Skip to content

Commit 116b782

Browse files
authored
Add support for cluster setup YAML (#186)
Add setup_yml field to the polaris_aws_exocompute_cluster_attachment resource.
1 parent 6247898 commit 116b782

29 files changed

+111
-137
lines changed

docs/data-sources/aws_cnp_artifacts.md

+4-17
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,6 @@ description: |-
1010
when specifying the feature set.
1111
CLOUDNATIVEARCHIVAL
1212
BASIC - Represents the basic set of permissions required to onboard the feature.
13-
CLOUDNATIVEARCHIVAL_ENCRYPTION
14-
BASIC - Represents the basic set of permissions required to onboard the feature.ENCRYPTION - Represents the set of permissions required for encryption operations.
1513
CLOUDNATIVEPROTECTION
1614
BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and
1715
restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level
@@ -41,10 +39,6 @@ when specifying the feature set.
4139
### CLOUD_NATIVE_ARCHIVAL
4240
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
4341

44-
### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
45-
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
46-
* `ENCRYPTION` - Represents the set of permissions required for encryption operations.
47-
4842
### CLOUD_NATIVE_PROTECTION
4943
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
5044
* `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -104,20 +98,13 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
10498
]
10599
}
106100
107-
feature {
108-
name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
109-
110-
permission_groups = [
111-
"BASIC",
112-
"ENCRYPTION",
113-
]
114-
}
115-
116101
feature {
117102
name = "CLOUD_NATIVE_PROTECTION"
118103
119104
permission_groups = [
120105
"BASIC",
106+
"EXPORT_AND_RESTORE",
107+
"FILE_LEVEL_RECOVERY",
121108
]
122109
}
123110
}
@@ -145,5 +132,5 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
145132

146133
Required:
147134

148-
- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
149-
- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.
135+
- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
136+
- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.

docs/data-sources/aws_cnp_permissions.md

+1-17
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,6 @@ when specifying the feature set.
1313
### CLOUD_NATIVE_ARCHIVAL
1414
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
1515

16-
### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
17-
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
18-
* `ENCRYPTION` - Represents the set of permissions required for encryption operations.
19-
2016
### CLOUD_NATIVE_PROTECTION
2117
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
2218
* `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -57,10 +53,6 @@ when specifying the feature set.
5753
### CLOUD_NATIVE_ARCHIVAL
5854
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
5955

60-
### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
61-
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
62-
* `ENCRYPTION` - Represents the set of permissions required for encryption operations.
63-
6456
### CLOUD_NATIVE_PROTECTION
6557
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
6658
* `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -100,20 +92,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
10092
]
10193
}
10294
103-
feature {
104-
name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
105-
106-
permission_groups = [
107-
"BASIC",
108-
"ENCRYPTION",
109-
]
110-
}
111-
11295
feature {
11396
name = "CLOUD_NATIVE_PROTECTION"
11497
11598
permission_groups = [
11699
"BASIC",
100+
"EXPORT_AND_RESTORE",
117101
]
118102
}
119103
}

docs/guides/changelog.md

+8
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,14 @@ page_title: "Changelog"
44

55
# Changelog
66

7+
## v0.9.0-beta.9
8+
* Add the field `setup_yaml` to the `polaris_aws_exocompute_cluster_attachment` resource. The `setup_yaml` fields
9+
contains K8s specs that can be passed to `kubectl` to establish a connection between the cluster and RSC.
10+
[[docs](../resources/aws_exocompute_cluster_attachment)]
11+
* Fix a bug in the AWS feature removal code that causes removal of the `CLOUD_NATIVE_S3_PROTECTION` feature to fail.
12+
* Improve the code that waits for RSC features to be disabled. The code now checks both the status of the job and the
13+
status of the cloud account.
14+
715
## v0.9.0-beta.8
816
* Improve the documentation for AWS data sources and resources.
917
* Update guides.

docs/guides/upgrade_guide_beta.md

+2
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ The latest beta release introduces changes to the following data sources and res
3030
feature, which can be use with the `polaris_azure_permissions` data source signal permissions updates.
3131
* `polaris_features` - The data source has been deprecated and replaced with the `features` field of the
3232
`polaris_deployment` data source. Note, the `features` field is a set and not a list.
33+
* `polaris_aws_exocompute_cluster_attachment` - New field, `setup_yaml`, which holds the K8s spec which can be passed
34+
to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC.
3335

3436
Deprecated fields will be removed in a future release, please migrate your configurations to use the replacement field
3537
as soon as possible.

docs/resources/aws_account.md

+15-2
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,10 @@ resource "polaris_aws_account" "default" {
4848
profile = "default"
4949
5050
cloud_native_protection {
51+
permission_groups = [
52+
"BASIC",
53+
]
54+
5155
regions = [
5256
"us-east-2",
5357
]
@@ -59,13 +63,22 @@ resource "polaris_aws_account" "default" {
5963
profile = "default"
6064
6165
cloud_native_protection {
66+
permission_groups = [
67+
"BASIC",
68+
]
69+
6270
regions = [
6371
"us-east-2",
6472
"us-west-2",
6573
]
6674
}
6775
6876
exocompute {
77+
permission_groups = [
78+
"BASIC",
79+
"RSC_MANAGED_CLUSTER",
80+
]
81+
6982
regions = [
7083
"us-west-2",
7184
]
@@ -107,7 +120,7 @@ Required:
107120

