Merge pull request #63 from ClickHouse/use-state-for-iam-role-service…

…-config

use state for unknown iam_role and private_endpoint_config, deprecate private_endpoint_config

clickhouse/service.go

@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/objectplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -187,6 +188,9 @@ func (r *ServiceResource) Schema(_ context.Context, _ resource.SchemaRequest, re
 			"iam_role": schema.StringAttribute{
 				Description: "IAM role used for accessing objects in s3.",
 				Computed:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
 			},
 			"private_endpoint_config": schema.SingleNestedAttribute{
 				Description: "Service config for private endpoints",
@@ -201,6 +205,10 @@ func (r *ServiceResource) Schema(_ context.Context, _ resource.SchemaRequest, re
 						Computed:    true,
 					},
 				},
+				DeprecationMessage: "Please use the `clickhouse_private_endpoint_config` data source instead.",
+				PlanModifiers: []planmodifier.Object{
+					objectplanmodifier.UseStateForUnknown(),
+				},
 			},
 			"private_endpoint_ids": schema.ListAttribute{
 				Description: "List of private endpoint IDs",

docs/data-sources/private_endpoint_config.md

@@ -3,38 +3,25 @@
 page_title: "clickhouse_private_endpoint_config Data Source - clickhouse"
 subcategory: ""
 description: |-
+  
 ---
 
-# Data Source: clickhouse_private_endpoint_config
+# clickhouse_private_endpoint_config (Data Source)
 
-`clickhouse_private_endpoint_config` provides details about the service name that ClickHouse Cloud has for the specified region.
 
-This resource can be useful for getting the service name required for endpoint creation.
 
 
-## Example Usage
-
-```terraform
-data "clickhouse_private_endpoint_config" "this" {
-  cloud_provider = "aws"
-  region         = "us-east-2"
-}
-
-resource "aws_vpc_endpoint" "this" {
-  vpc_id       = var.vpc_id
-  service_name = data.clickhouse_private_endpoint_config.this.endpoint_service_id
-}
-```
-
 
 <!-- schema generated by tfplugindocs -->
-## Argument Reference
+## Schema
 
 ### Required
 
-- `cloud_provider` (String) The cloud provider for the private endpoint. Valid values are 'aws' or 'gcp'.
-- `region` (String) The region for the private endpoint. Valid values are specific to the cloud provider i.e. 'us-east-2'
+- `cloud_provider` (String) The cloud provider for the private endpoint. Valid values are 'aws', 'gcp', or 'azure'.
+- `region` (String) The region for the private endpoint. Valid values are specific to the cloud provider i.e. us-east-2
+
+### Read-Only
+
+- `endpoint_service_id` (String) The ID of the private endpoint that is used to securely connect to ClickHouse. This is a read-only attribute.
 
-### Attribute Reference
 
-- `endpoint_service_id` (String) The ID of the private endpoint that is used to securely connect to ClickHouse.

docs/resources/private_endpoint_registration.md

@@ -6,25 +6,14 @@ description: |-
   
 ---
 
-# Resource: clickhouse_private_endpoint_registration
+# clickhouse_private_endpoint_registration (Resource)
 
-Registers an Endpoint ID to ClickHouse Cloud organization
 
 
-## Example Usage
-
-```terraform
-resource "clickhouse_private_endpoint_registration" "this" {
-  cloud_provider = "aws"
-  region         = "us-east-2"
-  id             = "vpce-0abc1def234abc567"
-  description    = "vpce-0abc1def234abc567"
-}
-```
 
 
 <!-- schema generated by tfplugindocs -->
-## Argument Reference
+## Schema
 
 ### Required
 
@@ -37,19 +26,3 @@ resource "clickhouse_private_endpoint_registration" "this" {
 - `description` (String) Description of the private endpoint
 
 
-## Import
-
-In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import private endpoint registrations using the VPC endpoint `id`. For example:
-
-```terraform
-import {
-  to = clickhouse_private_endpoint_registration.this
-  id = "vpce-0abc1def234abc567"
-}
-```
-
-Using `terraform import`, import private endpoint registrations using the VPC endpoint `id`. For example:
-
-```console
-% terraform import clickhouse_private_endpoint_registration.this vpce-0abc1def234abc567
-```

docs/resources/service.md

@@ -3,28 +3,17 @@
 page_title: "clickhouse_service Resource - clickhouse"
 subcategory: ""
 description: |-
+  
 ---
 
-# Resource: clickhouse_service
+# clickhouse_service (Resource)
 
-Creates a new service on ClickHouse Cloud within your Organization.
 
