EOT
            echo This script is only compatible with BASH-like shells, not powershell or cmd.exe.
            echo Please ensure AZ CLI is installed and logged in prior to running this script.
            setopt interactivecomments 2>/dev/null
            # Create private endpoint
            az network private-endpoint create -g test-rg -n pl-1234 --vnet-name vnet-1 --subnet subnet-1 --private-connection-resource-id 'pl-ffffffff-aaaa-1414-eeee-000000000000.e622e1b4-1968-4254-9a2e-07c76f76c05c.eastus.azure.privatelinkservice' --connection-name pl-1234 -l eastus --manual-request true
            # Create DNS zone
            az network private-dns zone create -g test-rg -n private-endpoint.test.com
            # Link DNS zone
            az network private-dns link vnet create -g test-rg -n dnslink-ffffffff-aaaa-1414-eeee-000000000000 -z private-endpoint.test.com -v vnet-1 -e False
            # Create DNS A record
            ## Fetch and unquote NIC and IP address
            NIC=$(basename $(az network private-endpoint show -g test-rg -n pl-1234 --query "networkInterfaces[0].id"))
            NIC=${NIC//\"/} # Trim trailing quote
            IPADDRESS=$(az network nic ip-config list -g test-rg  --nic-name $NIC --query "[0].privateIPAddress")
            IPADDRESS=${IPADDRESS//\"/} # Trim leading and trailing quote
            ## Create the record
            az network private-dns record-set a create --resource-group test-rg --zone-name private-endpoint.test.com --name '@'
            az network private-dns record-set a add-record --resource-group test-rg --zone-name private-endpoint.test.com --record-set-name '@' -a $IPADDRESS
        EOT
      + organization_id     = "ffffffff-aaaa-1414-eeee-000000000000"
      + project_id          = "ffffffff-aaaa-1414-eeee-000000000000"
      + resource_group_name = "test-rg"
      + virtual_network     = "vnet-1/subnet-1"
    }

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.

Required Checklist:

[X] I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
[X] I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
[X] I have added any necessary documentation (if required)
[X] I have run make fmt and formatted my code

Further comments

aniket-Kumar-c commented 5 months ago

Please also verify the case when the private endpoint service is enabled and private endpoints are added. If we then delete the private endpoint service, the private endpoints will still be in the state file. How will Terraform plan and apply behave after that?

aniket-Kumar-c commented 5 months ago

Please also add the process for how customers can use the Terraform provider to first enable the private endpoint service, then create the command, and then what customers need to do in their VPC. After that, explain how they can accept the endpoint.

like in the form of step1, step2...

l0n3star commented 4 months ago

Please also verify the case when the private endpoint service is enabled and private endpoints are added. If we then delete the private endpoint service, the private endpoints will still be in the state file. How will Terraform plan and apply behave after that?

plan and apply fail:

Error: Error reading private endpoint status
│
│   with couchbase-capella_private_endpoints.accept_endpoint,
│   on config.tf line 21, in resource "couchbase-capella_private_endpoints" "accept_endpoint":
│   21: resource "couchbase-capella_private_endpoints" "accept_endpoint" {
│
│ Error reading private endpoint status, unexpected error: {"code":400,"hint":"Please review your request and ensure that all required parameters are correctly
│ provided.","httpStatusCode":400,"message":"Private endpoints aren't enabled for this cluster. Please select another cluster."}
╵

this is expected.

terraform will call Read which in turn will execute LIST endpoint. but it is invalid to execute LIST when private endpoint service is disabled on the cluster.

thus this is user error. the user must delete private endpoint service and all private endpoints at the same time.

l0n3star commented 4 months ago

Please also add the process for how customers can use the Terraform provider to first enable the private endpoint service, then create the command, and then what customers need to do in their VPC. After that, explain how they can accept the endpoint.

like in the form of step1, step2...

That's what getting_started folder is for.

aniket-Kumar-c commented 4 months ago

According to Go guidelines, it is recommended to write GoDoc comments for all exported functions.