108121
Optional:
109122

110-
- `permission_groups` (Set of String) Permission groups to assign to the Cloud Native Protection feature.
123+
- `permission_groups` (Set of String) Permission groups to assign to the Cloud Native Protection feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY` and `SNAPSHOT_PRIVATE_ACCESS`.
111124

112125
Read-Only:
113126

@@ -124,7 +137,7 @@ Required:
124137

125138
Optional:
126139

127-
- `permission_groups` (Set of String) Permission groups to assign to the Exocompute feature.
140+
- `permission_groups` (Set of String) Permission groups to assign to the Exocompute feature. Possible values are `BASIC`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`.
128141

129142
Read-Only:
130143

docs/resources/aws_archival_location.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ resource "polaris_aws_archival_location" "archival_location" {
6363
### Optional
6464

6565
- `bucket_tags` (Map of String) AWS bucket tags. Each tag will be added to the bucket created by RSC. Changing this forces a new resource to be created.
66-
- `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID.
66+
- `kms_master_key` (String, Sensitive) AWS KMS master key alias/ID. Default value is `aws/s3`.
6767
- `region` (String) AWS region to store the snapshots in. If not specified, the snapshots will be stored in the same region as the workload. Changing this forces a new resource to be created.
6868
- `storage_class` (String) AWS bucket storage class. Possible values are `STANDARD`, `STANDARD_IA`, `ONEZONE_IA`, `GLACIER_INSTANT_RETRIEVAL`, `GLACIER_DEEP_ARCHIVE` and `GLACIER_FLEXIBLE_RETRIEVAL`. Default value is `STANDARD_IA`.
6969

docs/resources/aws_cnp_account.md

+2-9
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ description: |-
1111
when specifying the feature set.
1212
CLOUDNATIVEARCHIVAL
1313
BASIC - Represents the basic set of permissions required to onboard the feature.
14-
CLOUDNATIVEARCHIVAL_ENCRYPTION
15-
BASIC - Represents the basic set of permissions required to onboard the feature.ENCRYPTION - Represents the set of permissions required for encryption operations.
1614
CLOUDNATIVEPROTECTION
1715
BASIC - Represents the basic set of permissions required to onboard the feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export and
1816
restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for file-level
@@ -43,10 +41,6 @@ when specifying the feature set.
4341
### CLOUD_NATIVE_ARCHIVAL
4442
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
4543

46-
### CLOUD_NATIVE_ARCHIVAL_ENCRYPTION
47-
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
48-
* `ENCRYPTION` - Represents the set of permissions required for encryption operations.
49-
5044
### CLOUD_NATIVE_PROTECTION
5145
* `BASIC` - Represents the basic set of permissions required to onboard the feature.
5246
* `EXPORT_AND_RESTORE` - Represents the set of permissions required for export and
@@ -95,7 +89,6 @@ resource "polaris_aws_cnp_account" "account" {
9589
permission_groups = [
9690
"BASIC",
9791
"EXPORT_AND_RESTORE",
98-
"EXPORT_AND_RESTORE",
9992
]
10093
}
10194
}
@@ -145,5 +138,5 @@ resource "polaris_aws_cnp_account" "account" {
145138

146139
Required:
147140

148-
- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
149-
- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.
141+
- `name` (String) RSC feature name. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
142+
- `permission_groups` (Set of String) RSC permission groups for the feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINT` and `RSC_MANAGED_CLUSTER`. For backwards compatibility, `[]` is interpreted as all applicable permission groups.

docs/resources/aws_cnp_account_attachments.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ resource "polaris_aws_cnp_account_attachments" "attachments" {
5151
### Required
5252

5353
- `account_id` (String) RSC cloud account ID (UUID). Changing this forces a new resource to be created.
54-
- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
54+
- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`.
5555
- `role` (Block Set, Min: 1) Roles to attach to the cloud account. (see [below for nested schema](#nestedblock--role))
5656

5757
### Optional

docs/resources/aws_cnp_account_trust_policy.md

+2-10
Original file line numberDiff line numberDiff line change
@@ -31,20 +31,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
3131
]
3232
}
3333
34-
feature {
35-
name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
36-
37-
permission_groups = [
38-
"BASIC",
39-
"ENCRYPTION",
40-
]
41-
}
42-
4334
feature {
4435
name = "CLOUD_NATIVE_PROTECTION"
4536
4637
permission_groups = [
4738
"BASIC",
39+
"EXPORT_AND_RESTORE",
4840
]
4941
}
5042
}
@@ -82,7 +74,7 @@ resource "polaris_aws_cnp_account_trust_policy" "trust_policy" {
8274
### Required
8375