 
-## Example Usage
-
-```terraform
-resource "clickhouse_service" "this" {
-  cloud_provider = "aws"
-  region         = "us-east-2"
-  name           = var.name
-  tier           = "production"
-  ip_access      = [{ "source" = "0.0.0.0/0", "description" = "Anywhere access" }]
-}
-```
 
 
 <!-- schema generated by tfplugindocs -->
-## Argument Reference
+## Schema
 
 ### Required
 
@@ -37,6 +26,8 @@ resource "clickhouse_service" "this" {
 ### Optional
 
 - `double_sha1_password_hash` (String, Sensitive) Double SHA1 hash of password for connecting with the MySQL protocol. Cannot be specified if `password` is specified.
+- `encryption_assumed_role_identifier` (String) Custom role identifier arn
+- `encryption_key` (String) Custom encryption key arn
 - `idle_scaling` (Boolean) When set to true the service is allowed to scale down to zero when idle. Always true for development services. Configurable only for 'production' services.
 - `idle_timeout_minutes` (Number) Set minimum idling timeout (in minutes). Available only for 'production' services. Must be greater than or equal to 5 minutes.
 - `max_total_memory_gb` (Number) Maximum total memory of all workers during auto-scaling in Gb. Available only for 'production' services. Must be a multiple of 12 and lower than 360 for non paid services or 720 for paid services.
@@ -45,54 +36,42 @@ resource "clickhouse_service" "this" {
 - `password_hash` (String, Sensitive) SHA256 hash of password for the default user. One of either `password` or `password_hash` must be specified.
 - `private_endpoint_ids` (List of String) List of private endpoint IDs
 
-<a id="nestedatt--ip_access"></a>
+### Read-Only
 
-#### Nested Schema for `ip_access`
+- `endpoints` (Attributes List) List of public endpoints. (see [below for nested schema](#nestedatt--endpoints))
+- `iam_role` (String) IAM role used for accessing objects in s3.
+- `id` (String) ID of the created service. Generated by ClickHouse Cloud.
+- `last_updated` (String) Date for when the service was last updated by Terraform.
+- `private_endpoint_config` (Attributes, Deprecated) Service config for private endpoints (see [below for nested schema](#nestedatt--private_endpoint_config))
+
+<a id="nestedatt--ip_access"></a>
+### Nested Schema for `ip_access`
 
 Required:
+
 - `source` (String) IP address allowed to access the service. In case you want to set the ip_access to anywhere you should set source to 0.0.0.0/0
 
 Optional:
-- `description` (String) Description of the IP address.
-
 
-## Attribute Reference
+- `description` (String) Description of the IP address.
 
-- `endpoints` (Attributes List) List of public endpoints. (see [below for nested schema](#nestedatt--endpoints))
-- `iam_role` (String) IAM role used for accessing objects in s3.
-- `id` (String) ID of the created service. Generated by ClickHouse Cloud.
-- `last_updated` (String) Date for when the service was last updated by Terraform.
-- `private_endpoint_config` (Attributes) Service config for private endpoints (see [below for nested schema](#nestedatt--private_endpoint_config))
 
 <a id="nestedatt--endpoints"></a>
+### Nested Schema for `endpoints`
 
-#### Nested Schema for `endpoints`
+Read-Only:
 
 - `host` (String) Endpoint host.
 - `port` (Number) Endpoint port.
 - `protocol` (String) Endpoint protocol: https or nativesecure
 
+
 <a id="nestedatt--private_endpoint_config"></a>
+### Nested Schema for `private_endpoint_config`
 
-#### Nested Schema for `private_endpoint_config`
+Read-Only:
 
 - `endpoint_service_id` (String) Unique identifier of the interface endpoint you created in your VPC with the AWS(Service Name) or GCP(Target Service) resource
 - `private_dns_hostname` (String) Private DNS Hostname of the VPC you created
 
 
-## Import
-
-In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import services using their `id`. For example:
-
-```terraform
-import {
-  to = clickhouse_service.this
-  id = "01a2b34c-d56e-7f8a-bc9d-0efabc12defa"
-}
-```
-
-Using `terraform import`, import services using their `id`. For example:
-
-```console
-% terraform import clickhouse_service.this 01a2b34c-d56e-7f8a-bc9d-0efabc12defa
-```