So, can you please check where it is missing and add it.

aniket-Kumar-c commented 4 months ago

Please also verify the case when the private endpoint service is enabled and private endpoints are added. If we then delete the private endpoint service, the private endpoints will still be in the state file. How will Terraform plan and apply behave after that?

plan and apply fail:
Error: Error reading private endpoint status
│
│   with couchbase-capella_private_endpoints.accept_endpoint,
│   on config.tf line 21, in resource "couchbase-capella_private_endpoints" "accept_endpoint":
│   21: resource "couchbase-capella_private_endpoints" "accept_endpoint" {
│
│ Error reading private endpoint status, unexpected error: {"code":400,"hint":"Please review your request and ensure that all required parameters are correctly
│ provided.","httpStatusCode":400,"message":"Private endpoints aren't enabled for this cluster. Please select another cluster."}
╵
this is expected.

terraform will call Read which in turn will execute LIST endpoint. but it is invalid to execute LIST when private endpoint service is disabled on the cluster.

thus this is user error. the user must delete private endpoint service and all private endpoints at the same time.

Yes, I think we should recommend this to customers so they can avoid this issue, otherwise it will come to us as CBSE, and then we have to give the same explanation

aniket-Kumar-c commented 4 months ago

Please also add the process for how customers can use the Terraform provider to first enable the private endpoint service, then create the command, and then what customers need to do in their VPC. After that, explain how they can accept the endpoint. like in the form of step1, step2...

That's what getting_started folder is for.

Actually, the getting started guide talks about each resource or datasource individually.

I am thinking in this way like:- First, the customer has to enable the private endpoint service, then generate the private endpoint command, and then accept the private endpoint.

So, there should be a way for the customer to know which resource or data source should be utilized in combination to enable the private endpoint service and add the private endpoint, if the customer hasn't used the UI beforehand.

l0n3star commented 4 months ago

Please also verify the case when the private endpoint service is enabled and private endpoints are added. If we then delete the private endpoint service, the private endpoints will still be in the state file. How will Terraform plan and apply behave after that?

plan and apply fail:
Error: Error reading private endpoint status
│
│   with couchbase-capella_private_endpoints.accept_endpoint,
│   on config.tf line 21, in resource "couchbase-capella_private_endpoints" "accept_endpoint":
│   21: resource "couchbase-capella_private_endpoints" "accept_endpoint" {
│
│ Error reading private endpoint status, unexpected error: {"code":400,"hint":"Please review your request and ensure that all required parameters are correctly
│ provided.","httpStatusCode":400,"message":"Private endpoints aren't enabled for this cluster. Please select another cluster."}
╵
this is expected. terraform will call Read which in turn will execute LIST endpoint. but it is invalid to execute LIST when private endpoint service is disabled on the cluster. thus this is user error. the user must delete private endpoint service and all private endpoints at the same time.
Yes, I think we should recommend this to customers so they can avoid this issue, otherwise it will come to us as CBSE, and then we have to give the same explanation

The error tells the user what the issue is. If user needs more help, then we are happy to help on CBSE.

l0n3star commented 4 months ago

Please also add the process for how customers can use the Terraform provider to first enable the private endpoint service, then create the command, and then what customers need to do in their VPC. After that, explain how they can accept the endpoint. like in the form of step1, step2...

That's what getting_started folder is for.

Actually, the getting started guide talks about each resource or datasource individually.

I am thinking in this way like:- First, the customer has to enable the private endpoint service, then generate the private endpoint command, and then accept the private endpoint.

So, there should be a way for the customer to know which resource or data source should be utilized in combination to enable the private endpoint service and add the private endpoint, if the customer hasn't used the UI beforehand.

This is something we should discuss on a team meeting, not a PR. This affects many features.

l0n3star commented 4 months ago

According to Go guidelines, it is recommended to write GoDoc comments for all exported functions.

So, can you please check where it is missing and add it.

Good shout, thanks. Addressed in c2fca196e6012bc7d90d6fecf6bfb07e5d93ec4a.

couchbasecloud / terraform-provider-couchbase-capella