8476
- `account_id` (String) RSC cloud account ID (UUID). Changing this forces a new resource to be created.
85-
- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created.
77+
- `features` (Set of String) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `CLOUD_NATIVE_S3_PROTECTION`, `EXOCOMPUTE` and `RDS_PROTECTION`. Changing this forces a new resource to be created.
8678
- `role_key` (String) RSC artifact key for the AWS role.
8779

8880
### Optional

docs/resources/aws_exocompute_cluster_attachment.md

+2-1
Original file line numberDiff line numberDiff line change
@@ -37,5 +37,6 @@ resource "polaris_aws_exocompute_cluster_attachment" "attachment" {
3737

3838
### Read-Only
3939

40-
- `connection_command` (String) Manual cluster connection command. Execute this command inside the EKS cluster to establish a connection between the cluster and RSC.
40+
- `connection_command` (String) `kubectl` command which can be executed inside the EKS cluster to create a connection between the cluster and RSC. See setup_yaml for an alternative connection method.
4141
- `id` (String) RSC cluster ID (UUID).
42+
- `setup_yaml` (String) K8s spec which can be passed to `kubectl apply` inside the EKS cluster to create a connection between the cluster and RSC. See connection_command for an alternative connection method.

examples/data-sources/polaris_aws_cnp_artifacts/data-source.tf

+2-9
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,13 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
2929
]
3030
}
3131

32-
feature {
33-
name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
34-
35-
permission_groups = [
36-
"BASIC",
37-
"ENCRYPTION",
38-
]
39-
}
40-
4132
feature {
4233
name = "CLOUD_NATIVE_PROTECTION"
4334

4435
permission_groups = [
4536
"BASIC",
37+
"EXPORT_AND_RESTORE",
38+
"FILE_LEVEL_RECOVERY",
4639
]
4740
}
4841
}

examples/data-sources/polaris_aws_cnp_permissions/data-source.tf

+1-9
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
77
]
88
}
99

10-
feature {
11-
name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
12-
13-
permission_groups = [
14-
"BASIC",
15-
"ENCRYPTION",
16-
]
17-
}
18-
1910
feature {
2011
name = "CLOUD_NATIVE_PROTECTION"
2112

2213
permission_groups = [
2314
"BASIC",
15+
"EXPORT_AND_RESTORE",
2416
]
2517
}
2618
}

examples/resources/polaris_aws_account/resource.tf

+13
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@ resource "polaris_aws_account" "default" {
33
profile = "default"
44

55
cloud_native_protection {
6+
permission_groups = [
7+
"BASIC",
8+
]
9+
610
regions = [
711
"us-east-2",
812
]
@@ -14,13 +18,22 @@ resource "polaris_aws_account" "default" {
1418
profile = "default"
1519

1620
cloud_native_protection {
21+
permission_groups = [
22+
"BASIC",
23+
]
24+
1725
regions = [
1826
"us-east-2",
1927
"us-west-2",
2028
]
2129
}
2230

2331
exocompute {
32+
permission_groups = [
33+
"BASIC",
34+
"RSC_MANAGED_CLUSTER",
35+
]
36+
2437
regions = [
2538
"us-west-2",
2639
]

examples/resources/polaris_aws_cnp_account/resource.tf

-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ resource "polaris_aws_cnp_account" "account" {
1818
permission_groups = [
1919
"BASIC",
2020
"EXPORT_AND_RESTORE",
21-
"EXPORT_AND_RESTORE",
2221
]
2322
}
2423
}

examples/resources/polaris_aws_cnp_account_trust_policy/resource.tf

+1-9
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,12 @@ data "polaris_aws_cnp_artifacts" "artifacts" {
77
]
88
}
99

10-
feature {
11-
name = "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION"
12-
13-
permission_groups = [
14-
"BASIC",
15-
"ENCRYPTION",
16-
]
17-
}
18-
1910
feature {
2011
name = "CLOUD_NATIVE_PROTECTION"
2112

2213
permission_groups = [
2314
"BASIC",
15+
"EXPORT_AND_RESTORE",
2416
]
2517
}
2618
}

go.mod

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ require (
88
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
99
github.com/hashicorp/terraform-plugin-docs v0.16.0
1010
github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.0
11-
github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8
11+
github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10
1212
)
1313

1414
require (

go.sum

+2-2
Original file line numberDiff line numberDiff line change
@@ -412,8 +412,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
412412
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
413413
github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
414414
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
415-
github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8 h1:5gjG60RRoxAGPXAL7ECCwy9/mfFbFlSWgnf7+rrgUYI=
416-
github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.8/go.mod h1:670TFQkxTdbsBwEwR/fDT75hfHwPDTTOiLnyZerbqQk=
415+
github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10 h1:gZ8hJ3L8kaSdfPB10poPSmyMQAbg+S7LDR/Eki1dGBA=
416+
github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.10.0-beta.10/go.mod h1:670TFQkxTdbsBwEwR/fDT75hfHwPDTTOiLnyZerbqQk=
417417
github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
418418
github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
419419
github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=

0 commit comments

Comments
 (0)